Recently, news broke that Meta, the parent company of Facebook and Instagram, will temporarily shut down its social media platform Threads in Turkey starting from April 29, a few days ago.
This decision came in response to an interim order issued by the Turkish Competition Authority (TCA), which prohibits data sharing between Threads and Instagram.
To shed light on the implications of this move, Techeconomy had a conversation with Goda Sukackaite, Privacy Counsel at cybersecurity company Surfshark.
Sukackaite shared her expert opinion on the topic, emphasizing the significance of data privacy regulations and the potential concerns related to Threads’ data collection practices.
Threads and GDPR: A Closer Look
The General Data Protection Regulation (GDPR) is a comprehensive legal framework designed to safeguard user privacy.
In simpler terms, it ensures that companies handle personal information transparently, with respect, and based on clear legal grounds, such as user consent.
Threads’ data collection practices raise several concerns from a GDPR perspective and Sukackaite says, “Threads’ data practices may raise concerns due to the amount of personal data it collects, how it uses this data, and whether there is a legal ground for such data processing, in this case – an unambiguous consent from users.”
Threads collects a substantial amount of personal data from its users. This includes information about their activities, preferences, and interactions. The sheer volume of data raises questions about how it is used and whether there is a valid legal basis for processing it.
“The other thing is that Threads users may be unable to exercise their GDPR rights: if users did not register on Threads via Instagram (for instance, if they post on Threads through third-party integrations).” Their ability to exercise GDPR rights may be limited and this could prevent them from deleting their data, obtaining copies, or understanding how their information is used.
Speaking on sensitive data collection, including health information, Sukackaite explains why this type of data collection can be intrusive and potentially illegal under GDPR:
“Health information falls into a special category of personal data under GDPR. Handling such data requires stricter legal requirements due to its intimate nature. Mishandling health data can lead to discrimination and privacy violations.”
For a regular social media user unfamiliar with legal jargon, the consequences of being unable to exercise GDPR rights can be likened to having an unlocked safe:
“Imagine having a safe that you can’t lock. It’s not very useful. Anyone could access your private belongings and use them without your permission. Similarly, if users can’t exercise their GDPR rights, their personal information becomes vulnerable.”
Beyond GDPR, Sukackaite highlights broader privacy concerns associated with social media platforms like Threads. She says, “Platforms that collect vast amounts of information risk enabling mass surveillance, highly detailed user profiling, and microtargeting. These practices can lead to privacy violations, discrimination, and data breaches.”
Global Importance of Data Privacy Regulations
The situation in Turkey comes at a time where cybersecurity is a global trend. Sukackaite emphasizes why data privacy regulations are increasingly important. “Our personal information has become a valuable currency in the digital age. As our lives move online, regulations act as necessary checks to protect individuals from misuse of their personal details.”
Data Sharing Across Threads and Instagram
Sukackaite addresses the privacy implications of Threads potentially sharing user data across Meta platforms like Facebook and Instagram:
“Sharing data across platforms can create comprehensive user profiles. However, it remains unclear how information from one platform impacts a user’s experience on another. This lack of transparency can expose users to unwanted targeted advertising or other privacy risks.”
Let’s say Threads gets reinstated in Turkey after addressing these concerns. What steps could Meta take to rebuild trust with users in Turkey and elsewhere?
“To rebuild trust, Meta could be transparent about the mistakes made and how they’re rectifying them, clearly inform users about data practices, obtain genuine consent, and provide robust options for users to control their data privacy.”
Solid data privacy regulations worldwide are a necessity globally.