The ugly truth: tech companies are tracking and misusing our data, and there’s little we can do

While leaks and whistleblowers continue to be valuable tools in the fight for data privacy, we can’t rely on them solely to keep big tech companies in check.

As survey results pile, it’s becoming clear Australians are sceptical about how their online data is tracked and used. But one question worth asking is: are our fears founded?

The short answer is: yes.

In a survey of 2,000 people completed last year, Privacy Australia found 57.9% of participants weren’t confident companies would take adequate measures to protect their data.

Similar scepticism was noted in results from the 2017 Australian Community Attitudes to Privacy Survey of 1,800 people, which found:

• 79% of participants felt uncomfortable with targeted advertising based on their online activities

• 83% were uncomfortable with social networking companies keeping their information

• 66% believed it was standard practice for mobile apps to collect user information and

• 74% believed it was standard practice for websites to collect user information.

Also in 2017, the Digital Rights in Australia report, prepared by the University of Sydney’s Digital Rights and Governance Project, revealed 62% of 1,600 participants felt they weren’t in control of their online privacy. About 47% were also concerned the government could violate their privacy.

The ugly truth

Lately, a common pattern has emerged every time malpractice is exposed.

The company involved will provide an “opt-out” mechanism for users, or a dashboard to see what personal data is being collected (for example, Google Privacy Checkup), along with an apology.

If we opt-out, does this mean they stop collecting our data? Would they reveal collected data to us? And if we requested to have our data deleted, would they do so?

To be blunt, we don’t know. And as end users there’s not much we can do about it, anyway.

When it comes to personal data, it’s extremely difficult to identify unlawful collections among legitimate collections, because multiple factors need to be considered, including the context in which the data is collected, the methodology used to obtain user consent, and country-specific laws.

Also, it’s almost impossible to know if user data is being misused within company bounds or in business-to-business interactions.

Despite ongoing public outcry to protect online privacy, last year we witnessed the Cambridge Analytica scandal, in which a third party company was able to the gather personal information of millions of Facebook users and use it in political campaigns.

Earlier this year, both Amazon and Apple were reported to be using human annotators to listen to personal conversations, recorded via their respective digital assistants Alexa and Siri.

Read more: What if the companies that profit from your data had to pay you?

More recently, a New York Times article exposed how much fine granular data is acquired and maintained by relatively unknown consumer scoring companies. In one case, a third-party company knew the writer Kashmir Hill used her iPhone to order chicken tikka masala, vegetable samosas, and garlic naan on a Saturday night in April, three years ago.

At this rate, without any action, scepticism towards online privacy will only increase.

History is a teacher

Early this year, we witnessed the bitter end of the Do-Not-Track initiative. This was proposed as a privacy feature where requests made by an internet browser contained a flag, asking remote web servers to not track users. However, there was no legal framework to force web server compliance, so many web servers ended up discarding this flag.

Many companies have made it too difficult to opt-out from data collections, or request the deletion of all data related to an individual.

For example, as a solution to the backlash on human voice command annotation, Apple provided an opt-out mechanism. However, doing this for an Apple device is not straightforward, and the option isn’t prominent in the device settings.

Also, it’s clear tech companies don’t want to have opting-out of tracking as users’ default setting.

It’s worth noting that since Australia doesn’t have social media or internet giants, much of the country’s privacy-related debates are focused on government legislation.

Are regulatory safeguards useful?

But there is some hope left. Some recent events have prompted tech companies to think twice about the undeclared collection of user data.

MORE of the story / click image TOP of PAGE