At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information. Several of those businesses claim to track up to 200 million mobile devices in the United States. The database reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day. These companies sell, use or analyze the data to cater to advertisers, retail outlets and even hedge funds seeking insights into consumer behavior.
The new reality for big tech companies: Scrutiny from regulators and lawmakers has become a constant. For the past few years, American regulators appeared to be lagging as authorities around the world have stepped up their actions to crimp the power of Facebook, Google, Amazon and Apple. The contrast was starkest with European officials, who have passed laws and imposed a series of large penalties against big tech companies. But in recent months, American lawmakers and regulators have also ramped up their activity.
Facebook has made a mint by enabling advertisers to identify and reach the very people most likely to react to their messages. Ad buyers can select audiences based on details like a user’s location, political leanings and interests. And they can aim their ads at as few as 20 of the 1.5 billion daily users of the social network. Brands love it. So do political campaigns. But microtargeting, as the technique is called, is coming under increased scrutiny in the United States and Europe.
When Facebook rolled out facial recognition tools in the European Union in 2018, it promoted the technology as a way to help people safeguard their online identities. It was a risky move by the social network. Six years earlier, it had deactivated the technology in Europe after regulators there raised questions about its facial recognition consent system. Now, Facebook was reintroducing the service as part of an update of its user permission process in Europe.
Facebook’s tracking stretches far beyond the company’s well-known targeted advertisements. And details that people often readily volunteer — age, employer, relationship status, likes and location — are just the start. The social media giant also tracks users on other sites and apps. It also collects so-called biometric facial data without users’ explicit “opt-in” consent, and helps video-game companies target “high-value players” who are likely to spend on in-app purchases.
What would it mean for users if Facebook offered the same privacy controls required under the European law? That is still a work in progress. In the meantime, here are some of the general requirements and rights under the new European law. Although some of the practical steps that companies must take are still being worked out, several European privacy and consumer advocates, who had pushed for the new law, offered their thoughts on what Facebook might need to do to extend the protections to its users worldwide.
The contemporary internet was built on a bargain: Show us who you really are and the digital world will be free to search or share. People detailed their interests and obsessions on Facebook and Google, generating a river of data that could be collected and harnessed for advertising. The companies became very rich. Users seemed happy. Privacy was deemed obsolete, like bloodletting and milkmen. Now, the consumer surveillance model underlying Facebook and Google’s free services is under siege from users, regulators and legislators on both sides of the Atlantic.
ConnectEDU, a popular college and career planning portal in Boston that had collected personal details on millions of high school and college students, filed for bankruptcy. Now federal regulators want to stop the company from selling off students’ names, email addresses, birth dates and other intimate information as assets.
“Information about teens is particularly sensitive and may warrant even greater privacy protections than those accorded to adults,” Rich wrote. “These users, as well as their parents, would likely be concerned if their information transferred without restriction to a purchaser for unknown uses.”
Rich recommended either that ConnectEDU give each student who had registered for its sites the choice to remove his or her personal records from company databases in advance of a sale -- or that the company destroy the entirety of the personal details it had collected.
The terms of service on many websites are so wordy and so legalistic that users may not understand -- or even be aware of -- the intellectual property rights that they cede when they check the “agree” box to set up an account, according to a new study from researchers at the Georgia Institute of Technology.
The Georgia Tech study reviewed 30 popular social networking and creative community sites that encourage people to share material, examining the rights to use work that were claimed in the sites’ terms of service agreements. Sites examined in the study included: Wikipedia, LinkedIn, Pinterest, YouTube, Flickr, IMDB, Facebook, Twitter, Google Plus, Remix64 and Fanfiction. Of course, people who wish to see their creative work published need to permit certain uses -- like authorizing a site to publicly post their content. But users may be surprised to learn about other permission they must grant in order to use a site.
For instance, the study reported that 11 of the sites required users to agree that the sites could license their content to a third party. Yet users are unlikely to understand what they are agreeing to because terms of service agreements tend to be daunting in length and readability. The Georgia Tech researchers calculated that it would take someone nearly eight hours to read the agreements on the 30 sites in the study, at an average adult pace of 250 words per minute.