Consumer privacy: How your personal social media data is used

Consumer protection

Credit card numbers, bank information, personal details like phone numbers and shopping habits—every time you log on to your computer, your browsing history may be tracked and recorded by businesses, with or without your knowledge. What kind of information they collect, how they collect it, who they share it with, and what they’re doing to protect customer privacy remains a serious question for internet users. 


Around 57% of the global population has internet access. While it comes with a number of advantages, statistics show roughly 53% of online users are becoming more concerned about their data privacy and how their personal data is being used than they were a year ago.  


How do social media companies use your data? Let’s break down the consumer protections governing the collection and use of online data and look at what you can do to protect your privacy and your personal information when using social media. 


What is personal data?

There are different kinds of information stored online. These can include sensitive data— like health records, social security numbers, and banking information—or other personally identifiable information (PII), such as your birthdate.

Your personal data can include: 

  • Profile information (gender, age, birthdate, address, interests, background, etc.) 
  • Social media posts
  • Photos and videos
  • Browsing history 
  • Online purchases

Everything you do online—on social media networks or on other sites with tracking cookies or pixels—can be tracked and recorded. Certain retailers even track the way you tap and swipe on your phone. 

What happens to your data? 

Once social media companies collect data, it can be used in a few different ways. They may use personal data to analyze their user base, personalize advertisements, and inform their marketing strategy. Researchers can also use personal data to learn more about how people are using the internet or to train artificial intelligence programs. 


There are also entire industries that thrive off the collection, analysis, and selling of personal data. Data brokers are firms that compile publicly available user information or purchase it from other sources. Then they sell this information to corporations, marketers, or other individuals. 


This data can be extremely valuable to these corporations or individuals. In fact, companies spent an estimated $19 billion in 2018 on acquiring and analyzing consumer data. 


Privacy laws: Limitations on data sharing 

In the EU, the General Data Protection Regulation (GDPR) puts clear limitations on how companies can gather and use personal data. It imposes strict fines on companies who don’t get the consent of its users or don’t inform them how their data will be used. It also allows users to fix incorrect data, be removed completely from a business’ data records, or object to their data being used in a particular way. 

The United States has yet to pass any federal law limiting the use of personal data gathered online. However, companies’ use of consumer data is governed by the Federal Trade Commission (FTC), which can take action against those who: 

  • Fail to implement data security measures 
  • Fail to follow a privacy policy 
  • Make inaccurate statements to users about privacy policies
  • Transfer personal information in a manner not outlined in the privacy policy 


Other laws, like the Children’s Online Privacy Protection Act, Health Insurance Portability and Accounting Act, and the Fair Credit Reporting Act regulate the collection and transmission of specific types of data about minors, healthcare, and credit information. 


There are stricter limitations on online data collection in two U.S. states: California and New York. Most American-based websites—including major social media providers Twitter, Facebook, Instagram, and YouTube—default to meeting the standards set forth by these two states.


California Consumer and Privacy Act (CCPA) 

The California Consumer Privacy Act (CCPA) is considered the most comprehensive state policy in the U.S. The CCPA imposes restrictions on companies or individuals that collect personal information about or from a California resident. These companies must inform users how and when data is collected and give them access to the data. The users must also be allowed to correct or delete this information. Privacy policies must be clearly outlined and disclosed on a company’s website.


New York SHIELD Act

The Stop Hacks and Improve Electronic Data Security (SHIELD) Act takes the existing data breach notification law in New York and expands it to include more limitations on data use. The SHIELD Act broadens the definition of what constitutes “personal data” or a “data breach.” 


It also requires that companies adopt policies to protect the security and confidentiality of private data. Companies must implement specific measures, including hiring a cybersecurity expert, training employees on data breach protocol, considering risk assessment, and deleting information in a timely manner. 


How can you protect your data privacy? 

Until more regulations or limitations are placed on companies compiling and using personal data, it’s important to be aware of the information you provide and how it may be used by companies. You can also make conscious choices to protect your own privacy. 


Always read the privacy policy when joining a social network and set account controls to restrict how widely your data can be gathered and shared. You can also use other tools, like a password manager, VPN, or data encryption to keep your information private while using social media sites and ensure confidentiality in the case of a data breach. 


Concerns about data privacy aren’t going away any time soon. As platforms and state governments begin to address these issues, taking the protection of your personal data into your own hands can help safeguard your privacy online.