Most people – and I don’t think I’m going out on a limb by saying this – understand the basic transaction that happens when you use free web services such as Gmail and Facebook.
They certainly aren’t free to run: it costs a lot of money, from the servers and storage to staff, offices and beyond. When you sign up for a free account, you accept the terms of service which, of course, you don’t read. Who does?
Those terms usually explain – in hard-to-understand legalese – that in return for letting you use the service for free, you allow the company to sell your data to other companies. That, along with all the adverts which pepper your inbox or social media feed, is what pays to keep these services running.
The data can be obvious stuff like your name, address, gender, age, marital status. But data can also be your current location, the make and model of the device you’re using, how long you spend using the service and even more detailed information than that. Companies will pay good money to know your search history, which products you’re thinking of buying, where you’re planning to go on holiday and then advertise those things to you.
None of this is likely to be news to you because, no sooner have you looked at a pair of shoes, there’s an advert on your Facebook feed for those exact shoes.
What you probably don’t know is just how much all that data about you is worth. Data privacy company LetAlone says people are blissfully unaware that Facebook, for example, earns up to US$900 per year (around £670) by selling each user’s personal information to other companies.
This past week, it surveyed 1000 adult Facebook users in the UK and found that, on average, they would want only £250 per year for that data. But, of course, they’re effectively giving it away for free.
The research found that over half of the respondents – 57% – were shocked and angry that data was being shared without their permission, and 40% were “furious” that Facebook – and other platforms – could sell details such as where they live and work.
The truth is that they have granted this permission; even if they’re unaware they’ve done so. This is why it’s important to read what you’re agreeing to when you sign up for any account.
With 42 million Facebook users, Facebook makes around $37 billion per year from its UK users alone.
But new companies like LetAlone are popping up which promise to help you control what happens to your data, and get a share of what it’s worth.
This doesn’t help you with Facebook or any account you’ve already created because you’ve already signed away your rights to that data. It’s also pretty much impossible to get that data deleted and all you can do is to close your account and stop using the service in question.
Existing privacy and security software such as VPN and antivirus doesn’t help either. When you log into Facebook, a VPN can’t make you anonymous: you’re telling Facebook exactly who you are.
And even if you don’t sign in, fingerprinting techniques – using many of the details mentioned previously such as the model of iPhone you’re using and lots of data supplied by your web browser, such as screen size and resolution, can identify you from every other user so your activity can still be tied to you and the resulting valuable data sold on.
LetAlone reckons all this should change and that users should be able to see what data a company has and be able to choose whether information is sold on or not. And if it is, they should get paid for doing so.
Laws such as GDPR in Europe and CCPA in California are already helping to ensure data is managed and used appropriately, but this is no guarantee your data will remain private. There’s already a catalogue of companies which have been hit with huge fines for breaching such laws, including €50 million for Google (it failed to make data processing information easily accessible to users), €32m for H&M (which was secretly monitoring employees), £20m for British Airways (for a data breach involving 400,000 customers) and over £18m for Marriott Hotels (for another leak due to hacking).