Social Media platforms and inherent privacy concerns
Is Social Media a safe space?
Social Media (SM) is here to stay, with increasing importance in our day to day lives; 45% of the world population uses social networks (2020). Subsequently, there is an impending need to harness privacy practices, thereby limiting the possibility of negative impact to users. Popular SM networks include Facebook, Twitter, Snapchat, YouTube, and most recently, Clubhouse. As with all Social Media platforms, common privacy concerns include the extensive use of data by advertising companies and third party advertising services, dangers of location-based services, personal data theft and identity theft.
The line has become progressively thinned between effective marketing and privacy intrusions on Social Media. Information gathering for targeted marketing is a guaranteed way of Social Media platforms to monetize on their services, with paying advertising customers incentivizing the need to share data at the detriment of SM users. This is a form of data mining, as the creation of new SM accounts and the provision of personal data grants access to companies, who then collect data on user behaviour for targeted advertising, or worse, sale to third-party entities without the knowledge or consent of users.
When allowing access to their geolocation, SM users risk revealing their current location to everyone within their social networks. Furthermore, the average smartphone will automatically collect location data on a continuous basis, without the knowledge of the owner. Ironically, Social Media applications are the primary users of location data. Aside from the obvious threat of such information being used by malicious actors to stalk or track the user’s movements, it may also provide an open invitation to burglars in instances where the user is abroad on holiday.
Data and Identity Theft
Instances of account hacking and impersonation are fast becoming the norm. Online criminals, hackers and spammers target social networks due to the copious amounts of personal data available, which allow for an almost instant impersonation of the user. Replicating an individual online through the personal data listed on their SM profiles can lead to online fraud, stolen information and forced shares directing their followers to viruses. The appeal of SM as a cyber-attack vector stems from the ease of spreading viruses and malware, rather than by conventional email spam scams. One is much more likely to trust messages from friends and family on Social Media, clicking on links that will infect their device.
Another prevalent threat to the ‘safe space’ of Social Media is the vast spread of Fake News. Examples of this disinformation war have been seen in the U.S. Presidential elections and the U.K.’s Brexit movement. Bot accounts shared specific and polarizing information to targeted preferred audiences with the aim of driving action, in these examples to influence votes.
The new Clubhouse social networking trend and how it works
Clubhouse recently rocketed to global fame overnight, despite being around since March 2020 when it had a mere 1,500 users. The app’s notoriety stemmed from a live audio-chat hosted by Elon Musk, which was live-streamed to YouTube. Clubhouse app takes a slightly different spin on social networking as it is based on audio-chat with about 3.6 million users worldwide (February 2021) and is only available on iPhone. The app is an amalgamation of talkback radio, conference call and houseparty features, meaning users engage solely through audio recordings – either privately or publicly shared. Upon joining, members select topics of interest to engage in live conversations, interviews and discussions via a conference call set up, with the “rooms” closing once the conversation is over. Naturally, the more information given around your preferences, the more conversations and individuals the application recommends you to join and/or follow. Profiles on the app are fully visible to all users, with as much information available as members choose to provide. Most worrying perhaps, is the appearance of who invited you to join Clubhouse being a permanent fixture on your profile. Clubhouse also differentiates itself from other social networking platforms through its exclusive “invite only” characteristic, meaning users cannot simply download it from the app store and create an account. Only existing members can send out invites, which then allow new users to tune in to interesting discussions and interviews on a range of eclectic topics.
With Clubhouse being an invite-only app, what are the specific privacy concerns?
When granted illustrious membership, you are gifted two free invites. This is where the privacy concern begins as users are pressed to allow the app to access their phone contacts for easy connectivity with other users. As seen from the image above, Clubhouse knows who your friends are before you’ve even joined! Furthermore, the app manages to identify the number of friends your contacts already have on the platform, invoking the Fear Of Missing Out (FOMO) syndrome. Upon joining the app, users can see who invited you, with this information staying on your profile forever. The issue of lack of consent arises as Clubhouse uses the information gleaned from existing members’ contact lists to create profiles of people who are yet to become members. This probably occurs by cross-referencing other Clubhouse members’ shared address books, in a bid to encourage members to share the app with those who would already have friends on the platform. Under the GDPR, consent is defined as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she…signifies agreement to the processing of personal data relating to him or her”. Since EU Law states the consent of the friend as being a prerequisite prior to sharing personal data with a third-party entity, Clubhouse may unlawfully be using personal data provided by third parties. For people who have no desire to join the platform, their name, mobile number and number of friends on Clubhouse is personal data the app might already have access to.
How you can stay protected on Social Media
First and foremost, users are encouraged to check and update privacy settings on both their devices and Social Media networks on a periodic basis to limit the amount of access to personal data such as location services, microphone et al., which may be used for targeted marketing. Next, avoid using Social Media on public devices, however in such cases, be sure to log out afterwards. To avoid your accounts being infiltrated by malicious actors, be sure to create strong passwords; the stronger the password, the harder to guess. The use of symbols, capital letters, and numbers teamed with the avoidance of common or repeated passwords (birthday, spouse’s name etc.) creates an additional layer of defence. Similarly, two-factor authentication should be employed for all accounts (including email) to make it that much harder for hackers to gain access. From a cybersecurity perspective, users can install antivirus and anti-spyware software on their devices and ensure they are kept up to date in order to be effective. However, all of these protective measures are rendered useless if you post sensitive personal data online as you (or your contacts) may be inadvertently leaking your own data. Once information is posted online, it is automatically rendered public, with the inherent possibility of it falling into the wrong hands – with or without stringent security measures. As such, the strongest recommendation is to take stock of what you post online, and be careful with the amount of personal data you are revealing, keeping the information to a minimum.
Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR and Data Protection Act 2018 in handling customer data? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance.
- Social Media platforms and inherent privacy concerns - March 19, 2021