Crossposted at Medium

“Data is the new oil”. You must have heard this phrase, coined by British mathematician Clive Humby in 2006, multiple times. As if the analogy wasn’t dangerous enough, two years ago technology thinker James Bridle escalated it even further, comparing data to nuclear power.

Unlike oil, data is unlimited. But just like nuclear power, it can solve many problems. However, if used with malicious intent, the outcomes can be disastrous.

At this point, the Big Tech knows that your data is the most valuable asset out there. While their intentions for collecting it are not necessarily evil, our private data often ends up getting misused in multiple ways.

This article is the second part of our education series, following the material on types of data collected by the Big Tech. In this one, we are showing how this data might be used.

Improving the product (with or without your consent)

In an ideal world, IT companies should be able to collect your data as you surf the Internet every day — but only to make their product better for you, the end user, at no extra cost.

While this intention seems reasonable, if not noble, in reality companies often choose to use your personal data for other, undisclosed purposes.

The most recent case that demonstrates this on a large scale is the recent facial recognition lawsuits from Illinois, where local residents accused Facebook and TikTok of violating The Illinois Biometric Information Privacy Act.

In 2019, Facebook was charged for illegal collection and storage of scans of users’ faces. That biometric information was used to identify the subjects of photos and make tagging suggestions, as well as for some security purposes.

It’s worth noting that biometric information is one of the most sensitive types of data that is immensely more vulnerable to malicious activities, as it’s something a user can never change. To settle the lawsuit, Facebook agreed to pay a whopping $650 million, one of the largest cash settlements ever paid for data privacy cases. The final approval hearing is set for January 2021.

Notably, another social media giant TikTok is facing similar allegations in Illinois but chose to deny the accusations.

Although companies tend to promise to use our data in our best interests, practice proves that it’s not always the case. Data is often also collected for other reasons, which are presumably connected, first and foremost, to creating new profitable use cases. Because why else would a company be able to take such a risk and settle for the largest cash settlement in history for invading on user privacy?

Influencing our decisions

Perhaps the most notorious use case here would be the Cambridge Analytica scandal. In 2018, Facebook and the eponymous political consulting firm were implicated in a massive data breach. The social media giant allowed Cambridge Analytica to gather personal data from over 87 million Facebook users via a personality quiz app called “thisisyourdigitallife”, which was downloaded over 300,000 times.

The amassed data allowed Cambridge Analytica to build extensive personality profiles and deploy “psychographic targeted ads” during Donald Trump’s 2016 presidential campaign, among others. As a result, it could have influenced the outcome of one the biggest events in modern history — which has shown how dangerous data harvesting can get to the general public.

As Brittany Kaiser, founder of Own Data Foundation, former Cambridge Analytica whistleblower and data rights activist told Memri:

“The most important lesson of the Cambridge Analytica and Facebook data scandal, was that the global public was reminded of how few rights we have to our personal data — especially as users of social media platforms. The scandal became a call to action for laws to demand increased transparency and permission structures for what data is collected and how it’s used, with rights to withdraw consent for marketing or to request the right to delete.”

Selling data to third parties

In 2018, telecom giants like Verizon and AT&T were accused of continuously selling location data to third parties. One of the most hair-raising cases of how this data might be used, per a Vice investigation, involves bounty hunters who track down specific cellphones in real time.

Although the telecom companies have since pledged to stop selling the location information to data brokers, there are still no official regulations that could prevent them from doing so. In February 2020, the US Federal Communications Commission proposed fining four major cellphone companies at least $200 million over disclosing some consumer real-time location data, suggesting that the issue still persists.

Scraping our personal information to create dodgy databases

In September, Chinese company Zhenhua Data was found to mass scrape the Internet for openly sourced data to make an extensive database on 2.4 million people from around the world, including politicians, celebrities and military officials.

American academic Christopher Balding got access to the database and recovered some information with help of an Australian cybersecurity consultancy. Together, they were able to extract data on 250,000 people among which were 52,000 Americans, 35,000 Australians and nearly 10,000 Britons. Sources included Twitter, Facebook, Crunchbase and LinkedIn.

Even though the company reportedly confirmed that a database called Overseas Key Information Database (OKIDB) exists, it merely refers to it as “research”.

What can I do about it?

First off, there is no need to panic — although it’s easy to get paranoid about mass surveillance, the data problem is fixable. As much as we at Memri strive to make your online experience as safe as possible, this issue has to be addressed on the governmental (if not global) level.

Luckily, regulatory initiatives like the GDPR and CCPA are being enacted, slapping some companies with big fines for mishandling data (although it still happens quite rarely). This process will take at least several years until the situation changes for the better — until then, stay vigilant and use privacy-focused services.

Want to learn more on how to protect yourself and your data? Subscribe to our Medium and follow us on Twitter, or feel free to reach out at info@memri.io to get personalized advice from our data privacy experts.