We have heard on how companies are tracking our data, and we have a vague idea on where and when our personal data is being gathered. However, corporate surveillance has been in constant development providing more information about a person than ever before. As an internet user, how much do you know about your personal data?

“If you are not paying for the service, you’re the product.”- Dr. Michal Kosinski

Cracked Labs, an independent research institute that focuses on studying the impact of information technology in society[1], have released their most recent report “Corporate Surveillance in Everyday Life”, for the year 2017. This document provides an overview on how personal data is monitored and traded on a regular basis:

“The key question is how commercial digital profiling and data-driven algorithmic decision affect equality, freedom, autonomy, democracy, and human dignity on both individual and societal levels. With this in mind, this report focuses on the actual practices and inner workings of today’s personal data industry and explores relevant recent developments[2].”

The extensive report mentions several aspects of the management, use, and evolution in the collection of personal data. It has become crucial in modern society to identify the key issues that influence our everyday lives. The collection and creation of personal data as a side-product, has increased significantly. We need to pay closer attention to our communications as they may affect aspects of our lives that were not considered in the past.

Who is collecting personal data?

The main players in the collection of personal data are retail, travel, consumer goods, media, digital publishers, telecommunications, device providers, insurance and, financial services industries. The participation of companies such as Tesco in the retail industry, and MasterCard in financial services, among others, along with Google and Facebook as the largest data collectors is threatening anonymity, and adding value to the data market. Every day, vast amounts of data are being gathered by companies within these sectors, to be then traded or sold for different purposes.

The number of industries that are interested in personal data collected from individuals has grown exponentially. The use of algorithms for risk management, and marketing purposes, has provided for these systems to become an asset to these industries, and as such, the demand for larger quantities of data has increased.

[3]

The report includes specific examples of the ways in which companies from these sectors have been gathering data from their users with various methods. It is important to keep in mind that although they may seem harmless at a first glance, depending on the industry, this innocent opinion may encounter controversial points of view.

The report focuses on Spotify as an example of one of these companies. Their current privacy policy states that the data being collected from their users such as:

“information about your type of subscription and your interactions with the Service, such as interactions with songs, playlists, other audiovisual content, other Spotify users, Third Party Applications, and advertising, products, and services which are offered, linked to, or made available on or through the Service[4]

could be used by third parties within their network. Although this appears inconsequential and intends to create a better experience, as publicity is directed to the consumer depending on their preferences. The data is also available for third parties, which may use this information for different purposes that differ from the reason it was initially gathered for.

What type of Data is collected?

The report also considers the different types of data that may be collected from the consumers. Data may be volunteered by the data subject. This is usually a conscious procedure as people are aware of which type of information is being collected from them. There is a second category of data, that is recorded data. An example of this category would be data recorded when monitoring activities such as browsing through a website. Actual data, as mentioned in the report, is the type consisting only of facts. Finally, we also have data that is inferred or predicted from the behaviours of consumers, which has become the riskiest one for data subjects as it involves predictions and speculation based on online and offline interaction.

Why are these types of data being collected?

The major sources of data tackled by the report are risk management data, and marketing data, for example, the use of credit scores for marketing purposes.  The participation of financial institutions and insurance companies becomes problematic due to their purposes. For financial institutions, the processing of data consists on credit scoring and risk management, fraud detection and consumer acquisition. Third parties provide their available or stored data, that is then processed with financial data for these purposes. This results in the profiling of individuals based on these various sources that contain information beyond credit and financial preferences.

These processes are implemented for example, in Fintech companies, that are familiar with tech operation and use the information within their scoring algorithms. Some of these companies provide easy financial options for users for example, Kreditech[5], Cignify[6] and Lenddo, already use different sources of data to create their credit scores. Nonetheless, the use of non-financial related data, has affected credit scoring practices and this may provide inaccurate results.  As an example, the services offered by Lenddo mention the following:

“Lenddo’s patented score is a powerful predictor of an individual’s character or ‚willingness to pay‘. The LenddoScore ranges from 1 to 1000, with higher scores representing a lower propensity to default[7].”

The credit score of a person is being collected based on their Facebook interactions and likes, their friends, ability to fill out a form, timing and frequency of phone calls, behavioural data and similar.   This serves as a perfect example on how profiling is changing the way in which people are being seen or interpreted by companies beyond their online behaviour.

The use of data is leading to experimentation on people. During the 2010 US elections for Congress, Facebook chose 61 million people randomly. This was carried out by facilitating the option of clicking on a box, that allowed to tell your friends that you were voting. This constant notification from friends increased the turnout for the election. Then again in 2012 the experiment involved including more “hard news” on voting day for randomly selected users, rather than, regular social content. The result also reflected the increase in voter turnout. This doesn’t give the impression to be a proper threat when handling personal data, as it seems to be a benefit from the advance of modern technology. Nonetheless, it could be of great importance if by using these automatized processes, voters’ opinions become easily influenced by campaigns.

There are even ways to predict personality that claim to know you very well by using behavioural analysis. The Psychometrics Centre of the University of Cambridge, led by Dr. Michal Kosinski has developed a tool of such magnitude. This tool could be able to identify personality traits based on Facebook likes, posts and Twitter posts as a digital footprint. The instrument basically uses this footprint and generates a psycho-demographic profile of you. On their web site, they also mention that this is a very debated subject and that it is in further development as it may lead to prejudice[8].If you wish to use try tool, it is available for the public at applymagicsauce.com. The conflict relies upon determining how much of the data available on social media accurately reflects a person.

Advances in personal data and corporate surveillance

Although the public always refers to Google and Facebook as the major players in data collection, other competitors are rising to the occasion and the business models of corporations such as credit card companies are now shifting into data mining. The scope of data collection has expanded in all fields, and one single webpage interaction may be able to create a personal profile with either trivial or consequential purposes. The consumer must keep in mind that the data to create these profiles is not only held in one source but several, and that with the use of technology, offline and online data are being connected.

When we define personal data, we refer to the identification of a specific data subject with the information used[9].  Now, people may be identified through methods of cross-device matching and proprietary identifiers. The report also provides a controversial position regarding these technologies, as it states that although data may be anonymized and the major companies such as Oracle and Acxiom ensure anonymity, there could be other methods of identification that deviate from the traditional known standards of name, and address requirements. Certain characteristics and preferences may also individualize a data subject when combined.

The internet of things, is a major development as electronic devices are becoming more present in people’s lives. Although, smartphones are currently the main providers of personal data available, more devices are making their way into consumers lives such as e-readers, wearables, smart tv’s, fridges, glasses, etc. This new gateway, provides a bridge for the collection of new categories of personal data, that by definition might not have been considered relevant in the past. Nevertheless, by the use of new technology and profiling theory it may also serve to identify a subject. Other aspects of corporate surveillance are addressed further within the report with greater detail.

It is interesting to evaluate the collection of data and people’s awareness of this retrieval, which resonates with the report published in 2016 by Open Xchange, on consumer openness[10].  Focused on consumers in United States, Germany and United Kingdom, the report mentions the following:

“Internet users in each of the three countries care more about keeping their data private, but are less confident in their ability to do so and are taking fewer actions to protect their privacy.”

In order to tackle the issues that are pushing the limitations of data protection regulation, consumers must be more active in the discussion by providing more value towards their personal data. Technology, is increasingly intruding in people’s lives and we need to work together to find the means for creating measures that are both ethical and compliant for the protection of privacy. We understand that technology advances at a rapid pace, and that it provides several advantages for modern life. However, the constant collection of personal data may be a double-edged sword if not handled within ethical and regulatory boundaries.

[1] Retrieved from the Cracked Labs Website: http://crackedlabs.org/en

[2] Wolfie, C. (2017). Corporate Surveillance in Everyday Life. Retrieved from the Cracked Labs Website: http://crackedlabs.org/en/corporate-surveillance

[3] Figure 1: Mapping the commercial digital tracking and profiling landscape, Retrieved from: http://crackedlabs.org/en/corporate-surveillance

[4] Spotify Privacy Policy (November, 2016). Retrieved from the Spotify Website: https://www.spotify.com/uk/legal/privacy-policy/#s3

[5] Retrieved from the Kreditech Website on how their services is offered: https://www.kreditech.com/what-we-do/

[6] Retrieved from the Cignify Website on how their technology options: http://cignifi.com/technology/

[7]   Retrieved from the Lenndo Website on how their offered products: https://www.lenddo.com/products.html#creditscore

[8] https://applymagicsauce.com/about_us.html

[9] This can be seen in the definition by the Directive 95/46/EC article 2:

“(a) ‚personal data‘ shall mean any information relating to an identified or identifiable natural person (‚data subject‘); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”

[10] OPEN-XCHANGE CONSUMER OPENNESS INDEX 2016, Retrieved from the OPEN-XCHANGE Website: https://www.open-xchange.com/fileadmin/user_upload/open-xchange/document/report/open-xchange_coi_report_2016.pdf