Social Media and GDPR: How do they interact?

Are social media and #GDPR related in any way? A resounding “yes” should be the normal response.

Most likely, you are familiar with GDPR and may even remember how EU businesses scrambled in May 2018 to comply with data and privacy requirements.

Although not just organizations in the EU are impacted, GDPR’s effects on data privacy on social media and digital marketing are still being seen to this day.

Since social media is a crucial channel for direct connection between brands and customers, marketers should take an effort to comprehend how the GDPR will affect them, as well as the consequences of privacy regulations and social media in general.

What effects does GDPR have on various social media platforms?

Most of the significant social media platforms have emphasized their specific strategies and commitment to GDPR compliance. Predominantly, the distinction between “controllers” and “processors” of data is highlighted as part of this.

Here are a few quick references and explanations if you’d want to learn more about how each social network is handling GDPR:

Facebook‘s GDPR policies explain how it employs in-product notifications, its privacy control centre, and internal documentation to be GDPR compliant (Instagram adheres to the same policies)

Twitter‘s GDPR FAQs, highlight the company’s roles as controller and processor and how GDPR may affect the platform’s Tailored Audience Program.

How the #LinkedIn ad platform uses data in accordance with GDPR is explained in relation to LinkedIn and GDPR.

The agreement for advertising services with #Pinterest, which explains how the company handles user data (although not explicitly mentioning GDPR)

Privacy rules for #TikTok are separated by geographic area (Note: Following complaints that it had violated the GDPR, TikTok has introduced “Family Safety Mode.”)

Interplay between GDPR and Social Media Marketing

91 articles and 11 chapters of the GDPR are designed to make it illegal for companies to gather, use, store, or share the personal information of EU customers without that customer’s consent. Client information from social media is included here, in addition to web browser cookies, IP addresses, Facebook tracking pixels, and more.

Additionally, social media posts, chat applications, social media adverts, and similar content that contains identifying information, including social media images all are included in the purview of data that cannot be collected without consent.

Consequently, even if you think you are in compliance with the GDPR, you may not be if your company collects or processes sensitive data from EU data subjects through social media. Understanding the GDPR and how it affects social media platforms is vital for this reason.

What Effect does GDPR have on Social Media Marketing?

Social media marketing is impacted by GDPR in three key ways:

1. Ads that are remarketed or retargeted

Before launching a remarketing campaign, you must obtain users’ agreement to gather and use their data in order to adhere to GDPR regulations. You need to implement a sign-up page or make an opt-in statement about data consumption in the advertisement for this.

These initiatives make it more difficult to distribute tailored advertisements to a “captive” audience and add extra stages to your marketing campaigns. However, it also pushes GDPR compliance closer to you, thus, it’s worth the effort put in!

2. Double opt-ins, social media traffic, and privacy policies

Double opt-ins are required under GDPR, which means that consent must be obtained twice before EU citizens’ data can be used. They consent to your privacy notice, which describes how you will use and safeguard their data when they first opt-in. Users accept your offer using the second, such as to download a whitepaper or guide, or to sign up for a newsletter.

In order to comply with GDPR, you need also to include a pop-up message on your website requesting that new visitors agree to your cookie and privacy policies. Although it requires an additional step from consumers, they are becoming accustomed to these messages, so it won’t significantly affect how they interact with your website.

3. Behavior Tracking on social media

In light of the fact that analytical tools such as Google Analytics is GDPR-compliant, you can still gather essential user insights so long as users have consented to your privacy policy.

However, if you notice a decline in EU traffic, test your cookie opt-ins and examine your privacy policy. Issues like a difficult opt-in process could make users withdraw before accepting.

Parting Note

It is crucial to have a thorough understanding of the data your company holds and gathers, as well as the alternative legal bases for processing that data under GDPR, and keeping records.

The transparency surrounding obtaining consent and disclosing the reason for data collection can only be a good thing because trust is a crucial currency in business. By ensuring that only people who want to receive marketing communications are on your list, GDPR compliance will significantly reduce time and resource waste.

Major Privacy Updates of the Week

Uber Faces Another Data Breach

After a threat actor published employee email addresses, IT asset information, and business reports online, Uber experienced a new data breach.

All the information was stolen from a third-party vendor. teqtivity , a vendor that aids in managing and tracking IT equipment including phones and laptops, reported that the hacker was able to access the Teqtivity AWS backup server, which holds the company’s code and client data files. 

Read more

Apple Should Face 6 million euro Fine, advisor to French Privacy Watchdog

For violating privacy laws, Apple should be fined 6 million euros ($6.3 million), according to the chief advisor to the French data protection authority’s sanction body.

Although the rapporteur’s suggestions are optional, they often have a significant impact on the watchdog’s final conclusion. Francois Pellegrini, the report’s author, said that Apple’s previous operating system version iOS 14.6 violated the ePrivacy directive’s privacy laws by improperly obtaining users’ prior agreement for the acquisition of personal data. 

Read more

California Department of Finance Hit by Cyber-Attack

The California Cybersecurity Integration Center (Cal-CSIC) has acknowledged that the state’s finance department has been the target of a cyberattack.

The ransomware gang LockBit, which has ties to Russia, has taken credit for the attack.

The ransomware group revealed on their leak site that they had infiltrated the California Department of Finance and had stolen 76GB of data, including databases, sensitive information, financial documents, and IT documents. 

Read more

HSE Cyber-Attack Costs Ireland $83m

The Irish Health Service Executive (HSE) was the target of a cyberattack last year that cost a total of €80m ($83.75m).

The data is from a letter that Peadar Tóibn, the leader of AONT, received from Fran Thompson, chief information officer of the HSE. The letter, which was seen by The Irish Times, was sent months after the Department of Health predicted in February that the attack may cost as much as €100 million ($104 million). 

Read more

ITTF Server Leaks Athletes' Passport, Vaccination Details Online

Following a security breach on the International Table Tennis Federation’s (ITTF) server, the passport information and vaccination records of hundreds of professional table tennis players were posted online.

The leak was caused by an improperly configured cloud hosting service, and the data was exposed for more than three years. The victim of this breach includes Chinese Olympic winner Ma Long and fellow countryman and world champion Fan Zhendong, whose passport information was made public online. 

Read more

Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay


Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro