Facebook retains consumer data for 180 days post account deletion

Image via Unsplash

Social media cybersecurity was analyzed in a recent report by Incogni. The report used the following metrics for ranking:

User friendliness: How easy it is to understand the privacy policy and how many steps it takes for a user to delete their account.
Data collection and retention: The data collected and stored by various social media platforms, with implications for data breaches, invasive advertising, and other aspects of people's digital lives.
Transgressions: The number of government fines and data breaches.
Transparency: How much user data reaches governments and how accessible certain features are for users.
User control and consent: The available privacy settings, default privacy settings, and opt-out visibility options.

The study found that Meta (Facebook, Instagram and Facebook Messenger), YouTube and Discord all keep users’ data for 180 days after they have deleted their accounts. This means social platforms could be holding onto personal photos, videos, messages, financial information and health details many months after users believe they have cut ties with the service.

Holding onto data for 180 days means users could also be unexpectedly caught up in data breaches or other unwanted disclosures long after they believe they have been removed from a platform.

WhatsApp, Reddit and Twitch keep users’ data for 90 days, Snapchat holds it for 60 days, while TikTok and X (formerly Twitter) delete data after 30 days. Encrypted messaging service Telegram keeps data for the shortest amount of time at just one day.

How difficult is it to delete an account?

Deleting a social media account should be a relatively easy thing to do for a user once they decide that they no longer wish to use a platform. Yet users of some platforms, including Facebook, YouTube, Instagram and Facebook Messenger, need to make six clicks to delete their account.

Data breaches

While social media has become indispensable for many people, the platforms pose significant privacy and data security risks.

Since 2012, LinkedIn has experienced four data breaches, followed by X and Facebook with two each. Live streaming service Twitch had one data breach over the same period.

Government fines, which reflect the platforms’ failures to meet legal requirements, were also assessed by Incogni. Facebook has received eight fines since 2011, while WhatsApp has been fined five times. X and TikTok have both received four fines.

YouTube, Instagram, Facebook Messenger, Snapchat, Pinterest and Twitch have all been fined at least once.

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.