INTRODUCTION
1.1 Background of the study
In the modern digital age, personal data has become one of the most valuable resources for
businesses, leading to significant concerns regarding privacy and user security. Platforms such
as social media, email services, and online shopping sites rely heavily on user data to drive
their business models, often collecting vast amounts of personal information. However, many
users remain unaware of the full extent of data collection, usage, and sharing practices due to
the often complex and opaque nature of privacy policies. Understanding these policies is
crucial, as it enables users to make informed decisions and exercise greater control over their
personal data.
Social media platforms have evolved into major data collectors, often accumulating vast
amounts of personal information. A study by (Inoxoft.2023) revealed that major platforms like
Facebook and Instagram collect up to 32 types of user data, including sensitive information
such as physical addresses, browsing behaviour, and location data. This comprehensive data
collection raises serious concerns regarding user privacy and the potential for misuse,
especially considering the platforms’ reliance on advertising revenue (Inoxoft. 2023).
Furthermore, a study by the Electronic Frontier Foundation (EFF) in 2022 highlighted the
troubling lack of transparency in how these platforms use AI to personalize content based on
user data (EFF, 2022).
Email services also play a significant role in personal data collection, gathering not only contact
information but also tracking communication patterns, locations, and behavioural data. In 2021
survey by Termly found that 33% of email users reported falling victim to cyberattacks, many
of which involved stolen personal data (Termly, 2021). This statistic underscores the risks
involved in using email platforms, especially given the minimal transparency regarding the use
and sharing of collected data. The need for robust data protection practices is evident, as the
consequences of data breaches in email services can be far-reaching.
Online shopping platforms are another major sector where personal data collection is extensive.
These platforms often track purchasing behaviours, payment details, and product preferences.
According to a report by The Australian (2023), 71% of online shoppers expressed concerns
about how their personal data was being used, particularly in the wake of increasing digital
commerce. Moreover, a study from Statista (2023) revealed that 62% of consumers are willing
to switch to more secure brands, signalling the growing importance of trust in the e-commerce
sector. This highlights the need for clear, transparent privacy policies that reassure consumers
about how their data is being handled.
As data collection practices continue to evolve, it is essential for users to understand how their
personal information is handled across different digital platforms. Social media, email, and ecommerce platforms must strive for greater transparency and stronger safeguards to protect
user privacy. Only by ensuring clear, accessible privacy policies can these platforms maintain
user trust and avoid the growing backlash against data misuse.
1.2 Statement of the Problem
The proliferation of digital platforms, including social media, email services, and e-commerce
websites, has fundamentally reshaped the way individuals interact with the online world. With
the increasing amount of personal and behavioural data being generated, these platforms are
tasked with safeguarding user privacy through their privacy policies. However, several issues
persist in the transparency, accessibility, and effectiveness of these policies, which raises
significant concerns about data privacy and security.
- Lack of Transparency and Comprehensibility: Privacy policies, while meant to
inform users about how their data is handled, are often overly complex and filled with
legal jargon that most users struggle to understand. According to studies, nearly 80%
of internet users do not read privacy policies at all, either because they are too long,
difficult to understand, or simply ignored (Hancock et al., 2018). This lack of
transparency leaves users unaware of how their personal information is being used,
shared, and retained, which undermines trust and makes informed consent difficult to
achieve. - Inconsistent Practices Across Platforms: Different platforms adopt varied and often
conflicting approaches to data handling. For example, social media platforms like
Facebook and Instagram collect extensive user data for targeted advertising, while ecommerce websites such as Amazon use customer data to optimize the shopping
experience. However, the privacy policies governing these practices often do not
provide users with sufficient detail or clarity about how their data is being utilized
(Bradshaw et al., 2020). These inconsistencies create confusion among users and make
it difficult for them to compare platforms’ data-handling practices effectively. - Non-Compliance with Data Privacy Regulations: With the enactment of global
privacy regulations such as the General Data Protection Regulation (GDPR) in the
European Union and the California Consumer Privacy Act (CCPA), companies are
required to follow stricter guidelines for data protection. However, numerous
companies still fail to meet these regulatory standards or provide insufficient
information regarding compliance. A report by Privacy International found that many
social media platforms and e-commerce sites either inadequately inform users about
their rights or provide opt-out options that are difficult to access (Privacy International,
2021). - Lack of User Awareness and Control: Despite the proliferation of privacy regulations,
many users remain unaware of their rights, such as the ability to access, delete, or
modify their personal data. The European Data Protection Supervisor has highlighted
that users often lack the knowledge or technical ability to exercise their rights, leaving
them vulnerable to exploitation by organizations that capitalize on user inattention to
their data policies (EDPS, 2021). This lack of user control over their data deepens the
problem of privacy violations.
1.3 Objectives
The primary objectives of the project are:
i. To evaluate and compare how social media, email services, and shopping websites
handle user data.
ii. To highlight similarities, differences, and unique approaches in privacy policies across
these categories.
iii. To provide insights into the effectiveness of privacy policies and propose
recommendations for improvement.
iv. To explore and interpret privacy policies of selected platforms to better understand their
scope, terminologies, and commitments to data protection.
1.4 Scope of the Study
The study will focus on three major domains: - Social Media Platforms: Platforms such as Facebook, Instagram, TikTok, or LinkedIn,
which are heavily reliant on user interaction and data-driven advertisements. - Email Service Providers: Providers like Gmail, Outlook, and Yahoo Mail, which
manage communication data and email metadata. - E-commerce Websites: Platforms like Amazon, Shopify, and Walmart, which handle
transactional and behavioural data for personalized shopping experiences.
The study will explore:
i. Data Collection: Types of data collected (personal information, behavioural data,
location data).
ii. Data Usage: Purpose of data usage (advertising, recommendations, analytics).
iii. Data Sharing: Third-party data sharing policies and their implications.
iv. User Rights: Rights provided to users, such as data access, deletion, and consent
withdrawal.
v. Retention Periods: Duration for which user data is retained.
LITERATURE REVIEW
The growing concerns surrounding data privacy, particularly in the context of social media,
email services, and e-commerce platforms, have led to significant academic and regulatory
scrutiny in recent years. As the volume of personal data shared online increases, understanding
how privacy policies are structured, interpreted, and enforced has become paramount. This
literature review aims to explore the existing research on privacy policies, user behaviour,
regulatory frameworks, and the ethical considerations related to data handling practices.
2.1 Privacy Policies: A Critical Link Between Platforms and Users
Privacy policies are central to how companies communicate their data practices to users.
According to Hancock et al. (2018), these policies are often long, dense, and filled with legal
jargon, making them difficult for the average user to understand. As a result, many users simply
accept terms without reading or comprehending the full scope of data collection and usage
practices. This lack of engagement highlights a significant challenge for organizations, as it
undermines the transparency and trust that should characterize their relationship with users.
Hancock et al. (2018) emphasized that while privacy policies are intended to protect user rights,
their complexity can have the opposite effect, contributing to user confusion and inadvertent
data sharing.
2.2 Inconsistent Privacy Practices Across Platforms
Despite regulatory efforts to standardize data protection practices, there is significant
variability in how platforms structure their privacy policies. Bradshaw et al. (2020) explored
how privacy policies vary widely between social media platforms, email services, and ecommerce sites. While social media platforms like Facebook and Instagram use data for
targeted advertising, e-commerce sites such as Amazon may use similar data to personalize
shopping experiences or optimize product recommendations.
2.3. Regulatory Compliance and Global Standards
Global regulations like the General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA) have been enacted to protect users’ privacy and control over
their personal data. However, research by Privacy International (2021) suggests that many
companies still fail to fully comply with these regulations. Despite being legally required to be
transparent about data collection practices, many platforms continue to use vague language or
omit critical details regarding user data rights. Inadequate compliance is not just a legal issue;
it also poses an ethical dilemma, particularly when users’ privacy is compromised.
2.4 Ethical Concerns and Exploitation of Data
The ethical concerns surrounding the collection and use of personal data are at the forefront of
privacy debates. The Cambridge Analytica scandal, where millions of Facebook users had their
data harvested without explicit consent, is perhaps the most notable example of data
exploitation. According to Cadwalladr and Graham-Harrison (2018), the misuse of personal
data for political purposes has raised significant questions about the ethical boundaries of data
collection. Companies often prioritize profit through targeted advertising or political
campaigning over the protection of user privacy.
2.5 User Awareness and Control Over Personal Data
Despite the existence of data privacy regulations, user awareness about their rights and control
over personal data remains limited. According to the European Data Protection Supervisor
(2021), many users still do not fully understand their rights, such as the ability to access, delete,
or correct their personal data. Even when users are aware of these rights, they often lack the
technical knowledge or tools to exercise them effectively.
2.6 Previous Related Work
Gellman (2020) analysed the implications of GDPR for user privacy and how companies are
reacting to the new regulations. His findings suggested that while GDPR has made strides
toward improving transparency, many companies still fail to fully comply, particularly in terms
of informing users about their data rights or obtaining clear consent.
Furthermore, Privacy International (2021) reviewed the impact of global data protection
regulations on social media and e-commerce platforms, noting that while GDPR has been
successful in certain regions, its enforcement across borders remains inconsistent. They also
pointed out that the penalties for non-compliance, though significant, have not been enough to
compel widespread adherence to privacy standards.
Hancock et al. (2018) explored the reasons why users tend to ignore privacy policies and how
the complexity of these documents affects user comprehension. The research revealed that a
majority of internet users do not read privacy policies due to their length and legal complexity.
This study emphasized the need for simplified, user-friendly privacy policies that users can
easily understand, thereby ensuring informed consent.
Cadwalladr & Graham-Harrison (2018) analysed the misuse of personal data by social
media platforms, emphasizing how companies manipulate user data for political and
commercial gain without proper consent. This work sparked a wider conversation about the
ethical responsibilities of companies in the digital age and the need for clearer and more ethical
data policies. In a related study, Zuboff (2019) introduced the concept of surveillance
capitalism, where companies commodify personal data for profit, often without users’
knowledge or explicit consent. Zuboff’s work argued that such practices not only exploit users
but also undermine democratic processes by manipulating public opinion through targeted
advertising and data-driven interventions.
Bradshaw et al. (2020) explored the inconsistencies in privacy policies across various digital
platforms, including social media, email services, and e-commerce sites. Their research
highlighted that different platforms often have conflicting data-handling practices, with some
platforms using data for targeted advertising while others use it for product recommendations.
They also pointed out that platforms rarely provide users with a consistent framework for
comparing data practices across different services. In a related work, Zengler et al. (2019)
analysed privacy policies in the e-commerce sector and found significant variations in how
companies handle consumer data. Their study emphasized the challenges consumers face when
trying to understand and compare privacy policies, and they called for a more standardized
approach to privacy policy design across platforms to facilitate better decision-making for
users.
Moerel (2020) examined the rights of users under GDPR, particularly focusing on how
platforms provide (or fail to provide) meaningful ways for users to exercise control over their
data. Moerel’s work highlighted the lack of user awareness about data rights, particularly in
cases where platforms make it difficult to access, delete, or modify personal data. This issue is
exacerbated by the lack of clear instructions in privacy policies and the complicated nature of
the tools provided for exercising these rights. Similarly, the European Data Protection
Supervisor (EDPS) (2021) has reported that while most users are aware of their privacy rights,
they often do not have the knowledge or resources to act on those rights effectively. This gap
in user empowerment has led to calls for more intuitive tools and more accessible privacy
controls on digital platforms.
METHODOLOGY
3.1 Analysis of Email Privacy Policies
Email platforms are integral to personal and professional communication, making their privacy
policies critical for understanding how user data is handled. Platforms like Gmail, Outlook,
and Yahoo Mail collect extensive data to deliver services, enhance user experience, and
generate revenue through targeted advertising. - Data Collection Practices
Email service providers gather a wide range of user data:
i. Account Information: Name, email address, phone number, and alternative contact
details.
ii. Usage Data: Log-in times, IP addresses, and browser or device details.
iii. Content Data: Emails, attachments, and metadata (e.g., sender, recipient, and
timestamps).
iv. Behavioural Data: Click-through rates for email links, interaction with advertisements,
and spam handling patterns.
Examples:
i. Gmail: Collects content from emails (e.g., keywords) to refine its services, such as
predictive text and spam filtering (Google Privacy Policy, 2023).
ii. Yahoo Mail: Uses data from emails to deliver personalized ads unless users opt out
(Yahoo Privacy Policy, 2023). - Data Usage
The primary uses of collected data include:
i. Service Delivery: To enable email functionalities such as spam detection, search, and
synchronization.
ii. Personalization: To provide tailored content, recommendations, and auto-complete
features.
iii. Advertising: Data is analysed to deliver targeted advertisements. For example, Gmail
analyses user activity for ad placement.
iv. AI Training: Content is often used to improve machine learning algorithms, such as
spam filters and email categorization. - Data Sharing
Email platforms share user data with:
i. Third-party Services: Integration with tools like calendars or third-party apps.
ii. Government Agencies: Data may be shared under legal obligations such as subpoenas
or national security requests.
iii. Advertisers: Aggregated and anonymized data may be shared to improve ad targeting.
Examples:
i. Microsoft Outlook: Complies with government data requests and provides transparency
reports on such interactions (Microsoft Privacy Statement, 2023).
ii. Yahoo Mail: Shares anonymized data with advertising partners for targeted campaigns. - Data Retention
Email providers retain data for varying periods depending on user activity and legal
requirements:
i. Active Accounts: Emails and attachments are generally stored indefinitely.
ii. Inactive Accounts: Retention policies vary; some platforms delete accounts after
prolonged inactivity (e.g., Google accounts after 2 years of inactivity).
iii. Backup Copies: Deleted emails may persist in backups or archives for a specified
duration. - User Control and Rights
i. Most email platforms provide tools for users to manage their data:
ii. Download Data: Services like Google Takeout allow users to download their email data.
iii. Delete Emails: Users can delete specific emails or their entire account.
iv. Opt-out Options: Platforms like Yahoo allow users to opt out of targeted advertising.
v. Consent Management: Many platforms enable users to manage permissions for thirdparty integrations. - Security Measures
Email providers implement robust security measures to protect user data:
i. Encryption: Data is encrypted both in transit (e.g., TLS) and at rest.
ii. Two-Factor Authentication (2FA): Encouraged for additional account security.
iii. Spam and Phishing Detection: AI-based tools identify and filter malicious content.
iv. Account Recovery Tools: Mechanisms to help users regain access to compromised
accounts. - Ethical and Legal Issues
i. User Consent: Some platforms collect and use data in ways not explicitly disclosed to
users.
ii. Compliance with Privacy Laws: Email providers must adhere to regulations like GDPR
(Europe) and CCPA (California), but enforcement varies.
iii. Children’s Privacy: Compliance with laws like COPPA (Children’s Online Privacy
Protection Act) is critical for platforms handling minors’ accounts.
3.2 Analysis of E-commerce Privacy Policies
E-commerce platforms play a central role in digital transactions, collecting vast amounts of
user data to streamline shopping experiences, personalize recommendations, and enhance
operational efficiency. However, the extensive data collection practices raise concerns about
user privacy and data security. - Data Collection Practices
E-commerce platforms gather various types of user data:
i. Personal Information: Name, email address, phone number, shipping and billing
addresses, and payment details.
ii. Transactional Data: Purchase history, browsing behaviour, wish lists, and returns.
iii. Technical Data: Device information, IP address, location data, and cookies.
iv. Behavioural Data: User preferences, search queries, and interactions with ads and
product recommendations.
Examples:
i. Amazon: Tracks user behaviour extensively to personalize shopping experiences and
recommend products. It also collects voice data from Alexa devices to refine its services
(Amazon Privacy Notice, 2023).
ii. Shopify: Collects merchant and customer data, including transaction details and device
information, to optimize its e-commerce ecosystem (Shopify Privacy Policy, 2023). - Data Usage
E-commerce platforms use collected data for multiple purposes:
i. Service Delivery: To process orders, facilitate payments, and manage deliveries.
ii. Personalization: To recommend products and curate advertisements tailored to user
preferences.
iii. Fraud Prevention: To identify suspicious activities and protect users from scams.
iv. Marketing: Data is often used for email campaigns, retargeting ads, and loyalty
programs.
v. Analytics: Platforms analyse aggregated data to improve operations, inventory
management, and customer experience. - Data Sharing
E-commerce platforms often share user data with:
i. Third-party Vendors: For payment processing, logistics, and customer support.
ii. Advertising Partners: For targeted marketing campaigns and analytics.
iii. Government Authorities: In response to subpoenas or compliance with legal
requirements.
Examples:
i. eBay: Shares data with advertisers to deliver personalized promotions while
anonymizing sensitive information (eBay Privacy Policy, 2023).
ii. Amazon: Collaborates with third-party sellers and vendors, sharing customer data for
order fulfilment and marketing purposes. - Data Retention
E-commerce platforms retain user data for varying durations:
i. Purchase Records: Stored indefinitely for order history and customer service.
ii. Payment Information: Often retained for recurring purchases or future transactions.
iii. Inactive Accounts: Retention policies for unused accounts vary; some platforms delete
data after prolonged inactivity. - User Control and Rights
E-commerce platforms provide tools to manage user data, though the ease of access and
comprehensiveness vary:
i. Data Access: Users can request their data, including purchase history and stored
information.
ii. Data Deletion: Platforms allow users to delete accounts, although some data may still
be retained.
iii. Consent Management: Users can opt out of certain types of data collection, such as
cookies and targeted ads.
iv. Privacy Settings: Customizable settings enable users to control notifications, sharing
preferences, and ad personalization. - Security Measures
E-commerce platforms invest heavily in securing user data:
i. Encryption: Protects data in transit (e.g., HTTPS) and at rest.
ii. Tokenization: Secures payment information by replacing sensitive data with unique
identifiers.
iii. Two-Factor Authentication (2FA): Adds an additional layer of security for user
accounts.
iv. Fraud Detection Tools: Monitor transactions for suspicious activity. - Compliance with Privacy Regulations
E-commerce platforms are subject to global privacy laws:
i. General Data Protection Regulation (GDPR): Applies to companies handling data of
EU citizens, requiring explicit user consent and the right to data deletion.
ii. California Consumer Privacy Act (CCPA): Grants California residents rights to access,
delete, and opt out of data sales.
iii. Children’s Privacy Laws: Platforms must comply with regulations like COPPA
(Children’s Online Privacy Protection Act) to protect minors.
Examples:
i. Shopify: Complies with GDPR and CCPA by providing users with data access and
deletion options.
ii. Amazon: Provides a comprehensive privacy policy that outlines compliance with
multiple regional laws.
3.3 Analysis of Social Media Privacy Policies
Privacy policies are crucial documents outlining how companies collect, use, and protect user
data. Social media platforms, being major hubs for personal interaction, gather significant
amounts of user data, ranging from basic profile information to detailed behavioural analytics.
This analysis focuses on common practices and key concerns observed in the privacy policies
of leading social media platforms such as Facebook, Instagram, Twitter (X), and TikTok. - Data Collection Practices
Types of Data Collected
i. Personal Identifiable Information (PII): Name, email address, phone number, and
demographic data like age and gender.
ii. Behavioural Data: Browsing history, engagement patterns (likes, shares, comments),
and interaction with ads.
iii. Location Data: GPS location, IP address, and device-specific data such as hardware
settings.
Examples:
i. Facebook and Instagram: Collect 32 types of data, including user IDs, facial recognition
data, and connections with friends and family (Inoxoft, 2023).
ii. TikTok: Notable for collecting device information, biometric data, and even clipboard
activity (TikTok Privacy Policy, 2023). - Data Usage
i. Personalization: Platforms use data to tailor content, advertisements, and
recommendations to enhance user engagement.
ii. Ad Targeting: Most platforms sell aggregated user data to advertisers for targeted
marketing. For example, Facebook utilizes user activity and preferences to refine ad
delivery (Meta Privacy Policy, 2023).
iii. Algorithm Training: Behavioural data is used to train algorithms that optimize feed
recommendations, often at the expense of user privacy. - Data Sharing
Social media platforms frequently share user data with third parties:
Third-party Advertisers: For targeted advertising campaigns.
Government Agencies: Often in compliance with legal requests, raising concerns about user
rights in authoritarian regimes.
Business Partners: For product integrations, such as single sign-on services. - Data Retention
Social media platforms retain user data for varying durations, often indefinitely, even after
accounts are deleted:
i. Facebook: Retains data for a “reasonable” period, though some data is retained
indefinitely for legal or analytical purposes.
ii. Snapchat: Claims to delete data quickly but retains metadata for analytical purposes
(Snapchat Privacy Policy, 2023). - User Control and Rights
Many social media platforms provide users with tools to manage their data, though the
effectiveness varies:
i. Download Your Data: Platforms like Facebook and Instagram allow users to request
and download their data.
ii. Delete/Deactivate Accounts: Users can deactivate or delete their accounts, though
complete data removal is often ambiguous.
iii. Consent Management: Users can manage ad preferences and tracking permissions, but
these options are often buried in complex settings. - Security Measures
Social media platforms employ a variety of security measures to protect user data:
i. Encryption: Data in transit is often encrypted (e.g., HTTPS).
ii. Two-Factor Authentication (2FA): Encouraged for enhanced account security.
iii. Bug Bounty Programs: Platforms like Twitter and Facebook reward researchers who
identify security vulnerabilities. - Ethical and Legal Issues
i. Regulatory Non-compliance: Some platforms have been fined for failing to comply
with data protection laws, such as the EU’s GDPR and California’s CCPA.
ii. Algorithmic Bias: Data usage for AI systems has been criticized for amplifying biases
and misinformation.
iii. Children’s Privacy: Platforms like TikTok have faced lawsuits for collecting data on
minors without proper consent.
RESULTS
4.1 Comparison of How Social Media, Email, and E-commerce Platforms Handle
User Data
Social media, email, and e-commerce platforms each play distinct roles in digital interactions,
yet all rely heavily on user data to function. The ways in which they collect, use, share, and
protect data reveal significant similarities and differences, influenced by their unique purposes
and business models. - Data Collection
Aspect Email E-commerce Social media
Types of data Personal information,
email content, metadata,
login details, and
behavioural data.
Personal information,
purchase history,
payment details,
browsing patterns, and
technical data
Personal
information,
behavioural data,
connections,
location, media
files (e.g., posts,
images)
Extent of data Moderate, primarily
focused on providing
communication services.
Extensive, focusing on
transactional and
behavioural data for
marketing and
personalization.
Extensive, often
collecting even
non-essential data
to enhance
engagement.
Examples Gmail scans emails for
spam detection and
service improvement.
Amazon tracks
purchase history and
browsing behaviour
for recommendations.
Facebook collects
user activities to
refine algorithms. - Data Usage
Primary purpose Service delivery, spam
detection, and improving
user experience.
Order fulfilment,
personalized
marketing, and
inventory
management.
Personalization of
feeds, ad targeting,
and algorithm
training.
Secondary purpose Limited advertising
based on user activity
(e.g., Gmail ads).
Cross-selling and
upselling through
tailored promotions.
Advertising and
social connections.
Examples Gmail enhances spam
filters using AI trained on
email content.
Shopify merchants
analyse purchase
patterns to improve
offerings.
TikTok uses
behavioural data to
optimize content
suggestions. - Data Retention
Retention period Retains emails and
metadata unless accounts
are deleted.
Retains purchase
history indefinitely for
user convenience.
Often indefinite,
even for deleted
accounts.
Retention Justification Retention supports
communication history
and security purposes.
Retention helps with
returns, refunds, and
marketing.
Data is used to
enhance long-term
user engagement
and algorithms.
Examples Walmart retains customer
purchase records for
order history.
Yahoo keeps data
backups for system
recovery.
Snapchat retains
metadata even after
media deletion - User Control
Control options Offers tools to download
data, manage
permissions, and delete
accounts.
Allows users to
manage marketing
preferences and delete
accounts.
Provides privacy
settings for ads and
posts, but often
complex to
navigate.
Effectiveness
Generally, provides
adequate options for
managing data.
Effective for
transactional data but
less control over
shared data.
Often criticized for
insufficient control
over data use
Examples Gmail allows users to
export and delete email
history
Amazon lets users
manage purchase
records but retains
other data.
Instagram users can
adjust ad
preferences but
cannot stop all data
collection. - Data Sharing
Sharing practices
Limited sharing with
advertisers or
integrations.
Shares with payment
processors, logistics
providers, and
advertisers.
Shares with
advertisers, thirdparty developers,
and governments.
Transparency
More transparent, with
limited sharing for core
functions.
Generally clear about
data sharing with third
parties for
transactions.
Often criticized for
opaque sharing
practices.
Examples
Gmail shares
anonymized metadata for
analytics.
Amazon shares data
with third-party sellers
and vendors.
Facebook’s
Cambridge
Analytica scandal
revealed data
misuse. - Security Measures
Key measures
Encryption, 2FA, and
spam filters.
Encryption,
tokenization, fraud
detection, and 2FA.
Encryption, twofactor
authentication
(2FA), and AIdriven threat
detection.
Common
vulnerabilities
Data breaches, insider
misuse, and phishing
attacks.
Phishing attacks and
data breaches.
Payment fraud,
phishing, and
insider threats.
Examples
Yahoo suffered a massive
breach in 2013 affecting
billions of users.
Shopify faced insider
data misuse by rogue
employees.
Facebook
experienced
breaches exposing
millions of
accounts.
4.2 Key Similarities
i. Data Dependence: All platforms rely on user data to deliver their core services.
ii. Security Investments: Robust measures like encryption and 2FA are standard across
platforms.
iii. Regulatory Compliance: All must adhere to privacy regulations like GDPR and CCPA,
though enforcement varies.
4.3 Key Differences
Purpose of Data Collection:
i. Social media prioritizes engagement and ad-driven revenue.
ii. Email platforms focus on communication and service enhancement.
iii. E-commerce platforms emphasize transactions and marketing.
User Control:
i. Email platforms offer the most user-friendly privacy settings.
ii. Social media and e-commerce platforms often complicate data management.
Data Sharing:
i. Social media has a more controversial track record of data sharing.
ii. Email platforms limit data sharing to functional integrations.
iii. E-commerce platforms share data broadly with third parties for operational
purposes.
CONCLUSION AND RECOMMENDATION
5.1 Conclusion
The analysis of privacy policies in social media, email, and e-commerce platforms reveals the
pivotal role user data plays in their operations. While these platforms share common practices
like data encryption and regulatory compliance, their approaches to data collection, usage,
sharing, and retention differ significantly based on their business models and objectives. Social
media prioritizes engagement and advertising, email platforms focus on communication
services, and e-commerce emphasizes transactions and personalized shopping experiences.
However, challenges persist across all three domains: lack of transparency, limited user control,
data sharing risks, and security vulnerabilities. These issues, coupled with growing public
concerns about data misuse, highlight the need for stricter adherence to privacy regulations and
more user-centric privacy practices.
5.2 Recommendations - Enhance Transparency in Privacy Policies
i. Simplify privacy policies to ensure they are comprehensible to all users.
ii. Provide clear explanations of what data is collected, how it is used, and with whom it
is shared. - Strengthen User Control
i. Offer user-friendly tools to manage privacy settings, opt out of data collection, and
delete accounts or specific data.
ii. Provide real-time notifications about data access or sharing activities. - Minimize Data Collection and Retention
i. Limit data collection to what is essential for service delivery and improvement.
ii. Establish clear data retention policies, deleting or anonymizing data after its purpose
has been fulfilled. - Improve Data Sharing Practices
i. Restrict sharing of user data with third parties to the minimum necessary.
ii. Ensure that all partners adhere to robust data protection standards. - Invest in Robust Security Measures
i. Continuously upgrade encryption methods and fraud detection systems.
ii. Educate users about common cyber threats like phishing and how to mitigate them. - Compliance with Privacy Regulations
i. Proactively comply with global privacy laws such as GDPR, CCPA, and COPPA.
ii. Conduct regular audits to identify and address privacy compliance gaps. - Educate Users About Privacy
Implement educational campaigns to raise awareness about data privacy and empower
users to make informed decisions about their personal data.
References - Bradshaw, S., Millard, C., & Walden, I. (2020). Privacy and Data Protection Law:
Compliance and Challenges. Privacy International. Link to report - Cadwalladr, C., & Graham-Harrison, E. (2018). The Cambridge Analytica Files:
The Scandal That Sparked a Global Debate on Data Privacy. The Guardian. Link
to article - Electronic Frontier Foundation (EFF). (2022). Social Media Privacy and AI: A
Growing Concern. Retrieved from EFF.org - European Commission. (2020). The General Data Protection Regulation (GDPR)
Compliance: A Global Standard. Link to document. - European Data Protection Supervisor (EDPS). (2021). The Challenges of Ensuring
Data Protection in the Digital Age. Link to report. - Federal Trade Commission (FTC). (2024). Social Media Users Lack Control Over
Data Used by AI, U.S. FTC Says. Retrieved from Reuters - Gellman, R. (2020). GDPR and Beyond: Evaluating Global Data Privacy
Compliance. Columbia Journal of European Law, 26(1), 45-68. - Hancock, J., Buhrmester, M., & Sherman, R. (2018). Privacy Policies: How and
Why People Don’t Read Them. Computers in Human Behavior, 84, 72-81. Link to
study - Inoxoft. (2023). The Most Invasive Apps and Their Data Collection Practices.
Retrieved from Inoxoft.com - Moerel, L. (2020). The EU’s Data Protection Framework: A Call for the Protection
of Data Subjects’ Rights. European Journal of Law and Technology, 11(2), 47-65. - Privacy International. (2021). Data Protection and Online Privacy: A Global
Challenge. Link to report - Termly. (2021). Data Privacy Statistics: Protecting Your Data in the Digital Age.
Retrieved from Termly.io - The Australian. (2023). Trust Remains Crucial Even as Consumers Seek Cheaper
Deals Online. Retrieved from Theaustralian.com.au - Tsai, J. Y., Egelman, S., Cranor, L. F., & Acquisti, A. (2011). The Effect of Online
Privacy Information on Purchasing Behavior: An Experimental Study. Proceedings
of the 9th Symposium on Usable Privacy and Security, 1-12. - Zengler, T., Liu, R., & Zhang, X. (2019). E-commerce Privacy Policies: A
Comparative Analysis. Journal of Electronic Commerce Research, 20(3), 103-120 - Zuboff, S. (2019). The Age of Surveillance Capitalism: The Fight for a Human
Future at the New Frontier of Power. PublicAffairs