0

The EU Commission announced this month that social media platform “X” (formerly “Twitter”) breached EU guidelines under the Digital Services Act (DSA). This follows an investigation launched into X’s advertising transparency, availability of data, and risk management.1

RELATED: EU countries hit with over €30m in GDPR fines in Q1 2021

With this in mind, experts at Kiteworks, which unifies, tracks, controls, and secures sensitive content communications with a Private Content Network, investigated the privacy policies of leading social media platforms to understand how they harvest personal data.

Key findings:

  • Meta collects the most personal data, collecting 91% of the 35 data points identified
  • Despite being found to breach EU guidelines, “X” collects fewer personal data points than TikTok and Meta
  • TikTok collects “Body data” which includes hand and head movements, but is the only platform analysed found to not collect your precise location
  • Patrick Spencer, spokesperson at Kiteworks, shares the best practices for employees posting on social media to protect personal data

The Data Collected Across Platforms

As stated in their privacy policies, Meta, X, and TikTok all collect personally identifiable information (PII), including username, password, email, phone number, date of birth, language, location, and address book uploads. As well as payment information, usage data and content data, including posts, messages, photos, videos and audio data.

What Types of Data Does Each Social Media App Collect?

Data category 

Type of data

ADVERTISEMENT

Meta 

X

TikTok 

ADVERTISEMENT

Contact info 

Name

Email address

Phone Number

Physical address

Other user contact info 

Health and fitness 

Health

Fitness

Financial info 

Payment info

Credit info

Other financial info 

Location 

Precise location

✓ 

Coarse location

Sensitive info 

Sensitive info

Contacts 

Contacts

User content 

Emails or messages

Photos or videos

Audio data

Gameplay content

Customer support

Other user content

Browsing history 

Browsing history 

Search history 

Search history 

Identifiers 

User ID

Device ID 

Purchase history 

Purchase history

Usage data 

Product interaction 

Advertising data

Other usage data 

Diagnostics 

Crash data

Performance data

Other diagnostic data

Surroundings

Environment scanning

Body 

Hand movements

Head movement

Other types of data 

Other data types

How is the Data Used? 

While each privacy policy outlines slightly different uses for the information they gather, the most common use case is to personalise and enhance user experience by providing customised content and ads. Additionally, all three emphasise the importance of data collection to ensure safety and security and support research.

Key Differences in Data Collection

Meta collects and integrates data across multiple platforms, including Facebook, Instagram, and WhatsApp, leading to a broader range of data collection compared to X and TikTok.

Although X and TikTok collect extensive data, their focus is more on their individual platforms, resulting in Meta having not only more data but more detailed and comprehensive data from across its platforms and user interactions.

All platforms collect payment information, but the context for collection varies: X collects this data for ads, Meta for marketplace transactions, and TikTok for in-app purchases.

Ultimately, with the extensive amount of personal data being collected by social media platforms, it’s crucial for users to be aware of what data is being collected and how it’s being used.

Data Collection Also Poses Risks for Businesses

Businesses must also be aware of social media platforms. In many instances, social media users are corporate employees who frequently post at work or about work. Posts about company events, partners, or customers, and images containing desks, computer screens, facilities or other proprietary assets put companies at potential risk of exposing sensitive information like customer data and intellectual property.

To help navigate these challenges, Patrick Spencer, spokesperson at Kiteworks, has shared the best practices for employees posting on social media:

“While individual consumer behaviour is important, the harvesting of social media data can also significantly impact businesses. Unauthorized or inadvertent sharing of sensitive business information or personally identifiable information (PII) on platforms known for extensive data harvesting can lead to security breaches, cyber threats, intellectual property theft, and reputational damage. To mitigate these risks, we strongly encourage organisations to follow these recommendations.”

  1. Thoroughly check privacy policies

“The most important thing you can do to protect sensitive data is to adopt a proactive approach to safeguarding digital assets and personal information. It’s pivotal to thoroughly read privacy policies before using any online service, paying attention to key sections such as data collection, usage and sharing. You need to understand what data is collected, how it is used, and who it is shared with.”

  1. Avoid sharing sensitive information

“When posting on social media, do not include photos of workspaces where customer, financial, or other sensitive content may be visible on desks or computer screens. Refrain from posting images or descriptions of proprietary equipment or research without explicit permission from your employer.”

  1.  Use strong security practices

“Organisations should take a ‘zero-trust’ approach to protecting their business, which includes their content. In a zero-trust security approach, no user has unfettered access to all systems. A ‘content-defined zero-trust’ approach takes this model a step further, to the content layer. Organisations can protect their sensitive content when they can see where it sits in the organisation, who has access to it, and what’s being done with it.

Similarly, employees should be cautious with the permissions they grant to apps and third-party integrations. Implement strong, unique passwords for your social media accounts and enable multi-factor authentication where possible. Regularly review and revoke access for any apps that are no longer needed to minimise potential security risks.”

  1.  Stay informed and educated

“Provide employee training on cybersecurity and best practices for social media use. Stay updated on the latest threats and techniques used in social engineering attacks. Regularly audit and review social media activity across the company to ensure that no sensitive information has been inadvertently shared.”

“By taking these steps and educating employees about the privacy policies of the platforms they use, businesses can mitigate risk and maintain better control over their digital footprint. Protecting personal and business data is not just an individual responsibility but a collective effort that requires vigilance and continuous education.”

Credit : https://kiteworks.com/ 

Photo:externer Datenschutzbeauftragter

More in News

You may also like