<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=254990494906321&amp;ev=PageView&amp;noscript=1">

How Provider Compliance Protects Your Organization (and the Public)

Alex Ciarniello January 9, 2020 Privacy, Information Security

On January 1, 2020, the California Consumer Privacy Act (CCPA) came into effect and it's kind of a big deal—it’s the first data privacy law of its kind in the US, and applies to any organization using California-based data, regardless of where they are located. The CCPA gives Californian consumers (1) the right to access data an organization and any third parties have collected about them, (2) the right to opt-out of data collection, and (3) the right to sue an organization if privacy guidelines are violated. 

corporate office high rise windows terrace

The CCPA and other similar laws, such as PIPEDA and the GDPR, signal a global trend towards improved data privacy rights.

These laws greatly impact how online data is gathered and used worldwide—both by the data providers themselves and the companies using that data. To function successfully in the long-term, organizations, from law enforcement to retail, must take data privacy laws and providers’ terms of service seriously.

New call-to-action

What does it mean to be compliant? And how do organizations benefit from using data tools and services that respect privacy laws and providers’ terms of service?

What Does “Terms of Service Compliant” Mean?

glasses on document fine print legal

Organizations rely on providers (e.g. Twitter, YouTube, and more obscure websites and social networks) to access relevant, publicly-available data—such as public social media posts. Even though this data is public, it can’t be legally or ethically used without consent. Mainstream providers typically outline terms of service and privacy policies that explain how users consent to their data being collected and used. These policies also generally comply with regional data privacy laws such as the GDPR.

For example, Twitter has a Terms of Service, Privacy Policy, and Developer Agreement. Section VII of Twitter’s Developer Agreement specifies that content cannot be used by public sector entities to surveil, track, or investigate individuals and sensitive events including protests. This means that Twitter data cannot legally be monitored by the government or law enforcement without a search warrant—something law enforcement agencies, for example, should consider when choosing tools or services for gathering online data.

Data gathering and analytics companies are responsible for how their tools and services are used to comply with privacy laws and providers’ terms of service. Every data company approaches compliance differently, and organizations are accountable for the compliance of the tools and services they use to gather data.

Why Is Compliance Important?

corporate people walking past a window outsite

Organizations shopping for data discovery solutions will find that data companies vary in their compliance stance. For example, one data company might restrict a law enforcement client’s access to any Twitter data while a competitor permits Twitter access, even if this violates Twitter’s terms of service. What are the benefits of using data tools and services that value compliance over access?

For one, using privacy-centric tools is a business advantage. In the past, data companies have lost provider access or were forced to shut down completely after their compliance violations were publicized. This can result in service interruptions, major public scandals, and financial loss for both the data company and their clients. 

Many jurisdictions have strong privacy legislation, including California, Canada, and the EU. Privacy compliance is therefore crucial from a global business perspective, especially if companies wish to develop a global presence and handle personal data from residents in these regions. 

It should go without saying that respecting individual privacy, whether in the digital or physical realm, is the right thing to do from both a human and a business perspective.

The Fall of Geofeedia

If you’re reading this, you’re probably aware of Cambridge Analytica’s demise in 2018 for violating Facebook users’ data privacy rights to inform political campaigns. A lesser-known scandal with the social media intelligence platform Geofeedia shows how compliance violations failed the company. As a former Echosec Systems competitor, where did Geofeedia go wrong? 

New call-to-action

Geofeedia was used by police agencies and other large clients to source geolocated social media data, including full access to Twitter, Facebook, and Instagram. In October 2016, the ACLU published an exposé that used Freedom of Information requests to retrieve Geofeedia’s private marketing emails to police. 

These emails documented how Geofeedia enabled law enforcement to violate Black Lives Matter protest leaders’ privacy rights. As a result of the controversy, Geofeedia lost access to Twitter, Facebook, and Instagram data overnight. The firm ceased to exist as a competitor shortly after. 

What Is Echosec Systems’ Stance on Compliance?

Echosec home page screenshot-1

Data privacy rights and provider compliance are at the forefront of Echosec Systems’ values and platform delivery. The company sets itself apart from competitors by valuing compliance over data access, both from a business and ethical perspective. Echosec accomplishes this by:

  • Providing compliance transparency through its Acceptable Use Policy and Enforcement, Privacy Policy, and Terms of Service documents
  • Complying with Canadian and international law, including data privacy legislation such as PIPEDA, GDPR, CCPA, and the Universal Declaration of Human Rights
  • Developing partnerships with major data providers, such as Twitter and YouTube, to ensure compliance, and excluding providers (ie. Facebook, Instagram) that prohibit broad monitoring
  • Enforcing a use case approval process and client auditing to ensure that the platform is used lawfully and in compliance with each provider’s terms of service. This means that certain use cases, such as policing, have restricted access to certain providers
  • Updating platform features to comply with providers’ terms of service
  • Monitoring Echosec Systems user searches internally to ensure compliance

Prospective Echosec Systems clients might consider these terms restrictive. However, we view them as necessary to give clients a sustainable and reputable solution, enforce that our tools are used in the public’s best interest, and to set an industry standard as data privacy laws are enforced worldwide.

New call-to-action

The idea that “data is the new oil” has become widely publicized in recent years. Even though the comparison is disputed, one thing is certain: online data has become a fundamental part of how organizations worldwide operate, from law enforcement to retail and everything in-between.

This widespread data use raises the issue of how data is acquired and used, and how individuals’ data rights are protected—especially in the fallout of companies like Cambridge Analytica and Geofeedia. In search of valuable online data, organizations will likely find opportunities to use discovery tools and services that offer broader data access at the expense of compliance and data privacy laws. 

The world as a whole is rapidly moving towards stricter rules and improved data privacy rights. As the data discovery industry grows, compliance standards will increasingly impact the success, reputation, and even the existence of organizations worldwide.

Looking for a compliant data discovery solution? Book a demo today.

BOOK A FREE DEMO

 

THE INTEL

Quarterly updates, news and opinionGET THE INTEL

READ MORE

New call-to-action
New call-to-action
New call-to-action
PROTECTING PEOPLE, LOCATIONS, ASSETS