This article has been updated from its original version published in October 2016.
The internet continuously enhances our ability to connect people and contextualize big data from around the world. Connections are better understood by organizing and visualizing information in different ways. For example, organizing content by location allows viewers to leverage the context of information—whether it’s discovering which store location a customer complained at, or where a crime is happening.
Data discovery tools like Echosec are changing what it means to publish publicly-available content on social media. Location-based information on social media is now discovered and used by almost every industry, from law enforcement to retail. Social media privacy and individual data rights are quickly evolving as a consequence.
Since the Cambridge Analytica scandal unfolded in 2018, social media providers like Facebook and Instagram have tightened their security settings and no longer allow broad monitoring. Regulations such as the GDPR also hold organizations more accountable for how they collect and use individuals’ data. This article explores how Echosec, a data discovery tool, approaches data collection and the ways this product respects user privacy.
What Is Echosec?
Echosec is an information discovery platform. It gathers publicly available, constantly changing data and allows users to filter data by location, keyword, date range, author, and provider. Echosec aggregates data from 17 different social media, blog, and news providers, excluding Facebook and Instagram. Echosec discovers and contextualizes information critical to organizations around the world.
What Does “Publicly Available” Mean?
“Publicly available” describes information visible to anyone online. For example, a company’s homepage is publicly available; their internal documents are not.
This definition applies to social media as well. Social media posts are publicly available if users set their security settings accordingly. Private messages between users on social media however, are not publicly available.
When a post is deleted, or the owner changes its visibility to private, it is no longer publicly available. This is true even if the user’s account remains active and open to the public. Similarly, if a user hides their account or makes it private, their posts stop being publicly available.
When a public post is modified, only the modified version of the post is publicly available. There is essentially no difference between editing a post, or deleting and re-creating the post. As a result, users maintain the right to keep their public information accurate and up to date.
Why Is This Important?
Some location-based search engines have large data warehouses that contain historical social media data. These search engines have the ability to retrieve many years worth of posts, whether these posts are still publicly available or not. This means they may not respect modifications to posts, instead showing the content of a post when it was originally retrieved.
Since much of the data Echosec displays comes from social media, the product has a steadfast approach to social media privacy, data storage, and transparency. Echosec performs searches and discovers data similarly to other products. The key differentiator is that Echosec does not store data from these searches. This is a defining and intentional characteristic of the product.
For example, if a post is removed or privatized by a user, it also disappears from Echosec searches. If a post is modified by a user, Echosec only retrieves the updated version. Echosec adheres to “Right to be Forgotten” principles that are practiced in most developed nations around the world. The “Right to be Forgotten” means respecting changes made to the public record, even on social media.
Clearly, there are ethical responsibilities attached to working with public social data. For this reason, Echosec has constructed this document, which describes the company's approach to issues around privacy, data storage, and transparency. This document continues to evolve as new laws such as the GDPR are passed and outdated policies are removed. By respecting all of these principles, Echosec is able to operate legally and ethically in major jurisdictions worldwide.
10 Ways Echosec Respects User Privacy1. Consent for Collection
When a user signs up for a social media account, they consent to the public display of their information. It is the responsibility of each social media provider (Facebook, Twitter, Instagram, etc.) to attain this consent at the time of sign up. Most of them acquire this consent with a checkbox and a “terms of service” document.
Data providers get consent from their users, which allows them to display public social media data. When someone signs up for Echosec, they give consent for the collection of their information. This includes sign-in credentials, user credentials, and search boundaries. If anyone is concerned about what information they’re giving a company access to, they should read the terms of service upon signing up and raise any concerns with the company.2. The Right to Be Forgotten
Users do consent to their information being publicly displayed when they sign up for social media accounts. As mentioned earlier, they do NOT consent to losing control over their information. Users reserve the right to delete or update their information at any time. Echosec respects the right to be forgotten—this applies to Echosec customers and individuals whose public information is accessed.3. Data Accuracy
Individuals have a right to ensure that their personal information is accurate. Data owners must be allowed to update their personal information and correct any inaccurate data. Because Echosec does not store data, any changes made by the user automatically replaces old information.4. Transparency
The collection of personal information should be limited to only what is necessary, and should be collected by fair and lawful means. Echosec only retrieves information that is necessary to perform its searches. For example, searches cannot violate the subjects’ privacy or surveil individuals or groups for any unlawful or discriminatory purpose.
More details can be requested from Echosec’s privacy officer (firstname.lastname@example.org).6. Accountability
Any organization accessing an individual's personal information should be held accountable for that individual’s privacy rights. Without accountability, there’s no motivation to adhere to any of the privacy principles outlined in this list.
Echosec is accountable for any and all personal information it collects. The company’s Chief Privacy Officer ensures that the company adheres to privacy objectives and evaluates each client’s use case before delivering the software.7. Limited Retention
If personal data is no longer required, then it should be discarded securely. Echosec only retains personal information as long as is needed to perform a search. It is then promptly discarded from its caches in accordance with each data provider’s terms of service. Typically, the information comes and goes from Echosec servers within minutes.8. Individual Access
Individuals reserve the right to have access to any information collected about them. If users lose access to their personal information, they’ve effectively lost control over it. This violates the principles of transparency, accuracy, and the right to be forgotten. Upon request, Echosec informs individuals about any personal information collected about them. Individuals may challenge the accuracy or completeness of that data at any time.9. Data Security
Personal information should be kept safe. Data held by Echosec's short-term cache is tightly secured against unintended access. All data is kept separate from other customers by advanced federated sharing technology. Access to the servers themselves is secured by asymmetric authentication.10. Compliance Challenges
Individuals are allowed (and encouraged) to challenge an organization’s compliance with privacy. If you believe a company is violating any of the above principles when dealing with your personal data, challenge them!
Echosec is compliant with the privacy legislation of British Columbia and Canada, as well as the GDPR. The company has performed a Privacy Impact Assessment (PIA) to demonstrate this. Individuals can challenge Echosec's compliance by contacting the company’s Chief Privacy Officer at: email@example.com.
Echosec is a powerful tool. Echosec Systems Ltd. takes great care in setting the highest standards for privacy and education in the world. The company participates in regular dialogue with the public, including teachers, trainers, and privacy regulators across the globe.
Any individual with concerns about Echosec's privacy compliance are encouraged to contact the Chief Privacy Officer of Echosec at firstname.lastname@example.org.
Book A Demo to Learn More About Echosec