Social media data collectors

In 2018, millions of Facebook users’ personal information was gathered and sold without consent. An app created by a Cambridge academic was used to collect data such as public profile, page likes, birthday, and location, which was then used to create individualised profiles. Suggestions for political advertisements were attached to each profile, and then the information was sold to political campaigns. The 2016 campaign teams of Ted Cruz and Donald Trump both purchased data. Allegedly, so did the UK’s Leave campaign that brought about Brexit.

Social media companies have developed an increasingly bad reputation for how they handle the personal data of their users. With scandals like Cambridge Analytica being subject to international media coverage and documentaries like Netflix's The Social Dilemma making data accessible, more and more people are concerned about their privacy. Plus, privacy policies are notoriously hard and labour-intensive to read, making it difficult to quickly find out yourself.

The privacy policies of social media companies in the UK were subject to the General Data Protection Regulation (GDPR), which is a European Union regulation that governs data protection and privacy for individuals within the EU, including the UK. After Brexit, the UK implemented its own version of the GDPR, known as the UK GDPR, which is largely similar to the EU GDPR.

The specific privacy policies of social media companies in the UK can vary depending on the company, but they generally adhere to the principles and requirements set out in the GDPR and UK GDPR. Here are some common aspects covered in the privacy policies of social media companies operating in the UK:

• Data collection: Social media companies typically outline the types of personal data they collect from users, such as names, contact information, posts, likes, and other user-generated content
• Legal basis for data processing: Companies usually explain the legal basis on which they process user data. This could include consent, contractual necessity, compliance with legal obligations, or legitimate interests pursued by the company or a third party
• Data usage: The privacy policies generally describe how the collected data is used, which can include personalization of content, advertising, analytics, and improvement of services
• Data sharing: Companies disclose whether and how they share user data with third parties, such as advertisers, partners, or service providers
• User controls: Privacy policies usually detail the privacy settings and controls available to users, allowing them to manage their data and make choices about what information is shared publicly.
• Data transfers: If user data is transferred to countries outside the UK or the European Economic Area (EEA), the privacy policy typically addresses the safeguards in place to protect data during such transfers.
• Data retention: Companies often specify how long user data is retained and the criteria used to determine retention periods.
• Rights of data subjects: The privacy policy usually informs users of their rights under the GDPR/UK GDPR, such as the right to access, rectify, erase, restrict processing, and data portability.
• Data security: Social media companies outline the security measures they have implemented to protect user data from unauthorised access, loss, or disclosure.
• Contact information: The privacy policy should provide contact details for users to reach out to the company with privacy-related concerns or inquiries.

Privacy policies are updated periodically, so it's essential to check the latest version on the social media company's website for the most current information on their privacy practices in the UK.

Meta’s privacy policy

Meta collects various kinds of information about you. Apart from Facebook, it also applies to other brands operated by Meta, including Instagram and WhatsApp. Some examples include:

• Personal information used to create an account
• Information in content you upload like location or photo information
• Information in content other people upload about you
• How you use the site, what you engage with, and who you talk to
• Transactions through Facebook, such as in games or through Marketplace
• Device information like IP address, operating system, and network data
• Information from third-parties who use Facebook features such as the like button or Facebook pixel

Do they share your data with third-parties for advertising purposes?

Yes. While Facebook makes it clear that they “don't sell any of your information to anyone and [...] never will”, they do share information with partners in various ways. Facebook doesn’t share data that personally identifies you without permission, but it does share demographic info with advertisers to let them know how their ads are performing.

Facebook lists some of the kinds of people they share your information with, including:

• Advertisers
• Data measurement companies
• Vendors and service providers
• Researchers and academics
• Law enforcement

Twitter’s privacy policy

Twitter, or as of last week now called ‘X’..., collects various kinds of information about you. Not all data is shared with third parties. Some examples include:

• Personal info used to create an account
• Payment information if paid services are used
• Location information from tags, check-ins, and IP
• Device information like IP address, operating system, and network data

Does Twitter share your data with third-parties for advertising purposes?

Yes. Twitter shares user information with third-parties, but usually only shares non-personal, aggregated information to let advertisers know how their ads are performing. This kind of information includes demographics, engagement such as clicks or votes on polls, inferred interests, or location. However, Twitter’s ad policy prohibits companies from “targeting ads based on categories that [they] consider sensitive or are prohibited by law, such as race, religion, politics, sex life, or health.”

But a lot of this could change as Elon Musk alters ‘X’ beyond what we knew as Twitter.

Twitter shares info with third-parties from a number of areas:

• Advertisers
• “Service providers” such as Google Analytics or payment companies
• Law enforcement

Linkedin’s privacy policy

Linkedin collects a number of different types of data, such as:

• Name, email, mobile number, and sometimes payment info
• Email header information if email accounts are synched
• Personal profile information such as education or work
• Synced contacts or calendar events
• Information collected through third-parties who use Linkedin’s services

Does LinkedIn share your data with third-parties for advertising purposes?

Yes. Linkedin serves tailored ads on their site and elsewhere on the web, and shares some data with third parties in connection with those services. The company shares certain information with advertising providers, such as how an ad is performing, device identifiers, and profile data. While Linkedin states that “do not share your personal data with any third-party” (excluding the kinds listed above), they do note that if you view an ad through their platform, advertisers can “determine it is you” through cookie identifiers and other technologies. In these cases, Linkedin “contractually requires such advertising partners to obtain your explicit, opt-in consent before doing so.”

Linkedin shares this kind of personal information with areas such as:

• Advertisers
• “Affiliated entities”, including all other Microsoft platforms
• Law enforcement agencies

Youtube’s privacy policy

Owned by Google, Youtube’s data collection practices fall under its parent company. Google collects a variety of personal information, including:

• Name, email, and sometimes phone number and payment information
• Search history
• Purchases
• Interaction with ads and content
• Location through device information

Does YouTube share your data with third-parties for advertising purposes?

Yes. Google (and Youtube) uses personal information to customise advertising services. Personalised ads are based on interests, and some information is shared with advertisers. Google doesn’t show personalised ads based on sensitive categories “such as race, religion, sexual orientation, or health”, and doesn’t share personally identifying information such as name or email. However, as with Linkedin, if you engage with an advertisement the advertiser can use cookies to personally identify you later.

Google shares personal data with a number of categories, such as:

• Google “affiliates”, meaning their entire suite of companies
• “Over 2 million non-Google websites” who run ads through Google
• Law enforcement

TikTok’s privacy policy

TikTok collects a really significant amount of personal data. Take a look at a more detailed piece and how to delete your data from TikTok here. The data they collect includes:

• Age, names and passwords of account holders
• Phone number and email
• Captured content, such as photos and videos
• Data that links users to the photos they took, tagged or liked
• Metadata on how people use the TikTok mobile app
• Device information and location data
• Facial recognition data
• Data on which devices are linked to which accounts
• Geolocational data
• Bank details
• Credit and debit card information
• Synced phone and social network contacts
• Information from third-parties like other social media platforms

Does TikTok share your data with third-parties for advertising purposes?

Yes, TikTok shares some data with third parties. The platform only shares aggregated user information with third-party ad companies, meaning you can’t be personally identified by advertisers.

Partners that TikTok shares data with include:

• Business partners like other social networks (Facebook, Twitter etc.)
• Payment providers
• Service providers and analytics companies
• Advertisers
• Tiktok’s “Corporate Group” (under its parent company ByteDance)
• Law enforcement

Get control of your data

Privacy policies are often unnecessarily confusing and time-consuming to read. Companies should provide a clear, transparent and easily scannable document that tells their users exactly what happens to their personal data.

With so much of your personal data out there, being gobbled up by social media companies, it’s worth considering removing your data from them by getting it deleted. All of the companies mentioned above have had some data breach issue or other and that means your data being grabbed by hackers. The hackers sell it on the dark web and it makes you more vulnerable to scams and online fraud, even identity theft.

The best way to get your data deleted from any company is to use our Rightly Protect service. It’s quick, simple and free and will tell you just who has your data and give you the chance to instruct them to completely erase it.