In one week, the Tadata site was talked about with its amazing concept: exchanging personal data for a few euros each month. The concept, intended for students, however cringes the defenders of privacy on the Internet since the CNIL was seized.

Selling personal data for pocket money: this is the concept of "Tadata.fr", a site launched a few days ago in the form of a good plan aimed at students aged 15 to 25 . The principle: you provide the information of your choice to the site which then resells it to companies which will use it to send you their ads. In exchange, you receive a small sum, a few euros for each "pack" of data provided. "We would finally like a fair system around data", explains to Europe 1 one of the two founders of Tadata, Alexandre Vanadia.

>> Watch Matthieu Belliard's morning show in replay and in podcast here

Restoring power to Internet users

Tadata's slogan is sharp: "Is the Internet stealing from you? Resist!". The founders of the site, put online in February, want to give back control of their data to Internet users. "Today, when you surf the Internet, register on any site or use social networks, all this data is exploited by the Internet giants", underlines Alexandre Vanadia. "Behind, these data are the subject of a vast market, which is estimated to be equivalent to 8% of European GDP. And only one person is outside this economy, it is the user."

Aware that they cannot "change the world", the founders of Tadata therefore decided to act on their scale. They collect data from their users and then resell it in batches to their customers, private companies that seek to better target their advertisements. All this, in complete transparency since the user knows which company has acquired their data.

A "boost" for young people

So why restrict access to 15-25 year olds? It is in this sector that the founders made their weapons, by working for large French schools. "Young people are a vulnerable population. In France, one person in two who lives below the poverty line is under 29 years of age. Tadata is a boost for them," explains Alexandre Vanadia.

READ ALSO >> GDPR: what does the regulation that protects our personal data contain?

In one week, Tadata has already attracted 1,500 young people. Registration is done in a few minutes. To do this, you need to fill in some information about your school curriculum: level of study, future orientation, desired jobs, etc. This information is then sold to higher education establishments or companies approved in the education sector. But, in the long term, Tadata will be able to collect, through forms offered to members, their preferences for leisure, travel, consumption, etc.

Selling your data, a very vague concept

If it starts with a good intention, the principle worries. The Internet Society France, an NGO which campaigns for the protection of Internet users, thus contacted the CNIL on Tuesday. "The sale of data, by nature, is not authorized by the General Data Protection Regulations (GDPR), in force since 2018", assures Nicolas Chagny, its president. "At the heart of this regulation, there is the notion of consent but also, and above all, of revocation of this consent. You can allow someone to use this data for a certain period of time, but it still belongs to you. So the very notion of sale poses a legal problem. "

The site feeds our concern for several reasons: 1- its simplistic and not very detailed discourse of rapid gain of money, linked to the sale of personal data. Member of @EDUCNUM, we can only regret the simplistic and opaque approach of earning money easy and fast.

- Internet Society FR (@isoc_france) February 11, 2020

The NGO is also concerned about the vagueness of Tadata's general conditions. "The description of the data likely to be transferred is very light in our eyes. The law is clear on the matter: when one appropriates the data of the Net surfers, it is imperative that the conditions of this appropriation are clearly clarified", underlines Nicolas Chagny. "It is not clear at all on the site at the time of registration and it is even worse if we go through the application: there is no check box or reminder of the legal notices. For an application who says they are respectful of the data is shocking. "

Suspicious Internet users

Contacted by Europe 1, the CNIL confirms that the complaint sent by the Internet Society France is under examination. On Twitter, the organization was also questioned by Internet users who doubt Tadata's honesty. In particular, a very aggressive recruitment campaign, via the sending of non-targeted and therefore unwanted SMS messages by recipients. Some also criticize Tadata for seducing a vulnerable population, young people in need of money and therefore more likely to give up their data without being too attentive.

Take back control of personal data by reselling it to third parties? You have a strange vision of controlling this data.

- Valentin Grenier (@valentingrn) February 11, 2020

Then, and here we are a little in nawak paradise: some people have received promotional SMS for this service ... without having given their number. So indirect collection without the obligation to provide information (spoiler: this is not legal)

- J (@Numendil) February 9, 2020

Tadata officials, on the other hand, deny any malicious intention and claim to comply with the regulations in force. "We thought Tadata to be in complete agreement with the GDPR. We consulted former members of the CNIL, personal data specialists to find out if our concept was legal. They replied: 'yes'. Better, they told us said it was the meaning of the story, "says Alexandre Vanadia. With his partner Laurent Pomies, they hope to "break the taboo around data" despite the reluctance expressed by their detractors.