Personal data protection: There is growing concern among governments across the world about exploitation of user data by social media companies, leading to tighter regulation of data use. A recent report by the US Federal Trade Commission said these companies collect, share, and process vast amounts of user information, often without consumers being fully aware of how their data is being used. There is a lack of transparency and control, especially in how data is utilised by systems incorporating artificial intelligence.
As AI evolves rapidly, companies are rushing to acquire data sources to train their emerging AI models. These data deals are frequently undisclosed, involving private content hidden behind paywalls or login screens, with little or no notice given to the users who generated that content.
READ I Renewable energy: $386 billion investment fuels ambitious targets
Risk of data misuse
Concerns about data misuse are rising, as individuals and organisations exploit personal data for malicious purposes. Beyond cybersecurity threats, data can be misused by third parties for targeted advertising, surveillance, or even blackmail. For example, in an episode of the British drama series Sherlock, a character is blackmailed using sensitive information, highlighting how personal data can be weaponised. Similarly, popular shows like Netflix’s Black Mirror illustrate the broader dangers posed by social media and advancing technology.
Privacy invasion is one of the most pressing threats individuals face today. With the rise of social media, people are sharing vast amounts of personal data online, often willingly. This has also made it easier for governments and entities engaged in cyber espionage to gather sensitive information from other nations or organisations. Much of the data collected by social media platforms or everyday devices is sold to internet platforms or data brokers, who, in turn, sell it to parties looking to influence user behaviour. Data is now a commodity, available for misuse and abuse.
Social media companies collect data through tracking technologies used in online advertising, by purchasing information from data brokers, and via other methods. The FTC warns that while these surveillance practices are profitable for companies, they compromise individual privacy and expose users to risks like identity theft and stalking.
Data exposure of minors
Another pressing concern is the exposure of minors to data exploitation. The US House of Representatives is currently considering legislation passed by the Senate in July, aimed at addressing the potential negative impacts of social media on young users. Meanwhile, Meta has introduced teen accounts with enhanced parental controls.
The FTC’s report also analysed how companies such as Meta Platforms, ByteDance’s TikTok, and Amazon’s gaming platform Twitch manage user data. It found that data management and retention policies at many companies were grossly inadequate. Some companies are even collecting information on users’ income, education, and family status. The FTC now advocates for lawmakers to recognise that the business models of many social media companies do not encourage effective self-regulation or data protection.
Regulating data management
Data protection encompasses the policies and regulations designed to safeguard individuals’ privacy and data. Ideally, data management should ensure that companies do not use personal information in ways that violate users’ privacy or legal rights.
Countries are starting to take action against Big Tech by enforcing stronger laws. The revision of the Data Protection Act in Europe in 2018 marked a significant milestone, driven by legal, ideological, and political factors. The updated act introduced strict regulations on personal data processing, covering its collection, storage, and destruction.
India’s Data Protection Board
Recently, India established the Data Protection Board, a key adjudicatory body under the Digital Personal Data Protection (DPDP) Act, 2023. Experts view this as a cornerstone of India’s data governance efforts. Given the rapid growth of the country’s digital economy, a robust data protection framework is crucial.
The ministry of electronics and IT has drafted the procedures for appointing members to the DPBI. The selection process will be overseen by a committee consisting of senior government officials and two external experts in data governance. However, concerns have been raised by civil society and industry experts regarding the independence of the board, as the current selection mechanism may not guarantee full autonomy from the government.
MeitY has indicated that the selection committee itself will act as the DPBI until the five board members are formally appointed, each serving a two-year term. Although the DPDP Act was passed nearly a year ago, consumers are still waiting for the draft DPDP rules, which will dictate how data is regulated in India.
The FTC found that opting out of data collection on most platforms is challenging for users. Nearly all companies admitted to feeding personal information into automated systems, primarily for content delivery and advertising. However, few offer comprehensive options for users to control or opt out of their data being used by algorithms, data analytics, or AI. This issue requires urgent global attention.
When social media companies are directed to disclose how they handle user data, they often present users with lengthy disclaimers and ‘terms and conditions’ that most people agree to without reading. Governments and policymakers should mandate that Big Tech companies provide short, concise, and readable disclosures that are easily understandable by all. These lengthy documents often contain critical information about data collection, storage, and use, but the fine print is frequently overlooked. It is time for individuals to take responsibility and become aware of the risks associated with using social media.