The Council’s Facebook Page – some questions for them

For some time now we have wondered how Folkestone & Hythe District Council complies with data protection law when operating its Facebook page. It’s not a challenge unique to them – anyone running a corporate page is likely to be faced with similar challenges.

With this in mind, the Shepway Vox Team have raised an enquiry/complaint with the ICO, and will, of course, update this blog when we receive a response.

We wish to raise an issue regarding Folkestone & Hythe District Council compliance with, Articles 5(1)(a)(b)(c) and (f) of the GDPR.

We note that they operate a Facebook organisation page:

on which they invite and respond to residents comments.

Following the findings of the Court of Justice of the European Union (CJEU) in Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH (Case C‑210/16), you are a joint controller with Facebook for the purposes of the processing of – at least – the personal data of those who comment on the Council’s Facebook Page (the “Facebook data”). Many residents do this.

We also note that in the Council’s “Privacy Notice“, they do not state, in respect of their processing of the Facebook data, that they are a controller. No doubt the Council would disavow controller status, which would be an abrogation of their obligations under Article 13 of GDPR.

Following the findings of the CJEU in Wirtschaftsakademie it can be said that the creation of an organisation page on Facebook involves the definition of parameters by the administrator which has an influence on the processing of personal data for the purpose of, at least, permitting visitor comments or visitor interactions, such as clicking “like” buttons. Consequently, the administrator of a Facebook organisation page such as the Council’s Facebook Page contributes to the processing of the personal data of visitors to its page.

The Shepway Vox Team assert the Council process, as a controller, residents personal data who have commented on the Council’s Facebook Page. We also believe that, as a controller, they are involved in the transfer of the Facebook data, which must be taken to include residents personal data, to a third country, namely, the United States (Facebook itself says that information controlled by Facebook Ireland (which it sees as the primary controller for the processing of personal data on UK Facebook pages) will be transferred or transmitted to, or stored and processed in, the United States). Facebook appears to effect such transfers by means of standard data protection clauses approved by the European Commission (https://www.facebook.com/help/566994660333381).

So the following questions need to be answered by the Council’s data protection officer; and the Cabinet Member responsible for Information technology, information access and security, RIPA and Customer service Cllr Ray Field.

Please would you inform the residents of the Folkestone & Hythe District whether:

1) You agree that you are controller (jointly or severally) with Facebook for the processing of residents personal data when they comment on your Facebook page?

2) You take the view more generally that you are a controller (jointly or severally) with Facebook for the processing of residents personal data when they visit your Facebook page (for instance for the processing involved in the placing of cookies and similar technologies)?

3) As a controller (assuming you accept that you are one) you are transferring residents personal data out of the EEA?

4) if the answer to 3) is “yes”, how you are complying with conditions laid down in Chapter 5 of GDPR?

This is a serious matter.  We appreciate the Council has a general task to promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing via it’s Privacy Notice. It would be helpful, if the Council could say whether they take the view that they cannot adequately perform this task without using Facebook to do so.

The Shepway Vox Team

Being Voxatious is NOT a Crime

About shepwayvox (1237 Articles)
Our sole motive is to inform the residents of Shepway - and beyond -as to that which is done in their name. email: shepwayvox@riseup.net

4 Comments on The Council’s Facebook Page – some questions for them

  1. It would be very helpful if my dustbin could be emptied, this is the second time in as many weeks. My bin has a brown lid as given to me when I moved in so not a garden bin . Please empty today.

    • You are fortunate to have a bin, brown lid or not. I did not need to leave any bin out several years ago when the recycling bins were rolled out, consequently I did not get a recycling bin.

      I have contacted the Council several times but am informed that I would need to pay £70+ to get a bin to replace the one they never issued. I was informed that they had records but then informed that they did not.

      I am tempted to tip my recycling at their car park entrance to concentrate their minds but no doubt they will have a by-law to punish this.

      I do not condone fly-tipping but when it is non-commercial, I do understand.

      Anyway, Merry Covid Christmas!

  2. I would like to know to things as a resident of Reachfields (Hythe) as to when the council are going to send a road sweeper ie. Man /woman to clean the estate up as there are bottles and cans all along the walk ways on the estate. It has been like this for well over 6 weeks. Also lighting is not up to spec – several street lamps out and one still not replaced for several years, on the main walk way to WinPine House. Finally signage which was promised to be replaced about 3 years ago, hasn’t been, but I forgot Reachfields is not in Folkestone.

Leave a Reply