Easy Guide to Data Privacy for Social Media
Table of Contents
With major privacy laws like the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) now well and truly in force, there’s never been a higher level of scrutiny over how businesses handle personal data online. While most of the focus is on getting your website compliant, there’s another area you need to consider — how you operate on social media.
In this guide, we’ll take a look at how data privacy laws affect the way you run your social media channels. We’ll talk through how these privacy laws apply and share some really effective ways to respect your customers’ privacy on social media.
The Impact of Privacy Legislation on Social Media for eCommerce
With such a big focus on data privacy concerns, there’s never been a better time to shine and demonstrate just how trustworthy your eCommerce store is. While that’s a bonus if you’re on the ball when it comes to privacy, it can introduce some challenges.
Let’s explore how recent major privacy legislation has impacted the way you use social media websites and apps to promote your eCommerce business.
GDPR and Social Media
With the introduction of the European Union’s GDPR came a shift in the way lots of companies do business online. No longer can you rely on flimsy consent to send marketing emails to your list every day — the GDPR ushered in a new approach to privacy that focuses on opted-in consent.
This highly privacy-conscious approach to data collection changes the way eCommerce store owners and marketers can plan and run campaigns. Here are some of the changes you’ll encounter now:
- Only able to collect, store, and process personal data that’s required for that purpose
- Lack of reliable second-party or third-party data to use for marketing campaigns
- No longer able to use personal data without explicit consent for that purpose — e.g. to send promotional emails
- Limited availability to use customers’ details for remarketing campaigns — e.g. reaching Facebook users with a lookalike audience or retargeted ad campaign
- You need a user-friendly, compliant privacy policy that outlines how you handle personal data — including from your social media channels.
The GDPR’s remit is a lot further reaching than just how you get hold of personal data to run targeted Facebook ad campaigns, so it’s worth getting to know the basics. For a full look at the GDPR and how it affects your eCommerce business, take a look at our simple guide to the GDPR.
CCPA and Social Media
California’s CCPA takes a similar approach to the GDPR, with one major difference — it hinges on opt-out consent rather than opt-in. There are also a handful of other notable implications that come with following the law, including:
- Providing your social media users with information about cookie tracking on your website — e.g. if they click through to a landing page from social media sites
- Offering visitors the opportunity to opt out of the sale of their data — with a “Do Not Sell My Personal Information” link
- Respecting the CCPA when running online ads, using tools like Facebook’s limited data use feature.
The CCPA’s opt-out approach is easier to manage in some situations, but if you have a worldwide audience and GDPR is likely to apply, stick to a solution that covers all your bases. Best practice is to give your customers the chance to opt-in, so they’re fully aware of and can consent to what’s happening with their personal data. For more on how to comply with California’s high impact privacy law, see our simple guide to the CCPA.
6 Ways That Brands Can Respect Customers’ Privacy on Social Media
Social media privacy is big on everyone’s minds. Users are worried about scams, hacking, and phishing attempts, and businesses are concerned with how to navigate the newly alert online space.
If you’re looking for ways to be a thoughtful eCommerce store owner, here are some great ways to respect your customers’ privacy on social media.
1. Have an Internal Social Media Policy
Before anyone ever interacts with someone through your company social media accounts, make sure they’ve thoroughly read through your social media policy. If you don’t have one, now’s the time to create one.
Your internal social media policy should be your guide on how to act, interact, and react on social media.
It should cover things like:
- A list of your accounts on various social media apps — like Instagram, LinkedIn, Facebook, Snapchat, and TikTok
- Who has access to your accounts and how this access is kept secure
- The rules on using personal accounts to promote your brand, and vice versa
- Your brand style and tone — or link to your style guide, if you have one
- Information on the rules and guidelines for using various social media platforms, so you don’t break the rules by mistake
- A mini guide on best practice for each platform
- How to address customers and do’s and don’ts for interactions
- How to help a customer with a support query, without them disclosing unnecessary personal details
- How to escalate a conversation to someone higher up
- How to copy, store, and share content the right way — for more on user generated content, see point #3 below.
A social media policy is a must-have for any growing eCommerce business, but it’s also worth having a few notes handy if it’s just you or a freelancer working on your accounts. It’s a useful process to go through and really helps you focus on your culture, approach, and tone. Think of your new or improved social media policy as your must-read guide on how to be proactive about privacy on social media.
2. Share a Clear and Transparent Privacy Policy
If you’re selling products online and have visitors from any of the relevant territories, you’ll need a privacy policy to comply with privacy laws. Even if you don’t, it’s a good idea to have one ready — seeing as you never know where your next customer might come from.
Your online privacy policy needs to let your website visitors know exactly how you collect, use, store, and share their personal data. People need to be able to see this when they land on your website from your social media bios — including through any social media competitions or giveaways you run.
Within your privacy policy you’ll need to include information on:
- Data collection, storage, use, and sale — including third-party apps
- Cookie usage and how they track online activity (unless you have a separate cookie policy)
- Data retention and deletion
- Children’s data collection and use (if relevant)
- Personal data rights
- Changes to your policy
- How to make a request or complaint — e.g. about a data breach
- How to contact you
Creating a privacy policy from scratch can sound intimidating, but we’ve created a way to make it easier. Check out our easy to follow guide on how to create a privacy policy for your small business. In a rush? Use our free privacy policy generator to make one in minutes.
3. Have a Policy for Sharing User Generated Content
Your social media channels can be a goldmine when it comes to great content that helps promote your brand, products, and culture. It’s tempting to want to use as much of this user generated content (UGC) as possible, but make sure you have a policy — and tell your customers about it — before you do.
It’s possible to strike a balance between great promotional content and respecting your customers’ privacy. Take a privacy-first approach to using customer data, and seek out clear consent before you use images created by your customers. Take extra care if the content features faces — especially children or identifiable people. This is a thoughtful way to demonstrate that you value their work, understand their privacy rights, and want to do things the right way.
When approaching someone to ask their permission to use their content, keep these points in mind:
- Be warm, welcoming, and unassuming
- Clearly state what your request is
- Outline where the content will appear and how it will be used
- Seek the user’s consent or permission for this use
- Understand that they might say no or request payment in return — and that’s okay, you can either come to an agreement or move on to another user.
It’s also best to outline your approach to user generated content within your terms of use — especially if you run UGC campaigns or contests regularly. This helps your customers understand how things work so they can decide whether to submit a review with photos, or share a video tweet for a competition using one of your branded hashtags. The key is to give your customers the information they need to make a choice that matches their privacy needs.
4. Be Responsible With How You Collect and Store Data
Sometimes you’ll need to take someone’s personal data down over social media. It happens frequently if you offer customer support through your Twitter or Facebook pages. When you need to collect or store data over social media, make sure you’re doing so responsibly.
Avoid the sharing of sensitive information in public on social media pages, even more so if someone’s full name is already visible. If someone comments with their details, ask them to remove any identifying information (or delete it, if you can) and suggest they take the conversation to a direct message (DM). This helps keep personal data more secure, and gives both parties more control over who sees it — especially combined with a robust social media policy for your team members.
Take care to only collect the personal data that you need. If all you need to look up someone’s account is their email address, ask for that. Keep security considerations in mind, and verify where you need to, but don’t make the process more complicated than it needs to be. Your customer’s goal is to find an answer the fastest way possible.
This “only what you need” approach is something you can take right through your eCommerce business. Streamline your account sign up forms, email signups, and review systems so that users don’t need to provide any more than the essentials. If you want to build an in-depth profile on someone’s tastes, interests, social media profiles, and buying habits, try some of the creative data collection ideas shared in our zero-party data playbook.
5. Respond Efficiently to Data Privacy Requests
Most privacy laws state that any data privacy requests need to be responded to within a set timeframe. Keeping to these deadlines shows that you respect your customers’ privacy rights and are willing to do all you can to support them.
The timeframes for user data requests can vary, so it’s worth making sure you’re aware of what they are. For the GDPR, you need to respond to a subject access request within one month. For the CCPA, it’s 45 days. Brazil’s LGPD is less generous, offering you only 15 days to respond.
Keeping track of deadlines can get confusing — especially if you operate worldwide and have customers exercising their rights from different territories with different privacy laws. Use a privacy tool like Enzuzo to help you manage your data privacy requests more effectively, and stay on track with deadline reminders and an easy to use request tool.
6. Promote Good Data Privacy Habits
One of the greatest ways you can respect your customers’ privacy rights is to help them understand what they are. Use your platform to help promote the importance of data privacy, healthy privacy habits, and what to do if your customers are unsure.
You don’t have to operate in the privacy space to do this. Any eCommerce business can take a stance on being privacy-conscious by dedicating a small section of their website to this.
Create a simple privacy FAQ or guide and cover topics like how to:
- Adjust your privacy settings, notifications, or cookie settings
- Understand your privacy rights
- Keep your private information safe on social media
- Share details with companies without risking your privacy
- Avoid identity theft, hackers, and malware, and what to do if you’re concerned
- Help family members stay safe online
In most cases, you won’t be an expert voice on this — and that’s okay. Signpost to trusted authorities and official sources for advice and tips that your customers can use to help them stay safe online. Your goal here is to demonstrate just how important data privacy is to you, and be seen as a trusted partner as your customers navigate the online world. This is a great way to give back to your audience and create a valuable resource for current and future customers.
Make Data Privacy a Priority Right Across Your eCommerce Business
Data privacy isn’t something that you should only think about when it comes to your social networking sites. It’s a theme that needs to be taken seriously right across your business. Start by working on your internal social media policy, then find better ways to navigate UGC and data privacy requests. Each is a step in the right direction.
If you’re looking for a more comprehensive way to manage your data protection approach, try Enzuzo. Our powerful privacy tools help you not only create and maintain a compliant privacy policy, but assists you with a cookie banner, terms of service, and data requests too. It’s a smarter way to manage your data privacy risk and give your customers that peace of mind that you take all things privacy seriously.
Nicola Scoon
Nicola is a freelance content writer for HR tech & SaaS. She's written for Polly, Zapier, Pyn & more and is passionate about remote work, employee wellbeing & productivity.