You must have begun to realize recently that we are not only customers of companies like Facebook and Google, but we are as close as possible to their burning fuel, or at least it is our “data” that represents it, now that we deal almost every week with new revelations about hacking, leaks and exploitation of our information There are growing calls to police these companies and protect consumers in the United States and Europe.

The word "consumer" may seem a bit exaggerated;

Because our consumer here is also the producer.

Well, to understand how deep it goes, let's start by assuming that you're an active Facebook user, take a lot of selfies and share them with friends, spontaneously write your diary, hate men, love an actor, and brag about your lack of social skills, then one day you decide to write A sarcastic comment on a public page, and a group of people didn't like the comment and decided to attack you for what you assumed was just a "normal" response, and turned the data you wrote about your life on your personal page into Molotov cocktails, by defamation or even by seeking to collect more personal data Doxing your privacy with the intent of doing harm to the public.

Many of Taylor Swift's concert-goers share the same exasperation that you're carrying now. In October 2018, during one of her concert tours, the security company charged with protecting her used a facial-recognition camera to take pictures of the crowd, which were transmitted to a "command center." In the US city of Nashville (1), where it was compared with a database of hundreds of known star stalkers, "Swift" (Stalkers).

Aside from the controversy over security and the blatant breach of privacy, the more important question here is: Who really owns your Facebook photos, the ones just used to belittle you, or the photos of the concertgoers?

How long do your photos remain in the files of these technical or security companies?

And if they kept them for a while, are they entitled to use it in another way after a while?

(Facial Recognition Verification System at Dulles International Airport)

Things don't stop there. For example, if you decide to send a saliva sample to 23andMe Laboratories, an American DNA testing and analysis company, you are sharing your genomic data with the company, but what you don't realize is that 23andMe sells these statistics and data to pharmaceutical companies (2) ), on the other hand, many mobile applications use geolocation but do not inform users that their geo-location data is purchased by investment companies to analyze it and decide which stores they go to (3).

That means DNA and location apps, like Facebook or Taylor Swift's security company, can make a lot of money from this data. If you are outraged that your data is being marketed and sold without a stake, we regret to inform you that all of this is done with your consent, this information is collected with the consent of all users, whether by fraud or deception, as legal information may be intentionally divided between disparate parts of the terms of service agreements, those You click the “Accept” or “Accept” sign on it without seeing it, or it is hidden within an inconspicuous part of the application page you are using, so you do not know that you have previously given up any rights regarding your data.

Now imagine that Sally is having pizza and a movie with her friend Nora, what data will you give up now?

(See the attached figure.)

Together, it's possible that Sally and Nora manually supplied at least 53 pieces of information to the apps they used, such as Apple, Facebook, Amazon and Domino's Pizza.

In contrast, the privacy policies of Apple, Amazon, Google, Facebook and Domino's combined have an estimated total of 76,069 words.

It takes more than five hours to read all the policies if they are reviewed with an average reading speed of 250 words per minute.

The information referenced in this story is only a small part of these companies' ability to collect data based on their own privacy policies (4).

In the end, you will discover, paradoxically, that the data collected exceeds the price of pepperoni pie and the subscription of the film.

One of the biggest problems facing legal researchers is the definition of 'personal data', and more specifically, much of the debate centers on what it means for this information to be 'personal'.

Suppose you put an image on Facebook with text, who owns this image and its accompanying text now, you or Facebook?

Service providers like Google and Facebook claim that data is already theirs.

It's deeper than you might think. If we analyze the practices of tech companies and the data they collect about their customers, we can identify four layers of data.

For example, let's take a selfie that Sally and Nora put on Facebook, this picture does not represent "just a picture", but it has dimensions that you do not see according to the nature of the data taken from it.

First

, there is the input data, which is all the data that the individual adds manually (such as: the image itself, the comment of the image, comments, hashtags).

And

secondly

, there are

metadata in the

image (Metadata), such as geographic location (GPS) data attached to the

image, and the

details of the

camera, precision, and

other information transmitted with the

image.

Third

, we have the Observed data, which is information about how this image could be used.

This data is not generated by Facebook, nor is it entered by the individual, and moreover it is also clear that the person cannot view it.

Finally, derived data, which means that sites and applications such as Facebook and Google can, based on all three categories of data previously mentioned, infer different information about the user, such as: preferences, behavior patterns, inclinations and hundreds of inferences about the nature and identity of the person.

Technology companies claim that they have the right to own the third and fourth types of data, and this irritates many users, so developers began to create solutions to this problem, the most prominent of which was the user-centric data model, which means that Only the user owns his data, provided that the main copy of the data is saved on the “cloud of personal data”, which is like uploading a file to your Dropbox account, for example.

This model provides us with a number of advantages, the first of which is of course data ownership, it gives an opportunity to control who can access the personal cloud for each user. But Mohamed Rashad, a software engineer at Nokia, argues that it might not make a big difference. He tells Meydan: “If every user had a private cloud on which they put their data, it wouldn't be much different. This model was used, it's the same, because the data will be on another application (third party application), even if the idea here is the ownership of the data, the sites can get it." But with all this beyond, is the idea easy to implement in practice?

Rashad continues to Meydan: “There is an actual trend for this type of ownership, but it's not cloud, it's called "edge computing." The closest example is torrenting. The idea of ​​torrents is that all users have all the data of the file to download, the web data here is On users’ devices rather than on a specific company, but it all goes against what these companies are doing and spending millions to provide: speed.”

Another question that legalists have repeatedly raised concerns the scope of rights that an individual should have over his data, and in what legal framework the data ownership regime is located, is it an intellectual property right, a trade secret, or a new type of property regime (the so-called “right”). The Unique" (sui generis right))?!

The majority of researchers seem to agree that personal data does not fall into any of these categories (5).

To simplify the matter, let's ask: If someone steals your data and publishes it without your permission, a picture of you for example, are your publicly published photos in possession of you?

Yes, we know it's your favorite picture, your face, and your favorite red striped shirt, but don't you see that some of the Internet's vaunted people use celebrity photos and say they're "public domain" even though these photos are very personal?

Who really owns these photos?

In general, the property system in each country is different, and there are different requirements in place for an item to be considered "yours" under the property laws.

For example, in British common law, four main requirements must be met for something to be considered “yours”: certainty, exclusivity, control, and transferability (6).

The data stored in the user’s personal data cloud meets these requirements: it can certainly be identified, the individual has the ability to prevent others from accessing it, and you can clearly exercise control over that data, and you have the right to assign or transfer that data to any third party (if wanted).

But is it just a matter of ownership?!

“Data rights” should provide a more comprehensive system of control and protection than “ownership”, because the matter does not only apply to one type of data as we mentioned above, there are data that others collect about you, with or without your knowledge, and there are the ideas and conclusions they reached about you.

In that sense, data “ownership” is a flawed and counterproductive way of thinking about data, as it does not solve existing problems, but rather creates new ones.

For these reasons, the European Union launched “General Data Protection Regulation (GDPR) laws” to provide greater protection and rights to individuals. The law also aims to change how companies handle customer information, with heavy fines of up to 500,000 euros, and damage to the reputation of those who violate the rules.

The list of rights that the GDPR provides to individuals includes: the right to obtain information, the right to access information, the right to rectification, the right to erase, the right to restrict data processing, the right to data transmission, and the right to object, as well as Rights related to decision-making mechanisms and profiling.

European law is not the only experience in this regard.

In a similar vein, the California Consumer Privacy Act (CCPA) requires companies to give users in California in the US the option to stop selling their personal information.

People use decisions to stop selling for several reasons, either because they want privacy, or because they do not want the tech giants to profit financially from their data, but what if they decide to use it for a commercial purpose, meaning that they decide for themselves to sell it and benefit from it?!

“Data brokerage” is a multi-billion dollar business of companies that collect information from both online and offline activity and resell it to other companies for marketing purposes.

The more companies know about consumers, the more they are able to target them and the more likely they will be successful in serving ads more effectively, so data brokers always strive to gather as much information as possible.

It goes deeper than you think, for example, some companies exploit the cognitive biases of humans to sell a product, if one of us prefers his birthday more than any other number, here the price of a product can be $3, and your birthday It is on July 23, so the company offers a different price for the product, specifically for you, which is $ 3,237, to resemble your birthday (it has 23 and 7 which is the month of July).

It extends to the simplest things, as well-known economist Benjamin Schiller once noted that if Netflix had activated mechanisms to analyze demographic data compared to the audience's search history on the Internet on five movie rating sites such as "Rotten Tomatoes" or "IMDB" “Its profits would go up by 14.6%, which is a huge number considering the size of the company.

As of this writing, there are more than 4,000 data brokers around the world.

Acxiom, one of the industry's largest, has 23,000 servers that collect and analyze data from 500 million consumers around the world, with an average of 3,000 data points per person.

Remember that we are only talking about one company out of thousands of companies.

Although considered a relatively new field, data brokers already have a huge amount of data on a large segment of the population around the world.

In fact, only 80% of US email accounts are registered with Towerdata, and 38% of US employee payroll information is available on Equifax. Moreover, databases such as CampaignGrid and ProPublica contain Political information, including party affiliation and campaign contributions, for 80% of registered American voters.

There are many companies and employers who are willing to pay big money for this data. For example, the average price for a single email account is $89 for the brand that buys it, with the price growing over time (8), so it should come as no surprise that the annual volume of the data brokerage trade is now over $200 billion, and there are no signs of It will become less profitable.

Different companies operate in more different ways, but they generally sell information in the form of tables that put users into specific categories. These lists are broken down by interests and characteristics, such as “fitness enthusiasts,” “new parents,” or “heavy smokers.” Of course, some of these types of charts raise questions about the legitimacy of the field. One company, for example, sold charts with information about 1,000 people suffering from Conditions, such as anorexia, substance abuse, depression, and post-rape disorder, for $79 (9).

Companies like Datacoup connect with the public directly and buy their data, because your information, as one person, is more accurate and detailed than the general, boring, low-quality data available elsewhere. Prices vary from one platform to another depending on the type of information, is your information ready to be monetized? You may be sitting on a potential gold mine, but it can be a bit cumbersome. It is not so simple as it seems. Customer data for these companies must be reliable; Because its value comes from its high accuracy and reliability of its sources.

On the other hand, the data should be relevant to the business of the company you are buying, of course it will differ from one company to another, and your data should be divided into relevant categories to make it more useful, for example, you can collect your medical reports over the years and then sell them to pharmaceutical companies, Rather than just displaying them in a disorganized and vague manner. The data broker wants to know what they're buying, so segmentation will make your data more marketable, but by now you must be asking: How much can you make for all of that?

Some companies like Datacoup were paying consumers $8 per month to access their social media accounts and credit card transaction data in a beta period, but this project was discontinued some time ago, (10). But for beginners in this range in general, the dividend is likely to be small, the average annual revenue per user on Facebook globally is about $ 25, and in the United States and Canada in particular it can reach about $130.

Rashad comments on this point to Meydan, saying: “The financial return is low because the field is only new,” adding: “But we need a different economic model to control the user’s share, because what we want for this idea to succeed is the sharing economy, and this is difficult to deal with. With advertising companies, for example, you cannot ask CBC to pay you to watch an advertisement for Samn Jannah that permeates the watched series.

In the end, we are now living in a third world war between the laws that are developed daily to protect people's data such as "GDPR" or "CCPA" and the companies themselves, and there are two types of these companies, companies that include third-party relations such as "acxiom", which deliberately To purchase your personal data from an intermediary you do not know and then work on analyzing it after setting cookies in your browser (cookies), companies that use first-party relationships and collect and use data themselves, such as Facebook.

Here's why Facebook is in a better position with information laws like CCPA or GDPR: You gave them your data. The first thing you do when you buy a new device is log in to Facebook, Instagram or WhatsApp, the app asks for your name, phone number, address or geographic location clearly and explicitly. The privacy rules of this California and Europe regulation favor first party relationships, but treat data from an intermediary location, known as third-party data as collected by "Acxiom", with greater skepticism.

New consumer privacy protection laws are a major blow to companies that trade in public data.

Shortly after the GDPR came into effect, companies like Drawbridge announced that they were leaving the European market, and then announced that they would leave advertising entirely. Later, Facebook itself shut down its Partner Classes (12) program that used a mechanism that relied on data brokers such as "Acxiom".

But despite this, the giants, Facebook and Google, are still able to avoid the blows of activists and privacy laws, simply because they force you into first-party relationships as long as you are addicted to their applications, the new laws affect only the small opponents of Facebook and Google, and we know that both face Currently there are problems with the mechanism by which the data is used, and the US Congress has already subjected the founders of these companies to questioning for the same reasons.

It seems to us that the data is not new oil in the understandable sense, oil is put on the market and anyone can buy one barrel of it, or a million.

There will always be competing companies, while the data will never be, because the largest data warehouses, Facebook and Google, do not want them to be like this, and this is another political and legal war that we may enter one day, or we must enter!

————————————————————————————

Sources

  • Why Taylor Swift Is Using Facial Recognition at Concerts

  • 23andMe's Pharma Deals Have Been the Plan All Along

  • Every moment of every day, mobile phone apps collect detailed location data.

  • How Pizza Night Can Cost More in Data Than Dollars

  • Personal Data Ownership

  • (According to the opinion of Mummery LJ in the case of Fairstar [2013] EWCA Civ 886 (July 19, 2013)).

  • A Vault for Taking Charge of Your Online Life

  • How much is your email address worth?

  • Data Broker Was Selling Lists Of Rape Victims, Alcoholics, and 'Erectile Dysfunction Sufferers'

  • Could Californians get paid for data they share with Facebook, Google and others?

  • I Sold My Data for Crypto.

    Here's How Much I Made

  • Facebook cuts ties to data brokers in blow to targeted ads