If 52% don’t understand data-sharing economy, is opt-in redundant?

Nieman Lab has unveiled the results of research suggesting more than half of adults do not realise Google is collecting and storing personal data through usage of its platforms.

The research itself is quite shocking and outlines a serious issue as we stride deeper into the digital economy. If the general population does not understand the basic principles behind the data-sharing economy, how are they possibly going to protect themselves against the nefarious intentions from the darker corners of the virtual world?

You also have to question whether there is any point in the internet players seeking consent if the user does not understand what he/she is signing up for.

According to the research, 52% of the survey respondents do not expect Google to collect data about a person’s activities when using its platforms, such as search engines or YouTube, while 57% do not believe Google is tracking their web activity in order to create more tailored advertisements.

While most working in the TMT industry would assume the business models of the Google and the other internet are common knowledge, the data here suggests otherwise.

66% also do not realise Google will have access to personal data when using non-Google apps, while 64% are unaware third-party information will be used to enhance the accuracy of adverts served on the Google platforms. Surprisingly, only 57% of the survey respondents realise Google will merge the data collected on each of its own platforms to create profiles of users.

Although this survey has been focused on Google, it would be fair to assume the same respondents do not appreciate this is how many newly emerging companies are fuelling their spreadsheets. The data-sharing economy is the very reason many of the services we enjoy today are free, though if users are not aware of how this segment functions, you have to question whether Google and the other internet giants are doing their jobs.

The ideas of opt-in and consent are critically important nowadays. New rules in the European Union, GDPR, set about significant changes to dictate how companies collect, store and use personal information collected by the service providers. These rules were supposed to enforce transparency and encourage the user to be in control of their personal information, though this research does not offer much encouragement.

If the research suggests more than half of adults do not understand how Google collects personal information or uses it to enhance its own advertising capabilities, what is the point of the opt-in process in the first place?

Reports like this suggest the opt-in process is largely meaningless as users do not understand what they are giving the likes of Google permission to do. The blame for this lack of education is split between the internet giants, who have become experts at muddying the waters, and the users themselves.

Those who use the services for free but do not question the continued existence of ‘free’ platforms should forgo the right to be annoyed when scandals emerge. Not taking the time to understand, or at least attempt to, the intricacies of the data-sharing economy is the reason many of these scandals emerge in the first place; users have been blindly handing power to the internet giants.

The internet players need to do more to educate the world on their business models, however the user does have to take some of the responsibility. We’re not suggesting everyone becomes an internet economy expert, but gaining a basic understanding is not incredibly difficult. However, it does seem ignorance is bliss.

Google just about manages to avoid another massive fine

The High Court in the UK has quashed an attempted class-action lawsuit against Google for the illegal collection of iPhone user’s data during 2011-2012.

The case, which was first heard in May, was brought forward by a group called ‘Google You Owe Us’, headed up by Richard Lloyd, a former Executive Director at Which. Lloyd believes in acting illegally, Google should financially compensate the iPhone users who were affected. The number of affected users has been estimated at 4.4 million, meaning Google would have been liable for damages between £1 and £3 billion. As it stands, the class-action suit can no longer proceed as it would be impossible to accurately calculate the number of iPhone users who have been impacted sufficiently.

Google, which has already admitted to wrong-doing, used a practise now known as the ‘Safari Workaround’ to obtain sensitive information without obtaining permission from the user. As a data controller in this instance, Google has breached its responsibilities under the Data Protection Act, though this case is not to punish illegal activity, but to seek compensation for users as a result of the illegal activity.

For those who are familiar with legal jargon, Justice Mark Warby concluded:

“In my judgment the facts alleged in the Particulars of Claim do not support the contention that the Representative Claimant or any of those whom he represents have suffered ‘damage’ within the meaning of DPA s 13. If that was wrong, the Court would inevitably refuse to allow the  claim to continue as a representative action because members of the Class do not have the ‘same interest’ within the meaning of CPR 19.6(1) and/or it is impossible reliably to ascertain the members of the represented Class.”

Section 13 of the Data Protection Act states individuals who suffer ‘damage’ by reason of any contravention by a data controller (in this case, Google) are entitled to compensation. Civil Procedure Rules (CPR) section 19.6(1) states each individual in the class would have to have the same ‘damage’, though as there has been only one case brought forward in the last six years, the damage cannot be logically concluded or attributed.

The case was brought to the courts in 2017. Lloyd claims Google profited from illegally collecting and processing information on iPhone users, which was then used in the ‘DoubleClick’ advertising business to create a hyper-targeted advertising service.

In the simplest of terms, Google managed to find a way of collecting information about users without going through the accepted opt-in route. Google wrote code which bypassed the opt-in on the Safari browser, and placed a third-party cookie onto the iPhones. This practise, known now as the ‘Safari Workaround’, essentially allowed Google to track iPhone users, collecting information without seeking the appropriate opt-in.

Through the collection of sensitive information including race, social class, location data and interests, Google was able to build a detailed profile of individuals and organize the users into categories such as ‘football fans’. This categorization is critical to advertisers, who want to make sure ROI is as high as possible for every pound spent. At the time of the incident, 2011-12, such hyper-targeted would have been a relatively new concept, with Google pushing the boundaries of what would be considered acceptable.

Google has already admitted to wrong-doing, and has been punished by the relevant authorities in the US, paying out multi-million sums. In the UK, such investigations would fall into the jurisdiction of the Information Commissioner’s Office, though it has not taken any action to date. What is worth noting is that this ruling against Lloyd should not restrict any action from the ICO, as it is related to class-action suits against Google compensating victims of the wrong-doing, not the wrong-doing itself. It’s a nuance, but worth noting, as the ICO could in theory take action.

For Google, this ruling will certainly come as a relief. Not only does it save the accountants from having to sign another multi-billion pound cheque, but it sets precedent. In stating it would not be possible for Lloyd to understand and identify the ‘damage’ done to each of the individual users, Justice Warby has made it more difficult for consumer groups to organize class action suits against major organizations.

The ripples of this ruling go further than the technology world. Consumer groups throughout the UK would have been watching this saga with interest; the ruling would have set precedent as to whether class-action suits are a realistic possibility in the UK. Justice Warby has not ruled out class-action suits, though he has simply stated Lloyd was not able to attribute an appropriate amount to the ‘damage’ column. More work on the foundations will be needed on the future for such class-actions suits to progress in the future.

Feel like you’re being watched? Probably Google violating privacy rights

More often than not we’re writing positively about Google, but the ‘do no evil’ company has been caught out tracking smartphone locations even if the user has opted out.

An investigation from by Associated Press, and ratified by researchers at Princeton University, found several Google services on Android and iOS devices have been storing location data of users, even if the individual has set privacy settings to remain invisible. As privacy and the right to access personal data increasingly become hot-topics, Google might have stepped on a bit of a PR and legal landmine.

Generally Google is quite upfront about discussing privacy and location enablement. It has faced various fines over the years for data-dodginess and is even facing an European Commission investigation over its alleged suspect coercion of users into opting-in to various services, though this is potentially either an example of extreme negligence, or illegally misleading the consumer. Neither explanation is something Google execs would want to be associated with.

One of the issues here is the complexity of getting off the grid. Although turning location tracking off stops Google from adding location data to your accounts timeline, leaving ‘Web & App Activity’ on allows Google to collect other location markers.

We mentioned before this is either negligence or illegal activity, but perhaps this is just another example of an internet giant taking advantage of the fact not everyone is a lawyer. The small print is often the best friend of Silicon Valley. Few would know about this little trick from the Googlers which allows them to appear like the data privacy hero, while simply sneaking in through the slight ajar window in your kitchen.

“When Google builds a control into Android and then does not honour it, there is a strong potential for abuse,” said Jesse Victors, Software Security Consultant at Synopsys.

“It is sometimes extremely important to keep one’s location history private; such as visiting a domestic violence shelter, for example. Other times you may simply wish to opt out of data collection. It’s disingenuous and misleading to have a toggle switch that does not completely work. This, and other examples before it, are one of the reasons why my phone runs LineageOS, a Google-free fork of Android.”

On the company support page, Google states users can switch off location services for any of its services at any time, though this would obviously impact the performance of some. The Maps application for example cannot function without it, and does track user movements by the minute once switched on. With such opportunity for abuse, Google introduced pause features for some of its apps, allowing the user to become invisible for a undefined period of time.

The relationship with the user and the concept of trust is critical to Google. Revenues are generated off creating free services and implementing advertising platforms into the services, though to remain relevant Google needs the consumer data to improve applications. Without constant upgrades and fine-tuning, Google could not maintain the dominant position is enjoys today.

Collecting this data requires trust. The user must trust Google is not mishandling the data it acquires, but also respects the users right to privacy. Without this element of trust between the user and Google, it would not be able to acquire the critically important insight. With this revelation, Google has put a dent in its own credibility and damaged the relationship with the user.

The impact on Google overall will of course be limited. There are too many good stories to drown out the negative and ultimately the user needs Google. Such is the importance of Google’s services to the digital economy, or perhaps it should be worded as a lack of effective enough alternatives, we suspect few users will allow this invasion of privacy to impact their daily routines.

This is not supposed to be any form of validation for the contradictory ‘do no evil’ business, but more a sad truth of today.

Should privacy be treated as a right to protect stringently, or a commodity for users to trade for benefits?

Loading ... Loading ...