Social Media Privacy: Legalities of Personal Data Collection

Social media platforms are connecting friends, family, and colleagues in new ways. With over 3.6 billion people using social media in 2020, these platforms are all-encompassing. Each of these billions of users produces data in some form — pictures, videos, text, interactions, purchases — all collectively showing their social media usage over the years.

This data contains personal information specific to each user. Without proper protection, social media companies may mishandle, lose, or leak the data to cybercriminals. Social media companies already widely – and legally – mine customer data for profit-boosting details or sell their information to third parties. To increase protection, governments often develop and enforce stricter regulations.

However, not all countries keep up with consumers’ wants and needs. For example, 19% of nations have no data privacy or protection regulations. Companies in China must obtain consent to interact with their users’ data. However, government officials often block access to sites or monitor how residents use them, raising surveillance concerns. Data privacy rules are further complicated as they vary across platforms.

Social Media Privacy Rules

Registration for any social media site initially requires you to accept their terms and conditions. These conditions detail how the platform will use your data, including your interactions and preferences. Even if your account is “private”, the platform still has access to your information.

No matter how you use social media, you should understand two applicable topics: copyright and how your relationship with a company dictates the way its representatives can collect data. Both of them will likely come up regularly as you learn more about social media privacy — or the lack thereof.

First, copyright is critical for creators and observers. A copyrighted work receives protection once the creator distributes it in a fixed format. For example, posting an original image on social media is enough to protect it under copyright law. Therefore, users can’t post any picture they find online without permission. Attributing the work is not synonymous with asking the creator for approval.

Most images used legally on the internet fall into several categories:

  • Pictures the poster owns and can use how they wish.
  • Rights-managed images, which allow people to purchase photos and use them per a specific license. This includes many items offered through the Creative Commons organization.
  • Royalty-free images, which enable people to use the pictures in unlimited, multiple and nonexclusive ways.
  • Public domain/Creative Commons Zero (CC0) images, which have no restrictions because creators waive their rights under copyright law.

Any original content posted on social media is royalty-free, but social media platforms generally offer users protection against infringement.

Instagram, for instance, provides instructions on how to report any infringement on your copyrighted content. This protection means anything you originally create belongs to you, letting you pursue action against any violation of Instagram’s policy. Facebook, the owner of Instagram, has almost identical rules. Twitter notes that its fair use policy may have some exceptions.

It is essential to protect your own data and avoid infringing on others’ original works. However, the second set of rules focuses on your relationship with the platform itself. Historically, data collection has been controversial around the world. Take Facebook, for instance. The big tech company had to clarify its data collection policies after countless scandals emerged. Thus, these instances sparked broader societal discussions about big tech’s growing power and its potential detriment to user privacy.

Personal Data Collection Controversies

Data protection regulation and compliance vary by country. Some territories have federal guidelines in place, like the European Union’s General Data Protection Regulation (GDPR).

The United States has no unifying federal law for cybersecurity compliance. However, the Federal Trade Commission (FTC) posts its own guidance, alongside each state’s own compliance rules.

Each set of regulations aims to ensure that tech companies protect consumer data and provide users with the correct rights. Unfortunately, despite these laws, data collection controversies continue to arise. Companies find loopholes and use the data in questionable ways. Facebook is notorious for attracting bad press, whether related to misinformation, social justice, or individual rights.

Another example is WhatsApp. After Facebook acquired WhatsApp, the messaging platform updated its conditions to indicate that the platforms would automatically link datasets. Facebook could then use this data for marketing purposes. The EU quickly fined Facebook for violating the law and misleading users.

Facebook again found itself at the center of a data-centric legal case at the end of 2020. This time, the big tech company pursued an action against two smaller companies that it accused of data scraping, or taking data from another source for their own use. While Facebook was not the accused, this case again raises the question of big tech’s power and responsibility.

TikTok has also received public and government backlash. After the platform grew exponentially, U.S. officials became wary of its data collection practices due to its Chinese ownership. They were mainly concerned about what TikTok might do with the data it gathered, raising possible national security threats to the United States. However, in September 2020, a deal split TikTok’s ownership between China and the U.S.

Moving forward, countries must re-examine how social media companies use data. Though individuals can take legal action against offending corporations in court, these companies often overpower them, meaning the government must step in. For example, Canada’s Privacy Commissioner can investigate how public and private-sector organizations handle data. They also try to resolve disputes through mediation, negotiation and reconciliation.

Changing Priorities

In the United States, the lack of an overarching federal cybersecurity compliance law has left a legal gap. The California Consumer Privacy Act (CCPA) is a good U.S.-based example that the government should follow. It gives a person the right to access all the information a company has about them or ask that it delete their details. Consumers can also request that companies do not sell their data to third parties or find out which categories of businesses have content about them.

Elsewhere, the GDPR has not effectively maintained these platforms as honest with users about data collection and usage as legislators may have hoped. A 2020 study of central government data protection officers in the United Kingdom found that many of them lacked the adequate resources to deal with the growing number of data protection requests.

Once the GDPR came into effect, internet users were bombarded with cookie preferences windows that let them specify what data companies collected about their internet visit. Many clicked “I accept” without reading the specifics because they were impatient to view the websites in question.

Amidst all the controversies, priorities are changing. People want more security and privacy when using social media services provided by bigger companies. As the U.S. government continues to debate regulations around big tech brands, data collection will continue.

However, data collection can benefits consumers. Social media companies can curate enjoyable, personalized experiences for each user. Issues occur when companies mishandle data or overstep their boundaries. As seen with Facebook, this happens all too frequently.

Since many of the biggest social media companies are U.S.-based, calls for stricter regulation often fall on the United States, in the hopes that consumers will feel more comfortable sharing their data online.

Written by Shannon Flynn, IPilogue Contributor and law technology writer discussing topics such as AI, media, and commercial law.