Data Privacy in Social Media
Social media has allowed people to connect with one another on a larger scale. Users are able to use social media as a means of communication to learn about other users and develop relationships. In order to do this, users need to input information about themselves into their profiles. As platforms grow, the data from user profiles is also growing.
This continuous input of mass of information from users has allowed social media platform databases to accumulate enough user information that third-party companies want this information. These companies understand that if they are able to get user data, they can analyze the data to create targeted ads or products for those people and increase their revenue. Social media companies, which are for-profit entities, are not against selling their user data to these companies since it is highly profitable.
The users of these social media platforms have recently begun to understand that the information they input is not as secure as they assumed it to be. Many users are beginning to realize that social media companies are not committed to user privacy and that their objective is to monetize user data. Users want to have their information protected from these third-party companies, but they know that it is out of their control. Some users know that the only option is to stop using social media platforms, but many deem the connections and relationships being made too important and they can not leave. Therefore, users can only turn to government regulation to protect their privacy and restore their control over their data. Governments can pass laws and establish regulations that would force social media companies to protect user privacy and limit the monetization of user data.
National governments understand the urgency for data privacy laws since big data is continuously growing and it is their job to protect their citizen’s rights and information. Data privacy laws are difficult to establish because they must be very specific on what actions are permitted and what is forbidden. Also, proper rules for enforcement must be included in the regulations. In order to understand what laws need to be enacted lawmakers must turn to the human data interaction principles. The principles of human data interaction (HDI), developed by the research community of data science, establish the rights of users in regard to their personal data. HDI defines the rights of users in terms of legibility, agency, and negotiability. Legibility dictates that users should know exactly what data is being collected and the process of its collection. Agency means users have the right to access their data and decide what will occur with their information. Negotiability allows users to set the parameters of how their data is used and includes rules to force data collectors to comply with the limits set by users.
As previously mentioned, data privacy laws are difficult to create and implement in society since the devil is in the detail. In the United States, some individual states have passed laws but there are no federal laws regarding data privacy. The most recent and most extensive data privacy law has been established by the European Union (EU). The EU passed the General Data Protection Regulation (GDPR) which is the overall data privacy law across all EU countries that provides protection and rights to its citizens. The GDPR contains seven principles which include the three human data interaction principles. The law establishes that users have the right to transparency, accuracy, and accountability. Overall, the GDPR contains some of the strongest regulations for protecting the personal data of its people.
In order to enforce the GDPR, the EU has put regulators in every member nation. Companies that do not comply with the GDPR can be fined by the EU with the proceeds of these fines going back to the commonwealth of the people. But even the first step in the enforcement of the GDPR can be difficult. Charges of noncompliance must be started by the regulators in the country where the company’s headquarters are located, not in the country where a user’s rights have been violated. For example, Ireland is the regulator for Google, Twitter, Facebook, and Apple since all of these companies have their headquarters in Ireland. Therefore any fines being made against these companies go to the Irish court to be resolved. Since these companies are so large many cases have been opened which has created a backlog in the Irish court system. This means that it takes longer for any repercussions to occur against these companies. So for users of social media in the EU who want to file charges under the GDPR, it will take a very long time for the case to be heard and it must be reviewed by the court in the country of the company’s headquarters.
Numerous complaints from the EU regulators regarding the length of time for processing these cases have resulted in some cases being redirected to another relevant country’s court system. By ruling that other countries may hear these cases will help nations like Ireland, who have a backlog of cases, and help citizens who are seeking retribution to occur faster. But some lobbying groups fear this new change because they believe that it would allow for inconsistent rulings to occur. For example, users from different countries can charge the same company for the same violation, but there can be two different rulings in two different countries.
The possibility of being fined under the GDPR compels companies to follow the law. This benefits users outside of the EU because the GDPR is the defacto rule for international social media companies. Companies will follow the GDPR rules because they want to follow one set of rules rather than a thousand. Therefore users in the EU and outside of the EU will see the updated privacy changes that clearly state their commitment to the compliance of the law and explicit approaches. For social media companies, it is better to work with the law and make changes than resist it. The purpose of the GDPR is to create trust between companies and users. Social media companies that are being proactive with the law can change their marketing strategies to interact more with the users in order to develop and improve trust. The actions of the companies are in hopes that all users, in and outside of the EU, will trust the company and will continue to use their platforms. This would help to ensure that revenue for the company will continue.
Under the GDPR, users have the right to request access to the data that is being collected and used by companies. As previously mentioned, part of human data protection is to inform users about data collection and data rights and to allow users to be able to monitor what companies are doing. Users who do not know their rights under the data privacy laws can go to the Information Commission Office website. The Information Commissioner Office (ICO) is an independent regulatory office and is the national data protection authority. The ICO’s website contains information about data protection in the EU and it provides information for users on how to request access to their data. Users are also able to contact the ICO for help if the companies are not being compliant with the data request or any of the data privacy laws. A website is also a tool for companies who need to learn more about the data privacy laws in the EU. Companies can find guides about legislation and other resources. This is to ensure that companies working in the EU will be informed about the laws, how to comply with the laws, protecting information, and providing information when asked for it.
The EU continues to evolve its implementation of the GDPR but balances the rights of users while providing clear and consistent rules to companies. The GDPR shows that in the future it can be possible for users to retain their data rights and continue to use their favorite social media platforms. Though the United States does not have federal laws that are similar to the GDPR it is still possible for US users to reap some of the data privacy changes that the GDPR has forced companies to implement.
For companies, the GDPR has highlighted the need to practice data privacy regulations seriously. Companies who do are transparent and give their users options create trust with their customers than those who are not clear. Users are becoming more educated and are able to tell when companies are failing at making positive changes. Social media companies that are not trying to close their competitive advantage against other companies, have to understand the value of trust and transparency. The GDPR has set in motion a tool that if companies use correctly can help to increase their business model by being transparent and allowing users to have control over their data.