Snap Patent Keeps Data Out of Third-Party Hands

Given that a large part of Snap’s user base is under 18, protecting user data is even more crucial.

Photo by Connor Lin/The Daily Upside

Sign up for smart news, insights, and analysis on the biggest financial stories of the day.

Snap wants to cover all its bases – even the ones it didn’t create. 

The company filed a patent application for “protected data use in third party software.” This essentially allows users to work with third-party applications on Snap’s platform without putting their personal data at risk. 

Snap noted in its filing that traditional third-party development platforms may give a developer access to user data. While those permissions may be revoked by the platform, “once the user data is shared, it is usually in the possession of the third party and can remain as such even after a user revokes permission for use of their user data by the third party.”

Snap’s method allows for a development ecosystem in which developers can create software that “uses the protected data while denying the third-party access to the protected data.” It does this through what it calls a “container software environment,” which allows a developer to work with user data through “read and write data access” without actually being able to download or possess it. 

For example, if a third party creates a software component for Snap that allows for data sharing through messages, Snap’s system wouldn’t allow that third-party to possess any of the data shared within those messages, despite the fact that the users are using the developer’s software. This system also allows a user’s social networking data to be used “in connection with external accounts” while maintaining protection of it. 

If you’re still confused, think of it like a museum where user data is the art: Software developers can look, sometimes they can touch (but often not) — and they definitely can’t take any artwork home with them. 

Photo via the U.S. Patent and Trademark Office.

Protections like these are important when considering Snap’s primary audience is young users, and often, users that are under 18. And when considering how to treat the data of a younger audience – especially those who may not be as considerate of their digital footprint – data minimization is the best approach, said Suzanne Bernstein, law fellow at the Electronic Privacy Information Center.  

“I think you’re right to assume (Snap) is aware that so many of their users are minors,” she said. “And I think it’s a good thing to limit, in this way or in other ways, access to personal data connected to those third parties.’ 

Though Snap is researching these kinds of protections, the company hasn’t always had a spotless history with data security. In 2019, a former Snap employee revealed that workers spied on users by exploiting a tool primarily used by law enforcement called SnapLion, which could extract data from user accounts that relates to police investigations. 

And working with third parties presents its own risks, said Bernstein. The more data that third parties have access to, the further it gets from its original source, and “the less and less control and knowledge users have. This is just exacerbated more when the consumer is a child or teenager.” 

Bernstein added, “This kind of information can be used to build profiles of kids and teens as consumers, then fed into the targeted advertising system to shape behavior and choices with children.”