Share buttons: when sharing may not be the best thing

Share buttons like those promoted by social media platforms (e.g., Facebook, Twitter, Linkedin, Pinterest, etc.) are fairly common elements in and among webpages these days. Website owners prefer to put them up so that, with just a couple of clicks, visitors can quickly and easily share articles and other content in their respective social networks. Website content travel more efficiently across the internet this way and are able to reach a wider audience. That, in turn, increases website traffic. For readers, it also makes for an easier task compared to the alternative: constantly copy-pasting links to interesting online content.
 
But do you ever wonder what really happens every time you click on one of these buttons? Do you know that each time you do so, you are actually providing some of your online data to third parties, and not just to the social media platforms and website you’re on?
 
Website owners use a wide variety of share buttons, and not just those by social media companies. Many also avail of the services of entities like AddThis, ShareThis, and AddToAny. This tends to be problematic since these companies typically collect and accumulate information share buttons do not really need in order to function properly.
 
For many of them, what they try to do is place cookies (i.e., little snippets of code that capture browser history and other data) on visitors’ devices by default. If successful, the cookies allow the companies to track website visitors when they navigate the internet. If a visitor has an account in a particular social media platform, the cookies will allow that platform to display relevant ads based on the browsing history of the visitor. If a visitor doesn’t have an account, the cookies will still follow the visitor by fingerprinting his or her device and recording it along with the visitor’s browsing habits. This way, the collecting entity is able to build thousands (and even millions) of profiles that can be sold to advertising and marketing companies.
 
If one takes a look at these third-party trackers on an individual basis, it’s also easy to spot specific privacy concerns.
 
Take the case of AddThis. When you read their Privacy Policy, you will notice that it explicitly states that the personal data it collects will be used to market products and services to visitors, to provide personalized recommendations and messages, to link browsers and apps across devices, and to “sync” unique identifiers with their partner-companies. It also says they sell personal data to partners and other third parties, including service providers. While the company offers options through which visitors can opt out of its data processing system, the procedure relies on them being aware of AddThis’s Privacy Policy and capable of figuring out its opt-out scheme. It’s also worth noting that, even after visitors have opted out, AddThis says they may still temporarily receive ads due to marketing campaigns already underway by the time they decided to opt out.
 
Meanwhile, ShareThis’s Privacy Policy states that the company also “collects data about internet users and how they interact with content, websites and adverts. The data comes from its own data collection activities, as well as from other entities in the same field (i.e., data analytics and advertising). Such wealth of information allows ShareThis and its partners to carry out data analytics and deliver “relevant, targeted advertising”. The company also claims to share its insights with its clients, helping improve the effectiveness of the latter’s online content and advertising.
 
The main problem in all this is control—or more specifically, the lack of it. Website visitors virtually have little to no control over their personal data when they browse the internet. They are unable to impose a true limit on the way companies—like those in marketing and advertising—use their data.
 
It’s true that many websites that use share buttons tend to be transparent about their third-party tie-ups. Unfortunately, most visitors are unable appreciate the relevance and implications of such relationships, including the fact that third-parties have separate and often different privacy policies. And then for those that do care about privacy policies, they still have to contend with documents that are frequently long, unclear, or not reader-friendly. This explains why they are rarely read and understood by those people they are meant to inform.
 
One way forward is for website owners to install and use share buttons that have been developed with a privacy by design approach. This usually means using homegrown or custom-made buttons that keep data processing to a minimum. If websites must utilize those made by social media platforms and other companies, they have to be at least transparent about it. Ideally, they should also subject the buttons to reasonable scrutiny. And as far as cookies are concerned, they have to be governed by an opt-in regime (except for those needed by websites to function properly)—not an opt-out one.
 
Website visitors, on the other hand, can take action too. Even if it’s more cumbersome, they can just copy-paste the URLs of websites or content they like if they consider these worth sharing. They can also take greater control over the processing of their personal data by exercising the rights afforded to them by data protection laws like the Data Privacy Act of 2012. They can, for instance, object to the processing of their personal data if it is done in a way that is inconsistent with the provisions of the law. It also won’t hurt if they take the time to actually read and understand the privacy policies behind these buttons they like to use (a lot).
 
To get around to doing the things that need to be done, website owners and all these other data processors should remember that all personal data they collect belong to the people they pertain to. To establish and maintain lasting relationships with them, it is important for them, as data custodians, to demonstrate the protection they give to collected data and the respect they have for people’s privacy rights.
 
For website users and visitors, they have some reflecting to do, too. Sharing content on social media and other online platforms can indeed be a great way to promote knowledge, spread interesting content, and interact with other people. But doing it with all these little buttons may not be as benign as they’d like to think. A lot of things happen behind the scenes. They also need to be more vigilant and proactive if they are to make sure their online data are really in safe hands.