An analysis of Dutch municipal websites and their data relationship with social media
Dutch municipalities that direct their website visitors to Facebook or Whatsapp use foreign technology to communicate with their citizens, exposing them to the data collection practices of those companies and the inherent privacy risks. As such, they indirectly, aid these parties in making a profit, even though they do not pay taxes in the Netherlands.
In April 2019 (#30), Dutch iBestuur Magazine published an article quoting D’66 senator Kees Verhoeven that municipalities should disengage from foreign technology companies and develop their own communication channels. In the Dutch article ‘Facebook and Twitter are not utilities’, Verhoeven says: “In our recent tech vision, we also explained that the government should no longer communicate with its citizen through Whatsapp or Facebook”. I and my colleagues at the Mercator Working Group for Mapping Disinformation completely agree.
Mark Z. owns it all
Data = money
Think of the amount of data that is collected and used to deliver advertisements to specific target audiences online. So-called micro targeting is not just about location, age, and gender, but also about reaching people with a specific political preference, hobby, or medical condition. Facebook’s business model is about selling ads on the basis of what people ‘like’ and visit on the Internet. And what to think of fake news (and now deepfake videos) and how it is used in politics and the polarisation of society? Facebook uses our humanity to increase its profits, by using our need for social contact and selling that data to the highest bidder.
Verhoeven’s quotes inspired the Mercator working group to investigate which Dutch municipalities use foreign technology to communicate with its citizens, to what extent this occurs, and what other parties are there with which their websites have data relationships.
We created a list with the URLs of all 355 municipalities in the Netherlands. We then used open source software (OpenWPM) to see what happens in someone’s browser that visits one of the 355 municipal websites. The browser was newly installed and did not contain any cookies or search history. In addition to the ‘normal’ data traffic required to make a website work, we saw other parties with which the websites exchange data, for example, for analytics and accessibility purposes. As was expected, many websites have data relationships with companies that enable speech recognition and support for people with visual disabilities (ReadSpeaker).
Our analysts then looked specifically for relationships with social media and software for analysing and tracking visitors. This was done at the top level of the website. What the data told us, was that on the 16th of May 2019, 83.3% of all Dutch municipalities had a direct link from the homepage to Twitter; 81.1% to Facebook; 33.5% to Instagram, 27% to YouTube and 23.9% to LinkedIn. Hilversum municipality was the only one with an account on SnapChat, an app that deletes a message after the user has opened it.
More worrying is the fact that the websites of the municipalities of Helmond and Waterland contain code for a Facebook tracker. We also found this so-called pixel on www.leiden.nl, a URL that appears to be owned by the city of Leiden, but we could not verify that. The visitor can click through to the official municipality website, which is a subdomain of www.leiden.nl. The pixel is left in the browser of people who visit the website, to collect data for Facebook for advertising purposes. So, if someone visits the pages on debt support or medical benefits, that data is stored on Facbook’s servers. The citizen has not given the municipality permission to do so, he is probably not even aware that it happened. This is how data from a supposed private interaction between a citizen and his municipality contributes to Facebook’s business model: to sell ads on the basis op what people ‘like’ and visit online. Tilburg, Arnhem, and Meppel are the only three municipalities that have no data relationship with social media at the top level of their websites. This may be the case with underlying pages, but we have not investigated those as yet.
Is it worth it?
We can conclude that a large number of Dutch municipalities contribute to the business model of foreign software companies. That is in itself unfortunate, but there is a lot more at stake. The Dutch government has a civic duty to protect citizens and their data. Not to throw it to the wind by casually choosing technology owned by companies that have proven time and time again that their view on privacy has little to do with protecting people. The question we want to ask is this one: what is the added value of social media for the core activities of Dutch municipalities and is it worth paying that price with the personal data of its citizens?
Mercator Working Group for Mapping Disinformation is an initiative of A Lab Amsterdam. We are an international collective of data scientists, researchers and journalists that help digital citizens and policy makers to better understand the risks of disinformation and the consequences for civil participation. Disinformation is the strategic deployment of a.o. misinformation and fake news in order to influence citizens. For more information, go to www.mappingdisinformation.org
The data and analyses mentioned in this article are available on https://github.com/mercator-working-group/gemeente-social
Written for iBestuur Magazine. Read the original (Dutch) here.