From Data Protection laws to the Human Rights Act, plenty of legislation covers the importance of our data and our privacy. Yet, it seems we are more than willing to give up on some of those protections for accessibility and comfort. Is selling our data for services really that much of an issue? And why do free services tend to sell it anyway – what do they stand to gain from it? Lets talk about that.
Your data rights
The law is vast, in many cases broad, and difficult to discuss at a global scale. An in-depth look into data law, international or otherwise, is outside the scope of this article (and I’m not a lawyer). However, an overview of the more common rights you have concerning your privacy and data is always good to keep you informed. For the sake of brevity we’ll be mostly going through UK law, but some of this legislation applies elsewhere, too. So what do we need to keep in mind when dealing with our privacy and data?
Article 8 of The Human Rights Act
First and broadest, we’ll want to quickly mention Article 8 of The Human Rights Act. This protects your right to respect for private and family life. It includes personal and sensitive information of course, but it covers any correspondence you might have with others, such as letters, phone calls, and email. In essence, it stops the government from, without very good cause, sifting through your private data for any reason. This Article keeps you private from public authority and offers citizens more transparency in how our governments operate concerning our private data.
Data Protection Act 2018
A very important Act for consumers, it controls how your personal information is used by organisations, businesses or the government. It is a UK implementation of the General Data Protection Regulation (GDPR) used throughout Europe. What the Data Protection Act does is underline the standards that companies have to abide by, and what rights you have as the “data subject”, that is, the individual who’s data is being used.
Companies have to abide by certain principles: explicitly telling you what data is being used, and using it adequately. Ensuring that it’s kept safe. And most importantly, being transparent about how they are using your data.
You, as the owner of that data, also have rights to further protect your privacy. This ranges from having access to the stored data, to restricting its use. You can furthermore request it’s correction or deletion. These rights apply beyond just storing data, and extend to profiling and automated processes.
This is why, for example, Privacy Policies are required under GDPR. They keep you, the user, informed and protected through legally binding documents, holding companies accountable for violating those Policies.
“Free” email services
The law protects us for 90% of cases, and does a good job at it, but then, how is data going to free services like Yahoo Mail or Google a problem? It’s important to first understand how most free services fund themselves, especially at such a large scale.
When you signup to, for example, a free GMail account, you have to accept Terms and Conditions. These tend to be, unlike Privacy Policies, more geared towards protecting a company and ensuring transparency between both parties. By accepting the Google Terms and Conditions, you are opting in to sharing data with them. This in turn gets used by Google’s AdSense to turn all this data into revenue, through tailored ads. Google’s huge ecosystem makes processing this data quite easy. Similarly, Yahoo also uses data to then generate ads. A bit more outwardly, you can see them directly in your inbox. Of course, you cannot be identified through this data. The Acts above ensure that big companies can’t sell that kind of data to anyone; however, there are workarounds.
I’m sure you’ve heard it before: “We don’t sell your data!” cry the big tech companies. And this is true, to an extent. However, what they do with your data is slightly different. Sure, they aren’t openly selling user data – that’s illegal. They can, however, use non-identifiable data. They can also build a profile with your data, which can then be targeted by adtech companies. Let’s have an example:
A tech enthusiast wants to find the best VR headset on the market. They Google it, visit a couple of sites, email a friend about it, and create a Google Doc with their findings. Google now sees they’ve expressed interest in a headset. They can gather data on top choices and brands selected. They can also grab some non-identifiable data from the user’s Google profile; so perhaps age, purchase history, and people contacted about the headset. They can now generate a profile with that data. adtech companies will then bid on said data, but not directly. They are competing for ad space here. Although these companies never directly access your data, they might be looking for “middle-aged men looking for a VR headset”. Google can then offer to show their ads to people that fit this profile.
More Than Data
But we take it a step further. The friend can also be targeted for ads. They get shown something interesting and pass it along to our tech enthusiast. No identifiable data was every shared, there was no need for names or specific addresses, but what they had was enough for targeted ads.
“You can say, ‘Hey, Google, I want a list of people ages 18–35 who watched the Super Bowl last year.’ They won’t give you that list, but they will let you serve ads to all those people,” Cyphers said. “Some of those people will click on those ads, and you can pretty easily figure out who those people are. You can buy data, in a sense, that way.”Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation – The Markup
What You Can Do
- A lot of these companies allow you to opt out of the more invasive types of data gathering. Although obscure at times, these options tend to be available for users if they go looking.
- Read through Privacy Policies, and if in doubt, ask the company to clarify on any points you don’t understand. Better transparency is beneficial to all.
- Consider alternatives to big tech products. Write documents outside of Docs. Change your email provider to a smaller company that cares about your data. Smaller companies also tend to value privacy and accountability more. Search for information using alternative search engines, such as DuckDuckGo.
Don’t let your data be misused. Speak up. Show big tech that you value privacy and your data.