Skip to Content

As a product manager for a community website as well as a German company, at times I am beside myself when it comes to matters of privacy and data protection.  In a recent posting by Spiegel (via the IAPP : International Association of Privacy Professionals),

PRIVACY LAW — GERMANY

Law Would Ban Employers from Social Networking Site Research

Spiegel reports on the drafting of a law that would prevent employers from looking at job applicants’ social networking activities during the hiring process. The law, drafted by Interior Minister Thomas de Maiziére and expected to pass after the German cabinet vote Wednesday, would radically restrict the information bosses can legally collect, the report states, though general information about the candidate available on the Internet would not be forbidden. The law would also restrict certain video surveillance in the workplace E-mail and telephone communication surveillance would be permitted only under certain conditions. Meanwhile, privacy advocates are voicing concern over the country’s plan to require citizens to carry RFID-equipped identification cards.

And in another posting by the IAPP in July, a German regulator has called for the termination of safe harbor provisions.

German Regulator: Terminate U.S. Safe Harbor

07.26.2010

On the 10th anniversary of the European Commission’s agreement to recognize the U.S. Department of Commerce (DOC) “safe harbor” principles, Schleswig-Holstein Data Protection and Privacy Commissioner Thilo Weichert is calling for an end to the agreement. According to a release issued by Germany’s Independent Centre for Privacy Protection (ULD), an Australian study due to be released next month has revealed widespread compliance issues among the 2,170 U.S. companies that “claim to be safe harbor privileged,” including lack of information on how to enforce individual rights, high-priced dispute resolution options and a minimal number of U.S. Federal Trade Commission prosecutions for false claims of certification  “From a privacy perspective, there is only one conclusion to be drawn from the lessons learned–to terminate safe harbor immediately,” Weichert said.

Together, these two messages are quite alarming.  In an age where the proliferation of social media has become mainstream, and where it is frowned upon if you don’t have a LinkedIn or Xing or Facebook account, the position that Germany and to some extent the EU are taking is exclusionary.  “That train has already left the station.”

But why is this an issue?  After all, doesn’t everyone read the terms of use and privacy statements of the social networking sites to which we belong?  Evidently not.  The mere fact that such legislation is being proposed underscores the unenforceability of such policies.  Either people don’t realize that the information they post to the various social networking sites is publicly available, or they don’t care.  My guess is that the latter is more the case.

If you go back to March 2009 you will recall the infamous case of Ann Peteroe V Facebook.  The key issues were the license grants of content submitted to Facebook and the manner in which Facebook involved the community in modifying and announcing those changes.  I won’t argue Facebook’s methods here, but Facebook did retain the license grants, that “you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook.”  By the way, all other social media sites have similar terms, and although many people are dismayed by this, they still continue to contribute content to those systems because they value more the benefit of using those systems over the use rights of the content they contribute.  Therefore, if we buy into this thinking, that we grant Facebook and other social media sites a perpetual use license over the content we submit, a license which lets them sub-license and distribute that all over the world, why would we want legislation in place to prevent its distribution?

Let’s take this website, for example.  “The SAP Community Network (SCN) is SAP’s professional social network. It provides trusted connections to our dynamic community of SAP customers, partners, employees and experts.  It delivers an unparalleled depth and breadth of knowledge, insight and rich content about SAP solutions and services, in a collaborative environment that encourages innovation and sharing of best-run business practices.”  This was taken straight from the About SAP Community Network (SCN) page.  According to the above mentioned legislation, employers would be prevented from using information obtained from SCN to further qualify a candidate.  However, I know that most of the active contributors on SCN contribute content because there is mutual benefit, and should it come time for a member to join another company, they would want to have that information available.  The mere act of contributing to a public forum demonstrates trustworthiness, awareness of resources, and expertise.

The bullish, technology-pro person that I am says that social networking is already mainstream and is here to stay, and no amount of legislation is going to curtail online social activities.  I think what is missing, what is not being discussed, at least not enough, are data quality standards that enable the user to explicitly control the distribution of personally identifiable information.  I do recognize the potential for misuse of social networking sites, and the last thing we want is our employers to know how much time we spend playing Mafia Wars, uploading pictures of our cats, and reconnecting with people from high school, but I believe there are far more positive aspects of social networking than negative.

So, what does all of this mean?  What is the future of social networking?

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Gregory Misiorek
    Scott,

    as long as my content on SCN is not being blocked from google searches, i don’t really see a problem in having my facebook content excluded from my potential employee profile. isn’t facebook more for socializing outside the work environment, anyway? i keep it for hobbies and staying in touch with my old friends, which really isn’t of any interest to any potential employers. i think EU is only reacting to some of the more aggressive marketing strategies pursued by facebook. this law can be easily dealth with setting up your own website, too.

    imho, of course.

    (0) 
  2. Gretchen Lindquist
    Scott,
    Based on my understanding of Safe Harbor from the information posted on http://www.export.gov, it seems to me that the possibility of terminating the US Safe Harbour agreement carries the possibility of a serious impact on US IT landscapes including the SAP implementations, particularly in multi-national businesses. I have to remain hopeful that cooler heads will prevail and the issue resolved before such a drastic step is taken.

    However, as for social networking, yes and no: yes, I think it is here to stay, since it has been embraced by so many individuals and organizations, but mainstream? Perhaps not yet. About a month ago a blog post here on SCN focussing on the benefits of Twitter inpsired me to post a poll over on ASUG.com. The numbers have been fairly consistent over the 5 weeks the poll has been up; roughly 40% of the respondents have access to LinkedIn only or no social networking at all while on their organization’s network.

    Yes, it is likely that many folks get around these restrictions by accesssing social networking sites from personal smartphones, but not all such sites are “phone friendly” and others rely on company-provided devices that are also blocked.

    I just discovered this week that the networking site to be used for TechEd, Pathable.com, is blocked on my organization’s network, and I would bet that this is not the only network blocking it.  I’ll do what I can on my phone, but it will be inconvenient to not be able to go to it when I am using the TechEd web site. So, at this time my opinion is yes, it’s here to stay, but there is still a way to go before it’s mainstream.

    Thank you for sharing the info about the possible legislation and for starting the discussion!

    Cheers,
    Gretchen

    (0) 
  3. Scott Lawley Post author
    Overnight I received an update email, which I have provided below.  This update goes one step further and states that “the law would also forbid certain employee surveillance in the workplace.”  Clearly these are broad statements.  Putting this into context, if I wanted to find the MDM experts at my company based on their contributions to company systems, there would need to be some system in place that mines corporate content and ranks that content based on some algorithm.  This is a very legitmate scenario with many use cases, but would this also fall under the category of “surveillance”?

    PRIVACY LAW — GERMANY
    Law Would Forbid Social Networking Research
    The New York Times reports German Chancellor Angela Merkel’s cabinet Wednesday backed a proposed law that would prevent employers from looking at job applicants’ social networking activities during the hiring process. Under the law, which now moves to the parliament, employers would still be permitted to conduct general Internet searches regarding potential employees. In addition to forbidding social networking inquiries, the law would also forbid certain employee surveillance in the workplace. German Commissioner for Data Protection and Freedom of Information Peter Schaar called the proposal “a substantial improvement on the status quo in dealing with employees’ data.”

    (0) 
  4. Natascha Thomson
    Scott, thanks for sharing. This takes me back to the days when email marketing became ubiquitous though. Lots of “laws” came out all the time and some stayed others did not, and at least in those dates, the legal guidance was to not stick with the letter of the law, as the law will evolve and precedents have to be set before things become set in stone. Not sure if this will apply here…I guess legal guidance on these issues should be sought.
    (0) 

Leave a Reply