Ethics and social media monitoring: so much at stake, but the existing standards are linked to specific business functions. Can we fix that? Converseon suggested some questions for clients to use in avoiding service providers with problematic practices. Let's go a step farther and think about appropriate ethical standards for companies that do the actual monitoring and analysis work, regardless of which functional silo they support.
I have a few suggestions:
- Obey applicable laws.
Stay legal—always nice to include that in the code. This will be trickier than it sounds, because (a) the law that applies to online monitoring is "complicated, multi-faceted and unclear," and (b) the Internet is global. Whose laws apply in which situations should be good for generating legal fees somewhere.
- Match clients' regulatory obligations.
In addition to government regulations that apply to them directly, service providers should comply with requirements that apply to their clients. Service providers shouldn't be in the business of doing work that clients are prevented from doing themselves. Yes, this requires learning about clients' regulatory environments.
Clients should extend their own compliance standards to service providers working for them—if you can't do it, don't hire an outside company to do it for you.
- Honor sites' terms of service.
Whether terms of service are enforceable is a legal question that will eventually be settled, but the strong ethical position is to monitor sites on their terms. If you need to hide your identity or play cat-and-mouse games with site admins, you're in the wrong.
- Be transparent in your monitoring.
Don't conceal your identity, through either technical or non-technical means. Your IP address should map to your company. When using an individual profile to monitor or interact on a site, disclose the individual's affiliation with either the service provider or client.
- Respect privacy norms in closed settings.
Blog monitoring was ok because blogs are publicly available. If an individual login is required and community norms are that information is to be kept within a community, don't use it. These sites create an expectation of personal privacy that should be respected.
- Don't overburden servers with automated requests.
Sites exist to serve their users, or to reach an audience, or to conduct business. Manage your data collection activities to minimize negative impacts on servers.
- Where multiple codes of ethics may apply, observe the more restrictive code.
Existing codes from other fields may impose extra requirements that still apply. For example, entering a community to observe it is ethnography, which has its own ethical standards.
- Be honest with clients.
Don't make promises that your technology can't keep or present insights that aren't supported by the data. If the client wants something you can't do, admit it. If they want something you won't do (or shouldn't), educate them. As Converseon's list suggests, your ethics protect them, too.
- Don't freak out the natives.
It's not good for your business, anyway. The more people think of what you do as creepy, the more likely you are to face regulatory pressure or other challenges. Besides, it's not nice.
Do we need an industry standard?
Incidents like the one in yesterday's WSJ, and the attitudes exhibited in some of the quotes in the article, increase the likelihood of government intervention and externally imposed rules. Who'd rather create a clear and relevant ethical standard for the listening business before that happens?
I've already heard that this topic is too sensitive for an open discussion online. If you want to pursue this, let me know, and we can decide on the right venue.