2 July 2014
A headline in my newsfeed caught my eye and I thought it was worth a quick mention. According to the BBC, Facebook took part in a psychological study, together with Cornell University and the University of California at San Francisco, the purpose of which was to find out if there was any experimental evidence that emotional states can be transferred to others by emotional contagion.
They did this by manipulating the extent to which people were exposed to emotional expressions in their Facebook news feed. They found that "when positive expressions were reduced, people produced fewer positive posts and more negative posts; when negative expressions were reduced, the opposite pattern occurred." The research has been criticized because participants didn't know they were taking part.
What's interesting about this is that Facebook allegedly said that none of the data used was associated with a specific person's Facebook account.
If that's true, then under the PDPA (and to be clear, this is a hypothetical; Facebook is actually being investigated by the UK Information Commissioner's Office, not the Singapore Personal Data Protection Commission, and the investigation is in relation to breaches of UK laws and not Singapore laws) this may not constitute personal data to begin with. Personal data, under the PDPA, must be data that can identify an individual, or that can identify an individual if it's combined with other information that an organisation has or is likely to have access to.
That said, most personal data on Facebook, from status updates to photos to tagging or being tagged by friends, is tied to specific Facebook accounts, and this makes me wonder how the study would've been conducted if none of the data was associated with any specific Facebook account, as this would exclude (amongst other things):
This seems unlikely to me, as I would expect that the researchers would have needed to track the specific Facebook accounts whose news feeds they had manipulated in the first instance, in order to check for subsequent emotional contagion.
What if it turns out that the data used in the study was indeed personal data (despite Facebook's claim to the contrary)?
If the data used in the study was indeed personal data, Facebook would require consent to: (i) use the personal data for the study; and (ii) if they didn't first thoroughly anonymise the data so that it no longer constitutes personal data, disclose the personal data to the researchers from Cornell and the University of California at San Francisco, unless there is a research exception that would apply under UK law. The Singapore PDPA has some exceptions for using or disclosing personal data for research purposes, but they only apply if certain criteria are met, and they may not have been met in this case.
This should be an interesting case to follow. Facebook has received criticism in the past for frequently changing their privacy practices. If Facebook is ultimately found to be in breach of UK privacy laws, I'm curious to find out whether any penalties imposed will have a significant impact on Facebook's behavior in the future. From a commercial perspective, financial penalties may simply form part of a company's operating expenditures.
Associate Director, BR Law Corporation
Post date. Edit this to change the date post was posted. Does not show up on published site. 2/7/2014
Subscribe to our Newsletter
Subscribe to our quarterly newsetter to keep up to date with a wealth of insights from the BR Law, BR Family Assets and BR Corporate services team.
The posts found in this Law Blog are not legal advice, nor are they given for the purpose of providing legal advice.
You should contact your lawyer for legal advice if you need legal assistance.