When I started using social media platforms in middle school, I was taught that I should never assume that anything I post is private. It’s a good rule of thumb – you shouldn’t be sharing anything online that you wouldn’t want people to see publicly.

But even more so, I think we shouldn’t upload anything to social media platforms that we don’t want them to know about us. I constantly think about how much our iPhones know about us, and how algorithms have taken note of patterns of our activities for us, that we don’t even know ourselves. So it got me thinking: how much data do social media platforms collect about us?

This week, I looked into Meta’s Privacy Policy for both Facebook and Instagram.

Meta Data Collection

According to a video on Meta’s Privacy Policy page, they collect data based on:

• Your activity: When you like, comment, or share a post, you give Meta this information. Anything that you do on a Meta platform is shared with the company.
• Activity on Business Websites: When you go on a business’ website, this information is shared for the purpose of advertising.
• Anything you willingly provide: This include info you give when signing up for an account, camera/camera roll access, messaging, location, contacts, and time on the platforms themselves.
• Your Device: For operations reasons, Meta collects info your device type and other specifications.

Meta uses all of this data to make the app experience unique to each user. For example, your activity can be used to determine what ads should be shown on your feed.

Although this already seems like a lot of information to give to one company, Meta does provide users with some ability to control this data collection. Specifically, users can change the types of ads they see through Ad Preferences. Users can also change their privacy settings, and choose not to share certain non-essential information. Meta users also have the ability to download their informations.

Concerns and Controversies

When it comes to privacy, Meta is notorious for their failures in the past.

The most widely-known controversy when it came to Facebook and privacy was the Cambridge Analytica scandal. During the 2016 election, Facebook user data for 50 million users was shared with Cambridge Analytica without user consent. According to the Bipartisan Policy Center, this information was shared via an API Facebook provided. Cambridge Analytica was a consulting firm that received the data as a third party. This data was then used to share politically motivated content to voters, potentially swaying the vote. The Cambridge Analytica scandal had many repercussions for not just data privacy, but also political messaging.

A 2018 article by Alyssa Newcomb for NBC News outlines many of Facebook’s privacy scandals. It stretches back to as early as 2006 with user concerns about the News Feed. In 2007, Facebook came under fire for telling users about their friend’s purchases without consent. Other controversies include non-consensual experiments (2014), a settlement with the FTC (2011), and accusations of data theft (2018).

GDPR

The General Data Protection Regulation is a European Union legislation that outlines the rights users have when it comes to data collection. Under this legislation, companies must asks users to collect data, safely secure data, and allow users the option to have this data deleted.

According to an article by Brent Barnhart for Sprout Social, this places some limitations on advertising. It becomes harder to target users if you don’t know their geographic location, for example, because users can choose not to provide location info.

According to the NBC News article, Facebook shared that they would abide by the GDPR when it was passed. However, as of 2024, it was reported by The New York Times that Meta was fined €1.2 billion for breaching the GDPR law. Specifically, Facebook was accused of failing to safely secure data during transfers to the US.

CCPA

Meta does abide by the California Consumer Privacy Act, and provides a California Privacy Notice. An article by Eric Westerhold for the Georgetown University Law Review shares that Facebook could potentially be using a CCPA loophole with Meta Pixel. However, as of the time of writing, there have been no major controversies or scandals around Meta and the CCPA.

Recommendations

On paper, it seems as if Meta is doing everything right. The company clearly outlines the types of data they collect, and how it’s used. Meta even gives users some control over their data.

However, in practice, Meta seems to have consistent issues when it comes to the security of user data. To improve their privacy practices, Meta should invest in technology and/or create better procedures to make sure user data remains private.

Meta already has a delicate balance when it comes to privacy and marketing working together. Although users can edit their ad settings through Ad Preferences, it would probably be best for the company to make this more front and center for users to access. Personally, I nver knew that Ad Preferences was even a thing I had access to. Aside from this, Facebook could also provide the option for users to select more types of ads they want to see, rather than just relying on collected information.

References

Barnhart, B. (2020, June 15). GDPR and social media: What marketers need to know. Sprout Social. https://sproutsocial.com/insights/gdpr-and-social-media/

Facebook. (2020). http://Www.facebook.com. https://www.facebook.com/legal/study/ccpa

Harbath, K., & Fernekes, C. (2023, March 16). History of the Cambridge Analytica Controversy. Bipartisan Policy Center. https://bipartisanpolicy.org/blog/cambridge-analytica-controversy/

Meta. (2022, July 26). Meta Privacy Policy – How Meta collects and uses user data. http://Www.facebook.com; Meta. https://www.facebook.com/privacy/policy/

Newcomb, A. (2018, March 24). A timeline of Facebook’s privacy issues — and its responses. NBC News. https://www.nbcnews.com/tech/social-media/timeline-facebook-s-privacy-issues-its-responses-n859651

Satariano, A. (2023, May 22). Meta Fined $1.3 Billion for Violating E.U. Data Privacy Rules. The New York Times. https://www.nytimes.com/2023/05/22/business/meta-facebook-eu-privacy-fine.html

Westerhold, E. (2020, March). Facebook’s Attempt to Dodge Compliance with CCPA: We Don’t Sell Your Data. Georgetown Law Technology Review. https://georgetownlawtechreview.org/facebooks-attempt-to-dodge-compliance-with-ccpa-we-dont-sell-your-data/GLTR-03-2020/