Under the EU's General Data Protection Regulation (GDPR) any ordinary online Joe or Jeanette has the right to know which data are gathered about his/her activities. What's more, if a site wants to share those data with a third-party, it also has to clearly inform ya about those other companies, who in turn have to inform you about which personal data they're processing, with whom they're sharing those data and so on.
In short, turtles all the way down.
Yet that's a concept that apparently has zoomed right past the well-educated heads of such obscure companies like Oracle, Acxiom, Criteo, Equifax, Experian, Quantcast and Tapiad: just some of the data processors at the heart of the commercialized Internet.
Let's take a look at just two of them: Oracle and Acxiom.
Oracle [Data Cloud] sorts individuals into thousands of categories, based on more than 30,000 data attributes including newspaper readership, dieting, weight, ethnicity, charitable causes, online dating, politics [Pro 2nd Amendment Voters, Fiscally Conservative/Liberal, Likely Pro-Choice, Likely Supportive of Same Sex Marriage] and so on for 2 billion consumer profiles (drawn from 1,500 data partners).
Acxiom claims to cover 700 million people, with for example more than 3,500 specific behavioural insights for over 90% of UK households [Alcohol at Home, Heavy Spenders, Interest in Going to the Pub], while drumming its chest about its Personicx lifestage segmentation system and its LiveRamp IdentityLink: an identity graph which matches email and postal addresses, cookies, deviceIDs and, of course, phone numbers to individual 'consumers', merging both online and offline data.
They must be slightly envious towards Facebook's 52,000 personal attributes and 1.9 billion users.
Their curiosity piqued by such wildly optimistic messaging, the people at Privacy International decided to try out their rights under the GDPR. With some funny results: e.g. a data broker returning personal data as been provided by another data broker -- but that other data broker [Oracle] referring to an online (what else) tool only returning a blank stare. At least they made an effort, there: obtaining user consent was an interesting concept, for them data brokers do-gooders.
On November 8, Privacy International contacted data protection authorities in France, Ireland and the UK, and filed complaints against the 7 data brokers [Acxiom, Oracle], ad-tech companies (Criteo, Quantcast, Tapad) and credit referencing agencies (Equifax, Experian) mentioned.
(Score: 5, Insightful) by Fluffeh on Thursday November 15 2018, @02:29AM (1 child)
Isn't it always funny how when regulations come in, it's such a chore to business and companies - making the slightest change to their business model or procedures is wrought with hardship and challenge. Of course, when it comes to making a profit or bringing a new product to market, they are the nimble and agile leaders of the field. No challenge is too difficult, no leap too long and no problem too complex.
While I tend to lean towards "less is better" when it comes to regulation in general, at times I see this sort of paltry effort being made and start leaning towards more regulation and stricter fines for corporations abusing the average person.
(Score: 1, Touché) by Anonymous Coward on Thursday November 15 2018, @02:51AM
I'm able to change my personal workflow fairly easily, but when ms or google changes how their products work it really throws me off for a while