Despite using social media platforms every day, we all know that they may be bad for our digital privacy – even if you’re using security software like the best VPN apps. But how bad are they, exactly? This is what the team at Incogni, a data removal service provider, set out to discover.
After looking into the top 15 most popular social networks, researchers uncovered stark differences in how these platforms handle our personal data. Unsurprisingly, perhaps, Facebook and LinkedIn came out as the worst when it comes to protecting our privacy. Reddit, Snapchat, and Pinterest (in order) are the platforms representing the lowest risk.
Keep reading as I go through some of the biggest takeaways and some tips to boost your social media privacy.
Researchers assessed the privacy risks for each platform according to five categories. As expected, the data collection and retention category significantly shaped the final privacy ranking (see the graph below), with Meta’s Facebook, Messenger, and Instagram getting the worst results.
Another variable researchers looked at was the level of user control and consent. These include privacy settings, default privacy settings, and opt-out or visibility options. Again, some Meta platforms (Messenger and WhatsApp) performed the worst alongside TikTok.
Experts at Incogni were especially surprised not only by how many data points each of these platforms collects and shares with third parties, but also by the number of data points you can’t opt out for.
The transgressions category refers to fines and data breach incidents. Here, Telegram, Reddit, Quora, and Discord obtained a very positive score: 0. Not so good for X (formerly known as Twitter) which saw over a quarter of its total score come from this category, alongside LinkedIn with over 27%, and Facebook over 30%.
In terms of transparency – meaning how much user data reaches governments and the accessibility of certain features – Quora and LinkedIn had the worst ratings, while Discord, Snapchat, and YouTube performed the best.
Lastly, user-friendliness looked at how easy is to understand the platform’s privacy policy and how many steps you need to take to delete your account. Needless to say, Facebook products performed badly here, too, alongside Google-owned YouTube.
“Everything seems designed to make it hard for people to fully understand what’s happening with their personal information,” Emilia Jasinska-Dias, Incogni spokesperson, told me.
Researchers found, in fact, that to understand the privacy policy of the platforms analyzed, a user would need to be at a college literacy level. Jasinska-Dias believes this may be intentional. She said: “It seems that they’re constructed so that people won’t read them.”
According to experts, a consistent, standards-based format that is easy to navigate is needed to ensure that anyone can make informed decisions about which social media platform they want to use – and which data they’re comfortable giving away.
It takes up to 6 clicks to delete your account
If you’ve ever embarked on a mission to close an old Facebook account, then you probably know this already – deleting a social media profile is anything but easy.
Researchers found that the steps required to delete a social media account can vary from a minimum of two clicks (TikTok, Telegram, and Discord) to a maximum of six. The latter category includes all of Meta’s products besides WhatsApp, which requires three, as well as YouTube.
Yet, as the report points out, “account deletion ought to be a relatively easy process.”
Your data stay up to 180 days after leaving a platform
“The most shocking discovery was how long data is sometimes held after a user decides to delete their account,” said again Jasinska-Dias. “In some cases, it might be as long as 6 months.”
Among the platforms holding onto your personal information for about 180 days, after clearly expressing the intention to depart from a specific service, are Facebook, Instagram, Messenger, YouTube, and Discord. On the contrary, Telegram retains your data for just a few days after deletion.
This is especially worrisome considering that some of the most invasive platforms (Facebook, X, and LinkedIn) suffered at least two data breach incidents in the past.
Data protection laws aren’t enough
While most social media platforms have constructed their business model around harvesting your personal data since the beginning, in recent years many countries have implemented new privacy laws aimed at minimizing data collection and retention. So, are these measures helping at all? Well, according to Incogni, not much.
Did you know?
Experts at Proton, the provider behind ProtonVPN and ProtonMail, found that only after a week into 2024 the likes of Meta, Google, Apple, and Microsoft earned enough to pay off all the fines they got in 2023.
Facebook, for instance, was hit the most by legal fines for breaching the privacy of its users – three from EU bodies and five from other jurisdictions. WhatsApp, another Meta-owned product, was fined five times, while TikTok and X received four fines each. Despite this, the research clearly shows how these platforms remain among the worst for privacy protection.
“Examining the number and amounts of fines imposed on each platform, it’s apparent that they aren’t enough to make platforms change their approach toward how user personal information is handled,” Jasinska-Dias told me, adding that, at the moment, there are no regulations that would sufficiently secure users’ interest.
She believes the only way for policymakers to limit the extent of personal data collection is to ensure that violating the law isn’t more profitable than complying with it.
As Incogni’s research shows, the most popular social media platforms are also the most invasive services around. While privacy-respecting alternatives do exist – think Mastodon, Nostr, and Matrix, for instance – you might not be willing to give up your social media presence on other platforms just yet. It’s then crucial to learn how to minimize the data you share.
As a rule of thumb, Jasinska-Dias suggests opting for services that allow registration without using your real details whenever possible. If you cannot do that, you might want to think about creating a dedicated email account instead of giving away your main address. I would refrain from signing up with your phone number if you can, too.
“It’s worth noting that platforms belonging to Google and Meta make managing your privacy more complicated,” said Jasinska-Dias. It’s vital to keep in mind that these services are integrated into a bigger group and they share your data between them.
I strongly suggest reviewing your privacy settings to make sure you’re sharing only strictly necessary information with the social media company.
You should also become more confident with the provider’s usage and privacy policies while staying up-to-date with any changes that occur. For example, last week LinkedIn silently began training its AI data with user data. If you haven’t done so already, here are some instructions on how you can opt out.