Plek blog

Privacy in business chats: do you have everything sorted out?

Can an employer access employees' chat conversations? Has your organization implemented rules and regulations with regard to employee privacy? If you can't really answer those questions yet, it's time to get started. Current keywords: Facebook, Slack, data leaks and the GDPR. What can we learn from all this?

Social media live by the grace of large audiences. That is why many people use WhatsApp or Facebook for communication with colleagues and external partners: it's low threshold and almost everyone is on it. Two-thirds of Dutch organizations do not offer employees a good alternative to consumer tools such as WhatsApp, according to research into the future of internal communication that we carried out last year.

Both platforms have now ventured into business communications: WhatsApp Business and Facebook Workplace. Some high profile companies have already started using Facebook Workplace. They will undoubtedly regard it as an advantage that their employees are already familiar with the platform. But are company data safe? Is privacy an issue at all? Apparently many organizations have the utmost confidence in the big names in (consumer) communication...

Data leak

Recently Facebook's Mark Zuckerberg (also the owner of WhatsApp) had to answer to US Congress. In two hearings, the word 'sorry' crossed his lips several times. In the meantime word has spread about Facebook being aware of a huge data breach for two years. The profile data of at least 87 million people ended up at Cambridge Analytica. In the Netherlands, almost 90,000 Facebook users are affected.

It's obvious that Facebook, a free service, has to make money somehow. We can't say it's a scandal that the platform uses microtargeting. But opening a back door for Cambridge Analytica via a little personality test like 'This is your Digital Life' is, of course, one bridge too far. Besides, stories emerged about Facebook tracking pixels on health insurers' and many other websites.

It's not easy to comply with privacy rules. The new General Data Protection Regulation will enter into force on May 25th. Pertaining certain aspects, the GDPR is more strict than the current legislation. Mark Zuckerberg doesn't let the critiques hold him down. In a 'charme offensive' in the Dutch national newspapers, Facebook says: "New EU legislation means better data protection for you." So does that mean Facebook will adjust its business model?

Private conversations

Another American organization struggling with the new GDPR is Slack. Fast Company reported that from now on employers can download all one-on-one chat conversations and private channel conversations if their organizations has a paid Slack subscription - without permission from employees.

Slack's response was that they added this feature to comply with the new European privacy regulations of the GDPR. And indeed: employees are entitled to access all data that their employer collects about them. But allowing the employer to access all this data without employees' permission just doesn't feel right.

The right to privacy

At Plek, we've also been struggling with how to deal with privacy. We discussed with clients whether an admin should be able to see everything people talk about on our social intranet and community platform. Employees have a right to privacy and this right is quite extensive. Our opinion is that the boss shouldn't be able to access private groups without making himself/herself known. After all, bodies such as the Works Council should be able to do their job without interventions from management, and people who open themselves up to, say, a work psychologist or confidential adviser should feel safe to do so in a private group. That's a fundamental choice we made.

Who's connected to whom?

Another example: Plek offers statistical tools to measure activities and see who is connected to whom on the platform. This information is valuable for organizations. For management, it's nice to have a list of the most active users on internal (social) media. They can deploy these people as influencers. On the other hand, a negative result of these statistics could be that the least active users are also highlighted. The GDPR aims to protect people from such misuse of data. That's why, for example, we have agreed with the Ministry of the Interior that their administrators can only access anonymized statistics.

Nothing in writing

We prefer to be goody two shoes, thereby helping our customers prevent unsolicited trouble. Of course, an employer should sometimes be allowed to access employees' chat conversations - but only if it's absolutely imperative out of business interest. Read all about this on ICT lawyer Arnout Engelfriet's blog. The problem is often that organizations don't have anything in writing to fall back on.

That's why my advice is: draw up your own regulations.

Your regulations should clearly describe in which cases the company's interests trump the employee's right to privacy. Do mind: it doesn't matter which medium employees use to exchange information - Plek, Slack, Workplace or email.

Comply with the GDPR

Our communication platform enables our customers to be GDPR compliant. But don't forget to draw up the essential privacy regulations for you and your employees. If you would like to discuss this with us, let us know: send us an email!

P.S. Did you see our free product tours?

Take a product tour