Now, we see that Slack is very actively going to be exploiting its users’ data. Slack has established a team focused on “mining the chat corpus.”
There’s a lot of data that Slack identifies which it might pass to third parties but the most fundamental is all that information which its own users collect and receive. That is:
- The message content itself. This content can include messages, pictures,
files and video among other types of files.
- When messages or files were sent and by whom, when or if they were seen
by you, and where you received them (in a channel or direct message, for example)
What makes this challenging is the very nature of the service that Slack provides. Even if Slack is scrupulous about anonymising its users when passing data to third parties, that is no protection whatsoever for those other people and organisations identified in “the message content itself”.
Thinking about privacy in a Law Firm
Let’s imagine a law firm advising on a merger or takeover. The name of the law firm is of no consequence at all but the likelihood of Slack chats mentioning the parties is very high indeed. Of course, that is highly price sensitive; disclosure would be profoundly damaging to the parties involved and their advisors. For any one of the many parties to whom Slack might disclose message content, the temptation to exploit the knowledge gained would be almost irresistible and furthemore, relatively low risk.
A year ago, this is what it said:
Is there anyone out there who, like me, thinks this is serious?
And we did ask Slack for their comments on this before we published. They replied that “as a general rule, we don’t comment on blog posts so won’t be commenting on this”.