Yesterday, I realized I have a criminal side. Of course, I know that I have a bit of a history for speeding. And I’ve had my share of parking fines. But until yesterday afternoon, I didn't think I had ever violated someone else's property rights. Now I know that I have – and I do it quite regularly as well.

Yesterday, I attended a session by Barry Ryan, Director Policy & Communication at EFAMRO – the European Research Federation. I’m interested in privacy issues and have been attending some of the privacy debates hosted by Esomar. And yet, during Barry’s talk, the real impact of the current European Data Protection Act rules took me by surprise.

Some of the things I learned:

  • The data protection laws talk about data. Data is defined as every type of information in a machine (device). When I’m talking and you’re listening, there’s no data. When I’m talking and you record my voice or take a picture, there’s data.
  • The second level is called personal data. This one is important for market research. Personal data is data that relates to a living individual who can be identified a) from that data, or b) from that data and other information that is in the possession of, or is likely to come into the possession of, the data controller.
  • You can't process (and subsequently share) any information on a personal level without consent from the individual.

So, when you share in a presentation or a report a screenshot from Facebook that includes a personal identifier, you’re in fact breaching the law. And while you can analyze tweets within the Twitter domain (as that falls within the Twitter terms of agreement), if you download that same information for the purpose of analysis, you’re breaching the law – again.

Something else to consider is copyright. In Europe, copyright is automatically created when a person creates a copyrightable work, which can be text, drawings, graphic designs, logos, sound recordings, films, photos, or computer programs (software). Copyright protection lasts the life of the author plus 70 years. So, every time you use an image or photo in a report or presentation or blog post that is copied from a social network or from Google Images, you’re (again) breaching the law.

Think this is only an academic discussion? Could be, as many in the industry believe that “people realize that when they post something on social networks, it is in the public domain.” But that's not true. During the riots in London last year, the BBC got caught up in its own copyright battle over a picture it took from Twitter. Or remember the infamous Nielsen BuzzMetrics “patientslikeme” incident.

Are you sure you will not end up in a similar situation? Do you take the proper precautions?

The Data Protection Act requires you to process personal data fairly and lawfully. I’m confident that’s what we all try to do on a daily basis. And yet are we breaching the Act over and over again.