Category: TikTok

The New Border: Immigration Law in the Age of Social Media Monitoring

In today’s digital world, where much of public discourse takes place online, the intersection between social media and immigration law has become increasingly critical. From viral debates over “migrant bashing” posts to visa revocations tied to online activism, social media now serves both as a platform for immigrant voices and as a frontier for government surveillance.

Social Media Monitoring & Immigration

Recent policy developments confirm that U.S. immigration authorities are not only observing social media activity but actively using it to inform decisions.

On April 9th 2025, U.S. Citizenship and Immigration Services (USCIS) announced it will begin considering  antisemitic activity on social media platforms when evaluating immigration benefit applications. This policy immediately affected green card applicants, international students, and others seeking immigration benefits. 

USCIS will consider social media content that indicates an alien endorsing, espousing, promoting, or supporting antisemitic terrorism, antisemitic terrorist organizations, or other antisemitic activity as a negative factor in any USCIS discretionary analysis when adjudicating immigration benefit requests.” 

This marks a significant shift from traditional factors like criminal history or fraud to now assessing online speech and ideology. It reflects a growing willingness to treat moral or political expression, which was once considered private and protected, as a legitimate basis for immigration decisions.

These “discretionary analyses” primarily affect benefit applications such as adjustment of status, asylum, and visa renewals where officers have broad authority to evaluate an applicant’s moral character and other subjective factors.

ICE and Algorithmic Surveillance

Meanwhile, U.S. Immigration and Customs Enforcement (ICE) continues to expand its social media surveillance capabilities. ICE contracts with private technology companies to build AI driven systems that scrape and analyze public posts, images, and online networks across multiple languages. These systems search for “threat indicators” or potential immigration violations, flagging accounts through pattern recognition and linguistic analysis.

ICE’s Open Source Intelligence program relies on vendors such as Palantir and ShadowDragon to automate the collection and analysis of social media data for enforcement leads. Because these algorithms are secretive and often shielded from public records laws like the Freedom of Information Act (FOIA), immigrants often have no way to learn what online data was used against them or to challenge any mistakes or errors.

Observers  describe this trend as part of a broader “tech powered enforcement” model, in which digital footprints shape immigration outcomes.  In effect, a digital border has emerged. One that exists not at airports or checkpoints but within the virtual spaces people inhabit every day.

Speech and Expanding Risk

The implications are profound. A noncitizens tweets, Facebook posts, or even tagged photos can be scrutinized and used as evidence in visa adjudications or deportation proceedings.

This pervasive monitoring encourages self censorship. Immigrants and lawful permanent residents may delete posts, avoid political discussion, or disengage from activism online out of fear that a misunderstood comment could threaten their status. What once felt like ordinary self expression now carries real legal risk.

As the Brennan Center for Justice warns, vague or discretionary standards create chilling effects on speech by making it impossible to predict how officials will interpret online expression.

the April 9 notice is likely to quell speech, discouraging immigrants and non-immigrants who are lawfully seeking a variety of immigration benefits…..from taking part in a wide range of constitutionally protected activity for fear of retaliation. And its smorgasbord of vague terms, many with no legally recognized meaning, enables USCIS officers to exercise nearly unchecked discretion in determining when to reject an otherwise unobjectionable application for a benefit……”

The First Amendment and Ideological Vetting

This new surveillance landscape raises pressing First Amendment concerns. Although noncitizens do not enjoy the full range of constitutional protections, courts have long held that the government may not condition immigration benefits on ideological conformity. Social media vetting, however, blurs that line. Turning online expression into a proxy for moral or political loyalty tests.

Courts have long struggled to balance the executive’s plenary power over immigration with First Amendment concerns raised by ideological exclusions. In Kleindienst v. Mandel (1972) the Supreme Court upheld the government’s exclusion of a Belgian Marxist scholar, deferring to the executive’s authority over immigration even when the denial indirectly burdened U.S. citizens right to receive information and ideas. Decades later, in American Academy of Religion v. Napolitano (2009), the Second Circuit reaffirmed that while the executive retains broad power, it cannot rely on secret or arbitrary rationales for ideological exclusions. Together, these cases highlight the unresolved tension between immigration control and free speech protections.

Case Study: Mahmoud Khalil

The collision of social media, political activism, and immigration enforcement is sharply illustrated in the case of Mahmoud Khalil.

Mahmoud Khalil, a lawful permanent resident and recent Columbia University graduate, was arrested by ICE in New York in March 2025 after participating in pro-Palestinian demonstrations. He was detained in Louisiana for over three months pending removal proceedings.

The government cited  Immigration and Nationality Act  (INA) § 237(a)(4)(C)(i), a rarely used provision allowing deportation of a noncitizen whose “presence or activities” are deemed to have “potentially serious adverse foreign policy consequences.” The evidence reportedly consisted of a brief undated letter referencing Khalil’s activism and supposed foreign policy concerns

Khalil’s attorneys argued that he was targeted not for any criminal conduct but instead for his speech, association, and protest activity both on campus and online raising serious First Amendment and due process issues. 

 In May 2025, a federal judge found the statute likely unconstitutional as applied, and Khalil was released after 104 days in detention. 

The Future of the Digital Border

As immigration enforcement integrates algorithmic surveillance, the border is no longer confined to geography. It exists everywhere a user logs in. This new reality challenges long standing principles of due process, privacy and free expression.

Whether justified under national security, anti-hate policies, or fraud prevention, social media vetting transforms immigration law into a form of ideological policing. The challenge for policymakers is to balance legitimate screening needs with fundamental rights in an age when one tweet can determine a person’s future.

Cases like Mahmoud Khalil’s reveal how online activism can trigger enforcement actions that test the limits of constitutional and civil liberties protections. Legal scholars and advocates have urged Congress and Department of Homeland Security (DHS) to establish clearer rules ensuring transparency in algorithms, limiting ideology based denials, and mandating bias audits of surveillance tools.

Future litigation will test how the First Amendment and due process doctrines evolve in an age where immigration enforcement operates through data analytics rather than physical checkpoints.

Ultimately, the key questions we must ask ourselves are:

To what extent can authorities treat social media activism as a legitimate factor in visa or green card adjudications?

Does using immigration law to penalize online speech amount to viewpoint discrimination?

The answers will shape not only the future of immigration law but the very boundaries of free speech in the digital age.

From Record Stores to FYPs: Social Media’s Impact on the Music Industry

Who remembers having to go out and buy a record or an 8 track or cassette tape? How about a CD or asking their parents if they can buy the newest songs on iTunes? I sure do, but today many kids and individuals turn to TikTok or other social media platforms to hear the latest songs. But what happens to the music that is used in these viral dances or over a post? Are they free to use just because everything is now digitized or are there still protections for artists and their music once it hits social media?

Social media, since its inception has played a role in musicians finding their big break online. Starting with Myspace in the early 2000s, huge stars like Calvin Harris, Adele and even Sean Kingston used Myspace to their advantage. They grew their fanbase, contacted record labels, and put their music out for the world to hear. One of the most well-known internet success stories for this generation is Justin Bieber and his discovery on YouTube. While covering a Chris Brown song at just 13 years old, caught the attention of music executive and the rest was history. Justin Bieber is one of the biggest household names of this generation being named 8th Greatest Pop Star of the 21st Century by Billboard Canada in 2024. Justin, however, wasn’t the only success story. Ed Sheeran, 5 Seconds of Summer, Charlie Puth, Tate McRae, and so many other artists found their success by posting covers, originals and other content on YouTube in the hopes of getting discovered like Justin Bieber had.

Following and alongside YouTube success, next came the wave of artists being discovered on the hit platform, Vine. Vine unlike YouTube could not have full videos on its platform. In 2012 Vine took the world by storm with only six-second videos. These videos were played on loops so that if you blinked…don’t worry it would play again. In 2013 many young aspiring stars again took to posting to the platform with the hopes of posting that one perfect video, but now they only had six seconds to impress. Shawn Mendes began posting on the app nearly at its inception. He began posting cover clips while he played the guitar.

“One Vine, Mendes posted a video of himself playing guitar while singing the hook to Bieber’s song “As Long As You Love Me” and received 10,000 likes overnight. He followed up with covers of Bruno Mars and other pop singers, and, by the spring, when Island and Massey came calling, he already assumed over 2.5 million followers on the service.”

Mendes soon got to record a hit song with Justin Bieber called “Monster” where the two got to show off their different styles and tell a story about the hardships that come with fame.

After Vine was shut down, artists turned back to other social media platforms to put out their music. And then the 2019 Covid Pandemic hit and TikTok entered the scene. Like Vine, TikTok had short videos that played on a loop. However, this time they were about 15-30 seconds when the app first started gaining traction in the US. Artists could post their videos of viral dances, cover music or even post daily get ready with me videos.

Again, TikTok produced up and coming stars who we know today such as Olivia Rodrigo, Lil Nas X and Alex Warren exploded once their songs became part of a viral trend or pick a song from the platforms “Trending” sounds in the sound library.

This is great, right!? All of these people using what is right at their fingertips to put themselves out there and make their dreams come true. But what happens when these viral songs are being used without the proper licensing or when they infringe on copyright law? This is an issue that has been on the rise in the exorbitant use of social media videos to promote companies, schools or in a popular video. So, let’s talk about it.

First what is copyright law?

“Copyright is a type of intellectual property that protects original works of authorship as soon as an author fixes the work in a tangible form of expression.”

This includes paintings, photographs, illustrations, musical compositions, sound recordings, computer programs, books, poems, blog posts, movies, architectural works and so much more!

So, what if you want to use a copyrighted work? Don’t panic! The Fair Use Doctrine explains that certain usage of these works is allowed.

“Fair use is a legal doctrine that promotes freedom of expression by promoting the unlicensed use of copyright-protected works in certain circumstances. Section 107 of the Copyright Act provides the statutory framework for determining whether something is a fair use and identifies certain types of uses—such as criticism, comment, news reporting, teaching, scholarship, and research—as examples of activities that may qualify as fair use.”

Section 107 calls for consideration of the following four factors in evaluating a question of fair use: purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes; nature of the copyrighted work; amount and substantiality of the portion used in relation to the copyrighted work as a whole; and effect of the use upon the potential market for or value of the copyrighted work.

However, even with these laws in place, there are still recent cases of music being used in commercials, TikTok videos and on the platform without proper licensing agreements in place. It is not only the big companies that are facing copyright infringement suits, but also the influencers posting the content on behalf of the brands.

In recent there have been several major cases. Here are a few.

Sony Music Entertainment v. Marriott. In this case, Sony alleged that Marriott’s social media pages featured hundreds of videos. Sony sought to hold Marriott liable for their own posts as well as posts made by influencers and Marriott-franchised hotels. Sony claimed that it was entitled to more than $139,000,000 in statutory damages, as well as an injunction. The case was eventually dismissed with prejudice.

Sony Music Entertainment v. Gymshark. Sony claimed unauthorized use of 297 works in online advertisements posted by Gymshark and influencers. This consisted of music by Harry Styles, Beyoncé and Britney Spears in its Instagram and TikTok posts. This case was also dismissed with prejudice.

Music Publishers v. NBA.

“In July of 2024, Kobalt Music Publishing America, Inc. and other music companies filed suit against 14 NBA teams in the US District Court for the Southern District of New York, in the latest ongoing battle between music publishers and organizations that allegedly use copyrighted material without proper authorization. These (teams) engaged in unauthorized use of copyrighted music in social media postings on Instagram, TikTok, X, Youtube, and Facebook and are seeking to protect their intellectual property rights and ensure that their works are not exploited without due compensation.”

Sony Music Entertainment v. USC. Sony had previously warned the university about its use of unauthorized music in their posts. These posts were gaining major traction helping the school promote different games and events on campus.

“The law suit … cited 283 videos with songs from musicians including Michael Jackson, Britney Spears and AC/DC that USC’s sports teams supposedly used in TikTok and Instagram posts without licenses. Sony Music asked for statutory copyright damages of $150,000 per song, amounting to tens of millions of dollars in damages.” This case is still ongoing.

Warner Music Group v. DSW. This case again involves the use of music by the company in its ads and on social media along with its influencers without the proper licensing in place. Warner said that the musical works that were allegedly infringed by DSW were “some of the most popular sound recordings and musical compositions in the world.”

Although influencer marketing has helped so many companies grow on social media through the years, without the proper licensing, it leaves these companies and influencers vulnerable to potential copyright infringement. However, Universal Music Group, one of the world’s largest record labels notably pulled all of its music from TikTok due to licensing issues with the social media platform. This impacted video’s featuring songs by Billie Eilish, Drake, Taylor Swift and other big-name artists. Eventually UMG and TikTok struck a deal however while they were working things out, TikTok went silent on these sounds for nearly three months. So, what can influencers and apps due to limit their liability and risk of infringement?

First, social media companies can update their terms of service, which TikTok has done, to help its users avoid suits. Influencers who are posting for promotional content such as an advertisement usually require two different kinds of licenses. Synchronization license and master use license.

A Synchronization or sync license is, “required to pair a musical composition (i.e. the song) with visual content. It must be obtained from the copyright holder, which is usually the music publisher… To make things more complicated, a commercial song can often be co-owned by multiple copyright holders, which is why brands often partner with specialist music clearance agencies to obtain the necessary rights.”

A master use license is “needed if the brand wishes to use a specific recording of a song. It must be obtained from the owner of the recording – usually, a record label.”

By obtaining the proper licensing prior to posting many influencers and brands can post freely without the risk of copyright infringement and potentially risk their post being taken down or even a lawsuit being filed against them. Platforms like TikTok license with record labels so that their songs can be used through their platform library once they are properly licensed.

So while social media has been the place where so many incredible artists have found their fame, once they’ve recorded their hit album, the platform must properly license with the record labels to use their music otherwise they risk being taken to court for copyright infringement not only impacting their platform but also its users, the artists, and labels.

 

 

 

 

Regulating the Scroll: How Lawmakers Are Redefining Social Media for Minors

In today’s digital world, the question is no longer if minors use social media but how they use it. 

Social media platforms don’t just host young users, they shape their experiences through algorithmic feeds and “addictive” design features that keep kids scrolling long after bedtime. As the mental health toll becomes increasingly clear, lawmakers are stepping in to limit how much control these platforms have over young minds.

What is an “addictive” feed and why target it? 

Algorithms don’t just show content, they promote it. By tracking what users click, watch, or like, these feeds are designed to keep attention flowing. For minors, that means endless scrolling and constant engagement which typically is at the expense of sleep, focus, and self-esteem.

Under New York’s Stop Addictive Feeds Exploitation (SAFE) for Kids Act, lawmakers found that:

 “social media companies have created feeds designed to keep minors scrolling for dangerously long periods of time.”

The Act defines an “addictive feed” as one that recommends or prioritizes content based on data linked to the user or their device.

The harms aren’t hypothetical. Studies link heavy social media use among teens with higher rates of depression, anxiety, and sleep disruption. Platforms often push notifications late at night or during school hours. Times when young users are most vulnerable. 

Features like autoplay, for you page, endless “you may also like” suggestions, and quick likes or comments can trap kids in an endless scroll. What begins as fun and harmless entertainment soon becomes a routine they struggle to escape.                              

 

Key Developments in Legislation 

It’s no surprise that minors exposure to social media algorithms sits at the center of today’s policy debates. Over the past two years, state and federal lawmakers have introduced laws seeking to rein in the “addictive” design features of online platforms. While many of these measures face ongoing rule making or constitutional challenges, together they signal a national shift toward stronger regulations of social media’s impact on youth. 

Let’s take a closer look at some of the major legal developments shaping this issue.

New York’s SAFE for Kids Act

New York’s Stop Addictive Feeds Exploitation (SAFE) for Kids Act represents one of the nation’s most ambitious efforts to regulate algorithmic feeds. The law prohibits platforms from providing “addictive feeds” to users under 18 unless the platform obtains verifiable parental consent or reasonably determines that the user is not a minor. It also bans push notifications and advertisements tied to those feeds between 12 a.m. and 6 a.m. unless parents explicitly consent. The rule making process remains ongoing, and enforcement will likely begin once these standards are finalized.

The Kids Off Social Media Act (KOSMA)

At the federal level, the Kids Off Social Media Act (KOSMA) seeks to create national baselines for youth protections online. Reintroduced to Congress, the bill would:

  • Ban social media accounts for children under 13.
  • Prohibit algorithmic recommendation systems for users under 17.
  • Restrict social media access in schools during instructional hours.

Supporters argue the bill is necessary to counteract the addictive nature of social media design. Critics, including digital rights advocates, question whether such sweeping restrictions could survive First Amendment scrutiny or prove enforceable at scale. 

KOSMA remains pending in Congress but continues to shape the national conversation about youth and online safety.

California’s SB 976 

California’s Protecting Our Kids from Social Media Addiction Act (SB 976) reflects a growing trend of regulating design features rather than content. The law requires platforms to:

  • Obtain parental consent before delivering addictive feeds to minors.
  • Mute notifications for minors between midnight and 6 a.m. and during school hours unless parents opt in.

The statute is currently under legal challenge for potential First Amendment violations, however, the Ninth Circuit allowed enforcement of key provisions to proceed suggesting that narrowly tailored design regulations aimed at protecting minors may survive early constitutional scrutiny.

Other State Efforts

Other states are following suit. According to the National Conference of State Legislatures (NCSL), at least 13 states have passed or proposed laws requiring age verification, parental consent, or restrictions on algorithmic recommendations for minors. Mississippi’s HB 1126, for example, requires both age verification and parental consent, and the U.S. Supreme Court allowed the law to remain in effect while litigation continues. 

Final Thoughts

We are at a pivotal moment. The era when children’s digital consumption went largely unregulated is coming to an end. The question now isn’t if  regulation is on the horizon, it’s how it will take shape, and whether it can strike the right balance between safety, free expression, and innovation.

As lawmakers, parents, and platforms navigate this evolving landscape, one challenge remains constant: ensuring that efforts to protect minors from harmful algorithmic design do not come at the expense of their ability to connect, learn, and express themselves online.

What do you think is the right balance between protecting minors from harmful algorithmic exposure and preserving their access to social media as a space for connection and expression?

Privacy Please: Privacy Law, Social Media Regulation and the Evolving Privacy Landscape in the US

Social media regulation is a touchy subject in the United States.  Congress and the White House have proposed, advocated, and voted on various bills, aimed at protecting and guarding people from data misuse and misappropriation, misinformation, harms suffered by children, and for the implications of vast data collection. Some of the most potent concerns about social media stem from use and misuse of information by the platforms- from the method of collection, to notice of collection and use of collected information. Efforts to pass a bill regulating social media have been frustrated, primarily by the First Amendment right to free speech. Congress has thus far failed to enact meaningful regulation on social media platforms.

The way forward may well be through privacy law. Privacy laws give people some right to control their own personhood including their data, right to be left alone, and how and when people see and view them. Privacy laws originated in their current form in the late 1800’s with the impetus being one’s freedom from constant surveillance by paparazzi and reporters, and the right to control your own personal information. As technology mutated, our understanding of privacy rights grew to encompass rights in our likeness, our reputation, and our data. Current US privacy laws do not directly address social media, and a struggle is currently playing between the vast data collection practices of the platforms, immunity for platforms under Section 230, and private rights of privacy for users.

There is very little Federal Privacy law, and that which does exist is narrowly tailored to specific purposes and circumstances in the form of specific bills. Somes states have enacted their own privacy law scheme, California being on the forefront, Virginia, Colorado, Connecticut, and Utah following in its footsteps. In the absence of a comprehensive Federal scheme, privacy law is often judge-made, and offers several private rights of action for a person whose right to be left alone has been invaded in some way. These are tort actions available for one person to bring against another for a violation of their right to privacy.

Privacy Law Introduction

Privacy law policy in the United States is premised on three fundamental personal rights to privacy:

  1. Physical right to privacy- Right to control your own information
  2. Privacy of decisions– such as decisions about sexuality, health, and child-rearing. These are the constitutional rights to privacy. Typically not about information, but about an act that flows from the decision
  3. Proprietary Privacy – the ability to protect your information from being misused by others in a proprietary sense.

Privacy Torts

Privacy law, as it concerns the individual, gives rise to four separate tort causes of action for invasion of privacy:

  1. Intrusion upon Seclusion- Privacy law provides a tort cause of action for intrusion upon seclusion when someone intentionally intrudes upon the reasonable expectation of seclusion of another, physically or otherwise, and the intrusion is objectively highly offensive.
  2. Publication of Private Facts- One gives publicity To a matter concerning the Private life of another that is not of legitimate concern to the public, and the matter publicized would be objectively highly offensive. The first amendment provides a strong defense for publication of truthful matters when they are considered newsworthy.
  3. False Light – One who gives publicity to a matter concerning another that places the other before the public in a false light when The false light in which the other was placed would be objectively highly offensive and the actor had knowledge of or acted in reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed.
  4. Appropriation of name and likeness- Appropriation of one’s name or likeness to the defendant’s own use or benefit. There is no appropriation when a persona’s picture is used to illustrate a non-commercial, newsworthy article. This is usually commercial in nature but need not be. The appropriation could be of “identity”. It need not be misappropriation of name, it could be the reputation, prestige, social or commercial standing, public interest, or other value on the plaintiff’s likeness.

These private rights of action are currently unavailable for use against social media platforms because of Section 230 of the Decency in Communications Act, which provides broad immunity to online providers for posts on their platforms. Section 230 prevents any of the privacy torts from being raised against social media platforms.

The Federal Trade Commission (FTC) and Social Media

Privacy law can implicate social media platforms when their practices become unfair or deceptive to the public through investigation by the Federal Trade Commission (FTC). The FTC is the only federal agency with both consumer protection and competition jurisdiction in broad sectors of the economy. FTC investigates business practices where those practices are unfair or deceptive. FTC Act 15 U.S.C S 45- Act prohibits “unfair or deceptive acts or practices in or affecting commerce” and grants broad jurisdiction over privacy practices of businesses to the FTC. Trade practice is unfair if it causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and is not outweighed by countervailing benefits to consumers or competition. A deceptive act or practice is a material representation, omission, or practice that is likely to mislead the consumer acting reasonably in the circumstances, to the consumer’s detriment.

Critically, there is no private right of action in FTC enforcement. The FTC has no ability to enforce fines for S5 violations but can provide injunctive relief. By design, the FTC has very limited rulemaking authority, and looks to consent decrees and procedural, long-lasting relief as an ideal remedy. The FTC pursues several types of misleading or deceptive policy and practices that implicate social media platforms: notice and choice paradigms, broken promises, retroactive policy changes, inadequate notice, and inadequate security measures. Their primary objective is to negotiate a settlement where the company submits to certain measures of control of oversight by the FTC for a certain period of time. Violations of the agreements could yield additional consequences, including steep fines and vulnerability to class action lawsuits.

Relating to social media platforms, the FTC has investigated misleading terms and conditions, and violations of platform’s own policies. In Re Snapchat, the platform claimed that user’s posted information disappeared completely after a certain period of time, however, through third party apps and manipulation of user’s posts off of the platform, posts could be retained. The FTC and Snapchat settled, through a consent decree, to subject Snapchat to FTC oversight for 20 years.

The FTC has also investigated Facebook for violation of its privacy policy. Facebook has been ordered to pay a $5 billion penalty and to submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy to settle FTC charges claiming that they violated a 2012 agreement with the agency.

Unfortunately, none of these measures directly give individuals more power over their own privacy. Nor do these policies and processes give individuals any right to hold platforms responsible for being misled by algorithms using their data, or for intrusion into their privacy by collecting data without allowing an opt-out.

Some of the most harmful social media practices today relate to personal privacy. Some examples include the collection of personal data, the selling and dissemination of data through the use of algorithms designed to subtly manipulate our pocketbooks and tastes, collection and use of data belonging to children, and the design of social media sites to be more addictive- all in service of the goal of commercialization of data.

No current Federal privacy scheme exists. Previous Bills on Privacy have been few and narrowly tailored to relatively specific circumstances and topics like healthcare and medical data protection by HIPPA, protection of data surrounding video rentals as in the Video Privacy Protection Act, and narrow protection for children’s data in Children’s Online Protection Act. All the schemes are outdated and fall short of meeting the immediate need of broad protection of widely collected and broadly utilized data from social media.

Current Bills on Privacy

Upon request from some of the biggest platforms, outcry from the public, and the White House’s request for Federal Privacy regulation, Congress appears poised to act. The 118th Congress has pushed privacy law as a priority in this term by introducing several bills related to social media privacy. There are at least ten Bills currently pending between the House of the Senate addressing a variety of issues and concerns from Children’s data privacy to the minimum age for use and designation of a new agency to monitor some aspects of privacy.

S744The Data Care Act of 2023 aims to protect social media user’s data privacy by imposing fiduciary duties on the platforms. The original iteration of the bill was introduced in 2021 and failed to receive a vote. It was re-introduced in March of 2023 and is currently pending. Under the act, social media platforms would have the duty to reasonably secure user’s data from access, refrain from using the data in a way that could foreseeably “benefit the online service provider to the detriment of the end user” and to prevent disclosure of user’s data unless the party is also bound by these duties. The bill authorizes the FTC and certain state officials to take enforcement actions upon breach of those duties. The states would be permitted to take their own legal action against companies for privacy violations. The bill would also allow the FTC to intervene in the enforcement efforts by imposing fines for violations.

H.R.2701 – Perhaps the most comprehensive piece of legislation on the House floor is the Online Privacy Act. In 2023, the bill was reintroduced by democrat Anna Eshoo after an earlier version on the bill failed to receive a vote and died in Congress. The Online Privacy Act aims to protect users by providing individuals rights relating to the privacy of their personal information. The bill would also provide privacy and security requirements for treatment of personal information. To accomplish this, the bill established a new agency – the Digital Privacy Agency- which would be responsible for enforcement of the rights and requirements. The new individual rights in privacy are broad and include the rights of access, correction, deletion, human review of automated decision, individual autonomy, right to be informed, and right to impermanence, amongst others. This would be the most comprehensive plan to date. The establishment of a new agency with a task specific to administration and enforcement of privacy laws would be incredibly powerful. The creation of this agency would be valuable irrespective of whether this bill is passed.

HR 821– The Social Media Child Protection Act is a sister bill to one by a similar name which originated in the Senate. This bill aims to protect children from the harms of social media by limiting children’s access to it. Under the bill, Social Media platforms are required to verify the age of every user before accessing the platform by submitting a valid identity document or by using another reasonable verification method. A social media platform will be prohibited from allowing users under the age of 16 to access the platform. The bill also requires platforms to establish and maintain reasonable procedures to protect personal data collected from users. The bill affords for a private right of action as well as state and FTC enforcement.

S 1291The Protecting Kids on Social Media Act is similar to its counterpart in the House, with slightly less tenacity. It similarly aims to protect children from social media’s harms. Under the bill, platforms must verify its user’s age, not allow the user to use the service unless their age has been verified, and must limit access to the platform for children under 12. The bill also prohibits retention and use of information collected during the age verification process. Platforms must take reasonable steps to require affirmative consent from the parent or guardian of a minor who is at least 13 years old for the creation of a minor account, and reasonably allow access for the parent to later revoke that consent. The bill also prohibits use of data collected from minors for algorithmic recommendations. The bill would require the Department of Commerce to establish a voluntary program for secure digital age verification for social media platforms. Enforcement would be through the FTC or state action.

S 1409– The Kids Online Safety Act, proposed by Senator Blumenthal of Connecticut, also aims to protect minors from online harms. This bill, as does the Online Safety Bill, establishes fiduciary duties for social media platforms regarding children using their sites. The bill requires that platforms act in the best interest of minors using their services, including mitigating harms that may arise from use, sweeping in online bullying and sexual exploitation. Social media sites would be required to establish and provide access to safeguards such as settings that restrict access to minor’s personal data and granting parents the tools to supervise and monitor minor’s use of the platforms. Critically, the bill establishes a duty for social media platforms to create and maintain research portals for non-commercial purposes to study the effect that corporations like the platforms have on society.

Overall, these bills indicate Congress’s creative thinking and commitment to broad privacy protection for users from social media harms. I believe the establishment of a separate body to govern, other than the FTC which lacks the powers needed to compel compliance, to be a necessary step. Recourse for violations on par with the EU’s new regulatory scheme, mainly fines in the billions, could help.

Many of the bills, for myriad aims, establish new fiduciary duties for the platforms in preventing unauthorized use and harms for children. There is real promise in this scheme- establishing duty of loyalty, diligence and care for one party has a sound basis in many areas of law and would be more easily understood in implementation.

The notion that platforms would need to be vigilant in knowing their content, studying its affects, and reporting those effects may do the most to create a stable future for social media.

The legal responsibility for platforms to police and enforce their policies and terms and conditions is another opportunity to further incentivize platforms. The FTC currently investigates policies that are misleading or unfair, sweeping in the social media sites, but there could be an opportunity to make the platforms legally responsible for enforcing their own policies, regarding age, against hate, and inappropriate content, for example.

What would you like to see considered in Privacy law innovation for social media regulation?

Sharing is NOT Always Caring

Where There’s Good, There’s Bad

Social media’s vast growth over the past several years has attracted millions of users who use these platforms to share content, connect with others, conduct business, and spread news and information. However, social media is a double-edged sword. While it creates communities of people and bands them together, it destroys privacy in the meantime. All of the convenient aspects of social media that we know and love lead to significant exposure of personal information and related privacy risks. Social media companies retain massive amounts of sensitive information regarding users’ online behavior, including their interests, daily activities, and political views. Algorithms are embedded within these functions to promote specific goals of social media companies, such as user engagement and targeted advertising. As a result, the means to achieve these goals conflict with consumers’ privacy concerns.

Common Issues

In 2022, several U.S. state and federal agencies banned their employees from using TikTok on government-subsidized devices, fearful that foreign governments could acquire confidential information. While a lot of the information collected through these platforms is voluntarily shared by users, much of it is also tracked using “cookies,” and you can’t have these with a glass of milk! Tracking cookies allows information regarding users’ online browsing activity to be stored and displayed in a way that targets specific interests and personalizes content tailored to these particular likings. Signing up for a social account and agreeing to the platform’s terms permits companies to collect all of this data.

Social media users leave a “digital footprint” on the internet when they create and use their accounts. Unfortunately, enabling a “private” account does not solve the problem because data is still retrieved in other ways. For example, engagement in certain posts through likes, shares, comments, buying history, and status updates all increase the likelihood that privacy will be intruded on.

Two of the most notorious issues related to privacy on social media are data breaches and data mining. Data breaches occur when individuals with unauthorized access steal private or confidential information from a network or computer system. Data mining on social media is the process in which user information is analyzed to identify specific tendencies which are subsequently used to inform research and other advertising functions.

Other issues that affect privacy are certain loopholes that can be taken around preventive measures already in place. For example, if an individual maintains a private social account but then shares something with their friend, others who are connected with the friend can view the post. Moreover, location settings enable a person’s location to be known even if the setting is turned off. Other means, such as Public Wi-Fi and websites can still track users’ locations.

Taking into account all of these prevailing issues, only a small amount of information is actually protected under federal law. Financial and healthcare transactions as well as details regarding children are among the classes of information that receive heightened protection. Most other data that is gathered through social media can be collected, stored, and used. Social media platforms are unregulated to a great degree with respect to data privacy and consumer data protection. The United States does have a few laws in place to safeguard privacy on social media but more stringent ones exist abroad.

Social media platforms are required to implement certain procedures to comply with privacy laws. They include obtaining user consent, data protection and security, user rights and transparency, and data breach notifications. Social media platforms typically ask their users to agree to their Terms and Conditions to obtain consent and authorization for processing personal data. However, most are guilty of accepting without actually reading these terms so that they can quickly get to using the app.

Share & Beware: The Law

Privacy laws are put in place to regulate how social media companies can act on all of the information users share, or don’t share. These laws aim to ensure that users’ privacy rights are protected.

There are two prominent social media laws in the United States. The first is the Communications Decency Act (CDA) which regulates indecency that occurs through computer networks. Nevertheless, Section 230 of the CDA provides enhanced immunity to any cause of action that would make internet providers, including social media platforms, legally liable for information posted by other users. Therefore, accountability for common issues on social media like data breaches and data misuse is limited under the CDA. The second is the Children’s Online Privacy Protection Act (COPPA). COPPA protects privacy on websites and other online services for children under the age of thirteen. The law prevents social media sites from gathering personal information without first providing written notice of disclosure practices and obtaining parental consent. The challenge remains in actually knowing whether a user is underage because it’s so easy to misrepresent oneself when signing up for an account. On the other hand, the European Union has General Data Protection Regulation (GDPR) which grants users certain control over when and how their data is processed. The GDPR contains a set of guidelines that restrict personal data from being disseminated on social media platforms. In the same way, it also gives internet users a long set of rights in cases where their data is shared and processed. Some of these rights include the ability to withdraw consent that was previously given, access information that is collected from them, and delete or restrict personal data in certain situations. The most similar domestic law to the GDPR is the California Consumer Privacy Act (CCPA) which was enacted in 2020. The CCPA regulates what kind of information can be collected by social media companies, giving platforms like Google and Facebook much less freedom in harvesting user data. The goal of the CCPA is to make data collection transparent and understandable to users.

Laws on the state level are lacking and many lawsuits have occurred as a result of this deficiency. A class action lawsuit was brought in response to the collection of users’ information by Nick.com. These users were all children under the age of thirteen who sued Viacom and Google for violating privacy laws. They argued that the data collected by the website together with Google’s stored data relative to its users was personally identifiable information. A separate lawsuit was brought against Facebook for tracking users when they visited third-party websites. Individuals who brought suit claimed that Facebook was able to personally identify and track them through shares and likes when they visited certain healthcare websites. Facebook was able to collect sensitive healthcare information as users browsed these sites, without their consent. However, the court asserted that users did indeed consent to these actions when they agreed to Facebook’s data tracking and data collection policies. The court also stated that the nature of this data was not subject to any stricter requirements as plaintiffs claimed it was because it was all available on publicly accessible websites. In other words, public information is fair game for Facebook and many other social media platforms when it comes to third-party sites.

In contrast to these two failed lawsuits, TikTok agreed to pay a $92 million settlement for twenty-one combined lawsuits due to privacy violations earlier this year. The lawsuit included substantial claims, such as allegations that the app analyzed users’ faces and collected private data on users’ devices without obtaining their permission.

We are living in a new social media era, one that is so advanced that it is difficult to fully comprehend. With that being said, data privacy is a major concern for users who spend a large amount of time sharing personal information, whether they realize it or not. Laws are put in place to regulate content and protect users, however, keeping up with the growing presence of social media is not an easy task–sharing is inevitable and so are privacy risks.

To share or not to share? That is the question. Will you think twice before using social media?

Skip to toolbar