Privacy settings in social media: what is privacy’s place in targeted advertising?

Toby Armiger
6 minute read | Posted 17th May 2023
Reading Time: 6 minutes

Targeted advertising has become a well-known internet practice. This type of advertising usually involves profiling users and then grouping them into categories based on personal information. These categories can include age, location, and gender, as well as shopping preferences and browsing history. While this is a boon for advertisers, it presents some interesting – and potentially dark – implications for user privacy.

The core issue here is two-fold: first, the collection of this personal data is not very visible, with users often unknowingly profiled into categories and sub-categories that allow for dynamic ad targeting; and second, the mishandling of this data could result in catastrophic data breaches that expose users’ private, personal information to malicious actors. The implications of these breaches have policymakers more aware than ever of potential privacy issues, and even big names like Google are putting the leash on third-party cookie tracking.

In a world where personal data tracking is commonplace and data profiling remains an evolving moral grey area, users should expect a personalised experience more than ever before. With that being said, there should still be room for privacy and the protection of customer data. So, what is privacy’s place in targeted advertising?

Targeted advertising’s role in consumer experience

According to Statista’s 2022 Global Ad Spending Distribution Report, an estimated 62% of ad spending is generated by internet ads, compared to the lower contribution of 23% by television. Aside from the sheer span of the internet, this skew in the data is proof that online ads have become the primary way for companies to reach their consumers.

A key aspect of this shift is that advertisers can personalise their ads based on the information that is gathered via cookies or – in the case of social media apps – software development kits (SDKs).

This personalised ad experience has become somewhat of an expectation for users. McKinsey’s Next in Personalization 2021 Report found that users expected companies to:

  • Tailor their messaging to suit the consumer’s needs (66% of respondents).
  • Offer targeted promotions based on prior interactions or browsing history (65% of respondents).
  • Send ads to websites or apps that they frequently visited (40% of respondents).

The COVID-19 pandemic also impacted online advertising. Due to various lockdowns and changes in daily routines, users were prompted to adopt new shopping behaviours that more wholeheartedly embraced dynamic ads.

Targeted advertising on social media

When it comes to social media, targeted ad delivery is reliant on the app’s connection to an ad network. Popular platforms such as Facebook, Instagram and TikTok use SDKs. Additionally, these social media sites may have their own ad libraries and networks. The use of such networks and SDKs allows them to build up first-party user data and deliver targeted advertising that accurately caters to scrollers.

This has become a way of life for internet users. For many, the payoffs of receiving targeted advertising and personalised brand interactions are worth the use of their data, but what happens when that data is mishandled?

What are the implications of targeted data on user privacy?

When user data is collected, it is usually only for the purpose of enhancing the user experience on a given platform. That said, the responsibility falls on the provider to properly collect, handle and protect user data from theft.

There is a high level of trust given to popular social media platforms by their users. If there is a breach and data is stolen, there are huge implications for the users. Malicious hackers or identity thieves can use this stolen information to their advantage.

Hackers and scammers can target vulnerable users with their personal information, gaining access to their online accounts, and even connecting with them directly to drive social engineering attacks for personal or financial gain. Data posted to the dark web can also be taken advantage of by identity thieves.

The 2021 LinkedIn data breach

In June 2021, hackers posted the data of a significant number of LinkedIn users on a dark web forum. These hackers used data scraping techniques, which sift through stored user information and ‘scrape’ it into a data set. This is done to net private personal data including email addresses, phone numbers and even geolocation records.

The LinkedIn hackers then offered to sell the scraped data of over 700 million users, making this one of the largest social media leaks to date.

The 2019 Facebook data breach

Two years prior, Facebook was hit by a similar attack that leaked the data of roughly 530 million users. This included phone numbers, Facebook IDs, account names, and more. In 2021, this data was posted for free, whereas usually it would be sold for profit by the hackers. The social media giant was already under fire for its data stewardship practices, and this significant data breach raised questions around the responsibility that these platforms have to their users.

How do you opt out of data collection or clear your online data?

Opting out of having your data tracked is absolutely possible, as is deleting the data that already exists (though the latter is more difficult). Taking your data privacy into your own hands is a brilliant way to control your online experience, allowing you to choose when you want targeted advertising and when you want your data wiped. You can even find out when your data has been breached.

  • Apple: Apple has made no bones about its thoughts on its users’ entitlement to data privacy. The firm offers built-in options via iOS that can limit ad personalisation and turn off location-based ads.
  • Google: Since eliminating third-party cookies from its operations, Google now offers clear opt-out options for its users that allow them to turn off personalised ads. This action deletes the relevant category data and ensures that it won’t be used for targeted advertising anywhere on Google’s ad networks. If you’re concerned about your data privacy, this is a good place to start, especially as Google stores significant amounts of user data.
  • Social media: Apps such as Instagram and Facebook use first-party tracking with SDKs, as well as your off-app browsing data, to serve you relevant ads. Head into ‘Settings’, in any social media app, and you should find a ‘Disable Ad Tracking’ or ‘Disable Ad Targeting’ option.

Third-party data removal services

Services such as DeleteMe and OneRep have cropped up in the past few years, and both offer users an easy way to remove personal information from search engines. The goal is to limit or eliminate any data being purchased and sold by brokers.

These services turn a tedious process into a paid subscription service that consistently checks on your data privacy and delivers reports of what they found, as well as how they got rid of it. While the paywall can be frustrating, this type of service can also be an invaluable way to keep on top of your data privacy in a constantly shifting online world.

Have I Been Pwned?

Finally, Have I Been Pwned? was created by Troy Hunt, an altruistic developer specialising in data security. He saw the opportunity to provide a public service that would allow users to check whether their data had been compromised in any of the online breaches that continue to happen across the internet.

Simply input your email or phone number to find out if it has been ‘pwned’ (released in a data breach). If yes, the website will let you know which provider has failed to secure your information.

Key takeaways

Privacy absolutely has a place in targeted advertising. Ultimately, the relationship between a user and the online services that they access comes down to three things: awareness, trust and responsibility.

Anyone participating in online spaces, on social media or otherwise, should be aware of when their data is being collected, what it is being used for and where it is going (or who it is going to). User data has become a currency, and often the rights of buying and selling that data is buried under terms and conditions clauses. Therefore, users who wish to opt into personalised ad experiences need to adopt consistent habits around checking that their data is safe, deliberately choosing who has access to it, and ensuring that the company that they are using does not have the rights to sell their data.

On the part of the data gatherers – the social media platforms – there is a high expectation of trust and responsibility. Users must be able to readily access their data at any time and have clear options for whether they want to opt in or out of collection of personal information, giving them autonomy over their experience. Furthermore, data must be handled with the utmost care and security in order to prevent breaches. Where breaches occur, users must be immediately notified.

The answer is far from black and white. As online data tracking and advertising continue to evolve, more complexities will undoubtedly be introduced into the equation. However, users are always entitled to either complete privacy or targeted advertising when they want it, and it’s up to providers to deliver these services safely and securely.