Data Digest № 012

Data Digest ¦ July 18th, 2019, 11:00 pm

Welcome to the 12th edition of the Data Digest. Today we cover $5 billion FCC fines celebrations, RTB being possibly illegal under GDPR, Russia’s selfie collection machine, bad bargains for your data, and more. Enjoy!

Facebook Fined $5 billion. Investors Celebrate.

The US government will levy a $5 billion fine against Facebook for violating its users’ privacy, stemming from the Cambridge Analytica scandal.

After the news of the upcoming F.T.C. penalty broke, Wall Street immediately pushed the value of Facebook shares up to $205.27. The fact that the company’s stock price increased almost simultaneously to the fine, highlights that investors were fearing a substantially higher penalty. Furthermore, it validates that investors don’t expect Facebook’s business to become any less profitable. While Facebook agreed to more comprehensive oversight of how it handles user data, none of the conditions in the settlement will impose strict limitations on Facebook’s ability to collect and share data with third parties. A decision that appeared to split the five-member commission. The 3-to-2 vote, taken in secret this week, drew the dissent of the two Democrats on the commission because they sought stricter limits on the company. All in all, the $5 billion fine is nothing more than a slap on the wrist for a company generating $56 billion in revenue per year and with $40 billion in cash reserves. In the end, it’s unlikely this will bring about any long term change. An opportunity missed for data ownership and data privacy advocates.

F.T.C. Approves Facebook Fine of About $5 Billion (Published 2019)

If approved by the Justice Department, the settlement would be the biggest fine levied by the federal government against a technology company.

The Ad Ecosystem’s Favorite Tool May Be Illegal Under GDPR

The current online advertising ecosystem is leaking a river of personal information. Running on the backend of pretty much every website, a silent auction takes place to determine which lucky advertiser gets to interrupt the user’s attention. This is called Real Time Bidding (RTB). In a nanosecond, hundreds of advertisers are sent a treasure trove of personal information, possibly including gender, politics, location, birthday, but at the very least, the user’s unique ad ID, URL, IP address, and details on the browser and system. Furthermore the ad that’s shown, once the bidding process concludes, often contains JavaScript. This code can then summon even more trackers.

Today, there are large sums of money flowing through the RTB system. In the US alone, about $20 billion. However, it’s given much less attention from regulators and politicians. Until now.

RTB is possibly in violation of European law, as GDPR applies the principle of transparency:[1] That users must be aware of who has their personal data, what they do with it and that no other parties receive the data. EU regulators have been investigating since May this year. Should the EU decide to act on the evident privacy abuse of RTB, it could have a significant impact on the online advertising industry.

[1] The GDPR, Article 5, paragraph 1 (a), Article 12, Recital 39, and 60.

Blockthrough: Market Leader in Adblock Revenue Recovery

Blockthrough helps the world's largest publishers recover the revenue they are losing due to ad blockers in a way that respects user choice.

Users ‘FaceApp’ To Privacy

Viral hit FaceApp struck a chord not only with the general public, but also with digital privacy advocates as individuals willingly gave up their face for a glance at their future selves. The application became the most downloaded app in the US last Wednesday. As the initial enthusiasm peaked, so did a wave of panic amongst users. Not least realizing they needed to catch up on anti-aging regimes, but rather that they knew nothing about the Terms & Conditions of a company they entrusted with their most sensitive personal data. The fact that the company was Russian didn’t relax the situation.

While the anxiety may have been excessive (the company hosts the images on servers provided by US companies, with no further sourcing of images taking place), it nonetheless goes to show how prevalent the issue of data usage is for the general public. Data ownership, data privacy, and the handling of personal data is no longer a fringe topic exclusively discussed in circles of privacy professionals, but a focal point in users’ decision matrix when navigating the internet. Here at Datawallet, we intend to make it easier for users to know exactly what data companies collect, how they use it, and put the user in control of their data. Maybe FaceApp should give their users Datawallets to ease concerns?

Opinion | FaceApp Shows We Care About Privacy but Don’t Understand It (Published 2019)

There are good lessons to learn from an overblown controversy.

Fancy $10 to Let Amazon Spy on You?

In my recent interview on CNBC I mentioned that data was hard to price via a central government agency such as the SEC (as proposed in the DASHBOARD Act by Sen. Warner and Sen. Hawley), since the value of data ultimately depended on how much companies would be willing to pay for it (which in turn is a result of how much value they can derive from it). If you offered the same data asset to 100 different companies, you’d get 100 different prices. Some on the higher end, some on the lower end. Each price will be a reflection of how much value these companies can derive from this data. In the case of companies buying data from their own customers, there’s another interesting variable that comes into play, namely how much this company values you as a customer. If a company offers you a fair deal for your data, they are staking a claim that they respect you as their customer, and the increased brand equity from this exchange may be worth the premium they are offering for your data. Other companies, would stake a claim that they care fairly little about you as a customer, and hence they will offer you a rather shitty deal. It’s quite a revelatory exercise. And Amazon just revealed quite a bit by offering their customers a one time fee of $10 for tracking users all over the web. Playing on the notion that users are oblivious to the value of their data, the promotion offered on Prime Day, requires users to download ‘Amazon Assistant’. The “assistant” then tracks everything you do for a mere $10 off your next vegan cookbook. In line with the laws of supply and demand, we hope that Amazon received very little data for their lowball offer.

And it’s not just ‘Amazon Assistant’ spying on you. Eight popular browser extensions have been caught harvesting data from an estimated 4 million consumers who use the web browsers Chrome and Firefox. This data was subsequently up for grabs with the data broker Nacho Analytics, where it could be purchased for as little as $10 to $50. Yikes.

Amazon wants to give users $10 in exchange for tracking them all over the web

The promotion gives the online retail giant an unprecedented view into user browsing habits.

- The Washington Post

Google, Firefox Browser Extensions Expose Data of 4 Million People

Google and Firefox browser extensions collected the personal data of 4 million people, according to a researcher. Consumer Reports tells you how to stay safe.

Huis Clos

As the battle against Big Tech marches on, the antitrust movement is uniting lawmakers left, right and center. The Trumpist right, terrified of young rebellious liberals, and the progressive left, shocked by pro-Trump Russian disinformation campaigns and the autocracy of SIlicon Valley, don’t know how to play along nicely. With crossovers on talking points, liberals on conservative TV shows and conservatives awkwardly showing up in liberal conference corners, the common denominator― being anti-tech―has made for “some uncomfortable bedfellows”.

Fighting Big Tech Makes for Some Uncomfortable Bedfellows (Published 2019)

Conservatives are showing up at largely liberal conferences to call for breaking up Facebook and Google. Liberals are going on conservative TV shows to do the same. It’s awkward.

Did Somebody Say Datawallet?

Kevin McCarthy published an inspiring Op-Ed for the NYT Privacy Project where he outlined the pressing issues with the current internet framework and made the argument for a decentralized network, “online consumers leave a trail of data bread crumbs, making us vulnerable to privacy invasions. In a decentralized network, however, our data would be controlled by this blockchain encryption. Users would grant and revoke access to data, no longer entrusting third parties or tech companies with that responsibility.”

Hmmm…Sounds like a Datawallet…

Opinion | Don’t Count on Government to Protect Your Privacy (Published 2019)

Let’s look to technologies like blockchain and other innovations to keep our data private.

CCPA Is Here To Stay

During a late night session in the Senate Judiciary Committee hearing, several bills amending the California Consumer Privacy Act of 2018 (CCPA) were passed. If enacted, these amendments will have lasting impact on businesses obligations under CCPA. Joint with a number of business-friendly provisions being limited, or struck altogether, the pressures to meet CCPA requirements are mounting.

CCPA Amendment Update: Several Bills Narrowed, Passed in Senate Judiciary Committee | Lexology

Several bills that would amend the California Consumer Privacy Act of 2018 (CCPA) cleared a major hurdle when they passed in the Senate Judiciary…

What I'm Reading:

EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters

The lawsuit, which comes after multiple Motherboard investigations into phone location data selling, is seeking an injunction against AT&T which would try to enforce the deletion of any sold data.

Slack Hack Prompts 100,000 Account Password Reset

Slack, the popular business messaging service which recently went public on the New York Stock Exchange, has confirmed it is resetting 100,000 account passwords. Here's what you need to know.

Data of 'nearly all adults' in Bulgaria stolen

A hacker targeted the Balkan country's tax agency and reportedly offered local media access to stolen data.

Office 365 declared illegal in German schools due to privacy risks

Microsoft's future in Germany is in question again.

That’s it for this week. See you next Friday!



Get the Data Digest in your inbox