You Don’t Remember Everything You Did Last Week–But Big Tech Does

Hannah Kruglikov
Foundation for a Human Internet
6 min readAug 6, 2020

TikTok has been at the center of the data privacy conversation since late June, when founder of Emojipedia Jeremy Burge tweeted out a screen recording showing that TikTok was accessing his iPhone’s clipboard “with every 1–3 keystrokes”.

This sparked public outcry, as users were shocked to see that the social media giant was grabbing information they had believed to be private. While it was revealed that TikTok was not storing–but only accessing–this data, the story brought to light the fact that dozens of apps, including news channels, games, and social media/messaging platforms regularly access clipboard data.

Since then, the app has been banned in India, and President Trump has announced that he plans to ban it in the United States, citing concerns that data the app collects on US users may end up in the hands of the Chinese government.

All of this throws into sharp relief the state of data control and ownership by data subjects (read: people) in the digital age. Consumers have no control over where their data is going–and most of the time, they don’t know how much data there is in the first place.

The Way It Is

Most of us have willingly handed over certain information while going about our digital business. We create profiles and fill out forms with information about our age, our profession, our interests, our location, and other basic information.

This data, however, is only the tip of the iceberg.

The data collected about us fall into several categories:

  • Identifying data: name, address, phone number, location, etc.
  • Sensitive data: social security number, birthday, license number, etc.
  • Demographic data: age, gender, race, income, religion, marital status, education level, occupation, etc.
  • Interest data: apparel and product preferences, hobbies, magazine subscriptions, favorite tv shows, etc.
  • Public record data: bankruptcies, criminal offenses, convictions, marriage licenses, etc.
  • Social media data: friends/following lists, level of usage of different social media platforms, page likes, uploaded media, etc.
  • Home and neighborhood data: dwelling type, home size, home loan amount and interest rate, etc.
Source: Shuttershock and Wendy Shapiro

Online, every purchase we make, every button we click, and every post that we publish is stored in a database by the company, website, or platform through which the action took place, and which now has control over that data, and the ability to profit from it.

While any website you visit will likely have first-party cookies which keep track of activity on that site, many also create third-party cookies which track your activity even after you’ve left that website. These third-party cookies are generally used for tracking and advertising purposes, and they allow those who create them to get a more complete picture of individual consumers’ online activity by following their activity from site to site. And, in cases where you log into one site or one app through another (think “Log In With Facebook”), the activity from that third-party site or app will now be linked to the data which the single sign-on (SSO) provider has collected about you (unless you use a secure, anonymous SSO like humanID).

It’s not only our online activity that is being watched. Our smartphones are used by supermarkets, department stores, and more to track our activity in-store through free wifi and store apps. This includes everything from what products you looked at and for how long (based on precise location data), to what online searches you made while in-store. All of this data is stored and linked to whatever information you provided in order to connect to the wifi or the app. Stores may even install cookies on your browser while you’re connected to their wifi, giving them access to your online activity long after you leave the store.

And of course, many of your favorite apps are tracking your location, too (and not only your mapping apps). Apps that request access to location services in order to give you an accurate weather report or restaurant recommendations can abuse this access in order to collect precise data on where you go and how long you spend thereand many do.

Once a business has collected your data, it’s out of your control–the companies’ property to use or sell as they please.

Source: The Federal Trade Commission

Many companies use data collected on their customers or users in order to better understand their audience and the ways in which they interact with their products.

But, they’re not the only ones for whom this information is valuable.

Third-party companies, called data brokers, buy this data from platforms and companies and, using identifiers like your name, address, and phone number, combine the data together to form complete profiles of people, which connect all of the data listed above and more. This is not an edge case operating at a small scale–it’s a $200 billion industry.

Once they’ve collected the data and compiled it into profiles, data brokers sell these profiles to other companies, which use them for a wide variety of purposes, ranging from targeting advertisements to employee retention, to personalizing medical care.

Source: Getty Images

The Way It Should Be

If all of this doesn’t sit right with you, you’re not alone. The data collected and sold about us is extensive and often highly personal, and even if the purpose for which it is used is not malicious, it seems like…a violation.

Some people will say that our data going out into the world to be bought, sold, and analyzed is just the cost of doing business–an inevitable result of the digital age. But privacy is a human right, and the idea that we should trade it away in order to enjoy the conveniences of modern technology is ludicrous.

Luckily, governments have the power to change this status quo.

Data protection laws have been in place in some parts of the world for decades, and new ones are still coming about in order to give consumers control over their own data. Notably, the GDPR (General Data Protection Regulation), the EU’s data protection law, is considered the world’s strongest data protection law, with careful stipulations surrounding transparency, accountability, and consent of the data subject. California’s data privacy law, the CCPA (California Consumer Privacy Act), went into effect this year, and protects consumers’ “right to know,” “right to delete,” and “right to opt-out,” thus giving consumers much more control over their data, and holding businesses accountable.

Undoubtedly, though, there is still a lot of work to be done. These laws are strong by today’s standards, but neither is perfectly comprehensive, and the outcomes have shown that passing the law is only half the battle.

As the discussion continues and we await the data reckoning, we hope you’ll remember this: Privacy is not necessarily lost as a result of the movement into the digital age. This is not inevitable. And we should never accept it as such.

If you like what you’re reading, be sure to applaud this story (did you know that you can hold down the applaud button and it’ll keep adding claps–it’s addictive!) and follow our channel!

What’s humanID?

humanID is a new anonymous online identity that blocks bots and social media manipulation. If you care about privacy and protecting free speech, consider supporting humanID at www.human-id.org, and follow us on Twitter & LinkedIn.

--

--

Hannah Kruglikov
Foundation for a Human Internet

UC Berkeley Economics, Class of 2021. Marketing and Research for humanID. Check us out! https://www.human-id.org/