Legal Eye: Privacy perils of social networking

'Placebook' goes too far?

'Placebook' goes too far?

A new social networking site allows you to track where your friends are in the real world. But, asks lawyer Patrick Van Eecke, does this new craze for 'social mapping' take privacy law into unchartered territory?

Belysio is a new mobile service which blurs the lines between social networking and the physical world. The promising startup, based in Poland, utilises GSM software to notify friends, colleagues or classmates of the user's geographic location in real time through a downloadable application on their mobile phone.

Much like Facebook, personal data is stored and managed on a website, which users can access via their mobile device. However, unlike existing social networks, Belysio displays your geographic position to other users - so you don't just know how they are, you know where they are.

The service is already gaining huge popularity across Europe, demonstrating the widening gap between so-called 'digital natives' and 'digital immigrants' in their attitudes to privacy.

Digital immigrants like myself may struggle to see the appeal of this sort of software. Once logged on to Belysio, friends and acquaintances can permanently track where you are and what you are doing, providing zero privacy and digitally handcuffing you to network. Whilst there may be some practical applications, such as parents who want to know where their children are, or employers checking up on the whereabouts of their employees, for the digital immigrant the benefits don't outweigh the intrusion.

Digital natives - especially teenagers and children - are, however, less likely to be troubled by this kind of software. To them, Belysio is nothing more than a logical next step in the evolution of email, instant messaging, blogging and tweeting.

Social networking sites such as Twitter already allow you to share your daily life with anyone who is interested. What Belysio adds is an easily accessible bridge with the offline world, allowing you to constantly share your activities and whereabouts, physically as well as virtually.

Whatever threat you think this software does or doesn't pose to privacy, it is not illegal - not even under European data protection laws. Belysio's privacy policy gives detailed information as to which data is collected for which purposes. Since acceptance of the privacy policy is mandatory during the registration procedure, the system has a solid legal basis: users know what they are dealing with and give their consent.

Key issues

1 The rise of social mapping - should social networks keep geographic tabs on users?

2 Behavioural targeting and marketing to youth audiences - drawing the line between tailoring and tracking

3 Legality vs morality - does the law surrounding consent for providing personal data online need to be reconsidered?

Even so, this does not mean there are no privacy issues. Belysio is targeted towards young people under a certain age that still (in theory at least) need parental consent to join. In practice, however, users are as likely to have sought their parents' permission as they are to have actually read the lengthy privacy policy and terms and conditions.

As Belysio reserves the right to transfer the collected data to almost any third party, there is also the prospect of not only the users knowing where each other is, but of marketers and advertisers knowing too.

Before you know it, the concept of digital ads being tailored to whoever is walking by may no longer be the stuff of science fiction, but could soon become a fact of life for the next generation. And it doesn't stop there: in fact, the data collection doesn't stop at all - Belysio reserves the perpetual right to the worldwide and unlimited use of all data and documents uploaded through its software.

The possibilities of Belysio and other social mapping tools may be more frightening than their reality, but it raises an important question around the concept of consent in the web 2.0 age. Belysio, like its virtual social networking counterparts, rests on the fundamental assumption that users are able to protect themselves.

But is the tacit consent of clicking 'yes' to a default privacy policy and skim-reading the terms of service really enough? There is certainly an argument for introducing new legislation to hem in the use of such applications and to make the act of consent more explicit.

Without it, today's youth could be plagued with an indelible digital trail years from now. Or perhaps that's just the outdated reflex of a digital immigrant.

Patrick Van Eecke is a partner in the technology, media and commercial group at law firm DLA Piper.