We've Lost Control Of Our Data
Do you have a Google account? I know I do. I bet you do too.
That account connects with different services. Your Gmail, Web Analytics, AdWords, YouTube, Android phone, and probably more all use the same Google account.
Let’s pick 3 of those services and say you have a Google account for your Android phone, Gmail, and YouTube. How much information could they get from just those three?
How Much Info?
Well, Google knows who you’re emailing. They can sync your email contacts with your phone’s contacts. That means they have a decent idea who you know. Based on your conversations, they can glean who you hang out with for fun, who you work with, and who are family members - as long as you talk to your family every now and then.
Do you enjoy music on YouTube? Who doesn’t, right?
Google knows exactly which genres you listen to and when you listen to them. Do you rock out to heavy metal around 6pm on the weekdays? Maybe you listen to some relaxing music, maybe even spiritual, on Sundays? Do you play music during work hours or only on goof-off days like Monday and Friday?
These are listening patterns Google can easily figure out. With just those 3 services, Google can create a pretty accurate portrait of your day-to-day life.
Always Collecting
Any Google app you use gives them permission to collect data about you.
They’re definitely not the only company. Collecting, packaging, and reselling user data has become a lucrative business model. It’s why Facebook priced their initial IPO at over $100 billion.
Collecting, packaging, and selling your data brings in big bucks for these companies.
With Our Blessing
And we’ve agreed to this. We want to use their “free” products. In exchange, we give them our data and the right to analyze it, aggregate it with our other data, and sell it.
We’ve been giving companies unnecessary data for a long time. Remember not too long ago, when we’d write our social security number down for any business that wanted it? We don’t think twice about sharing our address and phone number with companies, and haven’t for a long time.
We assume they “need” it to do business with us.
What’s changed over time is the amount of data that’s collected coupled with the ability to use that massive amount of data to create a perfect picture of each one of us.
Instead of each company collecting our phone number, they can just purchase it from one another. They get our address from five companies, our birthdate from another two, our purchase history from 4 more, our social data from 3 others, and combine it all together.
They can easily purchase, store, and analyze this data in ways the average business couldn’t before. And they’re adding to it every second of every day.
Now companies can track our location to serve us ads specific to where we might be. They can see how our moods and activities change over time. They know when we’re dating, getting married, and even having little ones.
They know more about us than our own mothers do. Hell, they know more about us than we know about ourselves.
And it’s alarming.
Is It Consensual Though?
We don’t know how each and every piece of software we use, website we visit, or even rewards card we enter gathers our data. We don’t know what they’re gathering, how they store it, or who they sell it to.
All of this is happening at a massive scale. We have little knowledge of what they’re gathering about us and zero power over it.
Google was fined roughly $57 million by the French data protection agency for violations of the GDPR this month. They claim Google isn’t being transparent nor obtaining proper consent for the data they collect.
And I think they’re right.
We, the everyday users, really have no idea what data Google (or anyone other company) collects about us. We don’t know how much is collected, how our data is processed, or how it’s used.
Yes, we know they use it for “advertising”, but that’s pretty vague. What specific data do they have on me? How exactly is it analyzed and used to advertise to me?
These are questions I’m not sure we, as users, can even understand the answers to. How Google (and other companies) analyze my data likely requires more education than I care to undertake. Plus, those are trade secrets, are they not? How one company analyzes my data is a unique part of their product. They’re not going to willingly share that with everyone.
And consent is a whole other thing.
How can I opt out? How can I stop you from selling my data to other companies who are even less transparent in how they use it?
This is likely how businesses will win this fight.
Companies currently protect themselves through their Terms of Service. It’s a lot of legal talk that tells you what they do, in the vaguest and most boring terms.
They expect the everyday user to stop what they’re doing, read, actually understand, and consent to this legal document. That’s just ludicrous.
It was a foolish idea when it was implemented. But we had no idea how massive the data collection would be in the beginning. So we all “consented”.
I would argue, and so would the French data protection agency, hiding all that information in a legal document is not consent. The average person would not consider that consent. I don’t think a judge would either.
But businesses will likely find a new way to gain our “consent”. One just as confusing and difficult to understand. But once they do it, we’ve technically agreed to let them keep doing what they’re doing. And that is how I think they’ll win these battles with GDPR.
Security, Anyone?
Do you know how they’re protecting all this data about you? How are they keeping this perfect assessment of your entire life secure? How are they ensuring third parties, whom they sell to, are also keeping this super specific information secure?
Another really good question I think. And one companies are failing at.
Remember the Cambridge Analytica breach? That happened because Facebook sold our information to a third party who failed to secure it. That one made headlines because of the size of the breach, but I guarantee there will be more.
The Dilemma
Companies feel entitled to our data. They built a prouct. We want to use that product. So we give them our data and they let us use their product.
But the sacrifice has become too much.
We’ve sacrificed control over our information. We’ve given them the right to collect massive amounts of data about us and to do with it what they will. And they are doing whatever they want with it.
The “R” Word
We need regulation to reign them in. Our data belongs to us. What they collect paints too accurate a picture of us. And it’s completely out of our control.
We deserve the right to control how our data is collected, who is allowed to have it, how it’s used, and how it’s secured.
And we currently have none of that.
Just try to delete some old accounts you no longer use. You’ll discover very quickly how little control you have over your own information.
We need rules governing how companies obtain consent and how they inform users so we (the users) understand exactly what we’re giving away. We need companies to prove our data is properly secured and only shared in ways we’ve consented to.
We need an entire framework built to protect us and our data. We need to fight for regulation that gives us the rightful control over our data.
We’ve got a lot of work that needs to be done, but we can do it. Just one step, one fight, and one piece of legislation at a time.