Social media companies collect huge amounts of personal data from data subjects who utilize their platforms in order to “target” advertisements to users. This practice, also known as behavioural advertising, is severely detrimental to privacy, the flow of information, and the psychological health of data subjects. 

It has been stated that “behavioral advertising generates profits by turning users into products, their activity into assets, their communities into targets, and social media platforms into weapons of mass manipulation.” Often, social media platforms, in order to maximize the probability of inducing profitable user engagement, have a strong incentive to (a) increase the amount of time a data subject engages with the platform and (b) create an environment that convinces users into actions they can monetize. 

To accomplish both of these objectives, social media companies with similar business models have developed a voracious thirst for more data. This data goes far beyond information that users believe they are providing, such as their old school, their friends, and artists they like. It is very easy for social media platforms to develop a detailed, intimate picture of each user that is constantly being updated in real time, including content we view behaviour, our reactions to certain types of content, and our activities across the digital space where technology belonging to social media networks is embedded. The company can make more profit if it manipulates us into constant engagement and specific actions that are aligned with its monetization goals. 

As long as advertisers are willing to pay a high price for users to consume specific content, companies like Facebook and LinkedIn are incentivized to curate content in ways that affect our real-time preferences.

Remarkably, tracking and behavioural advertising by social media companies is not limited to the platforms themselves. Companies like Facebook use hard-to-detect tracking techniques to follow individuals across a several applications, websites, and devices. As a result, even those who intentionally opt out of social media platforms are affected by their data collection and advertising practices.

Social Media & Competition

Data collection is at the core of many social media platforms’ business models. For this reason, mergers and acquisitions involving social networks pose acute risks to consumer privacy. Yet in recent years, platforms that have promised to protect user privacy have been repeatedly taken over by companies that fail to protect user privacy.

One of the most notable examples of this trend is Facebook’s 2014 purchase of WhatsApp, a messaging service that attracted users precisely because of strong commitments to privacy. WhatsApp’s founder stated in 2012 that, “[w]e have not, we do not and we will not ever sell your personal information to anyone.” Although EPIC and the Center for Digital Democracy urged the FTC to block the proposed Facebook-WhatsApp deal, the FTC ultimately approved the merger after both companies promised not to make any changes to WhatsApp user privacy settings. 

However, Facebook announced in 2016 that it would begin acquiring the personal information of WhatsApp users, directly contradicting their previous promises to honor user privacy. Antitrust authorities in the EU fined Facebook $122 million in 2017 for making deliberately false representations about the company’s ability to integrate the personal data of WhatsApp users. Yet the FTC took no further action at the time. It wasn’t until the FTC’s 2020 antitrust lawsuit against Facebook—six years after the merger—that the FTC publicly identified Facebook’s acquisition of WhatsApp as part of a pattern of anticompetitive behavior.

For many years, the United States stood virtually alone in its unwillingness to address privacy as an important dimension of competition in the digital marketplace. With the 2020 wave of federal and state antitrust lawsuits against Facebook and Google—and with a renewed interest in antitrust enforcement at the FTC—that dynamic may finally be changing. But moving forward, it is vital that antitrust enforcers take data protection and privacy into account in their antitrust enforcement actions and assessments of market competition. If the largest social media platforms continue to buy up new market entrants and assimilate their users’ data into the existing platforms, there will be no meaningful opportunity for other firms to compete with better privacy and data security practices. 

Social Media & Data Breaches

The massive stores of personal data that social media platforms collect and retain are vulnerable to hacking, scraping, and data breaches, particularly if platforms fail to institute critical security measures and access restrictions. Depending on the network, the data at risk can include location information, health information, religious identity, sexual orientation, facial recognition imagery, private messages, personal photos, and more. The consequences of exposing this information can be severe: from stalking to the forcible outing of LGBTQ individuals to the disclosure of one’s religious practices and movements. 

Without federal comprehensive privacy legislation, users often have little protection against data breaches. Although social media companies typically publish privacy policies, these policies are wholly inadequate to protect users’ sensitive information. Privacy policies are disclaimers published by platforms and websites that purport to operate as waivers once users “consent” to them. But these policies are often vague, hard to interpret, full of loopholes, subject to unilateral changes by the platforms, and difficult or impossible for injured users to enforce.