In may 2014, Snapchat got a warning from the Federal Trade Commission (FTC) for not being transparant enough towards it’s users.
The FTC came to a settlement with Snapchat. From now on, Snapchat needs to be transparent towards it’s users. They must also implement an extensive privacy program. This privacy program will be inspected annually by the supervisory authority for the next 20 years.
So what are the do’s and dont’s regarding collecting personal data?
For instance, you are not allowed to collect location data of your users without notifying them in advance.
So, as a controller of the data, you have the obligation to notify the people you collect data from. This duty will become even more strict once the European Data Protection Regulation is implemented.
- The identity and contactdetails of the controller (name, adress of the company and the privacy officer);
- The purpose(s) of the data processing (for instance: “we collect your data in order to process your order and to be able to send the products to you”) and the security measures taken;
- The period of time the personal data will be saved for;
- The rights of the users: they have the right of inspection and correction of their data, but also the right to have data removed or the right to file a complaint at the supervisory authority;
- Information about the recipients of the data (all third parties);
- In case of profiling this needs to be reported as well.
Snapchat actually got away with it this time, since they did not receive a fine. All companies offering their services within the EU will risk a fine as soon as the European Data Protection Regulation is at force. This fine can be up to € 100.000.000,-, or 5% of the annual turnover.