Over the last couple of years, concerns of how our personal data is collected, utilised, and even profited from has become a matter of widespread international attention.
From the way that our phones listen in on our conversations, data leaks from Facebook, and Cambridge Analytica influencing elections, how our data is being used without our permission or knowledge is a source of much controversy.
A recent article in the Financial Times showed how one user, Paul-Olivier Dehaye, a Belgian privacy campaigner discovered that an adtech company Amobee had bizarrely predicted that he would be suffering from an “overactive bladder” on 9 June.
It was then explained to him by a legal representative from the company that the data that had been used to arrive at that conclusion came from The Weather Company, an IBM owned weather forecasting platform.
The fact that such companies are able to make these kinds of bizarre predictions based on data they have collected about us, our locations, our search history and other seemingly harmless criteria leaves many wondering how ethical this is.
The business of adtech groups, data mining and analytics firms has come under increasing regulatory scrutiny, especially in Europe after the introduction of the European Union General Data Protection Regulation that came into force at the end of May last year.
While the industry and the practice has been investigated by US authorities for several years, following the Cambridge Analytica data harvesting scandal last year and an increased public focus on privacy, EU regulators have been forced to follow suit.
Many businesses operating in the data mining and analytics sector claim that they abide by the rules and keep the data they collect anonymous. Mathias Moulin from the French protection watchdog CNIL stated: “They all try to say that it’s anonymous to lower the pressure from the public, but that’s not true. They know that and we know that.”
Last year, the focus may have been on the Facebook leak and how the social media giant uses its user’s data, but this year countries such as the UK, Ireland, and France are taking a more in-depth look at so called data-brokers.
A data-broker is an entity that collects information from a variety of sources before processing it, cleaning it and analysing it. This data can then be sold on to the highest bidder without the subjects of the data being any wiser.
Then in November 2018, international privacy group Privacy International asked EU regulators to investigate a number of data-brokers including software giant Oracle, citing concerns over the flouting of the EU GDPR.
Elizabeth Denham, the UK’s Information Commissioner said: “We are looking at how they conduct their business and general compliance with GDPR…certainly there is a dynamic tension between the way the businesses are conducted and the principles in the GDPR.”
Data-brokers are able to collect all manner of data including hobbies, religious beliefs, taste in books, political preferences, and even personality traits and then package them up and sell them off to the highest bidder – typically banks, retailers, media companies, and interestingly, governments as well.
These so called ‘privacy deathstars’ include Oracle, Axciom, Salesforce, and Neilson and can provide endless reams of information on individuals resulting in a situation where everyone is now intrinsically linked to a data profile that can track their every move.
As more and more of our devices become attached to the internet and the Internet of Things becomes a day-to-day reality, data-brokers are harvesters now able to use cross-device tracking from a range of devices that one person uses, to create a fully rounded digital profile of personal data.
The result is not just the fact that companies we have never heard of hold untold amounts of data on every aspect of our lives, but the likeness to a sort of dystopian surveillance system that knows more about us that we know ourselves, and sells this information to businesses we have never interacted with in any way.
Oracle for example owns and controls over 80 data-brokers who feed back gathered data from their own individual sources including financial transactions, social media activities, and demographics with up to 30,000 data attributes for each individual it tracks. The company claims to hold data on over 300 million people across the world.
Then, following last year’s Cambridge Analytica revelation where the company was found to have harvested the data of millions of Facebook users to use for political purposes, the UK information Commissioner’s Office carried out compulsory audits on a number of data-brokers.
In addition to this, CNIL in France has inspected over 50 adtech and data-brokerages in the last two years. While these entities keep insisting that they are complying with local laws by keeping their users’ identities anonymous, the truth is that they are compiling information based on locations, shopping habits, and browsing history and attaching it to pseudonymous identifiers.
Some may claim they do not send targeted ads, but The Weather Company is currently facing a lawsuit in Los Angeles for “deceptively using its Weather channel app to amass its users’ private, personal geolocation data”.
Cambridge Analytica was found to have harvested the data of over 6,000 Maltese Facebook users without their permission.