Neil Turner's Blog

Blogging about technology and randomness since 2002

Akismet and Data Protection

In Britain, we have this law called the Data Protection Act, which dictates what companies and organisations can and can’t do with data about its customers, clients or employees. It basically puts a duty on organisations to ensure that a person’s data is kept private and cannot be compromised, that the person is aware if that data is being shared with third parties (and seek their permission if needed) and that the person is aware if data is to be processed in another jurisdiction, where data protection laws are not equivalent to this act. There’s more to it than that – Wikipedia goes into more detail and the full text of the act is here.

So how does this relate to Akismet, the spam-filtering web service that I conveniently mentioned in the title of this post? Well, I use Akismet on this site as a way of stopping spam (though to be honest it’s been largely redundant since I started using Comment Challenge). This site is based in the UK, and therefore falls under UK law, but Akismet is a US service, and right now every comment submitted (bar those from approved TypeKey and OpenID commenters) is being sent through it.

Though I haven’t yet got a privacy policy on this site – it’s something I’ve been working on now and again for some time – this does bring up some privacy implications. Without Akismet, the privacy policy would say something like this:

Upon submission of a comment, the details provided (name, email address, URL and comment), along with your IP address, will be stored in a database. Your comment will also be displayed publicly on this web site.

Any comments you have made can be removed at any time, by contacting the site owner and requesting their modification/removal.

With Akismet brought into the equation, we have to add the following:

The details you submit will also be sent to the Akismet service, for the purpose of identifying possible spam comments. Akismet is based in the United States of America and falls under the laws of the State of California. The details submitted will not be stored, unless the comment is marked as a ‘false positive’ (a legitimate comment which is automatically identified as spam) in which case it may be stored for some time for diagnostic purposes.

For more details, please consult the Akismet Privacy Policy.

Now I’m not a lawyer and my experience with data protection mostly comes from a university module that I took recently, so this is certainly not legal advice. But it’s something that I hadn’t thought about until reading an email from the Six Apart Professionals Network this morning.
Akismet is done by the WordPress guys and I’m sure they’re trustworthy, and it’s also not entirely fair to pick them out as this could be any other web service – it just happened to be the topic of conversation at the time. But while a few bloggers using it isn’t going to cause much of a kerfuffle, a big organisation could land themselves in hot water if they’re not totally upfront about what is happening to their users’ data.

One Comment

  1. I’m having serious problems with Aksiment. It says that it caught 5 comments, but it’s only displaying two. I want to just go and delete those other three but I can’t view them. I’m going to have to disable Akismet, pathetically bad