The has been around for a few years but its popularity has surged in the past year. Its premise is to humanise social media by disrupting the illusions and "filtered reality" created by other social media platforms. Instead, it prompts users to share their current activities at a random point during the day.

A user will receive a single notification from the app at a random time during the day and will have a two-minute window within which to take a picture (using both the front and rear cameras) and share it with their friends or publicly. The user has no control over when to share the picture; they act only when they receive the prompt.

Mainstream social media platforms have gained a reputation for being addictive and adversely affecting users' mental wellbeing by constantly showcasing seemingly flawless and enviable life experiences. The complete randomness of the BeReal app undercuts the notoriety of mainstream social media.

However, the app, for all its good intentions has some serious drawbacks, that might be easily overlooked.

Because the prompt is random, it is entirely possible for a user to receive the prompt while they are at work or busy reading sensitive material. This has a few consequences for the user and their employer, as briefly explored below.

The BeReal terms of use explain that any content posted by a user is public and can be consulted by anyone (if the user chooses to share their content publicly rather than just their closed list of friends). Although BeReal requires all users to ensure that they are not intentionally, recklessly or negligently:

  • uploading;
  • transmitting;
  • distributing;
  • storing; or
  • otherwise making available any content that may infringe upon the intellectual property rights or privacy of others.

This does not mean that a user may do this anyway – and the consequences for their company can be serious and expensive.

These consequences are palpable particularly in circumstances where the picture captured by the user contains visible documents, for example those on their desk or their laptop screen.

Such documents may contain personal information protected by privacy laws which creates a material compliance risk for the company as the disclosure of personal information through a BeReal picture will likely constitute an unauthorised disclosure which is reportable as a data breach under many jurisdictions' privacy laws. This will necessarily have both legal and reputational ramifications for the user's employer including fines by regulatory authorities, civil suits by compromised data subjects, and loss of the company's goodwill.

A picture could also disclose other types of sensitive information that although might not be personal information, may still be confidential or proprietary to the user's employer, or third parties like clients, suppliers or business partners. If such information is disclosed through a BeReal picture, there is a material commercial risk to the company if its confidential or proprietary information is leaked. If the information relates to a third party, then the company may not only lose relationships with such third parties but may also be sued for violating its non-disclosure agreements.

Once the compromised information has been posted, mitigating the above risks is made difficult by the app's restrictions on deleting content. Under the BeReal terms, a user is only allowed to remove one piece of their content each day. If the user wishes to remove other content on the same day, they will need to submit a formal request to BeReal. Accordingly, if a user publishes content containing sensitive information and the company asks them to take it down, the user will have to follow BeReal's deletion processes which might take some time and could expose the company to even greater risk as the comprised information continues to sit on a public platform.

The BeReal app is a welcome innovation steering online society in a healthier direction. However, companies must ensure that their policies, employment contracts and training material provide sufficient detail to sensitise employees to the information security risks inherent in their use of social media technologies. Companies should further implement appropriate disciplinary measures to ensure that employees safeguard the company's information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.