A social login provides a myriad of straightforward solutions for your website or mobile application. The login is effortless for users (one less password to memorize), and will provide you with easy access to both login credentials and social sharing mechanisms for your services. The option may seem like a no-brainer, but don't forget the fine print!
Yes, you will need a Privacy Policy in order to implement a social login, and it should feature specific wording depending on the type of social platform connections you offer.
You may wonder why most online businesses go through the trouble of creating pages of fine-tuned legal print to offer even the simplest of services. Here are a few basics of what a Privacy Policy covers and why it's necessary:
The Facebook Platform Policy outlines a wide range of regulations for using their API technology.
Although privacy laws may vary slightly according to which country your business is based in, the idea is essentially the same worldwide: Let users know what information you collect about them and how you use it.
Here are a few specific regulations that will likely apply to your business:
1. California Online Privacy Protection Act (CalOPPA):
Although this is technically a state law implemented by California, its jurisdiction reaches any business that collects personal information from a California resident. In other words, it applies to most businesses in the USA and beyond.
2. The General Data Protection Regulation (GDPR):
This new and far-reaching regulatory measure will go into effect in May 2018. It applies to any organization that collects personal information from EU citizens.
The Facebook login feature offers more than just an easy login process. The application programming interface (API) software also provides multiple connection features so that users can connect with their Facebook friends or share content directly from within your website or mobile app.
In order to implement Facebook Connect features, you will need not only a thorough Privacy Policy, but also specific language that lets users know which information you will be collecting about them through Facebook.
As shown in Facebook's Platform Policy above, Facebook Connect requires the following provisions to be met before using the API software:
Meetup offers links to a Privacy Policy and a Cookie Policy from the initial Facebook Connect registration screen:
Within the Privacy Policy, Meetup describes their use of "Social Media Services," which information is collected, and lets users know that they can disable the connection at any time:
Facebook also offers various marketing and advertising solutions that can be used within your website and mobile applications.
As shown in the above screenshot, Facebook's Platform Policy includes requirements for the use of their ad solutions as well.
If you plan to use these services, here are a few basic rules to follow:
Wondery describes the use of information from third-party social networks and how it is used:
Trivago informs users of specific information they use during the registration process, requesting explicit consent from the user:
Basware describes how it uses personal data for Facebook marketing ads and where to find opt-out information:
Twitter also offers API software for connecting your website or mobile app with Twitter. Through this interface, users can login to your website with Twitter, connect with followers, and share your content, depending on the functionality you desire for your business.
Twitter also requires an easily accessible Privacy Policy to be posted on your website or mobile app, according to their Developer Policy:
As indicated above, Twitter calls for the following conditions in regard to your Privacy Policy before using their login or API software:
Periscope clearly links to their Privacy Policy within the Twitter login registration form. They also describe in detail the personal information they gather about users through Twitter:
Within the Periscope Privacy Policy, they go on to describe how they use the personal data collected from Twitter:
As for Twitter's requirements regarding cookies, the University of Reading sets a good example of how to list the Twitter third-party cookies that are used on their site:
Google Sign-In also provides an easy login process and various ways to implement the social network's features into your website or mobile app. You can use the API to view a user's connections and make suggestions based on those connections' activities within your app.
Google goes into even further detail outlining developer guidelines within their User Data Policy:
Although the above policy covers quite a few regulations, here are the basics you'll need to remember for your Privacy Policy if you plan to use Google Sign-In:
The New York Times offers a quick and easy Google sign-in feature that links to the Privacy Policy within the login process:
Within their Privacy Policy, the New York Times goes on to describe the data they collect through Google Sign-in and how to disassociate the account:
Instagram is another login API that offers unique social functions to your website or mobile app. The rich resource of photos and hashtags may be used to create dynamic image feeds, among other things.
Since its features and user information are more simple than most social networks, Instagram's privacy requirements are less involved:
According to the policy above, Instagram only has four simple requirements for its API developers:
Bumble uses one short paragraph to encompass all of the information they collect from social media connected accounts, including Instagram:
ThisMoment specifically mentions Instagram cookies in its Cookies Policy:
Although the requirements are slightly different for each social network, the idea is very similar for all: maintain an open, honest disclosure of all personal information you plan to use from social media API platforms.
As long as you follow the Developer Policies provided by the social network you plan to work with, your login API integration should be a smooth and uncomplicated process.