Some preliminary advice: It is absolutely necessary to keep in mind that the fact that much of the data contained in a social network is easily apprehensible does not legitimize its processing. This is a crucial aspect when it comes to the processing of data obtained from social networks: ICT researchers and innovators must carefully ensure that they have a legal basis that allows them access and storage of these data. Once they have already accessed them, they will have to make sure that the same and/orother bases of legitimacy allow them further processing of those data. In general, this means that they must have a profound knowledge of the Developer Policies imposed by the social networks (see the subsectioon “Lawfulness, fairness and transparency” in the section “Main Principles” of the General part of these Guidelines).

Furthermore, transparency implies that intended research subjects should be informed at some point about the research being performed, what sort of personal data controllers are collecting and how it will be used. Some services make it clear that this must be done before one starts harvesting. In the absence of a specific policy and where researchers/innovators are conducting observational research which the need to obtain consent up front could damage, they should let the individuals concerned know as soon as possible. The ICT researchers/innovators should always remove from their harvesting individuals who do not consent to being included.