Please or to access all these features

Add post

Watch this thread

Save thread

Start a new thread

Flip thread

Hide thread

My feed

Active Unanswered threads

Getting started FAQ's

Unanswered threads Acronyms Talk guidelines

Hide shortcut buttons

Talk

Start new thread

Flip

Back to thread

Original poster

MN, FB, marketing companies and our data

6 replies

OhYouBadBadKitten · 20/03/2018 07:39

Hi MN,

Several people expressed concerns about privacy when you introduced the logging in via fb ability. I've a few questions to ask at this point and as there will be other people here who are far more expert in online data on here, these are questions best asked in public. You will know me as a long termer here, who clearly enjoys using this site.

Firstly, with regards to GDPR, how will you be complying with the requirements of new legislation?

How much data do you hold on us? Who do you share it with and how is our information held?

When we fill out daft and not so daft marketing surveys on here, what are the data protection requirements incumbent on both yourselves and the marketing companies?

Have Cambridge Analytica ever been one of the companies that have gathered data through you, either overtly, or covertly under other trading names?

Have any other analytical companies gather political or other information on users, other than for marketing products purposes?

Please can you reiterate and summarise what permissions are given to facebook when logging into this site. Are these permissions limited to data held only by the user, or to their friends list as well?

How absolutely sure can you be that facebook have not also gathered information from mn beyond the permissions explicitly given? Are these reassurances purely given by facebook, or have you looked specifically about the data protection side with your own experts?

How does mn benefit from logging in through fb? Did they approach you for this, or did you approach them? Do you hold any data about users from their fb profiles?

I realise this is a long list of detailed questions that may take time to answer them. But I do feel they are important questions. Thank you.

Go to post

MNHQ

KateMumsnet · 20/03/2018 22:27

Hello OhYouBadBadKitten and apols for the delay. As luck would have it most of the community team were gathered at MNHQ today for one of our rare get-togethers, so we've been a bit slow off the mark.

These are all good and useful questions, but ones that I'll need to speak to various office-hours bods to get answers to. Will do that as a priority tomorrow and get back to you asap.

Thanks again

MNHQ

JustineMumsnet · 21/03/2018 00:21

Hi thanks for the questions. I'll go through them systematically and anything I can't immediately answer we'll get back to you on tomorrow. First re GDPR, here's what we're going to be doing: When people register we''ll be explicitly asking users for consent for any personal data they give us eg Age, Pregnancy, Kids.

We'll also be mailing all existing users alerting them to our privacy policy changes with a link to their accounts to update/remove any data they wish.

We're also updating our T&Cs with our technology vendors to help make sure they're compliant (and we only work with those we believe are trustworthy.)

You can see what data we hold and how we use it in our privacy policy which is linked to at the bottom of every page. We're going to be looking at this page to make sure it's crystal clear - please do shout if you think there's anything that requires better explanation.

We follow data protection requirements with regards to any other data we collect such as for surveys which generally involves making sure we only hold the data for the time needed to process the info. With survey data this will usually be a maximum of 3 months and there are specifically appointed Data champions within every Mumsnet team to check these processes are routinely followed

We have never worked with any political marketing company or analytics company including Cambridge Analytica and would never and have never sold personalised data or emails. That said Mumsnet is a open site and clearly (as seen regularly in the Daily Mail) conversations are public and may be harvested by other publications, sometimes with the aim of scoring a political point.

We introduced Facebook login with only one purpose in mind and that was to make the login process easier - there is no benefit to Mumsnet beyond a better experience for our users and we have no direct arrangement with Facebook - it's something you can embed automatically. I'll need to get back to you on what Facebook's terms and conditions if you login via the Facebook link as I'm not sure off the top of my head. We'll also look into how widely it's being used as a login route - I suspect it's quite popular.

Broadly speaking we understand that anonymity is an important part of what Mumsnet offers and we take the responsibility to protect your data seriously. We have always set a high bar for how we handle user data - for example we don’t sell email addresses and always asked for clear permission before passing on an email address (eg when entering a competition). The only reason we collect data is because we'd like to make a better more relevant user experience in terms of the tools, content and ads shown but to be honest we haven't really got there yet (I still get shown a link to an ovulation calendar on the home page and I'm a bit beyond that stage).

GDPR seems to me a sensible way of formalising how publishers/businesses behave with regards to data to me. We already do many of the things suggested as best practise but there are certainly things we'll be tweaking and improving - do let us know if you think there are things we could make clearer.

Many thanks

@OhYouBadBadKitten

Hi MN,

Firstly, with regards to GDPR, how will you be complying with the requirements of new legislation?

How much data do you hold on us? Who do you share it with and how is our information held?

When we fill out daft and not so daft marketing surveys on here, what are the data protection requirements incumbent on both yourselves and the marketing companies?

Have Cambridge Analytica ever been one of the companies that have gathered data through you, either overtly, or covertly under other trading names?

Have any other analytical companies gather political or other information on users, other than for marketing products purposes?

How does mn benefit from logging in through fb? Did they approach you for this, or did you approach them? Do you hold any data about users from their fb profiles?

I realise this is a long list of detailed questions that may take time to answer them. But I do feel they are important questions. Thank you.

MNHQ

JustineMumsnet · 21/03/2018 17:13

@ohfortuna

If you log into Mumsnet with Facebook that means that Mumsnet has access to your Facebook activity and profile and vice versa, both companies can then build a much more sophisticated and detailed profile of you this information can also be sold on to third parties. Don't give you this option to make life easy for you they give you this option because it's very profitable for them

This isn't actually right. We deliberately don’t ask for any profile info from Facebook - all we get is verification that the user is logged in and authenticated with Facebook and the user’s email address.

We could have asked to get access to the user’s profile information, but when we implemented social login we chose to get the bare minimum from Facebook, which is the email address. This was because we didn't want anyone to think their anonymity might be compromised on Mumsnet (with personal data from Facebook). And we don't sell anything on to third parties. No profits from data selling here!

MNHQ

JustineMumsnet · 21/03/2018 17:57

Some more answers OYBBK
Re tech vendors we are requesting a right to audit within our agreements with our technology vendors and if we had any concerns we would request an audit. When choosing 3rd-party vendors we will take into account their business model, willingness to contract on data management details, quality of their people, how established they are in the market, their technology platform and references from other clients.

Our privacy policy will cover those other uses of data you mention. If you have consented to providing poll answers or passing data to a third party organisation in the past, we may no longer be storing the information you provided as we store this information only for as long as needed. The third party organisation will not be covered by our privacy policy so you're right to identify this as a risk but, again, we do choose who we work with with care but we can't guarantee they'll behave as well as we would with your data.

Re internal MN polls re voting intentions like the one you mentioned this was to inform our own policy work with regards to things like policy asks for manifestos and also to track MN voting intention over the course of a campaign. We only ever looked at and used this data in aggregate it was always anonymised. This is true of all our internal polls save for the fact that we may sort into broad groups to analyse trends - eg to show that young mums might have a different response to older mums on MN but again we only used this in anonymised form to inform our policy and media responses. Data protection requires that we only keep this info for the time needed to process it so that's our policy and we delete individual responses regularly and at least every 3 months.

Yes, we do use marketing analytics companies and we keep a list of the providers and analytics tools that we use and we'll publish this list in our forthcoming updated privacy policy. We decide the companies we use - not the advertisers. Who we use is chosen by the Commercial and adops teams based on their knowledge and experience.

Re Facebook we are not required to give Facebook any data in order to use their login service and we don't but you raise a valid point about what Facebook can track if you enter Mumsnet via Facebook and we'll nail this down and add it into our privacy policy too.

Your questions are very useful and apposite ones I think for all users so we'll look to include them in a data/GDPR FAQs page so they can be regularly referred to and kept up to date. Many thanks and do please continue to ask.

@OhYouBadBadKitten

Thank you once again Justine :)

I've read your response carefully and the privacy policy. The privacy policy was written clearly. I've a few further questions to raise. I may raise more later after I've had a ponder and time to digest your response. (I'm late for work, eep)

We're also updating our T&Cs with our technology vendors to help make sure they're compliant (and we only work with those we believe are trustworthy.)

Will you be conducting audits to ensure that technology vendors are compliant? How do you assess whether a company is trustworthy?

We'll also be mailing all existing users alerting them to our privacy policy changes with a link to their accounts to update/remove any data they wish.

Will this include data collected in the annual mumsnet polls? What about data passed on to third party organisations through the use of surveys such as the ‘what kind of laundry person are you’?

We have never worked with any political marketing company or analytics company including Cambridge Analytica and would never and have never sold personalised data or emails.

It is good to hear that you have never worked with any political marketing company. I do seem to recall before the general election questions about which way we will vote. For instance: www.mumsnet.com/Talk/politics/1812250-MNHQ-Group-3
I appreciate that in the forum these were anonymised responses, who was collecting this data?

I do notice that marketing analytics companies are used, as one would expect when targeting adverts.
Does mumsnet keep a list of companies you work with? Who decides which analytics companies are used? You or the advertising companies you work with?

I look forward to hearing more about facebook logins. For instance an alarming number of companies ask for access to photos and timeline posts.

In particular I am looking forward to the answer to: How absolutely sure can you be that facebook have not also gathered information from mn beyond the permissions explicitly given? Are these reassurances purely given by facebook, or have you looked specifically about the data protection side with your own experts? with regards to both facebook and google.

I'd like to see this question also further clarified please:

When we fill out daft and not so daft marketing surveys on here, what are the data protection requirements incumbent on both yourselves and the marketing companies?

MNHQ

JustineMumsnet · 21/03/2018 19:48

@KochabRising

Thank you Justine. Appreciate the answers and again, MN itself isn’t my worry.

My main worry would still be Facebook /google logins. As far as I know, their algorithms are almost all proprietary and secret so I’m not sure how far you will get with grilling them on what they collect. I have a sneaky suspicion that once that login option is there, they can analyse as they want. I could be wrong.

This has all been in my mind quite a bit recently with a few recent incidents (LMs twitter list of transphobes for example just from today.) it does make me pause when I think about what collected crosslinked data can do and who has access to it.

Understood. I'm out at a conference all day tomorrow but we'll certainly get back to you by Friday latest with everything we know about Facebook and Googles' interaction with Mumsnet. Thanks.

MNHQ

JustineMumsnet · 24/03/2018 18:58

Sorry for the delayed response - yesterday was a bit of a car crash (conference was v good txs OYBBK). Here's what I've established talking to our tech and data team. If you login into Mumsnet using Facebook then Facebook can see that you've done that. However, they cannot in our technical view, see what pages Mumsnet users are viewing or tie that to their Facebook profile.

However, we have, it turns out been been running Facebook pixels (cookies) on Mumsnet pages. We did this to understand our users in aggregate (demographics) and to be able to reach them/ others like them on Facebook. We believe that via that pixel Facebook has been able to see both that you are on Mumsnet and what Mumsnet pages you are viewing (whether you use Facebook to log-in to Mumsnet or not). Specifically, they can tell the date and time you visited Mumsnet; and the web address, or URL, you've been on.

Facebook uses this data to show you more relevant ads - for example from brands that would like to reach parents. Facebook calls this ‘interest-based advertising’ You can turn off interest-based advertising in Your Ad Preferences in Facebook from here. Google has a similar choice for your settings <a class="break-all" href="//myaccount.google.com/privacy" rel="nofollow" target="_blank">here.

Given the conversation we've been having and recent events concerning Facebook we've decided to remove those pixels from the Mumsnet site and we did so on Friday.

We absolutely don't pass on Mumsnet user names or any user registration data to Facebook. Whilst we can't rule it out 100% technically, we believe that it would be very difficult for Facebook to infer a Mumsnet user name from pages that Mumsnet users have viewed and to do so they would need to create a bespoke mechanism, which in our view is pretty unlikely.

Again thanks for your questions. We'll be making sure to update our privacy policy/ include the answers in our FAQs that we're producing ahead of the GDPR introduction.

Watch this thread for updates

Tap "Watch" to get all the latest updates

End of posts

There are no more MNHQ posts on this thread

Back to thread

Flip