Data is everywhere — in every website clicked, every share, every personality test is taken online, every like, dislike. Amidst the row over the breach of user information on Facebook, The Sunday Express looks at why this data is not just yours.
Cambridge Analytica-Facebook data breach
In November 2008, a 22-year-old Mark Zuckerberg took the stage at the Web 2.0 Summit in San Francisco. As the audience listened in rapt attention, the young CEO, in what would go on to be his trademark round-neck T-shirt, went on a hardsell of the relatively new Facebook. “I would expect that next year, people will share twice as much information as they share this year, and next year, they will be sharing twice as much as they did the year before.” This formula for social sharing came to be called the ‘Zuckerberg Law’.
A decade on, as Facebook finds itself caught in a debate over Cambridge Analytica, a data analytics firm accused of using the social networking site’s user data to influence elections in the US, Zuckerberg might be hoping that his platform didn’t grow at the pace he predicted. A speed at which the company itself could not keep up with the amount of data it was generating, the number of third parties that were using this data and the kind of problems this mix was creating.
An increasing number of Facebook’s 2.2 billion users are now becoming more cautious of what they share, but the majority still live in denial. While most people, like Donald Duck in the meme that’s been doing the rounds since the Cambridge Analytica controversy, might think that “your data is as worthless as you”, the fact remains that it is an asset with immense value, especially when it forms part of a larger dataset.
While users believe that the data they willingly surrender to Facebook, Google, and other Internet companies are in return for personalized services, the troves of user information can often be very tempting for some players in this value chain.
Cambridge Analytica, for instance, used the data collected by a personality quiz app, called ‘thisisyourdigitallife’, to swing voting behavior. Approximately 2.7 lakh people downloaded the app and in doing so, gave access to their friend lists, their reading habits, and political inclinations.
Most apps collect permission for accessing much more data than they actually need — like a torch app getting access to a user’s contact list. Some might end up misusing this data or selling this information to others. That’s where the problem begins.
In an interview to The New York Times after the Cambridge Analytica row, Zuckerberg suggested that there could be other apps that “could have gotten access to more information and potentially sold it without us knowing or done something that violated people’s trust” and that Facebook needed to “make sure we get that under control”.
A Facebook India spokesperson told
The Sunday Express they were investigating all apps that had access to “large amounts of information before we changed our platform to dramatically reduce data access in 2014”.
Facebook said it would tell people affected by apps that have misused their data and that from here on if apps are removed for misusing data, “we will tell everyone who used it”. A lot of other measures, which includes turning off access for unused apps, have been put in place.
In response to queries, Google India pointed to its Google Play Developer Policy Center, which elaborates on how apps should ideally handle user data. The policy says developers need to be transparent in how they handle data, including by “disclosing the collection, use, and sharing of the data”, and must limit the use of data to the description in the disclosure. Apps that handle personal data must post a privacy policy that mentions “the types of parties with whom it’s shared”.
Mayank Bhangadia, CEO, and co-founder of Indian social media app Roposo asks why would someone require user data for any other reason apart from making the in-app experience better? “Why share this data with a third party, if there are any chances of the data being misused? Capturing calls logs and capturing activity on other apps a user uses is, in my opinion, quite unethical.”
Express Explained | How Facebook data may build the picture of voters’ minds
What is data?
Internet businesses have thrived around the ad-funded model, where users give up their browsing data to access free services that are funded by ads that feed on this data. For instance, every time you search for a holiday destination or even receive a mail from a friend to plan a trip, your data goes to advertisers who might have holiday packages or airline tickets to offer. This explains the ads that pop up on the screen based on your online behavior.
These data-driven ads are much more effective than traditional forms as they are based on user preferences. But then these user preferences are gleaned from what people do online, often without their consent and without their knowledge.
While most regular Internet users now think twice before filling any online form with their personal data, not many are aware that everything they do adds to a data pile somewhere. For instance, while smartphone photographs and tweets share location data, social media posts give a clear idea about purchase preferences, habits and, of course, political leaning. Technology these days enables companies to read even the mood of the people from posts, even without the user selecting the ‘feeling happy/sad/thrilled…’ field.
Also, all this data is not voluntarily surrendered. For instance, from the day a user starts using an Android phone or a Google app, the search giant starts mapping all the physical places the user went to unless the location tracking was switched off. According to some reports, Facebook logs call data of its users on the phone and anyway has all location data.
Others are catching up too. Ola, for instance, is working on serving targeted ads on its Ola Play screen given that it knows where you are headed, and maybe for what. So the ads will be different if you are headed for work, going to the airport or for a party.
Related | Meaning Psychographics: Analysis of personality and opinion, using data
And there are other forms of data these companies have access to. For example, commands to Google Assistant on an Android phone are stored and available for users to review on Google’s MyActivity page. Similarly, every time a fingerprint scanner or an iris scanner for a device’s security is used, this data is stored, but usually on the device itself.
Jon Stephenson von Tetzchner, co-founder and former CEO of Opera, clarifies that most companies do not collect data without consent. “It is only a few and no, they should not be able to do this, with or without asking for consent. There is nothing right about being able to collect user data at the scale we see today,” says the Icelandic businessman who was one of the pioneers of the Internet as we know it.
Related | What is the data protection framework in India? And how safe or unsafe is your data?
As Tetzchner says, not all companies are interested in this data. At the Recode event this week, Apple CEO Tim Cook rebuked Facebook saying, “We could make a tonne of money if we monetized our customers if our customers were our product.” But, he added, Apple has elected not to do that. “We’re not going to traffic in your personal life. Privacy to us is a human right, a civil liberty.”
How valuable is your data?
Companies such as Facebook and Google that have made the most of this model enjoy a lion’s share of the digital advertising revenue. According to investor data of both these companies, Google’s ad revenue for Q4 2017 stood at $27.2 billion, while Facebook’s jumped 48 percent in Q4 2017 to $12.2 billion.
Google and Facebook corner about 62 percent of all global ad revenues, but that’s not surprising considering they together have about 2.5 billion monthly active users — a third of the world’s population.
Also read | Data privacy on the internet: How to check all your data that Google keeps
All Internet companies that have ad positions enabled charge a premium for targeting — the nicer the audience, the more the ad firm pays the Internet company. So the more data the user gives to the platform, the more money the Internet company makes.
Tetzchner puts things in perspective: “What we are talking about here is really stolen goods. The user data belongs only to the user and nobody should be able to steal this data and sell it.” He says there is “something creepy” about the notion that surveillance data can be collected and sold with no consequences. “We used to call this spyware and trojans. The Internet is not built on spyware. The Internet would run just as well without companies having the ability to collect and sell user data the way it’s being done now by some of the larger companies.”
Just a week ago, Tetzchenr’s new Vivaldi browser enabled DuckDuckGo as the default search engine in its Private Windows — even in private mode, the default search engine knows what the user is doing. DuckDuckGo avoids personalized search based on user data.
However, Raposo's Bhangadia says it will be tough to offer customized services if users start withholding data. “If they stop or skip sharing data, it would clearly hinder the in-app experience a platform can offer,” says Bhangadia, whose app now claims 8 million users. He says Roposo is “extremely careful” that no third party can directly or indirectly use any user data.
Bhangadia says users will be more secure if they stop ignoring terms and conditions. Tetzchner, who has studied Internet user behavior for over two decades, too agrees that most people have no clue what is happening. “They just have this strange feeling of being followed, which they are.”
What Indians Do Online
– Indians spend 45 percent of their time on mobile phones. Weekly time spent on a mobile phone is seven times that spent on a television set
– Of the time spent on their phones, 45 percent is on entertainment, followed by “search, social and messaging” at 34 percent. News and media occupy just over 2 percent of people’s online phone time. India is the Number 1 market for time spent on Android
– India’s top downloaded Android app is WhatsApp, followed by Facebook Messenger
– More apps downloaded on Google Play Store in India than in the US
(Source: Mary Meeker 2017 report on the state of the Internet)
How to be in control
On Facebook
Go to the Facebook Settings page, click on Privacy. Here you can limit who sees what content. For instance, you can ensure that only friends can look you up on Facebook via your email address or even restrict this information as hidden to all by choosing ‘Only Me’.
On Google
Go to MyAccount.Google.com and sign in. This page lets you monitor how data for all Google services have been collected. This includes data for search, YouTube, video and audio devices, etc. On Google Maps, you can go to timeline and see your entire location history if you have that turned on. You can turn off this timeline feature if you wish to do so.
On Third-party apps
– On Android 6.0 and above, a user can review an app’s permissions. So if a photo-sharing app wants all your call access data, you can turn it off in the settings. On iOS too, you can monitor, which apps get access to what services. For instance, if you do not want to an app like Ola or Uber to access your location data all the time, you can make sure of it in the settings on iOS.
– Further, when downloading an app, make sure it is from the authorized Google Play Store or App Store on iOS. Do not download apps from third-party stores as they might not be secure. Do not download apps from links sent over messages, Facebook, etc as these might contain malware.