Hooray for GDPR: scale of data-grabbing exposed to the light

New revelations about Huffington Post and Facebook data-sharing are jaw-dropping

The difference GDPR has made in the EU is that this kind of data sharing is now transparent (or is supposed to be). Photograph: iStock

The difference GDPR has made in the EU is that this kind of data sharing is now transparent (or is supposed to be). Photograph: iStock

 

The General Data Protection Regulation (GDPR), which came into effect on May 25th, has given startling insight into just how many people and organisations have or want our data.

Like everyone else in the EU, in the lead-up to GDPR I was swamped with irritating emails asking me to click to stay on someone’s email list (in most cases: er, no). For many of us, that email storm was the first inkling of the tangible positives of GDPR.

But the real eye-opener, for me, came when I clicked this week on a Twitter link to a story on the Huffington Post website. In compliance with GDPR, the Huffington Post, as part of parent media group Oath, revealed the extraordinary scope of just how many third parties – heretofore unknown to users – could gain access to their data.

Explaining that I would have to give consent to access their services, the message invited me to either say okay to everyone, or manage which third-party “partners” I wished to share data with to receive targeted ads (er, no). I counted a staggering 112 partners on the first list, of companies that adhere to the Interacting Advertising Bureau (IAB) Transparency and Consent framework.

But wait, there’s more.

There’s a second page of “advertising partners that do not participate in [the framework], but with whom we have direct contractual agreements around user privacy rights.”

There were 301.

So in the past, if I read a single Huffington Post story, 413 third parties potentially were granted access to my data, way off the scale of what I’d imagined.

Hooray for GDPR

To Oath’s credit, it has taken its GDPR duties seriously and has an extensive set of privacy pagesthat allows people to fine-tune how their data may be used (although the initial pop-ups are confusing, and imply people should just click okay and enable data sharing).

However, you can use sliders to manage each of these 413 partners (correctly, they all by default in off-mode, and I cannot imagine many would choose to turn them on). Somewhat laughably, alongside there’s a link to every single one’s privacy policies (who’s going to read all of those?).

But hooray for GDPR. The difference between May 24th and May 25th in the EU is that this kind of data sharing is now transparent (or is supposed to be).

A timely investigation and report out this past week from UK consumer advocates Which? provides further copious and alarming evidence of how widespread and opaque data gathering is by websites and the devices we own.

Think you’re just using your phone, TV or toothbrush? A Which? investigation found “a staggering level of home surveillance” from devices. One Samsung smart TV could connect to 700 different web addresses within 15 minutes of turning it on, and a Philips smart toothbrush passed on location data and – for no particular reason – could access your smartphone microphone. Security glitches in some devices, such as security cameras, meant they could be hacked.

Greater control

A related Which? report released on Tuesday calls for consumers to be given greater control over their data and “reveals a widespread sense of disempowerment” among consumers, who know their data is harvested by sites and services but may not conceive of the sheer scale at which this is done – as my Huffington Post experience reminded me.

“The majority of consumers envisage that the use of data about them is relatively generic, anonymised, and specific to a single transaction with a product or service. When learning more about data profiling, most are surprised about the extent and detail of their ‘digital self’,” notes the report.

“Most ordinary people have a poor understanding of how their data is collected, shared and sold,” Alex Neill, Which? managing director of home products and services, said in a statement that also calls for greater political awareness and improved transparency and oversight.

He adds that Facebook, Google and the others “have been able to take advantage of this knowledge gap to rake in data – and therefore profits – on an unprecedented scale.”

Meanwhile, in a separate development, the New York Times has revealed  that over time, Facebook has had data sharing arrangements with “at least” 60 device manufacturers, including Apple, Samsung, Microsoft and Amazon, raising “concerns about the company’s privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. ”

Those connections will also prompt questions in Europe, with its greater privacy protections.

An even bigger question: as ever more of this covert data-grabbing insanity come to light, and is revealed by GDPR, how long will it be before US consumers demand the same rights Europeans now have under GDPR?

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.