Navigating the social media data minefield

GfK’s Mike Cooke gave us quite a lot to worry about when he quoted European Union Justice Minister Viviane Reding, who said recently that “internet users must have effective control of what they put online [and] be able to correct, withdraw and delete it at will”.

The EU is serious about ePrivacy, something it sees as a fundamental human right. So Cooke posed a scenario whereby comments made by someone online have been scraped from the web before that person decides to delete them. Those comments may then re-appear again without the person’s knowledge or permission. Does such a scenario fall foul of EU regulation?

Clearly this whole area has the potential to become a minefield. Already there are examples where the long arm of the law has been used not only to protect people’s online privacy but also their online dignity. Three Google executives were convicted in Italy recently for ‘allowing’ a video to be aired on YouTube which showed an autistic teenager being bullied. This raises a new issue of compliance and having a good understanding and knowledge of what the laws in any given country dictate on privacy-related issues.

So how can researchers navigate this minefield? Recommendations from the conference fell into three broad areas:

1. Policy, compliance and accountability: Make sure that you have a credible privacy policy, one that is supported by a compliance officer to check that your approach to ePrivacy is legal across the different territories you operate in. Make sure also that your research tools and methodologies are accountable to participants and third parties.
2. Transparency and consent: Make sure that wherever possible you have gained the consent of people to use their online contributions and you are open about the reasons for collecting the information you have gathered. This includes being open about your use of “active agents” online that gather information without them knowing. MarketTools’ John Ouren suggested that ‘purpose’ or ‘intent’ is the key distinguishing determinant for the market research industry when it comes to privacy. As long as we are clear about the purpose and the intent behind the research with participants then this should be enough. He did think that it was important not to use personally identifiable information.
3. Security: Researchers must ensure that any data kept regarding people’s identity and their contributions are secure. Survey Sampling International’s Kees de Jong said that we must “beware the unknown”, suggesting that the potential for fraudulent or misuse of our data is significantly larger than any of us think.

The privacy debate raged on into the next day with the presentation of a piece of research by InSites Consulting that showed approximately six in 10 consumers were aware that companies read their contributions on social media and only two in 10 were unaware. The overwhelming majority of consumers (over 80%) were either neutral or did not care that companies were listening to their conversations. In fact there was strong evidence from the study that consumers wanted companies to get in contact with them to solve a problem the company had become aware of through social media conversations.

If users want their views to be read, seen and shared, do we really need to get permission from consumers to scrape information they have made public? Comments on Twitter argued this may not be practical or necessary. One example I have “scraped” – without the user’s permission – said: “According to Mike Cooke if u do social media monitoring (on public sites) u should ask ppl for consent. This is broken”.

But is it? ‘Tread carefully’ remains the best advice for anyone trying to navigate the social media minefield.