I wrote an article for Techaeris earlier this year called “Have we reached peak Privacy Paranoia?” In light of the recent NY Times article called “Twelve Million Phones, One Dataset, Zero Privacy” (which everyone should read), I need to revise some points that I had made in that article.
First and foremost is the point I made on being just an anonymized cog in the overall wheel of things. From the Times article we learned that anyone can be tracked by overlaying their GPS location (which is taken by various apps on your phone) over any map of the area they were in. When you are one Green Dot on the map, and your commute to and from work is the same daily, then you can whittle down the identity of the person that is that particular Green Dot. There really is no true way to anonymize that data.
This doesn’t really matter much if it is just Google or your social network holding the info. What does matter is when these third party apps we install are the ones collecting the same data as Google or the Social Network from the OS itself or from neighboring connections to other apps. It turns out that these third-party app developers/companies aren’t keeping the data private, rather they are selling it so they have another revenue stream.
I’ve thought about this a lot since I wrote that article back in September. While I stand by what I said about the companies I freely give info too, I now believe that we do need actual federal privacy laws that stop those same companies — or any company for that matter — from selling our information and location to third parties. No app or company that collects the location and tracking data should be allowed to sell that to another company. This is where we, the consumers, have lost control. Most of the TOS (Terms of Service) that no one reads basically say that use of that app lets that company can sell your data to someone else.
This needs to stop.
Google has an advertising platform. They can target specifics without selling the consumer’s info. The same goes for Amazon and Microsoft. The problem arises when some app that people start downloading is taking tracking and location data and then the company or the developers behind that app decide to monetize the database and sell that info off. That’s in a word, reckless. It’s a very unethical way of doing things. When you consider that medical and personal data may also be at some level of risk, the degree of negligence just goes up.
Google and Apple could stop this to some extent by making it illegal in the Play and App stores to sell data collected by apps to third parties. If it is found out that the data is being sold then the app and the company should be banned from the Play and App stores. I highly doubt that either Google or Apple would take it upon themselves to do no evil like that. Not when they may be getting upwards of 30% of the backend cut.
What we really need is federal consumer privacy legislation on this that is specific and states that the transfer of information to third parties must be authorized in writing or mandated by a court order. No more of this frictionless transfer or TOS blanket authorization process.
There is no reason at all for any company to be selling databases of user information to another company. It’s a practice that has gone on long enough and it needs to be ended. People need to contact their state congressional representatives and let them know that they want something done about this.
This practice is not going to change until people make their voices heard by those that can actually make the change.