Thanks for the offer rudidudi. Will pm an email address. I would very much appreciate also your thoughts on DPA SARs covering twitter and facebook postings.
Sent.
I have touched on DPA, Freedom of Expression and Privacy in the paper (amongst some other areas).
With regards DPA SARs, there are a number of areas for consideration, first initial thoughts:
- DPA SARs apply to the 'Data Controller', hence this would potentially apply to those organisations that hold copies of that information - but is a key issue one of whether an org should be 'snooping' on its emplyees as opposed to whether DPA SARs apply.
- Whether information is 'data', held in automatic processing, structured relevant filing system, etc
- Does a tweet or facebook post constitute 'personal data'?
- Concepts from Durant (notion of biographical significance and data subject as focus)
- Concept from FSA v & Edem case (Durant and idenifiability(sp?) versus 'relates to')
- Drifting into privacy as opposed DPA SAR territory, but to what extent are Twitter and Facebook posts truly public, and therefore whether employers are breaching privacy rights by venturing into the private lives of their employees (or potential employees).
There are potential conflicts between Social Media caselaw and privacy case law - compare for example Crisp v Apple where even 'private' social media posts restricted to friends were considered to be public, and Campbell v MGN and the right to respect for privacy in a public space. Of course this turns on the merits of the case and the content of the post may be of significance.
Happy to discuss if you like...
If it helps those creative juices for titles, another key area will be linkedin and ex employees using it to approach/poach clients.
I've also touched on this regarding ownership of linkedin contacts in the paper. I am sure this will become a hotter area in the future as organisations seek to protect their intangible and intellectual assets. I foresee difficulties in the enforcement of this in the long term though.