On January 1, 2020, the California Consumer Privacy Act (CCPA) came into effect and it's kind of a big deal—it’s the first data privacy law of its kind in the US, and applies to any organization using California-based data, regardless of where they are located. The CCPA gives Californian consumers (1) the right to access data an organization and any third parties have collected about them, (2) the right to opt-out of data collection, and (3) the right to sue an organization if privacy guidelines are violated.
These laws greatly impact how online data is gathered and used worldwide—both by the data providers themselves and the companies using that data. To function successfully in the long-term, organizations, from law enforcement to retail, must take data privacy laws and providers’ terms of service seriously.
What does it mean to be compliant? And how do organizations benefit from using data tools and services that respect privacy laws and providers’ terms of service?
What Does “Terms of Service Compliant” Mean?
Organizations rely on providers (e.g. Twitter, YouTube, and more obscure websites and social networks) to access relevant, publicly-available data—such as public social media posts. Even though this data is public, it can’t be legally or ethically used without consent. Mainstream providers typically outline terms of service and privacy policies that explain how users consent to their data being collected and used. These policies also generally comply with regional data privacy laws such as the GDPR.
Data gathering and analytics companies are responsible for how their tools and services are used to comply with privacy laws and providers’ terms of service. Every data company approaches compliance differently, and organizations are accountable for the compliance of the tools and services they use to gather data.
Why Is Compliance Important?
Organizations shopping for data discovery solutions will find that data companies vary in their compliance stance. For example, one data company might restrict a law enforcement client’s access to any Twitter data while a competitor permits Twitter access, even if this violates Twitter’s terms of service. What are the benefits of using data tools and services that value compliance over access?
For one, using privacy-centric tools is a business advantage. In the past, data companies have lost provider access or were forced to shut down completely after their compliance violations were publicized. This can result in service interruptions, major public scandals, and financial loss for both the data company and their clients.
Many jurisdictions have strong privacy legislation, including California, Canada, and the EU. Privacy compliance is therefore crucial from a global business perspective, especially if companies wish to develop a global presence and handle personal data from residents in these regions.
It should go without saying that respecting individual privacy, whether in the digital or physical realm, is the right thing to do from both a human and a business perspective.
The Fall of Geofeedia
If you’re reading this, you’re probably aware of Cambridge Analytica’s demise in 2018 for violating Facebook users’ data privacy rights to inform political campaigns. A lesser-known scandal with the social media intelligence platform Geofeedia shows how compliance violations failed the company. As a former Echosec Systems competitor, where did Geofeedia go wrong?
Geofeedia was used by police agencies and other large clients to source geolocated social media data, including full access to Twitter, Facebook, and Instagram. In October 2016, the ACLU published an exposé that used Freedom of Information requests to retrieve Geofeedia’s private marketing emails to police.
These emails documented how Geofeedia enabled law enforcement to violate Black Lives Matter protest leaders’ privacy rights. As a result of the controversy, Geofeedia lost access to Twitter, Facebook, and Instagram data overnight. The firm ceased to exist as a competitor shortly after.
What Is Echosec Systems’ Stance on Compliance?
Data privacy rights and provider compliance are at the forefront of Echosec Systems’ values and platform delivery. The company sets itself apart from competitors by valuing compliance over data access, both from a business and ethical perspective. Echosec accomplishes this by:
- Complying with Canadian and international law, including data privacy legislation such as PIPEDA, GDPR, CCPA, and the Universal Declaration of Human Rights
- Developing partnerships with major data providers, such as Twitter and YouTube, to ensure compliance, and excluding providers (ie. Facebook, Instagram) that prohibit broad monitoring
- Enforcing a use case approval process and client auditing to ensure that the platform is used lawfully and in compliance with each provider’s terms of service. This means that certain use cases, such as policing, have restricted access to certain providers
- Updating platform features to comply with providers’ terms of service
- Monitoring Echosec Systems user searches internally to ensure compliance
Prospective Echosec Systems clients might consider these terms restrictive. However, we view them as necessary to give clients a sustainable and reputable solution, enforce that our tools are used in the public’s best interest, and to set an industry standard as data privacy laws are enforced worldwide.
The idea that “data is the new oil” has become widely publicized in recent years. Even though the comparison is disputed, one thing is certain: online data has become a fundamental part of how organizations worldwide operate, from law enforcement to retail and everything in-between.
This widespread data use raises the issue of how data is acquired and used, and how individuals’ data rights are protected—especially in the fallout of companies like Cambridge Analytica and Geofeedia. In search of valuable online data, organizations will likely find opportunities to use discovery tools and services that offer broader data access at the expense of compliance and data privacy laws.
The world as a whole is rapidly moving towards stricter rules and improved data privacy rights. As the data discovery industry grows, compliance standards will increasingly impact the success, reputation, and even the existence of organizations worldwide.
Looking for a compliant data discovery solution? Book a demo today.