A blog post by Brianna Fanzo, Junior Associate

It is evident that social media is omnipresent as technology has continued to develop. With this looming presence, there are threats to users’ private information, including personal data breaches, location tracking, and algorithms that track users’ activities. Approximately 307 million people out of 333 million people in the United States use the Internet and 270 million classify themselves as active social media users.^[1] When users download social media apps, there are usually Terms and Conditions Agreements (T&C) and Privacy Policies.^[2] T&C are legal agreements that lay out the policies and rules for users, such as billing, subscription information, and disclaimers.^[3]Privacy Policies are included within the T&Cs and are required by law in certain areas, but are often lengthy and confusing. ^[4] The length and difficulty make it unlikely that users are reading every privacy policy in each app on their phone.

One popular social media app is Instagram, whose privacy policy collects information including posts, likes, purchases, credit card information, face ID, and GPS location.^[5] There is also an option to delete some data.^[6] In terms of the applicable law when it comes to social media, the United States, unlike other countries, has not enacted federal legislation directed to specifically protect social media users through privacy acts.^[7] Some of the common elements in the states that have legislation include: the right to access, the right to opt-out, the right to delete, and, less commonly, the right to opt-in.^[8]  Unfortunately, the United States does not have a unified approach to protect social media users. In the EU, the General Data Protection Regulation (GDPR) provides protection for users by minimizing data collection and prohibiting businesses from collecting unnecessary information.^[9] It would be ideal for the United States to model their federal legislation after the GDPR so that all citizens are protected federally rather than just those residing in certain states.^[10] One of the most important elements would be the right to opt-in, since it requires written consent from users who are often not reading the policies. The United States should aim to include this as well as holding more companies accountable, having specific remedies, and strict standards outlining how users should be notified of their protections.

 

 

^[1] US Social Media Statistics 2022 Most Popular Platform, The Global Statistics, https://www.theglobalstatistics.com/united-states-social-media-statistics/#google_vignette.

^[2] Sara Pegarella, Privacy Policies vs. Terms & Conditions, TermsFeed (Aug. 23, 2022). https://www.termsfeed.com/blog/privacy-policies-vs-terms-conditions/#What_S_A_Terms_Conditions_Agreement.

^[3] Id.

^[4]  Id.; Jennifer Laird, What is a Privacy Policy?, Privacy Policies (July 1, 2022), https://www.privacypolicies.com/blog/what-is-privacy-policy/

^[5] Instagram Privacy Policy, (2022),https://privacycenter.instagram.com/policy/?section_id=6-HowCanYouManage.

^[6] Id.

^[7] Thorin Klosowski, The State of Consumer Data Privacy Laws in the US (And Why It Matters), N.Y. Times: Wirecutter (Sept. 6, 2021), https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/.

^[8] Preston Bukaty, The California Consumer Privacy Act (CCPA) An Implementation Guide 56 (IT Governance Publishing eds., 2019); Kate Berry et. al., And Utah Makes 4- Beehive State Passes Consumer Privacy Law, Davis Wright Tremaine LLP (March 31, 2022), https://www.dwt.com/blogs/privacy–security-law-blog/2022/03/utah-consumer-privacy-act; Maureen Fulton & Kayla Sullivan, Colorado Enacts Privacy Act, Becoming Third State with Comprehensive Privacy Law, Koley Jessen, July 202; Cassandra Gaedt-Sheckter et. al., U.S. Privacy Law Update: Connecticut Enacts Comprehensive Privacy Law as Other States’ Laws Continue to Develop, Gibson Dunn, May 2022. .

^[9] Geoff Coleman, GDPR:What Is It, and What Does It Mean for Your Company, gotransverse,  (May 17, 2018)https://gotransverse.com/blog/blog-gdpr-impact-on-billing-platforms?creative=319174275034&keyword=&matchtype=&network=g&device=c&gclid=Cj0KCQiAveebBhD_ARIsAFaAvrEqm3WcoMIyaDBlCT6QIiMaIjh-8-YvL7YcUlYOUEVWJVOje9vIALYaAia8EALw_wcB.

^[10] Id.