Do you know who has access to your personal data?
PRISM and other murky government spying networks are in the spotlight this week, but what is being done to control how marketeers and corporates access and use your data? Do you know who has access to your personal data?
The crisis this week about privacy and personal data being scraped by governmental organisations has raised questions about how internet users’ data is used. When you sign up to use Facebook, Google or Twitter, do you know exactly how your data will be used, and by whom? Every time you sign up to a connected app, do you keep on top of what they can access?
The Tel Aviv based company, founded last year, monitors all connected applications across the most popular social networking and cloud-based storage sites including Facebook, Twitter, Google, LinkedIn, Dropbox and others. It is backed by 2B Angels, 500 Startups, IooI Ventures, Plus Ventures and a consortium of angels.
MyPermissions’ mission is to make users aware of who can see their personal data, and to control access to this data. On average, through social networks and storage sites, around 50 connected applications have access to users’ personal data – a worrying number as, once connected, these apps often have direct access to your private information, pictures and contact details.
99% good, 1% bad
Speaking to Tech City News, MyPermissions CEO Olivier Amar recognises that most of these applications are harmless. They’ve been developed to serve a specific purpose, they’re not there to harvest your personal information. But there is still risk involved: all it takes is for you to give access to one “bad” application, and all your data can be scraped and misused.
“The second you connect an app to a service, through Facebook Connect for example, you’re opening your information to them,” Amar explains. “Ninety-nine per cent of apps are all good, but there are others that aren’t, where the permissions that you give to them are not equal to the value of the application.”
Data harvesting is not new. In fact, your data is what keeps most social networks going. Facebook, LinkedIn, Flickr are prime examples – these company depend on your personal data to raise (targeted) advertising revenue, and when you sign up to use their services, you are usually aware of this. But when you “Like” a brand on Facebook, just how much can they find out about you?
In today’s connected world, there is no easy way of getting away from sharing your personal information. Today is all about “Big Data”, where companies use billions of pieces of information and metadata to work out insights and trends into consumer behaviour.
One leading company in this field is DataSift, a social data platform which enables companies to aggregate, filter and extract insights from social media. The company sifts through thousands of data sources to filter and analyse posts. Facebook, YouTube, Twitter, Google+, Instagram, Amazon, Reddit, Flickr, Wikipedia, IMDB… DataSift has access to most of the social web.
Plugging in to all of these data sources allows DataSift to create filters that listen for the social data that companies are interested in – if a big brand wants to know how one of its products is doing, it can easily discover what the trends are through DataSift.
Ts & Cs
Nick Halstead, DataSift’s founder and CTO, recognises that this may raise concerns over privacy, but he says his company is just the middle man: the data sources are responsible for what data they collect from users, DataSift is just there to help make sense of it for others.
“The privacy issue varies by location and by market,” he explains. “Germany, for example, is ultra-sensitive to privacy issues, and the EU is on track to make it a requirement that certain areas are fully anonymised. Whereas in the US, it’s pretty normal to be able to take 100,000 Twitter accounts who have been identified as a brand’s customers and follow them.”
He also says that the terms and conditions form an important part of the privacy equation. “Most social networks will include a clause asking for your permission for them to email you. It’s the same with Facebook and Twitter’s sign-up forms – they can take the data and watch you,” Halstead explains.
But for Amar, this is not acceptable. “There is always stuff hidden in privacy policies,” he says. “If you took the top ten brands online and looked at their privacy policies, you’d have hundreds of pages of legalese. Facebook’s privacy statement is 31 pages alone. Companies are using this to say they’re transparent, but no one actually reads through the privacy statement to check whether their data will be sold on to third parties.
Stop the scraping
There is an issue where mistrust between the end user and the application can, in some cases, become a barrier to monetisation for the company in question, but this is not what MyPermissions is seeking to create. The key issue is control. Control over who has access to your information, and control over how your anonymised versus non-anonymised data is used.
“I accept that when you use a service, they have access to your information. But we want to draw the line at personally-identifiable information,” he explains.
For example, Amar believes that geolocation information is fine for targeted ads – that is acceptable. But if a company is asking permission to see your work history or, worse, your friend’s work history, that’s where you have so set a limit.
“There is no justification for why they should be getting this information, and besides, you just shouldn’t have the permission to give away your friend’s work history to another connected app history without them knowing it. Personally-identifiable information needs to be given explicitly, it shouldn’t be scraped by companies.”
Photo credit: Chidsey