A Deep Dive into Facebook, Instagram, and the Privacy Policy Challenge

Facebook and Instagram connect billions of people and have irreversibly transformed how we use the internet. They and other social media platforms break revenue records by leveraging enormous amounts of user data. You share much of that data freely and give consent for the rest by agreeing to the privacy policy on signup.

However, how many of us take the time to read through and understand these policies? What do they govern, and why is going through them such a chore? Read on to discover why agreeing without understanding what you’re agreeing to when using Facebook and Instagram isn’t a good idea.

What Do Meta’s Privacy Policies Cover?

Meta has developed extensive privacy policies for its social media platforms and other products. They provide an overview of what data Meta collects, what it uses the data for, and whom it shares it with. The policies cite a variety of actions and behaviors that lead to data collection, as well as some use cases and the responsibilities Meta takes to secure the information it collects.

A Deep Dive into Facebook, Instagram, and the Privacy Policy Challenge

Reading through the policies reveals some interesting and potentially disturbing facts. For example, the policies openly state that any post, action, or communication users make is subject to collection. Setting one’s profiles to private and restricting communication neither hinders collection nor necessarily prevents others from accessing your data.

Users have no agency over the data others share about them. A friend can tag you in a picture, and there’s no way to stop this other than to ask them to take the picture down or launch an appeal.

According to the Instagram data policy, Meta also collects information about users’ hardware. This ranges from behaviors like mouse movements or open window on the screen priority to intricate details like “the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.”

While Meta claims they’ll never sell your data outright, they share it with partners and third parties. Data about people’s demographics, education, political and religious beliefs, interests, etc., is essential for creating user personas that advertisers can target with specialized ads. Meta also makes data available to researchers and law enforcement. Naturally, the company also uses collected data to develop new products and services or engage with customers.


The Challenges of Navigating These Privacy Policies

Merely visiting Facebook or Instagram entitles Meta to collect some information for analytics and security purposes. However, informed consent is the basis on which data collection operates for registered users.

Researchers argue how several factors put the informed part into question. A paper by Annmarie Hanlon and Karen Jones examines the increased length and complexity of social media platforms’ privacy policies. Facebook’s case is particularly egregious since the length of its policy jumped from originally 1,000 to almost 11,500 words at the time of publishing.

Users as young as 13 may create social media accounts. Yet, the reading skills required to parse the privacy policy jargon often need to be at the high school or college level. Combine that with increasing lengths and decreasing attention spans, and you have very few users who genuinely know what they’re consenting to when clicking “agree.”


Privacy policies aren’t static, either. Meta and others introduce changes and additions several times per year. They inform users about these changes, but few bother to do anything more than agree again since not doing so can shut them out of their accounts.

There’s also the matter of being included in data collection practices by default. Users have the right to opt out of some of them with Incogni data removal or similar services rather than opt-in if they want. Social media companies count on users’ complacency and lack of interest to continue these practices.

How to Protect Your Privacy on Social Media?

Despite claims and assurances, social media companies do not live up to the claims they make about safeguarding user privacy in their policies. Facebook was involved in the infamous Cambridge Analytica scandal in 2018, which illegally exposed personal details of almost 90 million accounts. Meta has since taken steps to curtail third-party data collection, but leaks continue to happen.

There’s an increased push from governments and citizens alike for more regulations regarding data privacy protection. The EU’s GDPR spearheaded such global efforts, forcing social media and other companies that extensively collect data on their users to allow them to access, reclassify, or delete such data or to object to its collection in the first place. At the time of writing, 160 countries protect their citizens with similar laws.

That’s not enough, though.

It’s up to the individual to safeguard their privacy on social media. The best, but not an entirely realistic way, is to not use such platforms. Barring that, you should limit your interactions with people you trust and assume anything you do or express on social media is accessible to the parent company and its associates.

You can’t escape identification while being an active social media user entirely, but it’s possible to improve your privacy via several means. For example, using a VPN for multiple devices hides your IP address, which prevents websites from tracking your movements and reporting back to Facebook or Instagram, tailoring their ads accordingly. VPNs are also indispensable if you’re accessing social media through public Wi-Fi, as they provide encryption that protects the otherwise vulnerable connection from snoops.


Navigating convoluted social media privacy policies can be a challenge. Yet, it’s necessary if you want to have true agency when using such services. Consider whether you need or benefit from social media like Facebook and Instagram, and carefully consider the implications of their privacy policies if you do.