Browse Definitions :

Getty Images

6 common social media privacy issues

Social media usage continues to grow as people share posts, videos and photos. However, there are data privacy issues and risks with sharing on social media.

Data privacy is important as users leave digital footprints on a daily basis, but using social media may put your personal data at risk without you knowing it.

Privacy concerns are at the forefront as scandals and data breaches are in the news every day. Beginning in late 2022, data privacy concerns prompted U.S. state and federal agencies to ban employees from using TikTok on government-owned devices. Because TikTok is owned by Chinese company ByteDance, some lawmakers feel the Chinese government may use TikTok to learn confidential information about the U.S. government through these devices.

Data transfers between different countries are also a concern. In May 2023, European Union regulators fined Meta $1.3 billion USD. European Data Protection Board stated Meta violated EU privacy laws by storing and sending European Facebook users’ personal data to U.S. servers.

In July 2022, Twitter was hacked, and 200 million user email addresses were posted to the dark web. These leaked email addresses can give bad actors information they need to start malicious attacks.

With the growing use of apps such as Facebook, Instagram, LinkedIn, Snapchat and TikTok, social media is a part of everyday life for many people. Even with privacy laws, sensitive user information may be at risk.

Why is social media privacy important?

Social media privacy includes personal and sensitive information that people can find out from user accounts. Some of this information is shared voluntarily through posts and profile information. Information also may be released unknowingly through tracking cookies, which track the information of a user's online activity, including webpage views, social media sharing and purchase history. All information is then gathered and sorted by user segments, which data brokers sell for marketing purposes. Examples of categories may be fitness enthusiast, pet lover or parent. With these categories, companies can personalize marketing campaigns to users on social media.

However, scammers and fraudsters also collect this information to better gain access to personal information. More than 90,000 people were victims of social media fraud in 2021, resulting in $770 million in losses, according to the Federal Trade Commission.

What types of data do social media platforms collect?

When users create a social media account and use the platform, they leave a digital footprint on the internet. Companies collect personal information, along with interests and locations, from the platform by using tracking cookies, geofencing and cross-site tracking. When users sign up for an account, they agree to the terms and conditions, which enable social media platforms to collect data.

Even if an account is private, advertisers and scammers can get sensitive data, such as the following:

  • status updates, including work, life and relationship events;
  • religious beliefs;
  • profile information, including name, contact information and birthdate;
  • location data, including your hometown, check-in locations, previous cities lived or exact address;
  • personal interests, such as buying history and website interactions;
  • shared content, such as status updates, photos and videos;
  • engagement on social media, including likes, shares or comments on other posts;
  • employment information, including current or past jobs; and
  • personal identifiers, such as age, race and gender.

Social media posts can reveal attitudinal data, which captures feelings and emotions. This data measures how users feel about certain messages and content. Attitudinal data can be used with surveys, interviews, reviews, feedback, preferences and complaints.

Preference data on social media discloses how a user supports various ideas, activities and content, such as politics, food, entertainment genres and religious beliefs.

Graph showing the amount of active users for each social media site
Facebook has the largest number of users. Here is a breakdown of active monthly social media users by platform.

What do companies do with this data?

Social media platforms use data to analyze the market, show targeted ads, tailor services and recommend posts. Dislikes and likes can also help shape a user's social media portrait.

Companies use this information to find out the interests of their customers. They may ask if the ads are relevant on their channels. These short questions can help customize ads to a person's interests.

Social media surveys also ask questions about your interests. These responses are recorded, and companies related to user interests can purchase the data, along with other's in the relevant interest category, such as pet owner, car enthusiast or video gamer. With the information collected from these surveys, companies can tag users to keep them engaged with their social media posts.

When a platform advertises a brand, it gets paid in return. These posts may appear as sponsored content to users with data relating to the advertising brand. Companies pay to appear on the social media feeds with users matching their products. This targeted information is gathered from tracking cookies or information shared. If users provide an email or phone number, companies could also use those to share information with users about their products and services.

Common social media privacy issues

With the large amount of data on user social media accounts, scammers can find enough information to spy on users, steal identities and attempt scams. Data protection issues and loopholes in privacy controls can put user information at risk when using social media. Other social media privacy issues include the following.

1. Data mining for identity theft

Scammers do not need a great deal of information to steal someone's identity. They can start with publicly available information on social media to help target victims. For example, scammers can gather usernames, addresses, email addresses and phone numbers to target users with phishing scams.

Even with an email address or phone number, a scammer can find more information, such as leaked passwords, Social Security numbers and credit card numbers.

2. Privacy setting loopholes

Social media accounts may not be as private as users think. For example, if a user shared something with a friend and they reposted it, the friend's friends can also see the information. The original user's reposted information is now in front of a completely different audience.

Even closed groups may not be completely private because postings can be searchable, including any comments.

3. Location settings

Location app settings may still track user whereabouts. Even if someone turns off their location settings, there are other ways to target a device's location. The use of public Wi-Fi, cellphone towers and websites can also track user locations. Always check that the GPS location services are turned off, and browse through a VPN to avoid being tracked.

User location paired with personal information can provide accurate information to a user profile. Bad actors can also use this data to physically find users or digitally learn more about their habits.

4. Harassment and cyberbullying

Social media can be used for cyberbullying. Bad actors don't need to get into someone's account to send threatening messages or cause emotional distress. For example, children with social media accounts face backlash from classmates with inappropriate comments.

Doxxing -- a form of cyberbullying -- involves bad actors purposely sharing personal information about a person to cause harm, such as a person's address or phone number. They encourage others to harass this person.

5. False information

People can spread disinformation on social media quickly. Trolls also look to provoke other users into heated debates by manipulating emotions.

Most social media platforms have content moderation guidelines, but it may take time for posts to be flagged. Double-check information before sending or believing something on social media.

6. Malware and viruses

Social media platforms can be used to deliver malware, which can slow down a computer, attack users with ads and steal sensitive data. Cybercriminals take over the social media account and distribute malware to both the affected account and all the user's friends and contacts.

How to protect your information

Think twice when opening a new social media account because each platform adds an additional risk. Make sure the platform is safe and reliable before joining. When leaving a platform, make sure to delete the account.

Other ways to keep information safe include the following:

  • Use strong passwords. Don't reuse passwords across multiple programs or websites. For help remembering sign-on credentials, use a password manager to store information securely.
  • Avoid public devices. When using a shared device, be sure to log out when finished.
  • Don't overshare. Avoid providing more details than necessary. Users shouldn't have to share addresses or date of birth on all platforms.
  • Disable geolocation data. Disable sharing location information on apps in the privacy and security settings on the phone.
  • Don't click on suspicious links. Even if the link appears to be from a friend, avoid clicking on links unless it's from a trusted source.
  • Use two-factor authentication. Implementing two-factor authentication, such as a passcode and biometric recognition, adds another layer of security to the app.

Next Steps

20 social media terms to know

TikTok bans explained: Everything you need to know

Top social media statistics to check out

Digital footprint management: Tools, laws and strategies

Dig Deeper on Marketing and customer experience

  • User Datagram Protocol (UDP)

    User Datagram Protocol (UDP) is a communications protocol primarily used to establish low-latency and loss-tolerating connections...

  • Telnet

    Telnet is a network protocol used to virtually access a computer and provide a two-way, collaborative and text-based ...

  • big-endian and little-endian

    The term endianness describes the order in which computer memory stores a sequence of bytes.

  • Mitre ATT&CK framework

    The Mitre ATT&CK (pronounced miter attack) framework is a free, globally accessible knowledge base that describes the latest ...

  • timing attack

    A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about...

  • privileged identity management (PIM)

    Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an ...

  • employee resource group (ERG)

    An employee resource group is a workplace club or more formally realized affinity group organized around a shared interest or ...

  • employee training and development

    Employee training and development is a set of activities and programs designed to enhance the knowledge, skills and abilities of ...

  • employee sentiment analysis

    Employee sentiment analysis is the use of natural language processing and other AI techniques to automatically analyze employee ...

Customer Experience
  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

  • customer insight (consumer insight)

    Customer insight, also known as consumer insight, is the understanding and interpretation of customer data, behaviors and ...

  • buyer persona

    A buyer persona is a composite representation of a specific type of customer in a market segment.