One of the more misunderstood aspects of GDPR has to be how companies can process personal data. This is covered in Article 6 of the regulation and even though there are 6 different scenarios allowing for the legal processing of personal data, the only one we are asked about on a regular basis is “Consent”. There is some justification for this given it is likely the most likely means for legal processing for most companies and the most transparent. That does not mean we should ignore or forget the rest. To give a bit of clarity and shed light on all 6 ways to legally process data we provide the following. It is each of the 6 justifications, a further description and an example of when that justification might be used.
Copyright is a legal right that protects your work once you have physically expressed the idea. This arises as an automatic process and therefore you own the copyright on the content on any social media platform you wish to post it on as long as the content is original and tangible.
Is someone using your content without your permission and you want them to stop using it? Is someone using your content to promote a product which is completely against your beliefs? Is someone using your content without giving credit to your account? Is someone ignoring your requests to give credit to your account?
If you answered yes to any of the above questions, here is what you can do to get your content removed from the social media platform whether that be Instagram, Facebook, Twitter, YouTube or any others this may involve…
The first thing you should do is fill out a Digital Millennium Copyright Act (DMCA) report using the following link:
Twitter – https://help.twitter.com/forms/dmca
Then you should follow these steps:
- Click the option that says there is content on that social media platform that violates your copyright.
- Then add your contact information – you are only required to add your full name (not your username) and your email address.
- Click on “stolen content” and specify exactly what the content is that has been stolen with a direct link to the content.
- Explain why you are reporting the content.
- Add the original image/content that was posted on your timeline (or if this has been deleted send the original image/content from your camera roll).
- Add the direct link to the post on your own account.
- It is a good idea to add additional attachments to help prove you own the copyright of the content.
- Type your name to create a digital signature.
The social media platform will then send you an email to confirm they have received the report. They will also send you a message when they have removed or disabled the content.
But what happens if…
You want to report a profile picture on social media i.e using your photo to catfish?
Follow the steps above, except at step 5, you should directly link the report to the page that has used your image as their profile picture and then add additional information as to why you own the copyright over this image.
What if you have deleted the content on your account but someone is still using your image on their account?
If the social media platform does not take down your stolen content right away, simply reply to their email with additional proof that it is your copyright.
For example, take a photo of your dog in the exact same spot and include a note saying your dog belongs to [your name/account name], if there are interviews by reputable sources that confirm you are the owner of this dog (account) then link to that, etc. Be creative – if you have the copyright then there are multiple ways to prove it besides providing a link to a social media post.
It is a good idea to watermark your images. What is a water mark? This is a simple symbol, word or image places on an image to show that image belongs to you. This can be done in a really discreate way and it will help the social media platform to recognise this image is yours and remove/disable the image as quickly as possible. This also means that;
1) Even if the person who has stolen your content does not give you credit, if people like what they see, they will know the content is from you and so they can contact you directly.
2) People can notify you if they see your content elsewhere.
If you find that your content is stolen on a regular basis, most social media accounts will allow you to make this more manageable by creating a collection called ‘report’. All you have to do is save all of the stolen content to the collection and then only file one report when you have enough time to do so.
For those accounts who constantly breach copyright laws, you should try and put a stop to this. A way to do this is to go through the account that has stolen your content and see if they have stolen any more content, whether that be your content or someone else’s. You can look for this through comments/by looking for watermarks etc. Make the other copyright owner aware that their content has also been stolen and tell them to fill out a report. If they don’t know how to do this, send them a link to this blog. This will also help support your claim and may help your content be deleted/disabled quicker.
However, if you have made a complaint to a social media platform and it was ignored or the content has not been taken down, there are also other options…
If the content contains any personal data (this includes any data that can be used to identify you e.g. image, name, contact information etc. you can read more about what classifies as personal data on the ICO website https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/), then you could report the image to the Information Commissioners Office (ICO). This is quick and easy to do by filing a report here https://ico.org.uk/make-a-complaint/.
If there is content being used, without your permission for advertising purposes, then you can report this to the Advertising Standards Agency (ASA). This is again, an easy process and more information on how to fail a complain to the ASA can be found by following the link: https://www.asa.org.uk/asset/8C4ECE0C-1EFA-43B9-885C0D18480E3F94/.
Improvements have and continue to be made around how Facebook is monitoring inappropriate and illegal content on our timelines.
But how have these changes been implemented?
Well, Facebook have hired contractors to monitor images and content that are reported by users as inappropriate. However, employees are now suffering from psychological trauma as they witness disturbing images day-in day-out.
But, what’s worse? Leaving these images for Facebook users to see or taking them away but traumatising those who are left with the job?
The job of moderating Facebooks content used to require contractors to scan through 1000 images per day. This is more than one every 30 seconds over an eight-hour shift. This limit was removed to help with the psychological impacts of viewing so many brutal images every day. However, the requirement is not to view at least 400 to 500 images per eight-hour shift. This still equivalates to one image every minute of the shift.
Not only is the job leaving psychological scars on the contractors, it is leaving some ‘addicted’ to graphic content, leaving some savouring a personal collection of illegal, inappropriate and explicit images for personal pleasure. A job of constantly reading hate speech and fake news has also others shifting far right wing in their opinions.
Algorithms are also being used to flag up potential inappropriate conversations between adults and minors and this is leaving devastating impacts on the contractors viewing this content. A previous contractor said of reading these conversations, “90%” were sexual and were also violating and creepy”. After interviewing a variety of different moderators, it was found that a popular trend of sexual exploitation was rich, white men from Europe and the US, targeting children in countries such as the Philippines for sexual images in exchange for $10 or $20.
Although Facebook is trying to find a resolution for taking down explicit images, is putting contractors at risk by exposing them to these images causing more damage? Maybe Facebook should rely more on algorithms to detect images that are inappropriate for our Facebook feed and to take explicit content down automatically once detected by the algorithms, rather than causing psychological issues for contractors. The pushback from users would be that it suppresses their freedom of speech and expression. But perhaps if they understood the harm that a manual process was causing others, they may be willing to suffer brief annoyance rather than inflict such harm.
The UK parliament has hit a stalemate. It’s a mess and until there is a majority in Parliament, it will continue to be at deadlock. Boris Johnson no longer even fits the definition of a ‘prime minister’, that being, “The Prime Minister determines the general direction of Government’s activities by holding majority in the house”. However, after last week’s fiasco (Boris failing on two accounts to pass a general election) not only does he no longer hold a majority in the house, he also doesn’t determine the direction of the governments activities.
Although some people disagree with the actions that have been taken by Boris thus far, is he making the right decision by ignoring the most recent ‘Humble Address’ that was put forward?
A Humble Address is a proposal to the monarch. It can be discussed and amended by the parties, but once it has been agreed upon, it is usually binding on the house. It has only been used a total of 3 times since 1886, suggesting, bulk data collection of the conservative party couldn’t be passed any other way than through an arcane tool such as a Humble Address.
But, why is this significant?
Well, last week, Boris Johnson decided to ignore the Humble Address that was proposed to the conservative party. The Humble Address (in summary) has requested the following;
All communications, formal and informal, written or electronic, to and from public members of the conservative party, must be sent to the government to review so that they can see what has been said about Boris Johnson’s decision to suspend parliament.
The Humble Address also asks for…
All documents to be surrendered to the government which relate to ‘Operation Yellowhammer’ (what will happen if we leave the EU with no-deal- the worst-case scenario).
Instead Boris ignored parliaments request to see all internal communications and provided parliament with a six-page document of the information on Yellowhammer that they had requested.
But, was Boris right to do that?
The answer is simple, yes.
Under the Data Protection Act 2018 (DPA’18) a data subject’s rights can be waived if it significantly inhibits an organisation’s legitimate need to process data for scientific, historical, statistical and archiving purposes. Simply collecting all the data from a member of the conservative parties’ business and personal mobiles does not fall into this category and therefore the DPA cannot be waived. Data subjects, under the DPA’18, also have the right to restrict processing if the processing is deemed unlawful. This data processing is highly unlikely to be legally enforceable. The only reason the government can lawfully collect someone’s personal communications is when there is a risk of state security, e.g. a person who is demonstrating online radicalism who is a suspected terrorist. Also, just because these people are members of the conservative party does that mean their right to privity should be compromised? They’re still members of the public and therefore should not have to give up this right just because they work for the government. Bulk data collection of the conservative party is therefore not legally enforceable as most of this data, particularly about their personal lives, would not be necessary in the investigation, giving the data subjects the right to restrict this type of processing.
However, this is not the only reason this Humble Address is not legally enforceable. Just think about the type of data which is being transferred and how is it being transferred. This data will fall under ‘special category data’ which, under the DPA’18, is particularly sensitive and therefore greater measures of security must be taken when collecting, storing, processing and transferring it. You cannot just rely on the six-legal basis’ for processing this type of extremely sensitive data. Political opinion is ‘special category data’ which will clearly be harvested within these communications.
Within the Humble Address, it states that these communications must be sent to the government, without being followed with a provision as to how this data will be securely collected, transferred or stored. Publicly announcing this is almost like giving a leaflet to hackers inviting them to hack the government. Prime bate for cyber criminals, sensitive and special category data lurking in the murky waters of the UK governments desktops.
Boris, don’t let the government get its hands on your data.
Are your admin team receiving fraudulent emails, text messages and phone calls?
Are your admin team struggling to know which emails, text messages and phone calls are legitimate and which are fraudulent?
With the 25th of May fast approaching, it’s been almost a year since the General Data Protection Regulation (“GDPR”) came into force throughout the European Union (“EU”). In celebration, we are offering £100 off our GDPR Compliance Manual for Law Firms.
Under the European General Data Protection Regulation (“GDPR”), for some organisations it is a mandatory requirement to have a Data Protection Officer (“DPO”), whether this is in-house or outsourced. However, mandatory or not, a DPO can still be beneficial to all firms who need guidance and support to ensure compliance with GDPR.
There is no denying that Apple have revolutionised the way in which we communicate across the globe. Since the production of its first iPhone, unveiled on the 9th January 2007, its sales have created a profit of over 3.7 billion, resulting in the organisation becoming the first public company worth more than 1 trillion dollars.
Little did Apple predict the worm around the corner…
My GDPR journey
When I first began my professional GDPR journey in 2014, I was working as an in-house B2B marketer. At that time, I began researching the draft legislation and was trying to figure out how it might later impact my everyday work in the marketing department. Of course, I was also doing it so I could advise the senior management team on what the expected changing legal responsibilities would be. Furthermore, it occurred to me that a data breach and any negative attention from it could undo months and years of hard work I’d put in to build the company’s brand and reputation. It was then that I suddenly felt a greater weight of responsibility and duty of care for the personal data I was tasked with handling.