Regulatory Crackdown and Consumer Concerns Highlight the Importance of Understanding Data Collection Practices on Social Media Platforms

Kiteworks, the leader in sensitive content communications privacy and compliance through its Private Content Network, today announced sizable fines imposed for data breaches in recent years indicate that regulators are increasingly determined to crack down on organizations that fail to adequately protect consumer data. Meta, for example, was fined a record $1.3 billion in 2023 for violating European Union data protection regulations.1

This regulatory pressure is also influencing consumer behavior, with nearly two in five Americans (38%) using social media less frequently due to concerns about data privacy.2 With this in mind, experts at Kiteworks, which unifies, tracks, controls, and secures sensitive content communications with a Private Content Network, investigated leading social media platforms to understand how they harvest personal data.

What Types of Data Does Each Social Media App Collect?

Data category Type of data Meta X TikTok
Contact info Name
Email address
Phone number
Physical address
Other user contact info
Health and fitness Health
Fitness
Financial info Payment info
Credit info
Other financial info
Location Precise location
Coarse location
Sensitive info Sensitive info
Contacts Contacts
User content Emails or messages
Photos or videos
Audio data
Gameplay content
Customer support
Other user content
Browsing history Browsing history
Search history Search history
Identifiers User ID
Device ID
Purchase history Purchase history
Usage data Product interaction
Advertising data
Other usage data
Diagnostics Crash data
Performance data
Other diagnostic data
Surroundings Environment scanning
Body Hand movements
Head movement
Other types of data Other data types

The Data Collected Across Platforms

As stated in their privacy policies, Meta, X, and TikTok all collect personally identifiable information (PII), including username, password, email, phone number, date of birth, language, location, and address book uploads.

All three social platforms also collect payment information and usage data, which details how users interact and engage with the platforms. Meta, X, and TikTok also collect content data, including posts, messages, photos, videos, and audio data.

How Is the Data Used?

While each privacy policy outlines slightly different uses for the information they gather, the most common use case is to personalize and enhance user experience by providing customized content and ads. Additionally, all three emphasize the importance of data collection to ensure safety and security and support research.

Meta, for example, claims to use personal data to support the research and improvement of their products, including “personalizing features, content and recommendations.” Similarly, TikTok states that collected information can be used for “research, statistical, and survey purposes.”

As of February 9, 2024, X revoked free access to its API, which previously allowed public posts on the platform to be used freely for research purposes. This change underscores the platform’s shift toward stricter control over user data. X has, however, stated that their API can be used to “programmatically retrieve and analyze X data,” ensuring that public information remains accessible for research.

Sharing Information

Meta, X, and TikTok indicate that public posts and content are viewable by anyone, depending on users’ profile privacy settings. For users with public accounts, their information is shared with partners and third parties for services, authentication, and advertising, as well as with legal entities for compliance with laws and user protection.

Key Differences in Data Collection

Meta collects and integrates data across multiple platforms, including Facebook, Instagram, and WhatsApp, leading to a broader range of data collection compared to X and TikTok.

Although X and TikTok collect extensive data, their focus is more on their individual platforms, resulting in Meta having not only more data but more detailed and comprehensive data from across its platforms and user interactions.

All platforms collect payment information, but the context for collection varies: X collects this data for ads, Meta for marketplace transactions, and TikTok for in-app purchases.

Ultimately, with the extensive amount of personal data being collected by social media platforms, it’s crucial for users to be aware of what data is being collected and how it’s being used.

Data Collection Also Poses Risks for Businesses

Businesses must also be acutely aware of social media platforms. In many instances, social media users are corporate employees who frequently post at work or about work. Posts about company events, partners, or customers, and images containing desks, computer screens, facilities, or other proprietary assets put companies at potential risk of exposing sensitive information like customer data and intellectual property.

To help navigate these challenges, Patrick Spencer, spokesperson at Kiteworks, has shared the best practices for employees posting on social media:

“While individual consumer behavior is important, the harvesting of social media data can also significantly impact businesses. Unauthorized or inadvertent sharing of sensitive business information on platforms known for extensive data harvesting can lead to security breaches, intellectual property theft, and reputational damage. Additionally, the exposure or unauthorized access of personally identifiable information (PII) through these platforms can expose both employees and their employers to various cyber threats. To mitigate these risks, we strongly encourage organizations to follow these recommendations:”

1. Thoroughly check privacy policies

“The most important thing you can do to protect sensitive data is to adopt a proactive approach to safeguarding digital assets and personal information. It’s pivotal to thoroughly read privacy policies before using any online service, paying attention to key sections such as data collection, usage, and sharing. You need to understand what data is collected, how it is used, and who it is shared with.”

2. Avoid sharing sensitive information

“When posting on social media, do not include photos of workspaces where customer, financial, or other sensitive content may be visible on desks or computer screens. Refrain from posting images or descriptions of proprietary equipment or research without explicit permission from your employer.”

3. Use strong security practices

“Organizations should take a ‘zero-trust’ approach to protecting their business, which includes their content. In a zero-trust security approach, no user has unfettered access to all systems. A ‘content-defined zero-trust’ approach takes this model a step further, to the content layer. Organizations can protect their sensitive content when they can see where it sits in the organization, who has access to it, and what’s being done with it. Similarly, employees should be cautious with the permissions they grant to apps and third-party integrations. Implement strong, unique passwords for your social media accounts and enable multi-factor authentication where possible. Regularly review and revoke access for any apps that are no longer needed to minimize potential security risks.”

4. Stay informed and educated

“Provide employee training on cybersecurity and best practices for social media use. Stay updated on the latest threats and techniques used in social engineering attacks. Regularly audit and review social media activity across the company to ensure that no sensitive information has been inadvertently shared.”

“By taking these steps and educating employees about the privacy policies of the platforms they use, businesses can mitigate risk and maintain better control over their digital footprint. Protecting personal and business data is not just an individual responsibility but a collective effort that requires vigilance and continuous education.”

Methodology

  1. Kiteworks analyzed the social media policies of Meta (Facebook, Instagram, WhatsApp), X (formerly Twitter), and TikTok to identify key differences in data collection and usage.
  2. The App Store provides a breakdown of the data types an app may collect and some of the ways the developer or its third-party partners may use it, which can be viewed here.
  3. For the full list of policies, visit the respective social media sites to gain a deeper understanding.
  4. All data is correct as of 06/20/24.

Citations

  1. The New York Times, “Meta Fined $1.3 Billion for Violating E.U. Data Privacy Rules”
  2. Enzuzo, “79 Eye Opening Data Privacy Statistics for 2024”

About Kiteworks

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications. Headquartered in Silicon Valley, Kiteworks protects over 100 million end users for over 35,000 global enterprises and government agencies.

Press Inquiries

Courtney Cole

Email: courtney@journalistic.org

About Accellion

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Comienza ahora.

Es fácil empezar a asegurar el cumplimiento normativo y gestionar los riesgos de manera efectiva con Kiteworks. Únete a las miles de organizaciones que confían en su plataforma de comunicación de contenidos hoy mismo. Selecciona una opción a continuación.

Explore Kiteworks