Don’t fall foul of the law Facebook did and was fined
Posted on 04 Jul 2017
Don’t fall foul of the law Facebook did and was fined
Customer data – we all have it and we all use it. The extent to which it is used may vary but we store, hoard and even worship it in a fashion similar to Gollum in the Lord of the Rings. ‘My precious’. But, you must take care. Like the treacherous ring, data wants to return to its master and will do everything it can to do so. And there are no Hobbits, wizards, dwarves, elves or kings to save the day. The authorities in this case are working to help data return to its original owner. Whether you like it or not, the Orcs will win this one.

Internationally, governments are creating and implementing laws designed to protect the personal data of consumers. In South Africa the law is the POPI act or Protection of Personal Information act. The aim of all of these laws is to ensure that the person the information pertains to, is the rightful owner of the information and that companies which use that information have permission to do so. However, it also extends to how they come by the information, how long they store it and how they dispose of it once its use has run its full course.

Although the POPI act has been promulgated and passed into law, it has yet to be implemented, something which will only happen once a regulator has been appointed – and there is no indication of when that will happen. But happen it will.

When it does it will be essential for companies to know how to store, manager, use and dispose of customer data. But, it will also be necessary for them to be mindful of how they come by the data and whether it is relevant to their dealings with customers or not and, who the customer actually is.

One instance which recently made news was the case of Facebook which was fined E150 000 by the CINL (La Commission Nationale de l’Informatique et des Libertes) or the National Freedom of Information Commission, for failing to prevent its users’ data being accessed by advertisers. The case, which was reported by Reuters reporters Sudip Kar-Gulta and Mathieu Rosemain, has made international news and could be the first of many such cases.

According to CINL the fine imposed on Facebook is part of a wider European investigation also being carried out in Belgium, The Netherlands, Spain and Germany into some of Facebook’s practises. The fine of E150 000 – the maximum allowable at the time - followed an order by CINL to Facebook to stop tracking non-users’ web activity without their consent and an order to the social network to stop transferring personal data to the United States.

According to the Reuters report, the French order was the first significant action taken against a company transferring Europeans’ data to the United States following an EU court ruling which struck down an agreement that thousands of companies – including Facebook – had relied on to avoid cumbersome EU data transfer rules. The Transatlantic Safe Harbour pact was ruled illegal amid concerns of mass U.S. Government snooping. EU data protection authorities said companies had three months to set up alternative legal arrangements for transferring data. Facebook believed it was exempt from this due to its location in Dublin, Ireland.

A new EU data protection law is set to take effect in 2018 which will see companies being fined up to four per cent of their global turnover if they fall foul of the new regulation. While the fine of E150 000 is small when considered in relation to the company’s quarterly revenue of $8 billion and its stock market capitalisation valued at around $435 billion, the new regulation could have major implications for Facebook and other companies.

So, don’t fall foul of the law regarding customer data. Even the POPI Act makes provision for fines up to R10 million. Can you really afford to flout that. Your customers are precious to you but, their data is precious to them. Safe-guard it or face falling into a fiery pit.