I am looking into this at the moment for Facebook and Twitter (they offer a similar service). My understanding is that the hashing process happens on your computer (for Facebook - for Twitter you have to obtain some 3rd party software if you don't want to upload the data and then have it hashed). The hashing process uses an algorithm to convert the text of the email address to a string of numbers. Facebook do this same process for email addresses they have and run the lists against each other to see if they match. They 'discard' the hashed details that they have no match for and then use the matched details to enable you to target specific users on Facebook.
Regardless of the technical issues this is still direct marketing. I am in the process of seeing what other companies who use this service do and updating our privacy/cookie policy (as well as working out how best to tell people we may do this with their information). I would be keen to hear what others are doing with regards to this and I am happy to share anything I find out during my journey of discovery!
A word of warning - although Twitter have added some friendly words to their privacy policy about having a data centre in Ireland 'for data protection purposes', they also retain the right to transfer any data anywhere they have a headquarters.
Lynsey Newton
Data Protection and Quality Officer
Energy Saving Trust |
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 17 July 2015 09:48
To: [log in to unmask]
Subject: Re: [data-protection] Facebook Hashing
I won't comment on the technical aspects as I am not familiar with Facebook, save to flag concerns as to what else facebook might use the hash for.
But it does seem clear to me that this would fall within Reg 22 of PECR (comes within the very wide definition of electronic mail in Reg 2) and you will need a clear consent basis. On what you say also looks difficult to satisfy first DP principle.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Here to help everyone save energy in the home.
Get your personal energy saving action plan at http://www.energysavingtrust.org.uk
Think before you print! Save energy and paper! Do you really need to print this email? Can you print it double sided?
This email and any files transmitted with it are confidential and intended solely for the use of the addressee. The contents may not be disclosed or used by anyone other than the addressee. The Energy Saving Trust cannot accept any responsibility for the accuracy or completeness of this message. Any opinions expressed in this message are those of the sender and may not be binding on the Energy Saving Trust.
The Energy Saving Trust Limited Registered Office: 21 Dartmouth Street, London, SW1H 9BP. Registered in England and Wales No.2622374
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|