Author: BRIAN X. CHEN / Source: New York Times
In the real world, your personal life is a private space. But in tech, your personal data is a ripe resource for businesses to harvest in their own interests.
That was the broad takeaway from last week’s New York Times profile on Uber, the car-summoning service, and its chief executive, Travis Kalanick. Among other revelations, the report illuminated that to stay competitive, Uber bought information about its main American ride-hailing competitor, Lyft, from Unroll.me, a free email digest service.
How did Unroll.me get data about Lyft? While people could use the service free of charge to unsubscribe from marketing emails, Unroll.me made money by scanning the contents of its users’ inboxes and selling anonymized data, information that did not have individuals’ names attached to it (in this case, emailed Lyft receipts), to other companies, including marketers. Many consumers found Unroll.me’s practices misleading.
In addition, Uber was involved in some deception of its own: It participated in fingerprinting, a process in which iPhones were tagged with permanent identities that were detectable even after the Uber app was erased from the devices. The practice violated Apple’s terms of service, which could have resulted in Uber’s being banned from the App Store. Uber eventually revised the app to remove the fingerprinting code.
When it comes to data collection, services like Unroll.me and Uber are small fry compared with internet giants like Google and Facebook, which have a wealth of information about people. And then there are large data brokers like Acxiom, CoreLogic, Datalogix and ID Analytics, which collect, analyze and sell billions of details about consumers’ online activities for marketing purposes.
For consumers, giving up some data has become part of the trade-off of receiving compelling, personalized services. But that doesn’t mean you have to be caught by surprise. Here are some tips from privacy experts on protecting yourself from tricky data collection.
Read privacy policies
It was never a secret that Unroll.me was sharing anonymized user data with third parties. Its privacy policy, which was publicly posted, says that “we may collect, use, transfer, sell and disclose non-personal information for any purpose” and that data can be used “to build anonymous market research products and services.”
That so many people were caught by surprise showed how rarely they bother to read terms of service agreements, including privacy policies, said Runa Sandvik, director of information security for The New York Times.
When you sign up for a new app or web tool, the company typically asks you to agree to its terms of service. To avoid a privacy pitfall like the one involving Unroll.me, start perusing the terms and pay particular attention to the privacy policy. If you see language…
Click here to read more
