Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday November 15 2018, @02:02AM   Printer-friendly
from the something-for-your-blood-pressure dept.

Under the EU's General Data Protection Regulation (GDPR) any ordinary online Joe or Jeanette has the right to know which data are gathered about his/her activities. What's more, if a site wants to share those data with a third-party, it also has to clearly inform ya about those other companies, who in turn have to inform you about which personal data they're processing, with whom they're sharing those data and so on.

In short, turtles all the way down.

Yet that's a concept that apparently has zoomed right past the well-educated heads of such obscure companies like Oracle, Acxiom, Criteo, Equifax, Experian, Quantcast and Tapiad: just some of the data processors at the heart of the commercialized Internet.

Let's take a look at just two of them: Oracle and Acxiom.

Oracle [Data Cloud] sorts individuals into thousands of categories, based on more than 30,000 data attributes including newspaper readership, dieting, weight, ethnicity, charitable causes, online dating, politics [Pro 2nd Amendment Voters, Fiscally Conservative/Liberal, Likely Pro-Choice, Likely Supportive of Same Sex Marriage] and so on for 2 billion consumer profiles (drawn from 1,500 data partners).

Acxiom claims to cover 700 million people, with for example more than 3,500 specific behavioural insights for over 90% of UK households [Alcohol at Home, Heavy Spenders, Interest in Going to the Pub], while drumming its chest about its Personicx lifestage segmentation system and its LiveRamp IdentityLink: an identity graph which matches email and postal addresses, cookies, deviceIDs and, of course, phone numbers to individual 'consumers', merging both online and offline data.

They must be slightly envious towards Facebook's 52,000 personal attributes and 1.9 billion users.

Their curiosity piqued by such wildly optimistic messaging, the people at Privacy International decided to try out their rights under the GDPR. With some funny results: e.g. a data broker returning personal data as been provided by another data broker -- but that other data broker [Oracle] referring to an online (what else) tool only returning a blank stare. At least they made an effort, there: obtaining user consent was an interesting concept, for them data brokers do-gooders.

On November 8, Privacy International contacted data protection authorities in France, Ireland and the UK, and filed complaints against the 7 data brokers [Acxiom, Oracle], ad-tech companies (Criteo, Quantcast, Tapad) and credit referencing agencies (Equifax, Experian) mentioned.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by quietus on Thursday November 15 2018, @06:41PM

    by quietus (6328) on Thursday November 15 2018, @06:41PM (#762286) Journal

    Looking at the Equifax case [ftc.gov], your company must feel pretty comfy then: loosing the private data of 143m Americans seems to have had no effect on their stock price, though the latest estimates [marketwatch.com] put the potential fine at around $275m.

    Coincidentally, that must mean your personal data (name, social security number, birth data, address, drivers' license number, credit card numbers, dispute documents with personal identification) are worth about 2 (two) dollars.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2