In March 2017 the ICO announced a broad investigation into the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors. We are currently investigating 30 organisations, including Facebook.
One part of this investigation is looking at how data was collected from a third party app on Facebook called “thisisyourdigitallife” and shared with an organisation called Cambridge Analytica. Facebook recently confirmed that information relating to up to 87 million people was captured by the app, with approximately 1 million of these people being UK citizens.
On Monday 9 April 2018 Facebook notified all those whose details were involved, via a message on their Facebook Newsfeed.
What is social media?
Social media refers to a variety of online internet applications that enable you to create your own content and interact with other users. Examples of social media providers are Facebook, Google, Instagram, LinkedIn and Twitter
Facebook has told me my details were captured should I:
Tell the ICO?
Not at this stage. As part of our formal investigation we have requested and seized a great deal of information. We are currently progressing a number of lines of inquiry, including if Facebook has complied with their legal obligations. We don’t currently need further information from those whose personal information may have been involved, but we are here to help people protect their personal information and will be updating this information to help keep people informed.
Delete my social media accounts?
The decision to delete a social media accounts is a personal one for you, but we would certainly encourage all users of social media platforms to review their privacy settings to make sure they are comfortable with the way their information is being used and shared.
As well as telling people if their personal information was harvested by the “thisisyourdigitallife” app, Facebook are also notifying people, via each person’s Newsfeed, which apps they are using. It is very important to note that deleting or removing one of these apps, or deleting your Facebook account, does not automatically delete any data held on the app. Specific steps need to be taken within each app to request the deletion of any personal information it may hold.
How to take control of your personal information on social media platforms
The privacy settings on social media apps and websites should give you control over how your personal information is used. We always advise those who use social media to check their privacy settings before using a particular service and to review them regularly, particularly after any new settings are introduced.
Our factsheets can help you do this on a range of social media platforms, including:
We also have more information about microtargeting, which is a form of online targeted advertising, and how you can limit this targeting on your social media platforms.
If you use other social media platforms you should familiarise yourself with settings that can be adjusted according to your preferences.
The examples presented in this guidance illustrate how to modify your privacy settings on a mobile device using the Android operating system. In some instances, you may also wish to access further privacy settings from a desktop. If you are using another mobile operating system or accessing from a desktop browser, there will be some visual differences, but the settings should be located under similar headings.
The settings presented in this guidance are applicable as of the date of publication of this guidance and are subject to change by the social media provider.
When the General Data Protection Regulation (“GDPR”) is introduced on 25 May 2018, the location, formatting and/or choice of settings available to you may be updated. If you have any queries about how to adjust your privacy settings or exercise your advertising preferences, you should contact the provider of the social media platform you are using.
If you have any further queries or concerns you can contact the ICO.
Some of the content of this webpage has been taken from material published by the Irish Data Protection Commissioner.