Social Media, Privacy & Data Protection

Privacy Policy, Social Media, & Data Protection

Social media and its effect on data privacy

Social media has become one of the most powerful resources in the world for people to connect to each other. Every business owner knows that in order to reach more customers and promote their products or services they need to use social media. Using social media can be both exciting and challenging though and some people are beginning to ask “how does social media affect privacy?”

Are you familiar with all privacy laws that affect the way your business uses social media? If you want to be trusted by your customers and vendors you need to know and understand these laws and take the key steps you need to make in order to meet your privacy obligations. 

The first step a company needs to make in order to keep up with their privacy obligations is to write a legally compliant privacy policy that also includes social media as a way of collecting personal data. Your privacy policy must be “concise, transparent, accessible, and written in clear and plain language”

Privacy laws dictate how businesses transact with and collect customers’ personal information.  It is therefore critical for you to protect and respect the privacy of your customers both on your website and on social media and to take whatever steps are necessary to ensure that your customers know that their privacy is protected and respected.

Note: This article is not legal advice

Please use this as general information, not as legal advice. It is provided for informational purposes only and should not determine how the privacy laws might apply to you and your organization. We encourage you to work with a legally qualified professional to discuss privacy laws, how they apply specifically to your organization, and how best to ensure compliance.

What is a privacy policy?

A privacy policy is a statement that specifies what the service provider will and will not do with the personal information that it has collected from users. It specifies the intent of the data collection and allows users to make a decision to participate in the company’s operations at their own free will.  Your privacy policy sets out what personal information you collect; how you collect it; how you use the information and whether you will disclose it to third parties.

A privacy policy establishes a legally binding and mutually beneficial relationship between service providers and their consumers. It is also an agreement that establishes trust and respect. It is recommended that service providers keep their privacy policies as updated as possible to ensure the accuracy of their information in addition to securing the personal data of their customers. 

A privacy policy establishes a legally binding and mutually beneficial relationship between service providers and their consumers.

If you collect any sort of personal data, such as email addresses, you'll need a Privacy Policy.

Having the right legal documents for your online business ensures you comply with consumer and privacy law. These legal documents also help your customers better understand what you are selling and on what terms, as well as set out how their information is being used.

How do I stay compliant with privacy laws on my website and social media?

First we need to know what “personal data” you collect from visitors and clients on your website and on social media. 

Let’s dive into the meaning of “personal data.” 

“Personal data” is anything that allows you to identify the user or to monitor what they are doing. It commonly includes: names, contact information, credit card or bank account details, geolocation data, IP Address, or Google Analytics info. This could also include information shared with you on social media by your customers or by social networking sites like Facebook, Instagram and Twitter through a pixel integration.

If you aren’t sure if the info you collect is “personal data”, ask yourself if the info you have for each user can identify them or allow you to monitor them.

Please include attribution to with this graphic.

12 Types of Personal Data

Share this Image On Your Site

Here is an example: 

A visitor may come to your website to read a blog post. If you have a facebook pixel installed on your website then you can monitor the actions that the visitor takes on your website and use that information for targeted ads.  That information which you share with Facebook through the Facebook pixel is considered “Personal Data.”

“Customer information” is information or an opinion about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.  For example, this could include a person’s name, address, telephone number, email address etc. 

Customer information is information or an opinion about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion

If after the visitor goes to your website they visit your Facebook page and comment on a post and you compare their name to a list of your known clients then that information is “Customer Information.”

If you have an online business that provides goods or services to the public, you definitely collect personal data. As an online business owner you need to know what data you collect from your users and how you collect, process and store it

Your business must develop a written information security plan that describes how you will keep your customer information secure. As part of your plan, you must also include a privacy policy on your website. 

Is a website privacy policy required by law / Does my website need a privacy policy?


All websites need a privacy policy. Even if no data is being stored, just the ability to see and access an IP address of a website visitor is enough to be considered personally identifiable data. 

If you want to run certain types of social media ads you may also be required by those social media companies to provide a privacy policy on your website and to share that privacy policy with them.

How to write a company privacy policy

In order to write a privacy policy for your business we need to identify all the important parts to be included in that privacy policy including things like GDPR, data collection, and social media integrations. 

What needs to be in a privacy policy?

In general, it should set out:

  • what personal information you collect;
  • what platforms you will be collecting information from (website, social media, email, etc.);
  • how you will use that personal information;
  • under what circumstances that personal information will be disclosed;
  • how the personal information is stored;
  • what rights your customers have to access their personal information;
  • what happens when you find out that the personal information you have collected is incorrect or no longer accurate;
  • digital marketing activities.

GDPR is also going to affect the wording of your privacy policy, and require additional language.

Make sure that your privacy policy addresses the personal information you collect from your visitors, how you use and disclose their information, and how you store it. You can also include consent for digital marketing activities. 

For example, if you plan on storing email address in your database, inform your visitors that if they submit an enquiry, their email address will be added to a mailing database and will not be sold to third parties. Your Privacy Policy should also set out how a visitor can contact you and what rights they have regarding their personal information. 

Note: Websites with Cookies & Online Payments

Certain types of websites require specific clauses in their privacy policy such as sites that track users with cookies, or collect payments online. An online business lawyer can assist you with drafting your privacy policy that covers all of these clauses.

It's important that your privacy policy is drafted specifically for your business and your industry. During the process of drafting a privacy policy, a service provider should not be vague but should instead include as much detail as possible, including any type of usage or sharing that is feasibly possible.

In this way, companies can avoid constant revisions. The policy does not necessarily need to use legal jargon but it is recommended to have an attorney review the policy to ensure that it reflects the company’s purposes and intent.

Don’t forget to include wording specific to social media. Things like how you collect customer data on social media, how you intend to communicate with your clients through social media, and how you share information with social media platforms through a social media integration or pixel all need to be included.

Get a Privacy Policy Audit Today!

Renata Valkova is a qualified business lawyer who can draft a privacy policy for your business that includes everything required by law. To make sure your online business is compliant with the privacy laws and regulations you can schedule your Privacy Policy Audit today by clicking the button below.