Social Media Privacy Laws
Created by FindLaw's team of legal writers and editors | Last reviewed August 21, 2018
This article has been written and reviewed for legal accuracy, clarity, and style by FindLaw’s team of legal writers and attorneys and in accordance with our editorial standards.
The last updated date refers to the last time this article was reviewed by FindLaw or one of our contributing authors. We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please contact an attorney in your area.
Having an active social media presence can be beneficial for both consumers and organizations because it creates unlimited possibilities to connect with others on a global scale. Unfortunately, this increased connectivity also raises the risk of privacy violations on social media platforms such as Facebook and Instagram.
Lawmakers have tried to keep pace with the ever-increasing presence of social media in our lives and business relationships by enacting new laws and regulations, but it's not always easy to keep up with technology. Lawyers can also help consumers deal with issues that affect privacy in the context of the important relationships that they develop with social media providers, other users, and even their employers.
This article discusses social media privacy laws, including the following:
- The duties and obligations of social media companies;
- Right to be forgotten laws;
- Privacy protection for children on social media; and
- Social media privacy in the workplace.
Federal and State Social Media Laws
There are several federal laws that touch on social media privacy concerns, including The Communications Decency Act (CDA) and The Children's Online Privacy Protection Act (COPPA). There have been many other efforts to enact federal legislation to better address social media protections, but no national comprehensive social media privacy laws exist yet; there is no U.S. equivalent to the E.U. General Data Protection Regulation (GDPR).
Some states have taken measures to better protect social media privacy, with laws that usually fall into the following categories:
- Laws requiring implementation of security measures;
- Laws imposing liability and criminal punishment for hacking; and
- Laws requiring notification for data breaches.
For example, California law requires persons or businesses that conduct business in California to give consumers notice of a data breach in the "most expedient time possible."
Right to be Forgotten Laws
In the E.U., the GDPR includes "right to be forgotten" provisions, which give individuals and corporations the right to request that their information be deleted from certain internet sites. The rationale behind these laws is that people should not be harmed by the disclosure of irrelevant or outdated information. The U.S. doesn't have right to be forgotten laws, but such laws overseas still impact U.S. based companies such as Google that operate internationally.
Relationships Between Social Media Companies and Users
Users of social media agree to broad terms and conditions when they join social media platforms. Much of the relationship is based on the company's:
- Privacy policies,
- Marketing materials, and
- Standards and practices.
The high-profile data breach involving Facebook and Cambridge Analytica is an example of a violation of the company's standards and practices. Many U.S. jurisdictions have some version of data breach notice laws requiring companies to reveal disclosures of information so companies like Facebook can be subject to fines when they don't inform consumers of these breaches.
Although social media companies are accountable for data breaches and the misuse of data, their liability is limited concerning content posted by users on their sites under the CDA. This means that social media platforms can freely allow access to their sites without worrying about third party users' actions subjecting them to litigation.
Relationships Among Social Media Users
Much of the appeal of social media is being able to interact with other users. Users can share feelings, thoughts, and information in a highly-accessible real-time forum. However, it is this sharing of information that makes social media so ripe for an exploitation of privacy rights.
There are state laws that criminalize "revenge porn," which is the online posting of sexually-explicit videos or photos, generally by a former lover, without the consent of the subject and with the intent to embarrass or humiliate them. Additionally, social media giants have shown concern about users who invade others' privacy on their platforms and have rules and procedures addressing unauthorized content.
Twitter prohibits the posting or sharing of intimate photos or videos of someone that was produced or distributed without their consent. Facebook uses "photo-matching" technologies for photos that already have been identified as shared non-consensually. The company also uses a controversial program which involves users sending intimate photos to Facebook's safety department to prevent the pics from being uploaded to the site.
Protection for Children on Social Media
COPPA is the governing law concerning the disclosure of online data for children under the age of 13. Sites that target children can't collect personal information about a child without first providing written notice of the site's disclosure practices and obtaining parental consent.
Parents are often in a supervisory role when it comes to protecting children's privacy rights on social networks, but there are occasions when a parent can infringe on their own children's privacy (intentionally or inadvertently) by posting kids' photos online or by identifying them in a blog. However, there are no social media rights for children in these situations.
Social Media Privacy Laws in the Workplace
A significant relationship in the context of social media privacy is that of employer/employee. With an increase in the social media presence in the workplace, there is legitimate concern surrounding privacy violations of employees. Because social media research is used by employers to research potential employees, many laws also protect job applicants' privacy in addition to actual employees.
Generally, state laws prohibit employers from the following actions:
- Requiring or requesting user name, account passwords, or login credentials for job applicant/employee's personal social media accounts;
- Requiring an employee adding another employee, manager, or administrator to their friends or contact list of the social media account; or
- Requesting that employees change privacy settings.
Social Media Privacy Concerns? Talk to an Internet Attorney
Social media law is constantly evolving. If you have concerns about social media privacy, then you should get clear and concise information from a skilled attorney who understands the law and how to assert your privacy rights. Contact an internet attorney today to talk about your concerns.
Was this helpful?
Next Steps
Contact a qualified consumer attorney to assist with the hazards and stress accompanying identity theft and online scams.