/scripts/ahub.form.attachments.js
18

Company Name in Profile Undisclosed Without Consent

Oct 12, 2016 at 07:46 AM

1.7k

avatar image

Hi there, in "old SCN" I was able to mark my company's name as hidden for public. This was the default and most people left it like this. Now my company's name is shown without asking me for permission or without actively informing me about this. Or did I miss some reading?

There is no option to hide it again.

In my eyes doing this without consent is a data privacy breach.

What do you think?

Regards, Lutz

10 |10000 characters needed characters left characters exceeded
1

You have provided a link not linking somewhere else, but right to the question (=[THIS] question) in which you commented?

(I'm confused!)

3

The hyperlink (to .../questions/30093/...) is to this discussion thread (.../questions/30093/...).

0

Why was SCN released without privacy already in place ?

1
* Please Login or Register to Answer, Follow or Comment.

6 Answers

Best Answer
Gabriella Gogl-Gyorgy
Oct 18, 2016 at 08:26 AM
6

Hi All,

I'd like to let you know that company and location information got hidden by default on your public profiles.

You are still able to see the information in your own edit views and soon will be able to make it visible if you wish to do so.

Best,

Gabi

UPDATE: The visibility setting for revealing/hiding the company and location information is available on People now.

Show 2 Share
10 |10000 characters needed characters left characters exceeded

@all: I just accepted this answer to get it at the top. :)

Regards,

Steffi.

0

Great, thank you :)

0
Gabriella Gogl-Gyorgy
Oct 12, 2016 at 07:58 AM
3

Hey Lutz,

We are currently implementing the feature to hide company and location information. Should be available soon.

Stay tuned :)

Best,

Gabi

Show 6 Share
10 |10000 characters needed characters left characters exceeded

Hope so. This could well be a legal issue in many countries

6

Just hiding company and location information is not good enough.

The profile picture, all personal info including short bio, should not be visible to any anonymous user.

As for authenticated users - only people, who you have chosen to follow should be able to see a limited version of the profile details, and the visibility of these details should be configurable by the profile owner.

1

Hey Veselina,

The base concept of the People profile is that it is public and you add information what you would like to share with the public. When designing the profile, it was intended to go in the direction of a business network, and so for S and SAP users the company information is automatically populated. We can hopefully roll out the ability to hide that soon.

I'm planning to do some refactoring of the profile next year and will take your request about additional visibility settings back to my team.

Till then, you can always decide to remove information from your profile. If you need any help, don't hesitate to reach out to me.

Thanks and regards,

Gabi

1

I am very surprised that concerns, such as the ones expressed in the thread, were never raised during these design meetings. Weren't there any legal advisers involved?

Thank you for providing the information on what are the plans for developing the functionality - I was not aware that the design phase has already finished.

I have removed the information from my profile, however, I am very disappointed with the changes to privacy settings and even more disappointed to read the official SAP views on that.

What I asked for was not a nice to have feature.

3

I am also very surprised with SAP team reaction: it's not a big issue! You can remove this information from your profile yourself... etc...

I don't think that the reaction will be the same if salary information of SAP employees will be disclosed :)

0

Legal and data protection specialist advisors are part of the process.

I'm really sorry that your experience about this was negative.

As we are working in an agile fashion, the design phase never ends and we are continuously improving the product week by week. And if we reach a limit of a certain functionality, like now, we'll find a way to rework and improve it.

This might sound marketingish, but I do appreciate the feedback that we are getting from you and the other members of the Community to work with us on these products and point into the right direction.

Thanks,
Gabi

1
Kaushik Debnath Oct 14, 2016 at 07:25 AM
1

Data privacy is a very utmost requirement, which also we have reported via idea Place also, but it seems that these kind of action taking is taking too long time, when these privacy matter should be one of the utmost matters to consider.

http://sap.userecho.com/topics/357-privacy-policy-if-i-google-my-name-i-come-here-where-more-information-is-disclosed-can-you-please/#comment-447

Thanks,

Kaushik

Share
10 |10000 characters needed characters left characters exceeded
Jeremy Good
Oct 13, 2016 at 09:53 PM
-12

From my own perspective I don't see any reason how this violates any privacy aspects, etc. Admittedly, I'm not well versed in legal mumbo jumbo, or know much about the laws in various countries, but considering the level of private details that are shared in general with social media (sometimes with reckless behavior...), I think it is actually better to see more details in our people profile, but give people the option to categorize what is public, what is visible by Followed members, etc.

Although the community is very business oriented we are all humans who work for ourselves or someone else, and should have a real avatar and not a gray silhouette (sorry Mike, Matthew), or kaleidoscope image (sorry Steffi). Is their any shame in knowing who we work for - I have an SAP icon next to my name, so you don't have to search for me on LinkedIn to know that, but I actually enjoying knowing more about the people who we interact with in the community. I actually was proud to share alternative photos in my old SCN profile with my wife and kids, and if memory serves me a whole lot of other details I left in a public view option.

Without the avatar I would have not had the fortunate opportunity to so easily recognize and strike up a conversation with many fellow community members who I admire at TechEd Vegas only a few weeks ago. e.g. Jocelyn, Tammy, Oliver, Simon, Audrey, etc.

#justsaying #my2cents

Show 16 Share
10 |10000 characters needed characters left characters exceeded

Hi Jeremy

I think it's quite obvious that revealing which employees of which company are involved with certain topics, that is might well reveal important business information (e.g. development of a new product using a certain technology).

Besides this, I think it's actually a breach of trust when a community silently stops keeping information secret that it protected before for a long time. The fact that this might not be a problem for most, doesn't change the fact that the promise of keeping this information confident has been broken.

There's no doubt about the benefits of a recognisable avatar. But this has to be on a voluntary basis, not by the means of a mere implementation oversight (if this situation was actively designed that way, not communicating this change would be neglectful).

Lars

12

In Facebook I have the option to hide my private details from public view, I can also choose what different people in my friends list can see. I never post pictures of myself there and I discourage my family members to disclose too much about themselves in Facebook (especially the kids). I don't use my real name in social media, I have a picture of a cat as an avatar and I have to approve all photos, where people try to tag me.

If you had a family member, who is an investigative journalist, if you have received life threats, if your kids had go to school with security guards, you would take privacy very seriously.

I went today through one of my mailboxes and found an old mail from Microsoft informing me about changes to their privacy. I haven't seen anything of that sort from SAP.

And if SAP does not consider private data protection as extremely important, how can they be trusted to build and sell corporate software?

6

In the old SCN the company information was hidden by default. Somebody in the new SCN project team decided to make it visible for all members. I want to know the name of this person.

2

"I want to know the name of this person."

Finger pointing or having a human scapegoat with a name does not change the fact. They are working on implementing a solution, that should be enough IMO. No need to look for somebody to blame or if you want to put blame somewhere, put it on SAP as a company.

Regards,

Steffi.

0

Sorry Steffi, it should be a 1 hour solution to remove all attributes from profile display that had privacy options before. After that would be a lot of time to re implement privacy settings, migrate defaults from old profiles or set restrictive defaults for all and release this attribute again. So a little outrage and pressure looks absolutely adequate in my eyes.

5

I was one of the people who voiced her opinion rather loudly during BETA testing, that I don't like my choice taken away from me, what to show in my profile. So I'm absolutly for a really, really quick implementation of privaty settings.

My comment to Vadim was about "I want to know the name of this person.", not the situation as a whole.

Regards,

Steffi.

1

100% agree! The stupid mistake was done but not immediately corrected! I can't understand this approach.

0

Well this simply violates SAP's own data privacy statement. There is nothing you can read about SAP disclosing "Personal Data" deliberately to public without prior consent.

As far as I know German law this platform would need to be shut down immediately until this is fixed. But I am no lawyer and did not find out the name of SAP's Data Privacy Officer. But I am working on this.

3

Wow, 5 down votes already - even with my legal mumbo jumbo disclaimer, apparently this really strikes a nerve with many people ;) Lutz, as the original poster of this thread, a simple Google search for your name reveals your current employer and career history on LinkedIn, including a stint at SAP, and although I didn't mention this in my original reply it was part of my rationalization, and begs the question - what really is classified as 'Personal Data'? We send emails with signatures, trade business cards, so as a community member not having any clue as to why the people profile works the way it currently does, I guess company didn't personally get me too upset. I often research people in the SAP address book, LinkedIn, and other social media channels, but not as a stalker, just curious about the person I am interacting with and to gain additional perspective. Veselina, your member of the month video provided me with a small window into who you are and I am also a cat person, but our interactions during the beta were more than enough for me to respect and appreciate you even if you were not a cat person.

I don't disagree that people should have the choice to protect or hide attributes and not be forced to reveal things they otherwise wouldn't want to disclose, but I guess there are some significant cultural differences here and personal preferences on what should be guarded or protected. Unlike many of my fellow Americans, and especially the younger generation like my kids who basically are surgically attached to their phones, I am somewhat guarded myself when it comes to oversharing on social media, but I interact here on the community with purpose and passion for SAP technologies like Fiori, HCP, etc. The choice of animal, cartoon, symbol, real photo, or what avatar a person chooses to upload is made independently by every community member, and Lars like your twitter photo shows I also tend to use the same picture (Twitter for me needed sunglasses), but I have been to Melbourne twice and enjoyed my visits thoroughly.

I have previously referred to SCN / SAP Community as more of a family, and will continue to do so, because like family you rarely get to choose who shows up at a reunion, and getting to know someone is very hard when they are anonymous. When this concern is resolved by IT, I will gladly switch on the personal details that I assume someone out there might like to know about me.

P.S. - I had to copy/paste this after refreshing the page because the Submit button disabled itself - apparently I took too long to type this...yet another known bug that I would like to see resolved...
1

Jeremy, this is all about information, consent and choice.

And this is less about me. But I know colleagues who are invisble in the internet and now have another argument not even to register to the community.

I personally don't want to see my company's name here because I want to make clear that I am not acting in the name of my company on this platform. Otherwise I would need consent from my company. So I personally might get a legal issue with my company because of this change by SAP.

Regards, Lutz

2

If next time the user's e-mails will be shown - is it also ok?

For the significant part of the users the company information is not critical but I remember some cases when knowing the company of the person asking some particular question can result in contract cancellation etc... The mistake was done and not solved urgently by SAP team. Only comments that the issue will be solved in the future. It's not the right way to react on the case like this.

B.R. Vadim

4

Lutz - my apologies, when I read your first post it used the word 'my' several times, so I had to assume it was very close to home and not on behalf of others, but thank you for clarifying.

Vadim - to show my support, I have just up-voted this question. I am not making excuses on behalf of my employer here, I am also a frustrated post go-live launch community member, and just offering a little perspective. I will also alert some internal colleagues about this concern.

0

What is private data?

Private data is any information related to a physical person, which can be used to identify him/her directly by identification number of indirectly by one or more specific indications. (this is a rough translation of the term definition in our data protection law).

The combination of your real names, a picture of you and where you work makes you easily identifiable, isn't it?

I am also not a lawyer, I could be wrong, but if I am right, then SAP acts as a private data administrator.

It does not matter what information you chose willingly to share all over the web - a private data administrator is not allowed to disclose any private data provided to him without your explicit permission.

What I actually wanted to say, apart from trying to explain the terminology, is that private data protection is a serious matter. If you weigh out the possible complications, it does not make any sense to try to save project budget by ignoring it.

@Jeremy: I know, all this mess is not your fault, you did your fair share of providing constructive feedback in Beta,and I understand that this is your personal view on the subject, not an official SAP statement (despite the SAP logo on your profile).

But this case is not about cultural differences, it is about complying with legal regulations.

1

Thanks Veselina! According to a Google search for your name, I see your current avatar and pictures of Caroleigh and Simone in the first 7 entries, so your identity should be safe for now ;)

0

Search better Jeremy :p

1

Sorry, I used the traditional Google search, not the SAP search, the onedx search, or a Custom Google search ;)

0
Mario Prkacin Oct 14, 2016 at 02:05 PM
0

It's not just company name problem.

How about email?

I don't use email stored in my profile and it's not possible to change it.

If anyone tries to contact me on that email, there will be no response.

Who ever emails me on that email acc will be under impression that I don't answer to their emails.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Mario,

E-mail addresses are not visible on your People profile. What profile are you referring to?

Thanks,

Gabi

0
Volker Barth Oct 19, 2016 at 07:00 PM
0

Just a late add-on:

I had noticed that "feature" a few days ago and asked about it on the particular SQL Anywhere forum (my predominent community), and a SAP employee helped me to find the solution, which apparently happened to be the fact that this bug had been fixed in the meantime. (I'm sure now based on this thread and Gabi's announcement.)

As others here, I want to voice my opinion that "privacy" is not a feature to add-on after going public. It's simply a wrong order of priorities.

This initial bug has really destroyed much of my confidence in this new space.

Share
10 |10000 characters needed characters left characters exceeded
Skip to Content