What are Facebook and Garmin really doing with my data?

For all the articles I’ve read about privacy issues, I’d never actually read a privacy policy. I’ve worried about our digital surveillance society, but have spent comparatively little time considering what it means for my daily choices. For these reasons, I found this assignment illuminating. I chose to focus on Facebook and Garmin, investigating how they track me, what data they collect about me, and how they are using this data. It turns out I’m comfortable with Garmin, but Facebook makes me uneasy. Still, I’ll continue to use the service, because I think the benefits outweigh the discomfort.

My Facebook account

How Facebook is tracking me and what data it is collecting

I knew Facebook is tracking my activity on their products, but was surprised to learn the extent of additional tracking beyond this. Facebook is tracking:

• Everything I do on Facebook and Messenger. What I look at, what I click on, what I ‘like’, what I write, and even what I write and then delete before sending.
• Everything others do on Facebook that relates to me, such as commenting on my posts, tagging me, or syncing my contact information.
• Much of what I do elsewhere online. Facebook tracks my activity on many different websites — or as Tech Crunch put it, “nearly every website on earth” — using tracking software such as social plug-ins (e.g. the ‘like’ button) or the Facebook pixel.
• Some things I do offline. Facebook receives and/or buys information from third-party data providers such as Acxiom, Epsilon and Experian. This may include data from loyalty programs, retail companies, credit card transactions, etc.
• My phone contacts. I didn’t realize it, but Messenger continuously uploads my phone contacts to Facebook. Terrified of eternal loneliness as I am, I must have fallen prey to this request at some point:

A screenshot from Facebook Messenger. Source: TechCrunch

How Facebook is leveraging my data

Selling ads is Facebook’s core business, accounting for 98.5% of company revenue. Facebook combines all the data types listed above to create a detailed profile of my interests and characteristics, in order to sell targeted ad placements. It leverages data from over two billion users to understand patterns about which types of people like — or are susceptible to — which types of things. So, my data helps Facebook better target other users, and vice versa.

Facebook also leverages my data is to personalize my user experience. My data informs what I see on Facebook — from News Feed content to event and friend suggestions. The goal is to keep me on Facebook so that the company can continue to monetize my attention. More broadly, Facebook analyzes user data to inform business decisions such as design changes and new features.

Am I comfortable with this?

I am instinctively uncomfortable with this level of surveillance. I would prefer not to have a company watching my every move online. It especially bothers me that Facebook is integrating data from other parts of my online and offline life. I knowingly trade my Facebook activity data in return for targeted ads, but I don’t assent to them collecting and combining data from many disparate parts of my life (even though legally they can).

Despite all this, I’m going to stay on Facebook. The costs of leaving are just too high. It’s the easiest and most reliable place to find people online, and I access events, groups and conversations on Facebook that I would otherwise never hear about. Ultimately, I’m willing to tolerate some discomfort about data use in return for these benefits.

Going forward, I’ve stopped Messenger accessing my phone contacts, and I double-checked that location access is blocked. I’ve disallowed ad targeting on Facebook based on data from elsewhere, and disallowed the use of Facebook data to determine which ads I see elsewhere.

By ceding some minimal control to users, Facebook keeps people like me on the platform. I’ve done just enough to reduce my discomfort, and now I’ll get back to being surveilled.

My Garmin watch

How it is tracking me and what data it is collecting

I purchased a Garmin fitness watch in 2016 and commenced wearing it 24/7. The device tracked my workouts using heart rate, GPS and accelerometer data. It also tracked incidental exercise, such as step count and floors climbed, and my nightly sleep patterns. These days I wear it sporadically, mostly when I go running. The watch syncs with my phone via Bluetooth, and from there data is uploaded to a web server. I use the Garmin Connect app to track my workout history, and in turn Garmin tracks my use of the app.

My heart rate while writing this post, courtesy of Garmin Connect

How Garmin is leveraging my data

• To help me get fit. One way Garmin uses my data is the same way a coach would: to help me meet my fitness goals. The Connect app awards me badges, provides tailored messages of encouragement, and highlights improvement over time. These features are designed to enhance user experience and keep me using Garmin products.
• To inform Garmin products, marketing and strategy. Garmin collects data from over 15 million users. According to its privacy policy, Garmin uses this data to “improve the quality and functionality [of products]… and develop and market products.” In other words, it analyzes customer data to inform business decisions, as one would expect.
• To sell to third parties. Garmin denies that it sells personal data, but admits to sharing and selling de-identified, aggregate data to third parties “for research or other purposes”. Whom Garmin shares data with is completely opaque. I would not be surprised if Garmin sells aggregated data to health insurers or the ad industry, but the extent remains unclear.

Am I comfortable to continue using Garmin?

I have no qualms with the first two uses of my data; in fact I welcome both. I enjoy my tailored user experience. I am less thrilled about Garmin selling data to third parties, but mainly because the process is so opaque. The Internet Society lists Purpose Specification as one of eight key principles for data collection and privacy. Garmin’s claim to sell aggregated data “for research or other purposes” is about as unspecific as you can get. However, while I’d prefer greater transparency, I’m not majorly concerned by Garmin selling de-identified data; I’m much more likely to lose sleep about Facebook or Google.

If I do, I’m sure my watch will let me know.