Legal and Data Privacy Writer at TermsFeed.
On this page
- 1. Social Login Integration: An Overview
- 1.1. Benefits of Social Login Integration
- 1.1.1. Enhanced User Experience
- 1.1.2. Decreased Abandonment and Increased Conversion Rate
- 1.1.3. Accurate Data Collection
- 2. Social Logins and Privacy Requirements
- 3.1. It's Required By Law
- 3.2. It's Required by Third-Party Social Media Platforms
- 4.2. Twitter Login Button Consent Requirement
- 4.3. Twitter Login Button Example
- 5.2. Google Login Button Consent Requirement
- 5.3. Google Login Button Example
- 6.2. Facebook Login Button Consent Requirement
- 6.3. Facebook Login Button Example
- 7.2. Apple Login Button Consent Requirement
- 7.3. Apple Login Button Example
- 8.2. LinkedIn Login Button Consent Requirement
- 8.3. LinkedIn Login Button Example
- 9.1. Instagram Login Button Example
- 10.1. Amazon Login Button Example
- 11. Summary
Simply put, social login is a single sign-on (SSO) technology that allows you to identify and register users on your website or app using information collected from their social media accounts.
In this article, we'll dive deep into the concept of social login integration and take an in-depth look at the privacy requirements of top social media platforms so that you're sufficiently equipped to comply with the requirements.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
Social Login Integration: An Overview
As a website or mobile app owner, one of your primary objectives is to get more user engagement for your services. An excellent way to support this objective is to streamline the process by which users register to use your services.
This is especially important in today's fast-paced digital world, where users can get easily discouraged by a long or complex registration process.
Social logins have gained traction in recent years and are now a leading solution for businesses to increase the number of registered users or sign-ups on their website or app.
As a faster and more convenient alternative to the standard account creation process, social logins are also a popular choice among users.
While social logins undoubtedly offer many benefits for businesses and users alike, they also raise several data privacy concerns that must be addressed.
First introduced by Facebook in 2008, social login integration is now offered by multiple social networking platforms, including Google, LinkedIn, Twitter, and Instagram, to mention a few.
By leveraging the popularity of these social media platforms, you can now allow users to create accounts on or sign in to your website/app using the same credentials they use on their social platforms, all at the click of a button.
This essentially eradicates the "tediousness" associated with creating a new account which keeps most users from doing so. In other words, no sign-up forms have to be completed, and no new passwords have to be memorized with social logins implemented.
Needless to say, this login method presents plenty of benefits, which we'll briefly go over next.
Benefits of Social Login Integration
The major benefits of social logins for businesses are as follows.
Enhanced User Experience
The user data you gather through social login can help you tailor your website's product or service offerings to suit the individual needs of users better, thereby providing a personalized experience for each user.
That said, providing a personalized experience shows users that you're willing to go the extra mile for them and will play a huge role in building customer loyalty, which (as you know) is the bedrock of every successful business.
Decreased Abandonment and Increased Conversion Rate
Nowadays, users are more likely to abandon their mission on your website or app once they are prompted to create an account in order to continue. This is especially true if your registration process is unreasonably long or complicated.
Social logins resolve this issue by making it faster and more convenient for users to register on your website or app. This, of course, decreases abandonment and increases your user conversion rate.
In sum, social logins work much better than standard account creation in turning potential customers into actual customers.
Accurate Data Collection
A common issue with standard account creation is the potential for users to submit inaccurate personal information in order to get through your registration process quickly.
This can corrupt your customer database and negatively impact your marketing campaigns, conversion rate, and other significant activities or metrics.
However, with social logins, the likelihood of getting inaccurate information is significantly reduced since you'll be collecting information directly from users' social media accounts.
Social Logins and Privacy Requirements
Despite its many benefits for businesses, users, and even social media platforms (e.g., off-site tracking for ad targeting), social logins raise some privacy concerns stemming from its evident collection and transfer of personal information.
Keep in mind that personal information is generally defined as "ny type of data that can directly or indirectly identify an individual."
In other words, names/usernames, email addresses, phone numbers, profile photos, and similar details are all considered personal information.
Here's an example from Social Assurance:
- It's required by law
- It's required by the third-party social media platforms
It's Required By Law
Note that you may fall under the scope of several of these laws, depending on where your business is located and where your users reside. Moreover, non-compliance with any of these laws may lead to lawsuits and substantial fines or penalties.
It's Required by Third-Party Social Media Platforms
Social logins involve collecting and transferring personal information between social media platforms and websites or apps that integrate social login buttons.
We'll dive deeper into the privacy requirements of major third-party social media platforms later in this article.
That said, prominent social media players generally require website and app developers to do the following:
- Obtain consent from your users before taking any action on their behalf
Twitter was one of the early adopters of social login integration. In 2009, Twitter launched its social login button to help users quickly and conveniently sign in to any website or app that integrates the Twitter login feature. This way, users can easily circumvent any long or tedious registration process.
- Making it easy for users to sign in and out of Twitter (e.g., through the OAuth protocol)
- Displaying the Twitter login button as prominently as other sign-up or sign-in features on their website or app, and
- Properly presenting users' Twitter identity once they use the Twitter login button
Here's how Twitter displays this:
In terms of privacy requirements, developers must maintain a reasonable level of commitment to the privacy and control of users when employing any of Twitter's services. In keeping with these principles, developers must do the following:
- Obtain "express and informed consent" from each user before taking any action on their behalf
Failing to comply with these requirements can result in an enforcement action, including suspension and termination from employing Twitter's services:
Further below in its Developer Policy, Twitter expands on how developers can comply with the requirements outlined above. Let's go over each in turn.
- The type of information you collect from your users
- How that information is used and shared with third parties (including Twitter), and
- How users can contact you with questions or requests regarding their information
Twitter Login Button Consent Requirement
In an effort to give users more control over their information, Twitter requires you as a developer to obtain "express and informed" consent from users before doing any of the following:
- Acting on users' behalf, including (but not limited to) posting tweets, following or unfollowing accounts, changing account information, launching a Periscope Broadcast, and adding hashtags or any other content to tweets
- Republishing content accessed outside the Twitter API or other Twitter tools
- Using an individual's Twitter content to advertise a product or service
- Storing non-public content like direct messages (DMs) or other confidential information
- Publishing private tweets or other confidential information
Twitter Login Button Example
You can take this same approach to implement a Twitter social login button with your mobile app, as the Poll Pay app has done here:
Now let's look at how Google directs this process and what it requires from websites or apps that choose to use its social login feature.
Google is one of the top providers of social login integration, as a substantial number of websites and apps use its sign-in button.
Here's how Google presents these requirements in its API Services User Data Policy:
Google Login Button Consent Requirement
Like most social login providers, Google requires developers to obtain consent before collecting and using personal information.
In particular, Google requires you as a developer to:
- Only obtain information that is absolutely necessary to provide the services specified in your policies.
- Where applicable, request user consent before taking any action on users' information.
Here's how this is displayed:
It's important to note that failure to comply with any of Google's policies may cause Google to "revoke or suspend" your access to all Google products and services:
Google Login Button Example
Once users click the Google login button, they are prompted to enter their Google sign-in credentials and are informed that Google will share their basic information with Tinder if they wish to continue. In doing this, Tinder has fulfilled its consent requirements:
Now let's look at what you'll need to do if you integrate the Facebook login feature on your website or app.
As the first and most popular provider of social login integration, Facebook's login button is widely used by websites and apps the world over. Like other social logins, Facebook login improves user experience by allowing users to quickly sign up on a website or app without having to fill out a form or create a password.
However, developers must observe Facebook's regulations in order to enjoy the benefits of its login integration.
For additional guidance on Facebook login integration, check out Facebook's article here with some of the company's suggested best practices.
Now let's take a look at Facebook's privacy requirements for developers.
- Retain all of your Privacy Policies while using Facebook and provide them upon request.
- Link your Privacy Policies in the appropriate fields in your App Dashboard or App Store (if applicable) and ensure you keep the links up-to-date.
Here's how Facebook displays these requirements in its developer terms:
Facebook Login Button Consent Requirement
Meta's Developer Policies includes a section titled "Give people control" that clearly outlines several requirements developers must observe with regard to users' information.
Among other requirements, developers must "obtain consent from users before publishing content or taking any other action on their behalf."
Facebook Login Button Example
Pinterest allows users with a Facebook account to log in automatically through its prominently displayed Facebook login button.
To obtain user consent, Pinterest informs users that it will connect their Facebook account to Pinterest if they click the continue button, as shown below:
You can implement a Facebook login button on a mobile app as well, as seen here from the Million Steps app:
Next up we'll check out how Apple directs users of its login functionality to implement it and disclose it properly.
As one of the biggest tech companies in the world right now, Apple needs no introduction. Not surprisingly, the Apple login button is among the most widely used social logins on websites and apps worldwide alongside Facebook and Google. With the Apple login button, users can now use their Apple ID to quickly sign in to any website or app that offers Apple login functionality, thereby circumventing the standard sign-up process.
This document briefly explains how the Apple login button works and specifies several guidelines developers must follow to be considered compliant. They are as follows:
- Ask users to sign in only in exchange for value (e.g., personalization, access to additional features, or synchronizing data)
- Consider implementing the "Sign in with Apple" button for every version of your website or app (including non-Apple platforms)
- Delay sign-in for as long as possible to let users familiarize themselves with your website or app before deciding to commit
- If you run an ecommerce website or app, let users make a purchase before asking them to create an account
- Outline the benefits of using the "Sign in with Apple" button
- Consider letting users link an existing account to "Sign in with Apple"
In addition to these requirements, you must take note of Apple's Usage Guidelines for Websites and Other Platforms, most notably the prohibited uses, as seen below:
Now let's go over Apple's privacy obligations for developers on its platform.
- Take appropriate measures to protect personal information from unauthorized access, use, or disclosure
- Stop collecting, using, and disclosing personal information once users withdraw their consent
- Notify users of any information breach as stipulated by applicable privacy laws
Here's how Apple displays these provisions:
Apple Login Button Consent Requirement
Like other major social platforms, Apple's consent requirements are explicitly addressed in its policies.
To comply accordingly, you must obtain consent from users before collecting their personal information. You must also get the approval of users before changing how you use personal information. Here's how it's stated in the Developer Program License Agreement:
Apple Login Button Example
Bumble also clarifies what happens to users' information when they disconnect the social login feature and how to stop all access to their information:
If your mobile app allows users to sign in with their existing Apple accounts, you can add such a button to your app's initial screen that users will see upon opening your app for the first time.
LinkedIn is next on our list of social login integrations and privacy requirements. Let's look at what it requires and how to comply.
As the leading social media platform for professional networking and career development, LinkedIn is highly relevant, especially in the B2B space.
Like other social logins, the LinkedIn login button reduces friction and helps business obtain more sign-ups for their websites and apps without the need to fill out a registration form.
Let's briefly go over these requirements.
- Your actual privacy practices must meet applicable legal standards.
- If you offer enterprise services, you must enter into separate agreements with your customers and explain how you will access their LinkedIn accounts and content on their behalf.
Here's how LinkedIn displays these requirements:
LinkedIn Login Button Consent Requirement
Like most other social networking platforms, LinkedIn requires developers to obtain consent from users before taking any action on their accounts or personal information.
To that effect, LinkedIn provides specific guidelines you must observe to get legally valid user consent. They are as follows:
- When obtaining user consent, explain when you will collect users' personal information, how you will use it, and how users can withdraw their consent.
- Consent must be freely given and meet the standards set by applicable privacy laws.
- Consent should be provided through a statement or an explicit affirmative action.
- When a user's member token and OAuth access token (i.e., a piece of data you use to make API requests on behalf of a user) expires, you must regain users' consent to continue collecting and storing their personal information.
LinkedIn Login Button Example
Indeed includes a "Log in with LinkedIn" button along with other third-party social logins to help applicants with LinkedIn profiles quickly sign in to their Indeed account:
When applicants click the login button and provide their LinkedIn sign-in information, Indeed seeks their consent to use their names, email addresses, and profile photos:
In 2012, Instagram was acquired by the multinational tech conglomerate, Meta Platforms (also known as Facebook's parent company). As a subsidiary of Meta, Instagram is now governed by the same set of developer rules that apply to Facebook.
In other words, the technical requirements and privacy obligations for the Facebook login button (as described in the Facebook section of this article) also apply to the Instagram login button.
Here's how Meta discloses this update in its Developer Policies, in an information box at the top of the page:
To recap, here are the key things to keep in mind when implementing the Instagram login button:
- Adhere to the Meta Developer Policies to properly implement the login button (as displayed in the Facebook login section)
- Comply with the requirements specified in the "Give people control" section of Meta's Developer Policies
Instagram Login Button Example
You've likely seen the option to log in to a site or app via your existing Instagram account, like this one:
For our final social login integration, we will take a look at how Amazon does this.
Although less commonly used than other social logins, Amazon login works just as well for businesses and users. It presents a quick and efficient solution for users to register or sign in to a website or app without having to fill out the standard registration form.
Admittedly, Amazon's privacy requirements for websites and apps aren't particularly comprehensive. The most notable privacy requirement for developers is to provide a Privacy Notice URL in the applicable section of their website or app:
Let's see an example.
Amazon Login Button Example
Aoyue allows users to skip the standard login method and sign in through its Amazon login button while outlining the advantages of doing so:
Although the phrasing is not so easy-to-follow, Aoyue essentially lets users know that details like user ID, name, and email address will be collected when they use the Amazon login button but only after receiving express consent.
The highlighted sections above state as follows:
"Using the Amazon login button on our website allows you to log in or register on our website using your Amazon user data. Only if you give your express consent in accordance with Art. 6 (1) point a GDPR prior to the registration process based on a corresponding notice about the exchange of data with Amazon, will we receive the publicly accessible information stored in your profile when you use the Amazon button, depending on your personally made data protection settings. This information includes the user ID, name, address, email address, age, and gender"
As a developer, integrating a social login button undoubtedly presents benefits for your website or app. However, to implement these buttons appropriately, you need to observe certain privacy obligations.
Although the requirements are slightly different for each social login button outlined above, the core concept remains the same for all.
Regardless of which social login buttons you wish to use, here are the takeaways to ensure a compliant login integration:
- Comply with all requirements outlined in the Developer Terms and Policies of applicable third-party social media platforms.
- Obtain consent from users before collecting and using their information.
- Provide a way for users to withdraw consent anytime they wish.