How social media platforms use your data – and what you can do to protect yourself banner


How social media platforms use your data – and what you can do to protect yourself

  • Posted on

Which Disney princess are you? Take this fun quiz to find out! The stalwart of Facebook, Twitter and countless other social media platforms, clickbait' sites and online quizzes that populate social media platforms are there to do one thing and one thing only - harvest data. Social media is practically a data protection free-for-all, primarily because users give the platform operators unprecedented access to their personal information.

It's Cambridge Analytica all over again...

Now, it's starting to emerge just how much of your personal data platforms like Facebook are harvesting, and what they're doing with it. At the end of November it was revealed that Facebook considered selling user data to developers, even though it had repeatedly promised not to do so. The Wall Street Journal investigated a discussion between Facebook and American software company Six4Three, in which Facebook talked about charging developers for ongoing access to users' data. Combine this most recent revelation with the whole Cambridge Analytica debacle, and it's clear to see that your personal data is not as protected as you'd like to think.

Facebook responds

In response to the most recent allegations, Facebook has claimed that there was never any intention to sell data. They state quite clearly that they have never required any developers to pay for using the platform's APIs (Application Program Interfaces), either directly or by purchasing any advertising linked to them. They also claim that the changes made to the platform in 2015 to stop people from sharing their friends' data with developers was specifically designed to prevent another Cambridge Analytica' from happening. It appears that the attempt was unsuccessful, if the Wall Street Journal's investigation is anything to go by.

Why are so many people after your data?

So why are platforms like Facebook, Twitter and others so tempted to provide developers with data? One simple answer - money. Facebook has over 2billion monthly active users - that's a lot of data and a lot of potential advertising targets for developers to aim for. To keep a service like Facebook or Twitter free for users there has to be some form of revenue stream, and that usually comes in the form of advertising.

The provision of data is the modern version of barter economics - information has real value and social media is awash with snippets of personalised information that is manna from heaven to researchers, marketers and advertisers. This data-mining has darker undertones, though, and it is this that many observers are concerned about. Cambridge Analytica was potentially just the tip of the iceberg. The latest revelations could easily undo all the earnest protestations made by Facebook in 2015 that they were on top of the situation and that users' data was safe, secure, and most definitely not for sale.

GDPR - is it the white knight' of data protection online?

GDPR was bound to be a bugbear for global platforms like Facebook. Initially agreeing to follow GDPR in spirit', Facebook promptly turned around and told 1.5billion non-European users that they would not be covered by the sweeping privacy laws contained within GDPR. The half a billion EU users, though, are covered, and their data is subject to the strict legislation laid down in the EU directives. However, that may mean that their user experience isn't quite what they're used to. They may find that access to sites outside the EU is limited, and prefixed by a Sorry, you're in Europe so because of GDPR you cannot access this content' message.

Platforms like Facebook also didn't reduce the amount of data they collected post-GDPR - they merely changed the type of data they collected, including biometric data which tends to fall through the cracks in legislation like GDPR, which hasn't yet been future-proofed against more advanced types of data collection.

They have, to be fair, included a sequence of consent requests for users to supposedly give them more control over the type of data collected by Facebook, but users may find it's not exactly easy to opt out of the process.

Think twice before ticking I accept'

So, what can you do to protect your data? The best thing to do is to go online and do some research into how to change your personal settings to restrict the level of access developers and platform operators like Facebook have to your data. Be careful about what you post, and what you click on and yes, we know this is a pain in the rear, but read those T&Cs before you click I accept'. Find out who has access to your data by looking at the Manage Settings' options.

If you think your data has been accessed without your consent then talk to a specialist in privacy law, who will be able to advise you on what to do next and, more importantly, how to conclusively prove that your data has been compromised.

Grant Sanders

Grant Sanders is the Practice Manager at Stephen Rimmer LLP and can be contacted on 01323 644222 or by email

    Ask a question