Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
What is the legal status of those running social networking sites and online forums and which exemptions apply under the Data Protection Act 1998 (DPA 1998)?
The DPA 1998, s 36 provides an important exemption to the application of the data protection principles under the Act. It applies when personal data is processed by an individual for their own personal purposes.
Whilst this covers many individuals using social networking sites, new guidance from the ICO makes it clear that businesses or organisations that use social media do not fall within the exemption and continue to have responsibilities under the DPA 1998. The guidance clarifies that this is still the case even if an organisation gets a member of its staff to do the processing for it through their personal networking page.
The crucial analysis is whether the processing is for the organisation’s purposes or the purposes of the individual’s personal, family or household affairs. As ever, the distinction blurs where the organisation consists of, for example, groups of friends or is a recreational club but the guidance provides useful examples of the ICO’s thinking on different scenarios.
Obligations under the DPA 1998 fall upon the data controller. The guidance provides some useful insight into the applicability of the DPA 1998 to those running sites onto which personal data is posted by third party subscribers. In the case of The Law Society and Others v Rick Kordowski (Solicitors from Hell)  All ER (D) 46 (Dec), the defendant moderated posts and charged a fee for adding or removing them. Mr Justice Tugendhat had no hesitation in accepting that Mr Kordowski was a data controller under the DPA 1998 and this was not disputed by any party.
Even when content is not moderated, the guidance states the organisation running the site may remain a data controller for the purposes of the DPA 1998. The ICO would expect such data controllers to take ‘reasonable steps’ to check the accuracy of any personal data posted on the site by third parties. Under the guidance, ‘reasonable steps’ include:
Helpfully, the guidance explains how the ICO will advise members of the public who complain to them about unfair or inaccurate posting about them. Where complaints are made about posts by businesses, organisations, or individuals acting for non-domestic purposes, they will ultimately be considered in the normal way. However, in the first instance, the ICO will advise members of the public who feel aggrieved to deal directly with the site. The ICO’s expectation is that those running a social networking site or online forum will have policies in place to deal with:
The ICO guidance ends with a useful overview which considers the possible application of further exemptions and legislation.
For the full original news analysis and further guidance, (Lexis®PSL IP & IT subscribers), please see:
Social networking sites, online forums and the application of the DPA
Data Protection-overview for more on the data protection principles
The Law Society and Others v Rick Kordowski (Solicitors from Hell)  All ER (D) 46 (Dec)
Ben Horton, solicitor in the Lexis®PSL IP&IT team
0330 161 1234