Social media data is increasingly becoming an invaluable asset for marketing teams, and businesses are regularly coming up with new and exciting ways to make use of this data.
But London-based law firm Kemp Little warns that restrictions on use of social media data are becoming an "elephant in the room," because so few organisations are aware of their legal obligations when it comes to handling this kind of data.
Social media data applies to any information generated in connection with social activities online. This could be demographic data (name/age/gender/religion), location data (where a person is at a given time), interaction data (friendship groups/level of activity/engagement), or preferences (interests/buying habits/opinions).
In some cases, organisations can obtain anonymised data from social channels, with which they can gain aggregated insights about customers or target groups. In this case the data cannot be linked back to any particular individuals for targeting purposes.
In other cases, user data is obtained directly from social networks such as Facebook - for example, through apps, brand page metrics, registration through Facebook Connect, or plugins (such as the Facebook 'Like' button). In these cases, the data can be traced back to particular individuals.
When dealing with this second category of social media data, there are several considerations that organisations need to be aware of. For example, all social media data is subject to Data Protection laws, meaning that it should only be obtained for a specific purpose and should not be kept for longer than is necessary.
Another question is around ownership of the data. Organisations must find out whether there is any intellectual property contained within the data, and if so whether it is subject to copyright or confidentiality regulations.
Most social media companies attempt to deal with these issues in their terms and conditions. For example, Facebook's T&Cs state that "you will only request the data you need to operate your application," and "you must obtain explicit consent from the user provided the data to us before using it for any purpose other than displaying it back to the use on your application".
However, Suzy Schmitz, senior associate at Kemp Little, warns that the language used by these social media platforms is often ambiguous, and the terms tend to change from time to time - often without notifying the relevant organisation.
"There is likely to be a disconnect between what the terms say you should do, and the data that you are easily about to access," she said.
Organisations that get this wrong, and end up using social media data inappropriately, are at risk of both reputational damage and potential legal repercussions. They therefore need to take extra care to ensure that they are complying with all the necessary regulations.
Sign up for CIO Asia eNewsletters.