Who Is Buying Your Personal Information and the Internet of Things?

Who owns your personal information? Who gives companies the right to collect data about you, your family, your friends, your activities, where you live, what you eat, drink, your health, how you travel? Somewhere along the line you probably did, because you didn’t read, or understand the fine print when you signed up for an application, an email newsletter, a loyalty card, or you aren’t worried about your privacy.

There has been much talk about the NSA, and big data monitoring systems in most countries around the world designed to protect us all from terrorism. There has been a lot of talk about how privacy is being eroded with social media. Many of us have the philosophy that if we don’t do anything wrong, we have nothing to hide. But who else is collecting, buying and selling personal information about you?

A recent story in The Futurist called ‘Connecting with our Connected World captured my attention, particularly when it outlined, from a Wall Street Journal article,  apparently fairly common knowledge, that many retail stores track personal shopping habits using loyalty cards and then resell the data to marketers. The Wall Street Journal article ‘confirmed’ that this same data is now being purchased by insurance companies for the purpose of setting premiums and investigating claims.

With the Internet of Things (IoT), we are now being encouraged to buy fridges with built in bar code readers and wireless connectivity, so that we can scan items we use and feed them to our shopping list. Many of us now have grocery applications, such as the Countdown app, which I have blogged about before in my SoLoMo Consulting blog.These apps monitor what you buy, suggest specials, recipes and even navigate you up and down the aisles of your nearest supermarket so you don’t have to backtrack for things you forgot.

As Richard Yonck of Intelligent Future LLC in Seattle points out in The Futurist, “the rate at which a household consumes sugar, salt, tobacco and alcohol would potentially be an open book.” What could your health insurer infer from that?

It names them

Combine the information from your mobile apps that know your location, where you have given permission (which is probably half of the apps you use today), your climate control, light controls (that suggest you might be home, or not), fitness apps, social media (freely searchable with tools like Facebook Graph like the example which names people who like Edam cheese,) the direction Google and Apple are heading, to be able to predict what services you may want next based on your context, profile, time and location, your life is an open book today.

The problem with all this big data that we are ‘willingly’ sharing, is that we really don’t know what we are agreeing to or what the data is being used for. I don’t believe we have adequate laws nationally or internationally to protect us from abuse of this data by any agency, business, government department, insurance company, utility company, finance company, the list is infinite.

According to a story in The Public Herald it’s pretty much a free for all. For example they say:

• Experion sells data updated weekly on new parents, new homeowners and other new event life triggers.
• Have a read of what information Epsilon sells in this PDF. Who reads Science Fiction novels? Ever wondered why your phone keeps ringing with charities asking for donations? They buy lists.
• Back to the Public Herald which says that Disney sells data including who bought what, the age and gender of the children, age and occupation of the people who purchased from them and more.

These are just scratching the surface. It isn’t necessarily all bad, the problem is that there doesn’t appear to be any authority tracking who shares what information with whom. The issues come down to informed consent. When you sign a form, enter a competition online with an attractive prize and you click, ‘yes, you can share my information with partners who may have items of interest to me’ perhaps because you think you might have a higher chance of winning the prize, you are losing control of your data.

There are laws designed to protect us from spam, but we often sign away rights without understanding the implications. Companies selling our data will argue that they have our approval to use and share our information. The flow of data will become so convoluted that it will become impossible to know who has what. Big Data companies will consolidate this data also with our ‘implied’ approval.

Governments need to be thinking about this now, if it is not already too late. Of course they arguably need the data as well in order to provide quality health, education and other services, including planning future smart cities. They need as much data as possible, although they don’t in many cases need the granular level down to individual people.

So as a footnote, think about all the cool Internet of Things you are buying over the next couple of years, like exercise devices, remote controlled security cameras and home access, climate control, sleep and snoring monitors, lighting, car telematics, electronic ticketing for public transport and much more, weigh up the cool with potential risk and consider that if legitimate organizations can access your data, so potentially can people wanting to commit crimes. It is already known that burglars steal product to order based on what they find on social media apps like Facebook (had a great weekend on the jet ski and now I’m off to Fiji for a couple of weeks and I’m putting the dogs in a kennel).

Location Based Applications and Trust

I just read a blog by Kevin Pomfret, Executive Director of the Centre for Spatial Law and Policy, about the decision of Craigslist to pull it’s Adult Services section after finding out that people had been using it for prostitution and trafficking of women and girls. He suggested that people developing geolocation applications needed to also consider privacy of users in the same way.

I totally agree. Already there are many anecdotal stories of people using Facebook and other stories to target empty homes. One story in Mail Online called Facebook a shopping list for burglars. It went on to suggest that insurance companies might increase the risk profile of clients who have social networking accounts.

Now of course we have Facebook Places, which starts by checking the city your IP Address is based in and then invites you to let it know exactly where you are. There are bound to be loads of Facebook applications for mobile that will use the GPS in your phone to check exactly where you are. Great for stalkers who want to find you and for others who want to know where you aren’t and such as when you are not at home.

For more on this, check out my blog on Who’s Looking at you on Facebook?

Now don’t get me wrong, I am totally into location based services. I just want to make sure that people understand what they are getting into when they start using them. An application I really like is foursquare. It has rewards for people who use it such as points and badges. You can see where your ‘friends’ are, which is great if you want to catch up with them. I recommend if you do that, you make sure you actually know and trust your ‘friends’.

As foursquare starts to work towards monetizing, a good thing to do for application developers:) they are now selling advertising and encouraging locations to offer deals based on proximity. For example, if you become Mayor of a location you can get special deals. If you are Mayor of Auckland Airport for example, you can get free entry into the Koru Lounge. The cool thing about that is that the advertiser doesn’t have to know who you are and has no way of knowing who you are unless you tell them.

That’s one of the places I want to go with proximity based marketing. I would like to see Happy Hour applications and be offered deals based on product segments I’m interested in, at times when I am not only in proximity, but also when I am open to an offer. Offer me a 2 for 1 deal at a bar on a Friday evening, but not on a Monday morning. Give me the ability and an incentive to invite my friends, but I don’t want the advertiser to to have access to my friends details unless they want to provide them.

Opting in and informed consent is crucial for location based marketing. There is a Code of Practice for Direct Marketing in most countries. Proximity Based Marketing is even more important and for applications to become accepted, we need to be able to trust that our privacy and security is protected. This is particularly important for children and young adults who could easily be targeted by dangerous criminals.

Informed consent is a key issue here. Most people don’t read End User License Agreements. Do you know the rights you have bestowed on Microsoft when you open Microsoft Office? Did you read them, or did you just tick the box and start using it. In the Windows 7 EULA it says “b. Use of Information. Microsoft may use the computer information, accelerator information,
search suggestions information, error reports, and Malware reports to improve our software and services. We may also share it with others, such as hardware and software vendors.”

If you use any application, especially a location based application, you need to clearly understand what privacy it allows you and what your potential risks are. More on this in the future. In the meantime, the onus is on the application developers to protect the interests of the users if they want to encourage them to use their applications.

When The Hyperfactory started in mobile marketing, they got together with advertising agencies and other interested parties and formed a wireless marketing association. One of the first things the association did was to form a voluntary code of practice. I believe the same thing needs to happen for location based applications and quickly.