Social Media And Privacy
by Lucy Greenaway
Looking at the development of web 1.0 to web 2.0 to the current web 3.0, we see how far the development of online communication has come.
When reflecting on how quickly social media has developed over the last 15 years, we have an indication of where social media will be in years to come.
With these strides that social media has taken recently, the threat of data breaches has also increased. Everyone who uses the internet leaves behind a data trail and social media users must take reasonable steps to protect themselves from information leakage and data spill.
What information is stored with social media accounts?
Every time that a social media account is created, whether that be Facebook, Instagram, Twitter, Snapchat etc., personal information such as your name, email addresses, phone numbers, birth date, geographical location, personal interests, job profession and more are collected and stored by these companies.
Data that is generated on a daily basis is also harvested, for example, likes, comments, posts and clicks.
These social media giants leverage this kind of data from its users in order to better target ads to them.
A big issue in recent years is how some of these companies will also sell this data onto third party companies and rarely obtain that users knowledge or consent for such data to be sold. This is known as data mining.
Data Mining
When we think about our privacy being invaded online and our data being used without our consent, we normally think of criminals hacking our accounts and poorly created passwords contributing to this identity theft.
However it is the data we willingly handover to these social media companies that is the most common form of privacy invasion regarding our social media accounts.
It is a troubling thought to consider that the social media site you're using is obtaining and storing your data for their own benefit without needing your knowledge or consent.
In fact, in 2014 Facebook was involved in one of the largest data leaks of its users in history when company Cambridge Analytica tried to sell the psychological profiles of American voters and harvested the data of tens of millions of Facebook users, as reported on by the New York Times.
Data Mining essentially means the collection, processing, and analysis of raw data obtained from social media platforms in order to highlight beneficial patterns and trends which conclusions can be drawn from and result in actionable information.
Mining data isn't inherently immoral, a lot of the data used to draw information from is already made publicly available by users. User-generated data is essentially free game as to who uses it due to the contract social media site users agree to when setting up their social media accounts.
Being able to obtain data from social media users is important for companies to be able to effectively curate targeted ad campaigns, sales enablement, predictive analytics, market research and tracking brand representation.
From a digital marketing perspective, being able to harvest data is important for effective marketing strategies. For example, social heat mapping is a invaluable tool for marketing companies to represent data displaying users behaviours on certain websites.
Another benefit of obtaining data that impacts users as well as companies is Social spam detection. This basically allows for easier detection of spammers and bots on social media platforms such as Twitter.
The bottom line here is that data mining isn't strictly immoral, yet there does need to be stricter laws and guidelines surrounding data mining in order to better protect users.
Phishing
Phishing essentially means when hackers trick an individual into doing something that allows the hacker to obtain data or even the users entire social media account.
Phishing can be done multiple ways through the internet. Email, text and phone call phishing is extremely common and perhaps the most well-known forms of phishing, however this explanation of phishing will be focused on social media phishing.
Simply clicking a link in a tweet, on a post or video link, or even conversing with someone (hacker) in your direct messages can result in a phishing attack.
A phishing attack can even come from a close contact or someone you know personally if their account as been compromised by a phishing hacker.
Phishing hackers target human emotions, like fear, in order to convince their victims to essentially hand over their data.
For example a common phishing scam through social media is a hacker posing as a representative for the social media site you are using and telling you that your account has been breached, and they will send you a link to click on that has the appearance of a link sending you to a page to change your password.
This obviously sends people into a panic and they often click the link to change their password without taking the time to consider if the link is genuine of even if the social media platform they are using would reach out to users like this.
There are certain ways you can keep your social media accounts safe from phishing hackers.
These are:
- Do not click on links that you don't recognise. These could be in tweets, posts, direct messages etc. Suspicious links are extremely common.
- Take time to respond. Nothing is so urgent that you don't have the time to consider whether or not what you're seeing is suspicious or not.
-Stop and consider whether or not a genuine person or company would contact you in this way to communicate that specific kind of information.
-If you are ever concerned, contact the company or person directly with this query and get it confirmed to be true or not.
- Check to see if the account is verified (on platforms such as Instagram and Twitter), this typically means the contact is genuine.
-Check the specific account to see if it seems genuine or not. Here you want to look at the number of followers, how long the account has been active, what sort of content they post, and if they have accounts on any other social media sites.
-Regularly review any sensitive data associated with your account and regularly change your password.
-In case of a breach, change your password and ensure when creating a new social media account that you have a two factor authentication set up to prevent your social media accounts being easily falling into the wrong hands.
-Should you fall victim to a phishing scam, report this to the social media site that you are using.
Your Business and Social Media
Social media is now a crucial tool for businesses to easily discover what consumers want and how they feel. However you must be careful when navigating customer data, as there are rules that must be followed and this is where GDPR (General Data Protection Regulation) comes in.
Social media is often used as a direct means of communication between consumer and company, so this why it is essential that company's handle consumer data accurately and appropriately.
So as a company, what actually needs to be considered under GDPR? Essentially any personal data needs to be handled as sensitively as possible and any non-compliance with GDPR can result in some seriously hefty fines.
It is common now for social media platforms to require advertiser to obtain consent from the user before uploading their personal data to enhance marketing tools such as Facebook's custom audience tool.
Retargeting Ads, Linking socials, Reporting and Storing.
Retargeting ads is a tool that enables you to target adverts to people who have already visited your websites using cookies in their browser. This is where you have to have consent from the user in order to use these types of cookies, and implied consent doesn't exist under the regulations of GDPR. For more information on Facebook ads in a business capacity, see our blog post.
Whilst it is still possible to link your other online accounts or social channels via email and website to entice consumers to visit these platforms, you will need to clearly state in the data privacy notice detailing how the users social media contact will be will be collected and stored.
Many KPI's and company insight do in fact come from social media reporting. Tracking your performance through social media and reporting this data falls outside of the scope of 'personal data'.
For example, using tools like Google Analytics doesn't fall under harvesting users personal data. For a more in depth ad regarding Google Ads, check out our blog post on Google Ads vs Facebook Ads.
However, if a social media report users screenshots or other such information like comments or posts, this can fall inside the scope of personal data and GDPR. Anything personal should be anonymised in the report.
A users personal data cannot be used in a post or be used to send directed marketing unless that user has explicitly agreed to this.
How prepared is your business for GDPR regulations in social media?
You need to ensure your business has a defensible position of compliance when it comes to GDPR regulations through social media.
You must have awareness of the business process changes and the technical changes that must be made to be GDPR compliant.
Are all staff members properly trained in the relevant data security measures within the scope of their job role at the company?
Some basic things that every company should have in place are a confidential customer relationship management system (CRM) to be able to store consumer personal data.
It is essential that this system is both secure and encrypted.
It is also highly important that anti-virus software is installed on every device that data can be accessed. Anywhere that data can be accessed must also be password protected.
Lastly, you need to ensure that the network is completely secure in order to limit the effects of any potential cyber attacks. For example, using 2-step verification (2sv) to protect any accounts or sensitive data adds another layer of protection.
Social media websites and their privacy concerns
Facebook have been a social media giant since it's launch in 2004. Despite only having been around for 18 years, it has a very long history of upsetting it's users by being a privacy nightmare when it comes to protecting personal data.
In 2011 Facebook settled with the Federal Trade Commission due to the charges charges brought against Facebook itself stating that it didn't keep its privacy agreement to users due to allowing private information to be made public without any consent or warning.
During this time the Federal Trade Commission and regulation authorities stated that Facebook users were subject to all of their personal data being accessed by third-party app. This also included Facebook users who had never even authenticated third-party data gathering.
Despite a statement that they wouldn't, Facebook were also found guilty of sharing user information with advertisers.
Even after the growing concern over Facebook's security and data protection for its users, in 2014 Facebook was exposed for having performed a mood-manipulation experiment by hijacking more than half a million users news feeds.
Selected at random, these users were then showed either more positive or negative posts with the study being published in the 'Proceedings of the National Academy of Sciences, which resulted in serious backlash and distrust from it's users based on the unethical manner of the study.
Finally one of the biggest betrayals Facebook has committed against its users is when news broke in 2018 that Facebook were aware of a massive data theft and yet chose to do nothing about it, this resulted in the
Current privacy concerns (2022) for Facebook is regarding their new privacy policy. As the data hungry dominating social media site it is, Facebook is under an immense amount of pressure to perform better regarding the level of data security it provides it's users.
Facebook has essentially claimed that nothing has changed to their privacy policy. The chief privacy officer of Facebook, Michel Protti stated that the updates “don’t allow Meta to collect, use or share your data in new ways.”
Other concerns for Facebook specifically is how they will navigate Apple's new IOS 14 update. Apple have essentially drastically limited what app developers are allowed to track when it comes to user data and user activity.
When a user is on these social media sites or social media apps, Apple gives them a IDFA (Identifier for Advertisers). This IDFA is a randomly assigned ID number that allows for user's behaviour to be tracked through browsers.
Instagram is being referred to as the 'most invasive platform'. With an average of one billion users per month, it is no surprise that there are some serious concerns with privacy and data risks when using the site.
It has been found that Instagram does in fact collect around 80% of users data and will then share that on with third party companies. This data includes but is not limited to location, contacts, financial information and search history.
As Meta is the parent company of Facebook and Instagram, many of the privacy concerns are the same for both social media platforms.
LinkedIn is a social media platform that contains a lot of data about individuals and businesses. This makes the platform a target-rich environment for potential data breaches and fraud.
Due to the nature of the platform, data breaches or hacked accounts can lead to reputational damage via identity theft.
LinkedIn is owned by Microsoft, so data can be shared over many platforms without the user necessarily realising it.
LinkedIn did experience a very large data breach in 2012, and this resulted in a strict crackdown on data security and went on to enhance their privacy protection. During this data breach, over 6 million users had their passwords compromised.
Overall LinkedIn is a relatively safe and reliable social media platform when it comes to security and privacy.
Navigating The Minefield.
Ultimately, the topic of social media and privacy with specific reference to businesses is a large and complex subject. Data protection is something that must be treated very seriously whether you are a company or a user.
For expert guidance and account management, check out our services page. We offer a free review if you already have a Google Ads account!
