Data Privacy in 2024: TikTok, Facebook, and US Laws

In the United States, there is no single law or entity dedicated to protecting data of all kinds. Instead, there are various federal and state laws that focus on protecting specific types of data and groups of people. In the following article, you can learn more about the state of data privacy in the US and the steps you can take to protect your own personal information. 

What is data privacy?

Data privacy is a subcategory of data management and security. It’s concerned with the ability to protect and control your personal information from unauthorized access, use, and disclosure. Unfortunately, many popular applications, websites, and products are unregulated when it comes to data privacy. In the absence of universal regulation, companies often implement their own privacy rules in compliance with industry standards, placing the burden of data protection on the consumer. 

For example, you have likely seen a document called a privacy policy upon downloading an application or service. Privacy policies outline how your data will be collected and what the company plans to use it for. You can choose to accept the terms and use the product or deny them, resulting in limited or no access. However, the lack of transparency regarding these processes and whether consumers have enough information to provide meaningful consent has been scrutinized: 

Ashkan Soltani, former chief technologist at the Federal Trade Commission (FTC) quoted by the New York Times: “Sadly, because this ecosystem is primarily hidden from view and not transparent, consumers aren’t able to see and understand the flow of information” [1]. 

Why is data privacy important?

Data is a powerful tool that can be used to glean meaningful insights about people’s behavior, interests, spending habits, and more. In the wrong hands, this type of data can be used to cause harm. For example, a data breach at a company that deals with social security numbers or credit information can lead to identity theft. Data breaches at government institutions could impact international affairs. 

Your personal information should be controlled by you only. Individual privacy is often viewed as a fundamental right, such as freedom of religion or speech. 

Data privacy laws

Europe has an overarching data privacy law known as the General Data Protection Regulation (GDPR). It applies to organizations everywhere, as long as the data they collect is related to people in the EU. In contrast, the United States has a variety of federal and state regulations such as:

• The Privacy Act of 1974: This law governs the collection and use of personal data by federal agencies. It prohibits them from disclosing personal information without written consent and reserves an individual’s right to request changes to these records if they are incomplete or inaccurate. The Privacy Act of 1974 has limited exceptions, including the Census Bureau. 

• Health Insurance Portability and Accountability Act (HIPAA): HIPAA is a United States Act of Congress that was signed into law in August of 1996. It serves as the national standard for protecting patient health information, prohibiting its disclosure without patient knowledge or consent. 

• Children’s Online Privacy Protection Act (COPPA): This 1998 law limits the usage of data collected about children under 13 years old. To collect data from children under 13, organizations must post an online privacy policy outlining their data collection and intended usage. Parents or guardians must then consent to the privacy policy before any information can be collected. After collection, guardians have the option to access, view, and delete their child’s data, as well as stop the organization from collecting further information. Other aspects of data privacy covered by this law include confidentiality requirements and time limits on how long the data can be held.

• Gramm-Leach-Bliley Act (GLBA): Executed in November 1999, the Gramm-Leach-Bliley Act requires financial institutions to safeguard sensitive data and relay their information-sharing practices to customers. 

• California Consumer Privacy Act (CCPA): This California data privacy law went into effect in January 2020. It grants California consumers the right to demand companies share any information a company has saved pertaining to them, as well as any third parties that data has been shared with. Consumers in California can also pursue legal action against companies that violate privacy guidelines, with or without a security breach.   

In July of 2022, the American Data Privacy and Protection Act was approved by the US House of Representatives’ Committee on Energy and Commerce. However, it has failed to advance to the House or Senate floors. Despite strong support for this legislation that would serve as a comprehensive federal privacy law, differing views on what it should include have impeded progress. 

Data privacy compliance

Most modern businesses collect massive amounts of data every day. They use data analytics to help guide decision-making related to marketing, product development, and customer relations. As a result, privacy regulations such as the ones listed above have been established across many industries to combat unfair usage. Privacy compliance refers to an organization or company’s adherence to these data protection guidelines. 

Data privacy and social media

In recent years, the media has begun to shine a spotlight on data privacy in social media. You may be familiar with the TikTok congressional hearing wherein US lawmakers interrogated CEO Shou Zi Chew about the app’s data privacy measures and its alleged connections to the Chinese Communist Party. The concerns raised in this hearing not only highlighted the need for comprehensive data privacy legislation but also sparked backlash toward members of Congress for demonstrating a critical misunderstanding of modern technology through their lines of questioning. 

But TikTok isn’t the only social media app that’s faced investigation related to data privacy. In 2018, Facebook was ordered to cease data collection about Belgian users or face up to a 100 million euro fine. They also faced allegations related to a large-scale data theft in the same year [2]. In 2019, Google and YouTube faced a settlement requiring them to pay $136 million to the Federal Trade Commission (FTC) and $34 million to New York for violating the Children’s Online Privacy Protection Act (COPPA) [3].

Although safeguarding your data online can seem challenging, there are many steps you can take to protect your personal information. You can use the list below to review privacy policies for some of the most frequently used applications:

• Facebook Data Privacy Statement (this statement is shared with Instagram)

• WhatsApp Privacy Policy

• TikTok Data Privacy Statement

• Pinterest Data Privacy Statement

• Tumblr Data Privacy Statement

• X (formerly known as Twitter) Privacy Policy Statement

• Google Privacy Policy 

• Privacy on YouTube apps

How to protect your data privacy

Here are a few steps you can take to improve your data privacy mindfulness:

• Read privacy policies before using an application, service, or website. It’s tempting to just accept the terms when you’re presented with a pages-long document. However, privacy policies are a great way to identify what companies will do with the information you provide them. 

• Consider using a virtual private network (VPN). A VPN masks your identity by enabling your device to connect to the internet through a third-party server. It also encrypts the information you send and receive while connected. 

• Revisit your privacy settings on the apps you use every day. If you don’t customize your privacy settings, you may be providing platforms with more data than necessary. Consider visiting the settings on your most used applications and websites and ensuring you’ve turned off unnecessary cookies and other data collection measures. 

Did you know that there’s a national Data Privacy Day?

Data Privacy Day is January 28th. You can participate anytime in January by browsing virtual and in-person events celebrating Data Privacy Day on the International Association of Privacy Professionals (IAPP) website. 

The value of data privacy skills in 2024

Learning about data privacy is an essential first step to protecting your personal information. It’s also an excellent skill to include on your resume in 2023. As mentioned above, nearly every modern business handles copious amounts of data every day. Whether you work in a tech job or not, knowing how to properly navigate cybersecurity threats is a core competency in the modern workforce. 

Learn more about data privacy with Coursera

Keep learning about data privacy and security with the beginner-friendly, 100-percent online Google Cybersecurity Professional Certificate — the first seven days are free. You'll gain in-demand expertise from an industry leader and earn a shareable certificate for your resume.