Data Digest № 012
Welcome to the 12th edition of the Data Digest. Today we cover $5 billion FCC fines celebrations, RTB being possibly illegal under GDPR, Russia’s selfie collection machine, bad bargains for your data, and more. Enjoy!
Sign up 👉 right here 👈 to get the Data Digest in your inbox.
Facebook Fined $5 billion. Investors Celebrate.
The US government will levy a $5 billion fine against Facebook for violating its users’ privacy, stemming from the Cambridge Analytica scandal.
After the news of the upcoming F.T.C. penalty broke, Wall Street immediately pushed the value of Facebook shares up to $205.27. The fact that the company’s stock price increased almost simultaneously to the fine, highlights that investors were fearing a substantially higher penalty. Furthermore, it validates that investors don’t expect Facebook’s business to become any less profitable. While Facebook agreed to more comprehensive oversight of how it handles user data, none of the conditions in the settlement will impose strict limitations on Facebook’s ability to collect and share data with third parties. A decision that appeared to split the five-member commission. The 3-to-2 vote, taken in secret this week, drew the dissent of the two Democrats on the commission because they sought stricter limits on the company. All in all, the $5 billion fine is nothing more than a slap on the wrist for a company generating $56 billion in revenue per year and with $40 billion in cash reserves. In the end, it’s unlikely this will bring about any long term change. An opportunity missed for data ownership and data privacy advocates.
The Ad Ecosystem’s Favorite Tool May Be Illegal Under GDPR
The current online advertising ecosystem is leaking a river of personal information. Running on the backend of pretty much every website, a silent auction takes place to determine which lucky advertiser gets to interrupt the user’s attention. This is called Real Time Bidding (RTB). In a nanosecond, hundreds of advertisers are sent a treasure trove of personal information, possibly including gender, politics, location, birthday, but at the very least, the user’s unique ad ID, URL, IP address, and details on the browser and system. Furthermore the ad that’s shown, once the bidding process concludes, often contains JavaScript. This code can then summon even more trackers.
Today, there are large sums of money flowing through the RTB system. In the US alone, about $20 billion. However, it’s given much less attention from regulators and politicians. Until now.
RTB is possibly in violation of European law, as GDPR applies the principle of transparency:[1] That users must be aware of who has their personal data, what they do with it and that no other parties receive the data. EU regulators have been investigating since May this year. Should the EU decide to act on the evident privacy abuse of RTB, it could have a significant impact on the online advertising industry.
[1] The GDPR, Article 5, paragraph 1 (a), Article 12, Recital 39, and 60.
Users ‘FaceApp’ To Privacy
Viral hit FaceApp struck a chord not only with the general public, but also with digital privacy advocates as individuals willingly gave up their face for a glance at their future selves. The application became the most downloaded app in the US last Wednesday. As the initial enthusiasm peaked, so did a wave of panic amongst users. Not least realizing they needed to catch up on anti-aging regimes, but rather that they knew nothing about the Terms & Conditions of a company they entrusted with their most sensitive personal data. The fact that the company was Russian didn’t relax the situation.
While the anxiety may have been excessive (the company hosts the images on servers provided by US companies, with no further sourcing of images taking place), it nonetheless goes to show how prevalent the issue of data usage is for the general public. Data ownership, data privacy, and the handling of personal data is no longer a fringe topic exclusively discussed in circles of privacy professionals, but a focal point in users’ decision matrix when navigating the internet. Here at Datawallet, we intend to make it easier for users to know exactly what data companies collect, how they use it, and put the user in control of their data. Maybe FaceApp should give their users Datawallets to ease concerns?
Fancy $10 to Let Amazon Spy on You?
In my recent interview on CNBC I mentioned that data was hard to price via a central government agency such as the SEC (as proposed in the DASHBOARD Act by Sen. Warner and Sen. Hawley), since the value of data ultimately depended on how much companies would be willing to pay for it (which in turn is a result of how much value they can derive from it). If you offered the same data asset to 100 different companies, you’d get 100 different prices. Some on the higher end, some on the lower end. Each price will be a reflection of how much value these companies can derive from this data. In the case of companies buying data from their own customers, there’s another interesting variable that comes into play, namely how much this company values you as a customer. If a company offers you a fair deal for your data, they are staking a claim that they respect you as their customer, and the increased brand equity from this exchange may be worth the premium they are offering for your data. Other companies, would stake a claim that they care fairly little about you as a customer, and hence they will offer you a rather shitty deal. It’s quite a revelatory exercise. And Amazon just revealed quite a bit by offering their customers a one time fee of $10 for tracking users all over the web. Playing on the notion that users are oblivious to the value of their data, the promotion offered on Prime Day, requires users to download ‘Amazon Assistant’. The “assistant” then tracks everything you do for a mere $10 off your next vegan cookbook. In line with the laws of supply and demand, we hope that Amazon received very little data for their lowball offer.
And it’s not just ‘Amazon Assistant’ spying on you. Eight popular browser extensions have been caught harvesting data from an estimated 4 million consumers who use the web browsers Chrome and Firefox. This data was subsequently up for grabs with the data broker Nacho Analytics, where it could be purchased for as little as $10 to $50. Yikes.
Huis Clos
As the battle against Big Tech marches on, the antitrust movement is uniting lawmakers left, right and center. The Trumpist right, terrified of young rebellious liberals, and the progressive left, shocked by pro-Trump Russian disinformation campaigns and the autocrasy of SIlicon Valley, don’t know how to play along nicely. With crossovers on talking points, liberals on conservative TV shows and conservatives awkwardly showing up in liberal conference corners, the common denominator― being anti-tech―has made for “some uncomfortable bedfellows”.
Did Somebody Say Datawallet?
Kevin McCarthy published an inspiring Op-Ed for the NYT Privacy Project where he outlined the pressing issues with the current internet framework and made the argument for a decentralized network, “online consumers leave a trail of data bread crumbs, making us vulnerable to privacy invasions. In a decentralized network, however, our data would be controlled by this blockchain encryption. Users would grant and revoke access to data, no longer entrusting third parties or tech companies with that responsibility.”
Hmmm…Sounds like a Datawallet…
CCPA Is Here To Stay
During a late night session in the Senate Judiciary Committee hearing, several bills amending the California Consumer Privacy Act of 2018 (CCPA) were passed. If enacted, these amendments will have lasting impact on businesses obligations under CCPA. Joint with a number of business-friendly provisions being limited, or struck altogether, the pressures to meet CCPA requirements are mounting.
In other data news this week:
The Electronic Frontier Foundation (EFF) filed a class action lawsuit against AT&T and two data brokers for selling data to bounty hunters.
Slack, was breached from an old hack in 2015, and a database of usernames and passwords were compromised.
Data on nearly all adults in Bulgaria was stolen.
The German state of Hesse declared that schools may not legally use the Office 365 cloud product as it doesn’t meet German privacy regulations for use in schools.
That’s it for this week. See you next Friday!
Best,
Serafin
