Privacy is an essential human right that protects people’s personal lives and information from external threats. In cyberspace, personal privacy is embodied primarily in the privatisation of information and data, including the basic personal details of the user and the online activities.
As digital technology and social media continue to evolve and become an integral part of people’s lives, the boundaries between public and private space become increasingly blurred. The invisibility and dynamic nature of personal privacy in the digital realm often lead us to be unaware that our privacy is being accessed and exploited. For example, website cookies can track user behaviour, while big data analysis of individual preferences invisibly collects and analyses user data for advertising or identification purposes.
In contemporary society, where data is currency, social networks thrive by collecting large amounts of personal information. RedNote (Xiaohongshu) is a Chinese social media platform founded in 2013. It has a huge popularity and is a main tool for Chinese young people to share information and interact. The platform functions similarly to Instagram, focusing on photos and videos. After the U.S. blocked TikTok in January 2025, it gained international attention for its sleek interface, curated lifestyle content, and seamless integration of social media and e-commerce. Many overseas users joined the platform and aroused the trending topic #TikToKRefugee. However, while we scrolling, posting, and enjoying digital convenience, most users neglect whether their data is being shared and disseminated, and platform security is a worth pondering issue.
The Unwitting Privacy Breach
Social media platforms have detailed terms and conditions that outline how they collect, store, and use user information. When users access a platform for the first time, they are required to register their information by clicking on “I have read and agreed the platform policy”, to guarantee their right to know and decide. However, few people read these long and complex conditions. Since online platforms are dominated by artificial intelligence and algorithms, the principle of informed consent effectively places users in a position where they are compelled to relinquish their rights.
“How data are collected is important, as it illuminates many contemporary tensions around privacy and privilege. The tech industry often frames its products as a give-and-take between people willingly sharing personal information in exchange for benefits.” – Marwick, A., & boyd, d. (2019)
The RedNote privacy policy collects user information, such as name, email, and phone number, when the user creates their account. It also automatically collects data like device information, IP address, and usage patterns when users browse nearby posts. Additionally, the platform may access the user’s device’s camera, photos, and location if permitted. The information collected is used to personalise the Platform. The platform remembers your browsing history and searches to present content and advertisements that you may be interested in on the explore page. This information is also provided to cooperative advertisers to generate profit. While we gain convenience, we also face the risks of data regulation and disclosure.
Furthermore, RedNote encourages users to share their lives in the form of photos, videos, and text. It brings attractive chances for users to become internet influencers that can gain visibility and business opportunities through the platform’s traffic. The volume of likes and favorites they receive can evoke a sense of satisfaction. Instead, with hundreds of millions of users on a social media platform, users do not know the exact audience group for their posts. The information might be spread through retweets or screenshots and used by other people viciously. Therefore, individuals are in a position of absolute vulnerability to powerful algorithmic technology. We are forced to trust the platform if we rely on it.
Who regulates the platform data
The methods that platforms use to govern are a major factor in platform security. Almost all platforms are regulated and moderated by platform operators and governments, who are the main manipulators of freedom of expression, privacy, and access to information online. The national police is the main factor that impacts the development and use of digital media (Karppinen, 2017). The government is a powerful institution that can legitimately use its power to maintain order online. Instead, the rights of users are imbalanced. Users can only follow the rules that the government and the platforms make.
Regulation and content moderation on RedNote are governed by China’s data governance laws, including the Personal Information Protection Law and the Cybersecurity Law of the People’s Republic of China. It is one of the strictest censorship regimes in the world. Its censorship and restrictions include nudity, sexually suggestive content, false advertising, abusive language, and sensitive topics about the Chinese Communist Party. The platform uses a combination of manual and machine moderation to delete content and send warnings or blocking to users’ accounts once improper content is found.
The strict regulations in RedNote lead the platform users to lack the right to freedom of expression and easily get stuck in information cocooning. Since the beginning of 2025, lots of U.S. users affected by TikTok banned and signed in to RedNote. They continued to test and challenge the platform’s censorship bottom line. The discussions of politically sensitive topics, such as the Tiananmen Square massacre and Uyghurs were deleted and received violation notices within minutes after posting (Vakulov, n.d., 2025). In contrast, it is ironic that contents with comments criticizing the US government were not confined. Thus, the regulation of RedNote is one-sided and stringent. The platform has enough rights to regulate the content whether shown or hidden to users.
Although the line between free speech and irregular speech is blurred and difficult to judge. Platforms make the content processes a “black box” to maintain as much neutrality as possible (Suzor, 2019). It means that the content moderation process is secretive and opaque. Users cannot know the platform’s algorithms and how they worked.
On the one side, platform regulation protects users from receiving negatively false or undesirable information, whereas it requires regulation potentially eroding user privacy by analysing the content they post.
Users’ Concerns
The serious reality is that many social media platforms don’t protect our data well. As data-hungry algorithmic systems have become embedded in nearly every aspect of society, from criminal justice to advertising (Marwick & boyd, 2019), privacy is no longer just a personal preference but a core human right that is under threat.
We can easily notice that our data may be shared across different platforms. An example is that users often encounter similar types of information on various platforms. The content viewed or product recommendations on RedNote frequently replicate those on other platforms like Douyin and Taobao. These platforms are all subject to China’s data governance laws. It indicates a lack of transparency and insufficient scrutiny of platforms. The web browsing preferences, travel history, shopping habits and other data from users are data mined and modeled under algorithmic surveillance, and content is precisely pitched to share information across platforms through digital profiling. Moreover, deficiencies in personal information protection and data management systems within organizations may present opportunities for unscrupulous individuals seeking profit through data trafficking.
Furthermore, laws accessed to social networks are used as a means to protect the security of platforms and users. Users are required to sign a consent contract when registering for an account, but a few read the contract carefully (Suzor, 2019). The existing informed consent forms suffer from highly specialized, obscure language and cumbersome content, causing most users to neglect to study the relevant provisions before using the platform. Also, there is no opportunity for users to negotiate the terms, if they are not satisfied with the rules or the way they are enforced, the only option is to leave the platform. The provision does not maximize the protection of users’ rights and the security of the platform. It can easily be questioned. For instance, on the registration page for RedNote, the platform policy appears at the bottom of the page in a tiny line of text. Clicking on the link to the policy is a dozen pages of dense text, making it difficult to read and hard to understand.
Methods and Measurements
RedNote’s privacy policy lists several ways to protect user data, including data encryption, access control, and deletion posts. These actions superficially demonstrate a commitment to privacy protection. However, the effectiveness of these measures remains questionable. While users can technically withdraw consent, RedNote’s features like location tagging and personalized content recommendations are based on ongoing data access.
Under the doubt of privacy and security issues on the platform, safeguarding the platform’s continued development requires timely and effective measures to protect user rights and interests. First, users’ right to be informed when they use the platform should be guaranteed. Platforms need to explain professional provisions in clear and concise terms as well as articulate the reasons for the use of information and its purpose, which aims to mitigate the opacity of the algorithms’ ‘black box’. Despite the complexity of the algorithmic process, achieving true algorithmic transparency remains a challenge. When regulating the use and collection of existing data, government departments must ensure data confidentiality and reasonably safeguard the user’s right to information and privacy.
Second, users need to raise their awareness of privacy protection. The lack of awareness among online users regarding their own privacy rights is an important reason enabling unscrupulous individuals to invade privacy with impunity. Users should carefully choose the permissions for IP, photo, microphone, and other functions. These features allow platforms to access personal information quickly and lead to inadvertent privacy leaks.
Karppinen (2017) argues that digital rights can be understood as political rights. It is not just the protection of individuals, but a collective demand for fairness and justice in the digital environment. It is not enough for users to be careful. Users can challenge inequities through action, such as taking part in platform threads to generate public opinion to push for more accountable platforms.
Conclusions
References
Karppinen, K. (2017). Human rights and the digital. In H. Tumber & S. Waisbord (Eds.), Routledge companion to media and human rights (pp. 95–103). Routledge.
Marwick, A., & boyd, d. (2019). Understanding privacy at the margins: Introduction. International Journal of Communication, 13, 1157–1165.
Suzor, N. P. (2019). Who makes the rules? In Lawless: The secret rules that govern our lives (pp. 10–24). Cambridge University Press.
Vakulov, A. (n.d.). RedNote’s Risks: What Every User Should Know Before Signing Up. Forbes. Retrieved 7 April 2025, from https://www.forbes.com/sites/alexvakulov/2025/02/05/rednotes-risks-what-every-user-should-know-before-signing-up/
Be the first to comment