free business card scanner follow up email app privacy compliant gdpr ccpa violation fines

Business Card Scanner & Privacy (GDPR, CCPA)

As the European Union’s new regulation has already been in effect for over a year, the warnings to companies to comply with the General Data Protection Regulation (GDPR) have now passed. It is expected that data privacy violation fines will begin to take hold in the market. Meanwhile, The California Consumer Protection Act CCPA is set to go into effect 1/1/2020 and there are active discussions of making this set of regulations a Federal standard across the United States.

Now, while business cards form a social contract for contacting the person who handed the business cards. There are still some tiny little details one needs to pay attention to and avoid a potentially devasting 4% of Annual Rev / $20M fine.

Follow Up Emails or Spam

The main spirit of GDPR is consent. The person you just collected data from must have given consent to the use of his/her data. When someone hands you their business card, they are giving you consent to contact them. It is an explicit, direct, transparent, opt-in, specific purpose for you to personally contact them.

But what about adding the newfound email address to a mailing list via submission to fish-bowl? Did the person expect to be contacted with an automated email marketing drip campaign, sent from a ‘no-reply’ corporate email account? Probably not. Or did the person’s details on the business card expect them to be leaked to other 3rd parties to be targeted by ads or other promotions? Unlikely.

Privacy 1st Business Card Scanner

This is exactly where Folocard shines. Folocard does not:

  • Send emails, it prepares drafts in your email app.
  • Require an active server/internet connection in order to scan business cards or draft emails.
  • Collect the business card image or details. The information is local to the app user’s device.
  • Gather the email template data (template name, email subject or email body). This information is also local to the users’ device.
  • See personal business intelligence on who / where / what you are meeting / working on.
  • Share its aggregate insights.

Privacy by Design

Folocard does allow users to backup their follow-up history, including location and time of the scan, the template used and the business card scanned extracted text results. This data is backed up to a secure cloud server that is not shared with anyone and uses enterprise-grade cloud service security measures. We use the same provider as Snapchat ($SNAP Inc.). The backup feature is off by default, requires the premium subscription and we stand by our commitment to not process this data beyond its intended use. In the case of a technical audit, this will become clear. In fact, if a user were to lose their data locally and ask us to dig up something he had backed up we would not be able to comply.

This should serve as a warning to all business card scanner apps and users. Some paid and free business card scanner apps collect the details of the contacts uploaded to the apps in order to resell this data to 3rd parties. The notice for this is hidden in the Privacy Policies and Terms of Service (TOS) of the apps. The potential for leakage is apparent and in clear violation of GDPR articles.

Buyer Beware

Without naming names, there are several business card apps that utilize 3rd party server-side-based machine vision/text recognition solutions. This means the business cards you are scanning are sent to a different company to process the OCR and send the result back to the app. Furthermore, this means that you are sharing the contact information with another entity. This possibly means that the card scanner app you are using is also privy to sensitive data. However, they may still claim not to look at the Personal Identifiable Information (PII) they handle.

scanner apps are collecting massive business card databases…selling such datasets to 3rd parties

– Folocard

It has come to our attention that some free business card scanner apps are collecting massive business card databases both for creating future products/offerings within their apps or worse by selling such datasets to 3rd parties.

In some cases, the business cards you scan into your app, are used to build personal profiles for the apps, OTHER USERS. Some apps describe this as a social networking layer, sometimes this layer costs money to access. Sometimes it is not directly available via the app but through another service.

Therefore, buyer beware. Check that your business card scanner app is compliant with new data protection laws.

1 thought on “Business Card Scanner & Privacy (GDPR, CCPA)”

Leave a Comment

Your email address will not be published. Required fields are marked *