Increasingly referred to as “digital gold”, the reality of our cyber age is that data harvesting is an extremely profitable industry. “Thousands of companies are in the business of harvesting your data and tracking your online behavior,” says Frederike Kaltheuner of Privacy International, a data lobby group. “It’s a global business, and not just online, but offline, too, via loyalty cards and WiFi tracking of your mobile. It’s almost impossible to know what’s happening your data.”
Big names in the data harvesting business are Quantium, Acxiom, Corelogic, Experian and eBureau. According to the US Federal Trade Commission, each of these firms has the capacity to hold up to 3,000 data points on every individual consumer around the globe. Yet perhaps the biggest irony is that the people that fuel this flow of data are you, me and anyone else that browses the web. This mass consumer market, who is often unwittingly handing over their personal data in order to be eventually sold to, have little knowledge and limited control of just how much data companies collect about them, how they use it and how they can potentially delete it. But this current process of data harvesting does not only compromise the privacy and consumer freedom of the individual. For companies buying data, the quality and accuracy of it are unreliable. What’s more, the process involved exposes the entire digital industry to incredible cyber security risk.
Consumer Vulnerability
Ms Kaltheuner calculated that in the past six years over 600 apps could access her iPhone data. She did the homework that none of us ever bothered to do – she researched what exactly does each of these apps know about her. It took months and months, it involved reading each and every privacy policy, contacting the company behind the app and asking each of them about the information they hold about her. Then of course she had to break her way through all the refusals of companies to cooperate. Because the great majority of us do not go to the effort of reading all the online terms and conditions before we agree to them, most of us know very little about how much data we’re sharing. According to one estimate, if someone did read all the privacy policies that we normally encounter, he would have to read 8 hours a day for 76 days! Kaltheuner asserts that this “shouldn’t be a citizen’s job… Companies should have to protect our data as a default.”
Data Unreliability and Cyber Risk
Not only are companies all around the world paying billions of dollars for this data, but it’s questionable how accurate all this data is. Pamela Dixon, executive director of the World Privacy Forum, claims that these data firms apply data collection algorithms that are configured based on expectations of consumer behavior, and are far from foolproof. Dixon examined her record with one of the major data firms and found that many of the details held about her were wrong. “They got my income totally wrong, they got my marital status wrong.” Susan Bidel, senior analyst at Forrester Research confirmed this, saying that she expects only 50% of the data to be accurate.” More than just data firms and advertising agencies, there are many hands in the pot for data harvesting, explained an executive from security firm RSA. “Often hackers can answer your security question answers – things like date of birth, mother’s maiden name, and so on – because you have shared this information in the public domain.” According to her, they can “…piece together a fairly accurate profile from just a few snippets of information, and this information can be used for identity theft.”
Regaining control of our private information
There are numerous ways that we can regain control of the data being collected on us. On an individual level, you can limit the volume of data that you share with third parties by using ad-blocking or VPNs, changing browser settings, browsing incognito and blocking cookies. The General Data Protection Regulation is about taking the impetus to protect consumer data out of the hands of the consumer, who is not really in a position to adequately protect himself, and putting the responsibility into the hands of companies, who are positioned to benefit from the data. With the implementation of GDPR, if a company wants to collect data on a European citizen, no matter whether that citizen is an end consumer, an employee or a contractor, that company has to make the person aware that data is being collected about them and make sure to have their consent.CEO of marketing company CitizenMe, St John Deakins, takes the solution one step further. He thinks consumers should have the opportunity to directly control and monetize their own data. Using an app on their phone, the consumer can take a variety of personality and consumer quizzes and voluntarily share data about themselves anonymously.Companies looking to have accurate marketing data for their advertising campaigns can then purchase this data directly from individuals. “Data is much more compelling and valuable if it comes from you willingly in real time”, he says. Since many big brands are already looking to make data sourcing more ethical, Deakins believes that his project can outperform even the largest data brokers. According to Deakins, our mission is: “To make the marketplace for data much more transparent.”
