GDPR and Linked In

Transcript of the Video

Good evening. Suzanne Dibble here, data protection law expert, coming to you raw and uncut on a Saturday evening, just sneaking in a video before we get to midnight, to honor my commitment of doing a video a day until GDPR comes into force on the 25th of May.

So I wanted to do a very quick video tonight because it's Saturday night and I really want to go the bed. And so what I'm going to be talking about is GDPR and LinkedIn. Now, we've had questions in the group about prospecting and using LinkedIn. The quick good news is that from the horse's mouth, i.e. the ICO, the Information Commissioner's Office, who is the supervisory authority for the purposes of data protection in the UK, from the horse's mouth, LinkedIn is all fine. So marketing communications ... Sorry, not marketing communications. LinkedIn activity in itself is not affected. So let me just find my notes on this and I'll talk you through that. That was the quick don't worry about the LinkedIn answer if you only watch the first minute of this video.

Okay. So, the ICO's position is that LinkedIn ... Let me just move my notes down. LinkedIn is the data controller and has primary responsibility for ensuring compliance with GDPR. And that includes communicating clearly to members how their data will be used, as we know anybody that collects data needs to give that information at the point that they collect the data. As well as being responsible for ensuring data security, as you would hope that they are doing. Hopefully, they're keeping all of our data very secure.

Now, where it changes is that if a member of LinkedIn takes data off the platform or shares data with a third party, then that person becomes the data controller, and then you are responsible for complying with all of the various GDPR laws. So I think, I mean, thinking about it logically when people join LinkedIn, you do expect that members are going to communicate and network with each other. That's kind of the whole purpose of it. So essentially, day to day use of the platform isn't impacted by GDPR.

But let's take it a little step further and think about things like InMails because now, I'm not a big LinkedIn user, actually, but I do know about InMails, and I know that you can obviously message your first-degree connections, but you can also send InMails, like private messages, I guess, to second and third-degree connections. So what about that? Well, again, the ICO themselves have said ... Well, they were asked the question about a scenario where a premium user sends an InMail to somebody that they don't know, and the ICO said that actually, it's not really so much a case for GDPR. It's more about the ePrivacy ... Well, the draft directive, actually, which it was supposed to be coming into force alongside GDPR but it's been significantly delayed. And that is all about sending unsolicited emails.

Now, I'll do another video probably ... It's probably not worth doing it now because of the ... Well, no, I will. I'll dig out the draft ePrivacy directive because I think we've had a lot of questions about this. So I'll dig that out and we'll be going through that in a little bit of detail. It's not GDPR, that's what this group's all about, but I think it does impact on a lot of what we're talking about. And that act, actually, the ePrivacy regulations do differentiate between corporate subscribers and personal subscribers. I don't want to get into that in this video, but so for example, if a ... And I think this is what the ICO said was that if somebody using a corporate account sends an InMail through LinkedIn to an individual who uses a personal email as their primary LinkedIn contact, then there could be issues there under the ePrivacy draft directive. So I'll dig that out and we'll do a little video about that.

So in summary, with LinkedIn, if you're using it in the normal way, then I think that's absolutely fine. And again, it is very much ... I think we've got to take a risk-based approach to all of this. And in fact, I was just reading something then be useful to read it out, actually. But I was reading something about the approach that the ICO will take and they know all the statistics that over 50% of businesses won't be compliant with GDPR by the 25th of May, and they recognize the challenges that they have in enforcement, but they repeat again that they're the type of agency that wants to work with businesses to help them become compliant rather than ... I think their words were, "We work with the carrot and not with the stick," is how the ICO works.

So with a platform that so many of us like LinkedIn, for the ICO to come along and say, "Actually, the strict letter of GDPR means that you can't message ... You can't prospect and you can't send InMails when that's a service that LinkedIn offers," I think would be ... I just don't think they would ever do that.

Oh, look at my plasters on my cracked knuckles here from washing my hands so much because of the dog. It's a good look, isn't it? It's attractive. But thank you to everybody who's given me some suggested solutions to that on Facebook tonight. I appreciate it. So yeah, in summary, LinkedIn all good. Continue to use it as you have been doing. It's when you take the information off LinkedIn that you need to look at it fresh and look at it as though you are collecting that data and all of the things that I've said previously about what you need to do when you collect personal data and process it applies. If you're unsure on that, then go and watch the two-hour training that I did on this a few days ago, which you can access from the pinned post in this group.

So, you guys, some good news for a Saturday night. And I'm going to do a more of a ... I'll probably do a Facebook Live, actually, in the week sometime about prospecting generally, and the wider issue. I just wanted to do that. So a short, snappy video for you to reassure LinkedIn users that from the horse's mouth, from the ICO, all is fine with the continued use of LinkedIn.

Alright. Have a wonderful evening, what is left of it. And I will ... Interesting. I'm trying to think of when I can possibly fit in a video tomorrow. I think I might have to get up particularly early and do one tomorrow because I'm taking my mother to see Cirque du Soleil as her Christmas present. I'm taking the dog for his first pup training class, so that could be interesting, and I'm cooking for a friend who's just moved house. So busy, busy day tomorrow, but rest assured, I shall be squeezing a video in, and I will be doing a couple of live streams next week, as well. Thank you for your continued interest in GDPR. Thanks for your encouraging comments to me about my style of video and how it's helping you. Continue to share the group and let's continue the sensible, non-hyped conversation about GDPR. Speak to you soon.