Life & Art
Targeted social media marketing
Social media companies are using our data to sell us stuff. Is there anything we can do about it?
By Paul Shelton
It’s a weekend morning and you and your partner are relaxing over a coffee. Like any average Taiwan resident this usually involves scrolling through your social media from various feeds, and on a variety of devices.
You note a product or concept and despite having no specific interest in it (or perhaps even an immediately derisive opinion of it) you mention it to your partner. You may not even have clicked on any URL, just raised it in conversation. Then, lo and behold you start, in coming days to see advertisements on your social media for these same things that you casually discussed.
Coincidence? Perhaps. But you start to notice that you are seeing advertisements for different brands of the casually discussed item. You take it no further and generally the advertisements diminish and you tend to think nothing more about it. But it is almost guaranteed to occur again with different products and brands.
You feel that somehow your social media platform really is listening in to your conversations and that you are being profiled. But how? Many suspect that it is the microphone activated in your social media devices is somehow using this audio data for targeted advertising. Social media companies typically deny directly using microphone data for advertisement targeting and yet it seems so prevalent.
But there are few key points to consider at the initial stage. We ourselves and most businesses collect vast amounts of data (sometimes unknowingly) but generally intentionally. Social media platforms collect vast amounts of data on your online behaviour, including search history, website visits, likes, shares, and possibly even more. This data is then used to build a detailed profile of your interests and preferences (although it doesn’t seem to differentiate something that you have no real interest in but have simply noted or commented on).
Social media platforms use advanced algorithms that predict what you might be interested in based on your past behaviour. If you recently searched for or visited a site related to a product, advertisements for that product may appear in your social media feeds.
Consider how many times you actually open a new application, or an existing application is automatically updated on your social media device. You may get some small message requesting that the application needs you to approve some form of location tracking. You are in a rush and think nothing of it. You just want your device to work properly and with few glitches. You may also simply want to avoid being asked for access approval every time you use a frequently used application. You have now given the application access to your location, and this will definitely influence the advertisements you see. If you go near a particular store or region, you might see advertisements related to that place.
If you travel overseas and need to use a local SIM card in your mobile phone, you are virtually guaranteeing a whole new level of advertisements and “special offers” that you never knew you needed. A recent trip to the Philippines necessitated a local SIM, in addition to the two e-SIMs that already reside in my mobile phone. The application process for a simple local SIM was akin to a form of e-gate immigration information. It was not just simply inserting the SIM. A “selfie” was also required, as well as passport details and other sensitive information. The SIM was removed from my phone when leaving the Philippines but that has not stopped a slew of messages and notifications of “special offers”. Several more trips to the Philippines are likely this year and of course that same SIM will go back into my phone and the rate of messages will ramp up exponentially.
If you use shared Wi-Fi networks as most of us do, and friends arrive to stay for a few days, how often does the initial meet and greet conversation include a request to use your home Wi-Fi? Almost automatically! You return to a location at which you used the shared Wi-Fi and your devices immediately remember the Wi-Fi details. You don’t need to even ask for the password again (unless your hosts have, for some reason, changed their password). Regardless of all of the warnings about changing passwords regularly, how many of us actually do that?
If someone on the same Wi-Fi network as you has searched for or discussed a particular product, you might also see related advertisements due to shared data signals. Your data is in their system, the algorithms start whirling again and it may almost feel as if you are being welcomed back!
Social media platforms often deny their use of your collected data by resorting to the arguments of coincidence and what is known as cognitive bias. Cognitive or confirmation bias can indeed occur when we tend to notice and remember instances when something we talked about appears in an advertisement, while ignoring the countless advertisements that don’t relate to our conversations. So perhaps it really is just a random occurrence or coincidence that an advertisement appears after you’ve talked about something. With the vast amount of data and interactions on daily, weekly, monthly occasions, it is just possible that this can happen more often than we might expect.
But we should also take personal responsibility for the permissions we give to social media platforms and the nature of the privacy settings that may simply be automatically applied to our devices. Some applications are very open about requesting access to your microphone or other sensors. While social media platforms and companies may claim that they don’t use this data for ad targeting, it’s still important to be mindful of the permissions you grant. You may even be an ardent user of the “unsubscribe” button, but these can be sometimes extremely hard to find, don’t exist and take some time to take effect. The most annoying ones tend to be those that ask for an explanation of why you are unsubscribing (with the result that you have just provided even more data).
We should all, regularly review and update our privacy settings on social media platforms and applications to control what data is being collected and used for targeting. But let’s be honest, how often do we do this? We’re busy, our devices are running low on battery power and a power nap sounds much more fun that reviewing and updating privacy settings.
There are some practical solutions that you can use to avoid targeted social media advertising. For example, investigate enabling the “do not track” on your web browser. If possible, use an advertisement blocker on your device. Swap around your browsers for different activities. Some commentators go as far as suggested to stop using Google or Bing and if you are shopping then shop “incognito”.
There are actually various laws and regulations that govern how social media platforms and companies can collect and use our data. But very few of us are actually aware of the specifics of such laws and regulations. Nevertheless, there does seem to be some increased public awareness and scrutiny on how our data is used and this has led to a slight increase in transparency from companies about how data is used. But we must continue to remain vigilant about our rights to privacy.
It is my firm belief that social media applications are listening to our conversations even if some of that is simply due to a combination of sophisticated data analysis, predictive algorithms, and the occasional coincidence. Once or twice is a coincidence. Daily occurrences are anything but a coincidence.
Taiwan has quite strict laws that regulate the collection and use of personal data, which can impact social media advertisement targeting. The primary legislation governing data protection in Taiwan is the Personal Data Protection Act (PDPA). The PDPA applies to both public and private sector organisations that collect, process, or use personal data in Taiwan. This includes social media companies operating in Taiwan or targeting Taiwanese users.
According to the law, organisations must obtain consent from individuals before collecting, processing, or using their personal data. This includes data used for targeted advertising. The consent is often buried quite deeply in those extraordinarily long terms and conditions that we so often simply agree to.
The PDPA does state that personal data must only be collected for specific, lawful purposes, and it can only be used in ways that align with those purposes. If social media companies use personal data for advertisement targeting, they must clearly specify this purpose and obtain the user's consent and companies are required to inform individuals about the purposes for which their data is collected and how it will be used, including any use for advertisement targeting. But stop and think for a moment. When did you last change your local mobile phone? The process seemed long, boring and, after all, you just want the phone and to leave the store. Did you really take notice of the “explanation” you received from the salesperson? Chances are you probably inadvertently agreed to be tracked and share most of your personal data.
In Taiwan, individuals have the right to access their personal data held by companies and request corrections if the data is inaccurate or incomplete. Personally I would not know how many local companies have my personal data. Often, it is only when a credit card expires, and the local company cannot process a payment that you become aware of how many companies actually have that data.
According to the law, organisations in Taiwan must take appropriate measures to protect personal data from unauthorised access, use, or disclosure but then we wake up all too often to find some local organisation has been hacked and has to admit to the leakage of clients’ personal data. Leaks have indeed occurred in Taiwan. In early 2023, a purported leak involving the household registration of close to all Taiwanese citizens was reported, with some 23.57 million pieces of information that had apparently been stolen from the Ministry of the Interior’s Department of Household Registration. The leak was genuine and some 200,000 pieces of information were viewable as a sample (including those of senior government ministers and representatives).
The PDPA does impose penalties for violations, including fines and potential criminal liability in severe cases and this is meant to encourage social media companies to adhere strictly to the law when engaging in advertisement targeting. But are these penalties imposed sufficiently frequently or is it more bark than bite? In this regard, we should bear in mind that authorities have limited resources to monitor and punish violations.
Another issue that many local and international data experts have expressed concern about is the rate of cybersecurity “hits” that Taiwan faces on a daily basis. Taiwan is thus faced with the need to continuously evolve its data protection landscape to keep up with global trends, an expensive and time-consuming process. While the PDPA provides a framework, there will undoubtedly be a need for future amendments or additional regulations to address emerging issues in digital advertising and privacy. In the meantime, in the absence of robust regulatory protections and monitoring, we should increase our own vigilance of how and what we share through our devices.
Despite denials from some social media platforms, local and international, it seems clear that we are being subjected to targeted social advertisements. It won’t go away but whether or not it can be restrained remains to be seen.
Paul Shelton is a consultant with 30 years of experience in the international financial services and related industries with skills in all aspects of legal and financial crime compliance and regulatory relationship advisory and management.
