What Social Media Collects
Social media platforms collect far more data than just what you voluntarily post. Beyond your posts, photos, and videos, they gather location data, contact lists, browsing behavior, ad interactions, and even activity data from when the app is not in use.
This data is used for ad targeting and service improvement, but in the event of a data breach, it poses a serious privacy risk. Understanding exactly what information you are providing is the first step toward protecting your privacy.
Review Your Visibility Settings
On most social media platforms, the default settings at account creation lean toward "public." Protecting your privacy requires proactively adjusting these settings.
Post Visibility
Changing your posts from "Public" to "Friends Only" or "Private" prevents unintended exposure to third parties. Many services also allow you to change the visibility of past posts in bulk — review these settings periodically.
Profile Information
Profile details such as phone number, email address, date of birth, and employer can be exploited for social engineering attacks. Keep publicly visible information to an absolute minimum.
Friends List
A public friends list makes it easier for attackers to map your relationships, increasing the risk of impersonation and targeted attacks. Restrict the visibility of your friends list as well.
Managing Location Data
Location data is one of the most sensitive categories of personal information. Exercise particular caution with how social media handles your location.
- Disable location tagging on posts — this eliminates the risk of broadcasting your real-time whereabouts
- Limit use of check-in features — these reveal your behavioral patterns to third parties
- Be aware of photo geotags (GPS data in Exif metadata) — these can pinpoint where a photo was taken
- Set the social media app's location access permission to "While Using" or "Never"
For detailed guidance on managing location data, also see our article on smartphone privacy settings.
Third-Party App Connections
Have you ever logged into an external service using your social media account, or granted access to a game or quiz app? These third-party apps obtain access to your social media data through OAuth.
- Periodically review the list of connected apps and revoke access for any you no longer use
- Check the scope of permissions each app requests — be cautious of apps that ask for posting rights or access to your friends list beyond basic profile viewing
- Do not connect your social media account to apps of questionable trustworthiness
- Be aware that even after revoking access, data already collected may remain with the third party
Also refer to our article on ad tracking protection to understand the full picture of third-party data collection.
Search Engine Visibility
Depending on your settings, your social media profile may be indexed by search engines like Google, making it viewable by anyone through search results. A simple name search could surface your profile, post history, and photos.
Most social media platforms offer an option to "Allow search engines to index your profile." Disabling this setting prevents your profile from being discovered via search engines. Note that it may take some time for existing index entries to be removed after changing this setting.
In conjunction with managing your digital footprint, we recommend periodically checking your online visibility.
Account Security
Even with properly configured privacy settings, they become meaningless if your account is compromised. Strengthen your social media account security with the following measures:
- Set a strong password — do not reuse passwords from other services
- Enable two-factor authentication (2FA) — even if your password is leaked, a second authentication factor prevents unauthorized login
- Turn on login alerts — instantly detect logins from unknown devices or browsers
- Periodically review the list of recognized devices and remove any that are unfamiliar
- Check active sessions and terminate any you do not recognize
Data Upon Account Deletion
When leaving a social media platform, it is important to understand how your data will be handled.
Download Your Data
Major social media platforms offer a bulk data download feature before account deletion. Save your posts, photos, messages, and contacts locally before proceeding with the deletion process.
Data Retention Policies
Deleting your account does not necessarily mean your data is immediately and completely erased. Most services have a data retention period (typically 30 to 90 days), and data may persist in backup systems.
Before deleting your account, review the service's privacy policy for details on data retention periods and deletion processes. Exercising your right to data deletion under the EU's GDPR or Japan's APPI is also an option.