If you’re using Slack in the office, you might want to be careful about what you say in direct messages. An update to the company’s privacy policy may allow company bosses to self-export data shared through the app without your consent – including your private grumblings and gossip.
Slack has previous allowed customers on its Plus plan to export a log of all Slack data via something called ‘compliance exports’. While these have given administrators a searchable collection of all direct messages on their company’s system, the feature has also come with the ability for workers to check if it is enabled. (If you want to check for yourself, head over to https://[insert your team name here].slack.com/account/team, and scroll to the bottom of the page).
As of 20 April 2018, as part of an update to help Slack comply with incoming GDPR rules, the company is getting rid of compliance exports. That may sound like a good thing for worker privacy, but Slack says those workplaces with the data export enabled “will still have access to all workspace data through the new export tool”. Plus plans on Slack will instead have access to a self-service tool for exporting data from their workplace, including content from all public and private channels, as well as direct messages between workers.
This updated system means that administrators need to request access to the self-service tool, which looks to involve approval from Slack’s end, although it isn’t at all clear what conditions the company is judging this on.
If you’re on a Free or Standard plan, your private messages can still be accessed. According to Slack’s help centre, the self-service export tool is available to administrators on these plans “under limited circumstances”, which include “(a) valid legal process, (b) consent of members, or (c) a requirement or right under applicable laws”. Nice of them to ask for consent from members, although this does imply that bosses on the Plus plan don’t need permission from their workers.
We reached out to Slack for the reasons behind these changes and the company got back to us with the following comment:
“Slack announced several changes to our product offerings and policies to comply with the General Data Protection Regulation (GDPR). We are announcing these changes so customers can prepare themselves for GDPR’s implementation, which impacts any company offering goods or services to EU-based customers.”
A spokesperson for Slack also said that users will be able to see whether exports are included as a part of their plan on the Workspace Settings Center. It’s up to the Workspace Owner to inform their users about their practices and specific practices.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
