Royal College of Psychiatrists: Social media data should be handed over

Royal College of Psychiatrists: Social media data should be handed over

The Royal College of Psychiatrists has called for social media data to be handed over to academics in order to protect children and young people who are at risk of suicide.

By studying the content that is being viewed, the hope is that new research could help protect users from material that could harm them.

According to an article from The Guardian:

“We will never understand the risks and benefits of social media use unless the likes of Twitter, Facebook and Instagram share their data with researchers,” said Dr Bernadka Dubicka, chair of the college’s child and adolescent mental health faculty. “Their research will help shine a light on how young people are interacting with social media, not just how much time they spend online.”


Data passed to academics would show the type of material viewed and how long users were spending on such platforms but would be anonymous, the college said.

That the data would be anonymised could potentially make this course of action permissible under GDPR, but this data is nonetheless extremely sensitive. Care would have to be taken to ensure that it was shared with academics legally and that users were sufficiently protected.

The idea has received support from other sources as well. The Guardian goes on:

NHS England challenged firms to hand over the sort of information that the college is suggesting. Claire Murdoch, its national director for mental health, said that action was needed “to rein in potentially misleading or harmful online content and behaviours”.


She said: “If these tech giants really want to be a force for good, put a premium on users’ wellbeing and take their responsibilities seriously, then they should do all they can to help researchers better understand how they operate and the risks posed. Until then, they cannot confidently say whether the good outweighs the bad.”

Click here to read the full article from The Guardian.

With the government currently planning measures to make the internet a safer place for users, including setting up an independent regulator and placing a duty of care on online companies, the Royal College of Psychiatrists may well get what they want here.

But with data privacy being a major concern here, there is also likely to be objections. According to the BBC, civil rights group Big Brother Watch stated that users should be “empowered to choose what data they give away, who to and for what purposes”, and that young people should not be treated like “lab rats” on social media.


Brechin High School shares pupil data in assembly

Brechin High School shares pupil data in assembly

There has been outrage after a Scottish school, Brechin High School, shared the personal data of about 50 pupils with other students at an assembly. The data, concerning disabilities and mental health, was included on a slide about such conditions as autism and ADHD.

The BBC reports that:

The presentation covered how pupils can prepare for prelim exams in January.

It then detailed how exam arrangements for children with additional support needs would be different, and listed individual pupils.

The incident is a flagrant breach of GDPR. The personal data of children is considered sensitive as they are vulnerable individuals – and the same applies to the data of people with mental health issues and disabilities.

To share this data with others is therefore a clear breach of data privacy laws. This incident has put these pupils at risk, as well as being a clear breach of trust. The BBC continues by noting that:

Angus Council said the school’s head teacher was contacting the parents of the pupils whose details were shared.

A spokesman said the incident was “unacceptable” and should not have happened “under any circumstances.”

He said: “We apologise for the obvious upset and concern this has caused, particularly to those young people whose details were shown.

“Inquiries are under way to establish the full circumstances of this isolated incident and whether any individual learning requires to be provided.”

The council said the UK Information Commissioner had also been advised of the incident and “appropriate support” would be provided to the pupils affected.

While it’s positive that Brechin High School has recognised its mistake, this is little comfort to those affected. The damage has already been done, and the ICO will respond accordingly.

The school should look first and foremost into how the incident happened in the first place, and identifying whether its staff had sufficient data protection training. The incident shows that there was a clear lack of awareness around certain issues.

If you’re concerned about your employee’s understanding of data protection, contact us today. Our Staff Training services will improve their knowledge and equip them with the awareness to change their actions, minimising the risks to your business and allowing them to confidently handle personal data.

Private messages for sale from 81,000 hacked Facebook accounts

Private messages for sale from 81,000 hacked Facebook accounts

News has broken that 81,000 hacked Facebook accounts have had their private messages stolen. The hackers are now attempting to sell this data on, at the price of 10 cents (8p) per account, and are also claiming that they have obtained details from even more accounts – 120 million – although this has not been verified.

hacked facebook accounts hackerFacebook has already faced huge problems regarding data protection. It was fined £500,000 earlier this year for its role in the Cambridge Analytica scandal, and it now looks like it will be facing further penalties from the Information Commissioner’s Office (ICO). Regardless of the scale of this latest breach, things are looking bad for the social media giant.

Whatever happens next, a new fine will tell us something useful. The Cambridge Analytica scandal took place before GDPR came into effect in May, so the fine against Facebook was brought according to the pre-existing data laws. Specifically, it came under the Data Protection Act 1998. A new fine relating to this latest breach, however, will fall under GDPR.

It’s important to note that Facebook have not been able to hide behind being a US company. And as it turns out, they may have been fortunate that the Cambridge Analytica scandal was exposed before May 25th; it’s impossible to say what the fine would have been under GDPR, but it may well have been considerably greater than £500,000.

No matter what, though, the single biggest issue here is the ongoing risk to users. Facebook is a built around people’s personal data, but has so far been unable to provide adequate protection for that data. If the trend continues, there could be even more trouble ahead for the company.

You can find out more about this latest data breach of hacked Facebook accounts here.

And if you want to ensure that your company is GDPR compliant, make us of our GDPR Gap Analysis to make sure that you avoid heavy fines.