Social Media and GDPR: How do they interact?

Are social media and #GDPR related in any way? A resounding “yes” should be the normal response.

Most likely, you are familiar with GDPR and may even remember how EU businesses scrambled in May 2018 to comply with data and privacy requirements.

Although not just organizations in the EU are impacted, GDPR’s effects on data privacy on social media and digital marketing are still being seen to this day.

Since social media is a crucial channel for direct connection between brands and customers, marketers should take an effort to comprehend how the GDPR will affect them, as well as the consequences of privacy regulations and social media in general.

What effects does GDPR have on various social media platforms?

Most of the significant social media platforms have emphasized their specific strategies and commitment to GDPR compliance. Predominantly, the distinction between “controllers” and “processors” of data is highlighted as part of this.

Here are a few quick references and explanations if you’d want to learn more about how each social network is handling GDPR:

Facebook‘s GDPR policies explain how it employs in-product notifications, its privacy control centre, and internal documentation to be GDPR compliant (Instagram adheres to the same policies)

Twitter‘s GDPR FAQs, highlight the company’s roles as controller and processor and how GDPR may affect the platform’s Tailored Audience Program.

How the #LinkedIn ad platform uses data in accordance with GDPR is explained in relation to LinkedIn and GDPR.

The agreement for advertising services with #Pinterest, which explains how the company handles user data (although not explicitly mentioning GDPR)

Privacy rules for #TikTok are separated by geographic area (Note: Following complaints that it had violated the GDPR, TikTok has introduced “Family Safety Mode.”)

Interplay between GDPR and Social Media Marketing

91 articles and 11 chapters of the GDPR are designed to make it illegal for companies to gather, use, store, or share the personal information of EU customers without that customer’s consent. Client information from social media is included here, in addition to web browser cookies, IP addresses, Facebook tracking pixels, and more.

Additionally, social media posts, chat applications, social media adverts, and similar content that contains identifying information, including social media images all are included in the purview of data that cannot be collected without consent.

Consequently, even if you think you are in compliance with the GDPR, you may not be if your company collects or processes sensitive data from EU data subjects through social media. Understanding the GDPR and how it affects social media platforms is vital for this reason.

What Effect does GDPR have on Social Media Marketing?

Social media marketing is impacted by GDPR in three key ways:

1. Ads that are remarketed or retargeted

Before launching a remarketing campaign, you must obtain users’ agreement to gather and use their data in order to adhere to GDPR regulations. You need to implement a sign-up page or make an opt-in statement about data consumption in the advertisement for this.

These initiatives make it more difficult to distribute tailored advertisements to a “captive” audience and add extra stages to your marketing campaigns. However, it also pushes GDPR compliance closer to you, thus, it’s worth the effort put in!

2. Double opt-ins, social media traffic, and privacy policies

Double opt-ins are required under GDPR, which means that consent must be obtained twice before EU citizens’ data can be used. They consent to your privacy notice, which describes how you will use and safeguard their data when they first opt-in. Users accept your offer using the second, such as to download a whitepaper or guide, or to sign up for a newsletter.

In order to comply with GDPR, you need also to include a pop-up message on your website requesting that new visitors agree to your cookie and privacy policies. Although it requires an additional step from consumers, they are becoming accustomed to these messages, so it won’t significantly affect how they interact with your website.

3. Behavior Tracking on social media

In light of the fact that analytical tools such as Google Analytics is GDPR-compliant, you can still gather essential user insights so long as users have consented to your privacy policy.

However, if you notice a decline in EU traffic, test your cookie opt-ins and examine your privacy policy. Issues like a difficult opt-in process could make users withdraw before accepting.

Parting Note

It is crucial to have a thorough understanding of the data your company holds and gathers, as well as the alternative legal bases for processing that data under GDPR, and keeping records.

The transparency surrounding obtaining consent and disclosing the reason for data collection can only be a good thing because trust is a crucial currency in business. By ensuring that only people who want to receive marketing communications are on your list, GDPR compliance will significantly reduce time and resource waste.

Major Privacy Updates of the Week

Uber Faces Another Data Breach

After a threat actor published employee email addresses, IT asset information, and business reports online, Uber experienced a new data breach.

All the information was stolen from a third-party vendor. teqtivity , a vendor that aids in managing and tracking IT equipment including phones and laptops, reported that the hacker was able to access the Teqtivity AWS backup server, which holds the company’s code and client data files.

Apple Should Face 6 million euro Fine, advisor to French Privacy Watchdog

For violating privacy laws, Apple should be fined 6 million euros ($6.3 million), according to the chief advisor to the French data protection authority’s sanction body.

Although the rapporteur’s suggestions are optional, they often have a significant impact on the watchdog’s final conclusion. Francois Pellegrini, the report’s author, said that Apple’s previous operating system version iOS 14.6 violated the ePrivacy directive’s privacy laws by improperly obtaining users’ prior agreement for the acquisition of personal data.

California Department of Finance Hit by Cyber-Attack

The California Cybersecurity Integration Center (Cal-CSIC) has acknowledged that the state’s finance department has been the target of a cyberattack.

The ransomware gang LockBit, which has ties to Russia, has taken credit for the attack.

The ransomware group revealed on their leak site that they had infiltrated the California Department of Finance and had stolen 76GB of data, including databases, sensitive information, financial documents, and IT documents.

HSE Cyber-Attack Costs Ireland $83m

The Irish Health Service Executive (HSE) was the target of a cyberattack last year that cost a total of €80m ($83.75m).

The data is from a letter that Peadar Tóibn, the leader of AONT, received from Fran Thompson, chief information officer of the HSE. The letter, which was seen by The Irish Times, was sent months after the Department of Health predicted in February that the attack may cost as much as €100 million ($104 million).

ITTF Server Leaks Athletes' Passport, Vaccination Details Online

Following a security breach on the International Table Tennis Federation’s (ITTF) server, the passport information and vaccination records of hundreds of professional table tennis players were posted online.

The leak was caused by an improperly configured cloud hosting service, and the data was exposed for more than three years. The victim of this breach includes Chinese Olympic winner Ma Long and fellow countryman and world champion Fan Zhendong, whose passport information was made public online.

WEEKLY PRIVACY NEWSLETTER

Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
SRM_B	1 year 24 days	Used by Microsoft Advertising as a unique ID for visitors.

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.

WHY TSAARO CONSULTING

TSAARO LEADERSHIP

Life at TSAARO

Upcoming Events

EU Representative as a Service