Threads may be collecting data illegally, analyst warns

Who can say whether Threads will prove a successful rival to Twitter — but security experts are already warning that when it comes to illicit user data tracking on the Meta app, it could well be a case of “meet the new boss, same as the old boss.”

Surfshark flagged up several potential no-nos in Mark Zuckerberg’s latest social media offering, not least that Threads has “privacy issues.”

“Data may be collected with no legal basis. Threads collects sensitive information like racial or ethnic data, sexual orientation, and more,” said the cybersecurity analyst.

What’s more, Surfshark believes that users may be unable to exercise their General Data Protection Regulation (GDPR) rights if they have a problem with this. Threads has yet to be launched in the EU where the guidance is strictly enforced.

“In the EU, sensitive data can usually only be collected and used with a person’s consent,” said Surfshark. “However, it is unclear whether a proper legal basis is used for the collection of this data. The app also collects browsing history, health, and fitness data. This information is likely shared within the Meta group and with third-party advertising service providers.”

Another issue flagged by Surfshark is the interdependence between Threads and its ‘mother template’ Instagram, also part of Zuckerberg’s Meta empire. Deleting one requires erasing the other, it added, emphasizing the symbiotic relationship between the two platforms.

“The interconnectedness of Instagram and Threads enables better user experiences but raises concerns about data protection rights, such as the right to data deletion under the GDPR,” it said.

“Additionally, having one more app in the pool of Meta apps — Facebook, Instagram, Whatsapp — might facilitate more accurate user profiling through increased data collection, potentially enabling precise predictions about user habits.”

If users didn’t register on Threads via Instagram, opting to jump on the new platform via a third-party service instead, their requests to implement their rights under the GDPR and other similar laws might be dismissed, Surfshark added.

“This means that users might be unable to delete their data, get a copy of their data, or request information about how their personal data is used,” it said.

Threads saw users flocking to sign up in its first week after launching earlier this month, with more than 100,000 subscribing during that period. However, since then it has been noted that return custom has dwindled to just 23.6 million daily active users on July 14th.

Surfshark’s revelations are unlikely to be welcomed by Meta, as it seeks to reverse the downwards shift in the hope of one day posing a credible threat to Elon Musk’s Twitter.