Terms and conditions apply: here’s why you should read them.

Furores and Facebook

Back in 2013, everyone online seemed to be up in arms over their Facebook profile picture being “suddenly” used to advertise company and business Facebook pages. covered this story quite extensively, and succinctly encapsulated the crux of this online drama:

“The advertisements, known as social ads, are tailored in an attempt to provide users with more relevant ads. For example, if you ‘Like’ Nike’s company page, your friends may see a Nike ad alongside their feed, which may include a thumbnail of your profile picture and the fact that you ‘Like’ the company’s page. The belief is that if you like a company or brand, there’s a good chance your friends may feel the same way.”

Facebook, in response to the uproar, simply referred its growing user community to the Terms and Conditions related to signing up for the big, bold, and blue social network. Therein between the fine print, lay the nugget that yes, once you’ve signed up to Facebook, your profile picture and other personal data could, indeed, be used for commercial purposes. That cute selfie you snapped on your way out to a big night out was now advertising collateral for not only Facebook, but the companies, businesses, and characters who use Facebook Pages to promote their activities, products, and personalities. Your secret admiration for Kim Kardashian was no longer such a secret.

Terms and conditions apply

This Facebook furore did one important thing: it was the beginning of a fundamentally important conversation around personal data ownership into mainstream conversation. Suddenly, even your Aunt Sally was talking about how her picture was being used to promote your next door neighbour’s grocery store, and she wasn’t entirely comfortable with it either. Well, she shouldn’t have been, but then maybe she should’ve read the terms and conditions first. Perhaps we all should. Nay. It should be an essential. Moving ahead a few years, many of us shivered when the company name “Cambridge Analytica” came to light. Since then, our global knowledge around the importance of personal data protection has continued to grow.

Data ownership and online platforms

But it’s often the size, scroll length, language and complexities attached to Terms and Conditions documents that has all of us mindlessly scrolling through them, clicking “Accept” or “Yes” and then merrily moving on to check our emails. Of course, online service providers could make their Terms and Conditions documentation more concise, and easier to read, but they also have to ensure they’ve protected their own interests from a legal standpoint too. In fact, that’s exactly what Facebook did during the Great Profile Picture Drama of 2013 – they revisited their Terms and Conditions documentation, and simplified it. Nowadays, it’s no surprise to you, or your best friend from high school, that you once liked a Facebook Page run by the guy one of you had a crush on for a week while on holiday. Your support of his business is part and parcel of the advertising collateral you see every day as you scroll your Facebook timeline.

Who controls my data under GDPR?

And that’s one of the reasons why GDPR came to be. Using personal data, information, and yes – even your profile picture – for advertising or any other method, mechanism, system, or procedure, has become near-essential for every business in the world. Where once oil was the great wellspring of money and fame, it’s now data. Your data, and that’s why the GDPR aims to put the power over your profile picture back into your pocket.

Consent is regulated

Where consent is required, the manner in which organisations get your consent to obtain, store, and process your personal data is highly regulated. The purpose and process must be legally sound, and you must be informed, upfront, of every iteration or purpose for using or storing your personal data. Obtaining your consent to use your personal data is, however, not as simple as a little Yes/No tick box anymore. Instead, GDPR compliance is an essential for companies, businesses, and services. And, should they be found to be non-compliant in terms of the GDPR, administrative fines will apply. Moreover, GDPR non-compliance could also lead to warnings, system terminations, or data transfers being halted entirely. That level of punitive measure would lead to a significant bump in the road for many businesses. One that many businesses would not be able to overcome.

Your rights and responsibilities

Under GDPR, you have the right, power, and responsibility, to ensure your personal data is being utilised lawfully, in accordance with your consent, where consent is required. Moreover, as the protection of personal data has become a fundamental business objective, it’s time we all took data protection seriously.

At ProPrivacy, we help companies and businesses ensure they stay on the right side of regulation, using technologies like Serity and experts like Philipa. Get in touch with our team if your business needs advice on data protection and compliance solutions.