West Science Law and Human Rights Vol.
No.
July 2025, pp.
Personal Data Privacy in Social Media Platform: Governance.
Ethics, an Regulatory Measures.
Aprilia Dwi Santoso Putri1.
Rina Arum Prasastyanti2
Duta Bangsa University Article Info
ABSTRACT
Article history:
This study explores the complexities of personal data privacy in the context of social media platforms, and existing regulatory Trough a multidisciplinary analytical approach, this study evaluates the relationshipbetween users privacy rights, data management practies by platforms, and corporate legal liability.
As a theoretical frameworks, the theory of privacy rights, data governance theory, and the concept of platforms responbilityare used toanalyze this problem.
The results of the study revealed that there is a significant gap between the business model of platforms that rely on data extraction and user privacy expectations.
Also identified are the limitations of current regulations in the face of rapid technological dynamics.
This research contributes to the literature by introducing an integrated privacy governance model, which seeks to accommodate the needs of a more adaptive regulatory These findings have important implications for policy development, industry practices, and improved digital literacy for users.
Received July, 2025 Revised July, 2025 Accepted July, 2025 Keywords:
Personal Data Privacy Social Media Platform Data Governance Platform Responbility This is an open access article under the CC BY-SA license.
Corresponding Author:
Name: Rina Arum Prastyanti Institution Address: Jl.
Ki Mangun Sarkoro No.
Nusukan.
Banjarsari.
Surakarta.
Indonesia e-mail: rina_arum@udb.
INTRODUCTION
The technology and the rapid growth of social media platforms has changed the way we Behind the convenience and connectivity offered, there are complex challenges related to the privacy of users' personal data that are increasingly becoming a global concern.
This research arises from concerns about the power imbalance between users and large technology platforms in regulating personal information.
Through this research, we seek to not only recognize the problems, but also provide solutions that can connect the interests of various parties, from individual users to technology platforms, regulators, and civil society.
diverse approach is expected to provide a comprehensive and balanced perspective on data privacy management in the digital era.
We hope that this research can contribute to academic discussions, policy development, and increase public awareness about the importance of protecting personal data Journal homepage: https://wsj.
westscience-press.
com/index.
php/wslhr A West Science Law and Human Rights privacy on social media platforms.
Fundamentally, our goal is to foster an innovative and dynamic digital ecosystem, while respecting the privacy rights and dignity of users.
The rapid growth of social media platforms in the past decade has brought about profound changes in the global information ecosystem.
With more than 4.
billion social media users worldwide .
, the amount of personal data collected, processed and monetized has reached unprecedented The Audata as the new oilAy paradigm has fueled platform business models that rely on commercialization of users' personal data, often with devastating repercussions.
themselves are unaware of.
In this study, we seek to answer a number of important questions, namely: .
How to achieve a balance between the privacy rights of users and the business interests of the platform? .
What is the most effective data governance framework that benefits from protecting privacy while still supporting .
How responsibilities be defined and enforced in the context of varying regulations at the global The research aims to analyze the practices of personal data management by social media platforms, evaluate the frameworks, and develop a privacy governance model that is user-centric but still sensitive to the interests of various This research offers an important contribution in the context of increasing global attention to digital privacy, the emergence of new regulations such as GDPR in Europe.
CCPA in California, and PDPA in various Asian countries, as well as public debates about the responsibilities of large tech platforms.
The results of this study are expected to inform policy development, industry practices, and public awareness about data privacy.
The theory of the right to privacy has evolved from the idea of "the right to be left understanding of control over personal data.
In the digital world, it is important to have clear consent, transparency, and control over users over their information.
A contextual privacy approach also helps us understand how information should be flowed according to the social context, especially in an era of social media that blurs traditional boundaries.
Data governance discusses the structure and practices of data management throughout its lifecycle.
The existing model includes hierarchical approaches, markets, and self-governance.
On social media platforms, a co-regulatory approach that combines formal regulation and selfgovernance is increasingly being considered.
Previous studies have identified challenges in implementing effective data governance principles on social media platforms, including information asymmetry, technical complexity, and conflicts of interest .
Platform responsibility has been the focus of academic and policy debate in policy in recent years, with perspectives ranging from libertarian approaches that prioritize self-regulation to advocacy for stricter regulation .
, .
Platform liability theory combines elements from media law, technology ethics, and the political economy of communication to articulate the platform's obligations to users and society at large .
Contemporary debates about platform responsibility also encompass the concept of "algorithmic justice" and accountability for automated decision-making systems that affect user privacy .
LITERATURE REVIEW
1 Privacy Rights Theory and Digital Governance Privacy rights theory has evolved from Warren and Brandeis's .
"right to be left alone" to complex frameworks addressing digital governance.
Westin .
established informational self-determination as a core principle, defining privacy as individuals' claim to control when, how, and to what extent their information is communicated.
Vol.
No.
July 2025: pp.
West Science Law and Human Rights This foundation remains central to modern privacy law.
Nissenbaum's .
contextual integrity theory revolutionized privacy scholarship by arguing that privacy expectations are contextual rather than universal.
Information flows are appropriate when they conform to specific contextual norms defined by actors.
This framework is particularly relevant to social media platforms where users navigate multiple overlapping contexts within single digital spaces.
Recent scholarship expanded to collective privacy dimensions.
Marwick and Boyd .
introduced "networked privacy," recognizing that individual privacy decisions affect entire social networks through social graphs and inferential analytics.
Kumar et al.
argued that privacy should be demonstrating how aggregated individual data can reveal sensitive group information.
Zuboff's .
surveillance capitalism framework provides critical insight into platform business models, arguing that platforms extract behavioral data to create "behavioral futures markets.
" This creates "instrumentarian power"Aithe ability to shape modificationAihighlighting structural power protections may inadequately address.
2 Data Governance Models and Platform Rresponsibility Data governance literature identifies .
overnment-le.
, market-based .
ndustry self-regulatio.
, and network-based .
ultistakeholder collaboratio.
Co-regulatory approaches combining formal regulation with industry self-governance have gained prominence as frameworks addressing limitations of pure regulatory and marketbased approaches (Marsden, 2.
Platform emerged as platforms evolved into quasigovernmental governance frameworks.
Gillespie .
reveals how platforms navigate tension between being neutral conduits and active mediators through strategic ambiguity.
Van Dijck.
Poell, and de Waal .
propose the "platform society" concept, arguing that infrastructure extending responsibility goes beyond technical aspects to broader social The literature on algorithm accountability explains how algorithmic systems affect individual privacy and Pasquale .
criticizes algorithmic systems that function as Aublack boxesAy.
Diakopoulos .
proposes a model of accountability based on transparency, clarity, and auditability, although he recognizes the conflict between transparency and competitive advantage.
The idea of fiduciary responsibility for data management on platforms has attracted attention.
Balkin .
argues that platforms should be viewed as Auinformation fiduciariesAy who have a legal responsibility to maintain fidelity, care and McDonald and Cranor .
argue that fiduciary responsibility can provide more effective privacy protection than models that rely on consent, although major changes in the legal framework are 3 Comparative Regulatory Frameworks and Implementation Challenges Regulatory responses internationally show diverse philosophical approaches in seeking a balance between privacy protection and economic progress.
The GDPR in the European Union is a comprehensive rightsbased regulation with international reach.
Hoofnagle and colleagues .
note the socalled AuBrussels effectAy of the GDPR, whereby EU regulations become global standards through market mechanisms.
Bradford .
examines how European privacy standards became an international norm thanks to the spillover effect of regulation.
Meanwhile, the United States implements sectoral regulations with different provisions for each industry.
Solove and Hartzog .
reveal consistent principles as well as problems in the existing legal framework.
Vol.
No.
July 2025: pp.
West Science Law and Human Rights The California Consumer Privacy Act (CCPA) represents a major shift in privacy regulation at the state level.
Determann .
observes that state-level regulation brings challenges to compliance, while potentially being more aligned with US legal traditions.
In Asia, jurisdictions are developing hybrid strategies that combine aspects from Europe and America.
Greenleaf .
mentions provisions for government access to data localization requirements, and emphasis on economic development.
Singapore's PDPA exemplifies hybrid approaches incorporating European-style principles while maintaining business innovation flexibility.
User behavior research reveals complex relationships between privacy concerns and actual behavior.
The "privacy paradox" (Norberg et al.
, 2.
describes users expressing strong privacy concerns while continuing to share personal information.
Solove .
argues that apparent behavioral inconsistencies may reflect rational responses to limited choices rather than inconsistent Digital literacy research emphasizes its importance in enabling meaningful privacy Hargittai and Marwick .
find that higher digital literacy correlates with privacy-protective behaviors, though even digitally literate users struggle with complex privacy settings.
Park .
proposes privacy literacy frameworks encompassing technical knowledge and critical thinking skills.
METHODS
1 Research Approach The methodological approach that combines policy analysis, comparative case studies, and This multidisciplinary approach allows for a comprehensive understanding of the complex dynamics of data privacy on social media 2 Data Collection Data for this study were obtained from various sources: .
privacy policy A documents from the five largest social media .
regulatory frameworks from different jurisdictions .
he European Union, the United States, and five Asian countrie.
case studies of data breach and privacy litigation .
semi-structured interviews with 25 privacy experts, regulators, and industry executives.
3 Data Analysis Data were analyzed using a thematic approach to identify patterns, tensions, and best practices in privacy governance.
Framework analysis is used to map regulatory approaches across jurisdictions, while critical discourse analysis is applied to platform privacy policies to uncover inherent assumptions and positions of power.
4 Research Limitations The study has several limitations, including a focus on dominant social media platforms that may not represent the entire landscape, data access challenges due to information ownership, and rapidly changing regulatory dynamics that may affect the longterm relevance of the findings.
RESULTS AND DISCUSSION
Analysis of how data is managed by social media shows a difference between what they claim about privacy and the reality in the field regarding data collection.
Although they stated that they protect user privacy, these platforms still collect more data both in number and type, with an average increase of 40% in data variation from 2018 to 2023.
Many of these platforms implement complex consent methods, which force users to agree to extensive data collection.
In addition, there are 127 technical terms in the privacy policy that are not clearly explained.
The platform also implements location tracking through non-transparent methods, such as the use of photo metadata.
WiFi triangulation, and network pattern Face technology known as facial recognition brings challenges to privacy, with the potential misuse of biometric data for advertising and monitoring.
A review of the international regulatory framework shows Vol.
No.
July 2025: pp.
West Science Law and Human Rights that there are three dominant regulatory models: the rights-based model in the European Union guided by the GDPR, the intermittent sectoral model in the United States, and the mixed model in Asia-Pacific that is highly dependent on the local context.
Obstacles in the implementation of regulations include limited resources for enforcement and difficulties in understanding the latest technology.
The results of interviews with a number of stakeholders indicate that many regulators consider the current regulations to be inadequate and more supportive of the co-regulation Executives in the industry are aware of the tension between their business and privacy protection.
Privacy experts argue that the current consent mechanism is ineffective and propose the need for a better privacy plan.
This study concludes that the traditional concept of consent is no longer relevant for data management on social There is a need to switch to "dynamic agreement" that can adapt to technological advances and changing user demands.
This research also highlights the responsibility of the platform as a development in legal doctrine, including the obligation to maintain The power imbalance between users and platforms is also a concern, with asymmetric information and technology identified as the main issue.
From the results of this research, an integrated privacy governance model was developed, which includes principle-based regulation, improvement of self-management mechanisms, technical privacy tools, and user empowerment through education.
The framework for implementation is divided into three stages, starting from building the basis.
This study provides theoretical contributions in various aspects, such as the development of privacy theory for digital platforms, governance models involving many stakeholders, and responsibilities from The practical implications include the development of technical capabilities by regulators, the application of privacy principles by the platform, as well as the improvement of digital literacy and awareness of privacy rights among users.
CONCLUSION
This research confirms that data privacy on social media platforms is a multidimensional approach.
The findings point to significant gaps between platform practices and user privacy expectations, evolving regulatory frameworks that often lag behind technological innovation, and the multi-stakeholder Platform responsibilities need to be redefined to include not only legal compliance but also ethical obligations to users and society.
ACKNOWLEDGEMENTS
This research would not have been contributions from various parties who have taken the time, shared their knowledge, and placed their trust in us.
From the bottom of our hearts, we would like to express our deepest gratitude to the respondents from authorities, social media platforms, and civil society organizations who have been willing to share their views, experiences, and valuable insights on the issue of personal data protection and digital governance.
We would also like to thank Dr.
Rina Arum Prastyanti.
, as our academic supervisor, for her guidance, encouragement, and constructive input during the research and writing process of this article.
The participation and support of various parties has enriched our understanding of this complex topic.
We recognize that any errors that may be contained in this article are the sole responsibility of the authors.
REFERENCES