As a product manager for a community website as well as a German company, at times I am beside myself when it comes to matters of privacy and data protection. In a recent posting by Spiegel (via the IAPP : International Association of Privacy Professionals),
PRIVACY LAW — GERMANY
Law Would Ban Employers from Social Networking Site Research
Spiegel reports on the drafting of a law that would prevent employers from looking at job applicants’ social networking activities during the hiring process. The law, drafted by Interior Minister Thomas de Maiziére and expected to pass after the German cabinet vote Wednesday, would radically restrict the information bosses can legally collect, the report states, though general information about the candidate available on the Internet would not be forbidden. The law would also restrict certain video surveillance in the workplace E-mail and telephone communication surveillance would be permitted only under certain conditions. Meanwhile, privacy advocates are voicing concern over the country’s plan to require citizens to carry RFID-equipped identification cards.
German Regulator: Terminate U.S. Safe Harbor
On the 10th anniversary of the European Commission’s agreement to recognize the U.S. Department of Commerce (DOC) “safe harbor” principles, Schleswig-Holstein Data Protection and Privacy Commissioner Thilo Weichert is calling for an end to the agreement. According to a release issued by Germany’s Independent Centre for Privacy Protection (ULD), an Australian study due to be released next month has revealed widespread compliance issues among the 2,170 U.S. companies that “claim to be safe harbor privileged,” including lack of information on how to enforce individual rights, high-priced dispute resolution options and a minimal number of U.S. Federal Trade Commission prosecutions for false claims of certification “From a privacy perspective, there is only one conclusion to be drawn from the lessons learned–to terminate safe harbor immediately,” Weichert said.
Together, these two messages are quite alarming. In an age where the proliferation of social media has become mainstream, and where it is frowned upon if you don’t have a LinkedIn or Xing or Facebook account, the position that Germany and to some extent the EU are taking is exclusionary. “That train has already left the station.”
If you go back to March 2009 you will recall the infamous case of Ann Peteroe V Facebook. The key issues were the license grants of content submitted to Facebook and the manner in which Facebook involved the community in modifying and announcing those changes. I won’t argue Facebook’s methods here, but Facebook did retain the license grants, that “you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook.” By the way, all other social media sites have similar terms, and although many people are dismayed by this, they still continue to contribute content to those systems because they value more the benefit of using those systems over the use rights of the content they contribute. Therefore, if we buy into this thinking, that we grant Facebook and other social media sites a perpetual use license over the content we submit, a license which lets them sub-license and distribute that all over the world, why would we want legislation in place to prevent its distribution?
Let’s take this website, for example. “The SAP Community Network (SCN) is SAP’s professional social network. It provides trusted connections to our dynamic community of SAP customers, partners, employees and experts. It delivers an unparalleled depth and breadth of knowledge, insight and rich content about SAP solutions and services, in a collaborative environment that encourages innovation and sharing of best-run business practices.” This was taken straight from the About SAP Community Network (SCN) page. According to the above mentioned legislation, employers would be prevented from using information obtained from SCN to further qualify a candidate. However, I know that most of the active contributors on SCN contribute content because there is mutual benefit, and should it come time for a member to join another company, they would want to have that information available. The mere act of contributing to a public forum demonstrates trustworthiness, awareness of resources, and expertise.
The bullish, technology-pro person that I am says that social networking is already mainstream and is here to stay, and no amount of legislation is going to curtail online social activities. I think what is missing, what is not being discussed, at least not enough, are data quality standards that enable the user to explicitly control the distribution of personally identifiable information. I do recognize the potential for misuse of social networking sites, and the last thing we want is our employers to know how much time we spend playing Mafia Wars, uploading pictures of our cats, and reconnecting with people from high school, but I believe there are far more positive aspects of social networking than negative.
So, what does all of this mean? What is the future of social networking?