Slack picked a weird time to make it easier for bosses to download your private chats
Slack just updated its privacy policy and tools, and one of the changes may give some users pause. Under the new rules, Slack customers who pay for certain premium services will be able to download all the data from their workspace–both public and private–apparently without informing members of the community. Which is to say: Information from both private messages and room chats are fair game if the owner of the Slack wants it.
Prior to this, Slack offered what was called a “compliance export”–a similar service for exporting workspace data–which was also only available to certain top-paying customers. Workspaces would have to enable this function beforehand, and when it was turned on, workspace members would be notified. Now, Slack says it is sunsetting compliance export and replacing it with a new tool to help workspaces more easily gain access to every communication.
“Workspace Owners can request access to a self-service export tool to download all data from their workspace,” writes the new policy. “This includes content from public and private channels and direct messages.”
For those who aren’t shelling out the money for Slack to allow its admins to surveil members, they, too, can ask to use this tool. But they they must provide the company with:
In short, if you want to secretly and easily spy on your workspace, you have to pay Slack for the option.
This should be a reminder to everyone to be wary about what they talk about in Slack. As I wrote about last year, though the tool is sleek and easy to use, that does not make it a good substitute for communication channels that are actually secure, like Signal or encrypted email.
With Facebook in the spotlight for mishandling private user data, this sure seems like a weird time to be introducing an option that makes surveillance that much easier.
Update: Slack has provided Fast Company with this statement:
Slack announced several changes to our product offerings and policies to comply with the General Data Protection Regulation (GDPR). We are announcing these changes so customers can prepare themselves for GDPR’s implementation, which impacts any company offering goods or services to EU-based customers. For the latest information about changes to our tools and Privacy Policy please see our Help Center and Privacy Policy.
(29)