In spite of the many moral panics of 2018, the abuse of personal data shows no sign of abating at the start of 2019.
You might assume the somewhat overblown Cambridge Analytica scandal, in which everyone got all outraged that some political campaigns used data obtained from Facebook to target their messages, would have resulted in a far more reticent approach to the commercialisation of personal data. A couple of recent stories, however, indicate the opposite is true.
Motherboard did an investigation that concluded ‘T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.’
The investigation essentially concludes that the act of selling on personal data is intrinsically open to abuse. As soon as you hand this data to a third party you lose all control over how it is used. Quite a lot like the Cambridge Analytica case, in fact. Here’s a flow chart from the article, showing the journey resold data can take.
Upon reading the piece a US Senator called Ron Wyden called out TMUS CEO John Legere, accusing him of not following through on a previous vow to stop selling on data in this way. Here’s Legere’s response.
I keep my word, @RonWyden. T-Mobile IS completely ending location aggregator work. We’re doing it the right way to avoid impacting consumers who use these types of services for things like emergency assistance. It will end in March, as planned and promised.
— John Legere (@JohnLegere) January 9, 2019
Elsewhere the FT took a look at the kind of data aggregators that typically buy data from those who collect it in order to analyse it, repackage it, and sell it on as some kind of market insight. Referring to it as the ‘data broking industry, the report looks into how they operate and reveals that regulators, in Europe at least, are finally getting around to taking a closer look at how they operate.
It must be especially frustrating to proponents of GDPR that is seems to have negligible effect on what must sure have been one of the main industries is was designed to regulate. One source in the report refers to the likes of Oracle, Salesforce and Nielsen as ‘privacy deathstars’, that can sell on hundreds of datapoints tracking individuals’ every move.
Combined with growing evidence that financial services giants are behind much of the policing of online behaviour that was such a feature of 2018, it’s hard to avoid the conclusion that the internet is increasingly being used for the wholesale exploitation of individuals. Regulators seem ill-equipped to catch up with these privacy deathstars and it’s easy to imagine the state looking benignly at an industry that facilitates the tracking and manipulation of the public.