back to article Huge power imbalance between firms and users whose info they grab

Mass commercial data gathering and opaque decision-making processes have a “massive potential” to damage personal autonomy and dignity, a report has said. Data gathered and stored by companies is increasingly being used to make decisions that can affect people’s lives, but the systems that drive these processes are often …

  1. Anonymous Coward
    Coat

    This has always been the case in America...

    Big powerful companies screwing over their customers...

    But thanks to the internet these companies are now able to do this worldwide...

    1. BillG
      Devil

      Re: This has always been the case in America...

      "Once you have their data, never give it back."

      - Google's First Rule of Acquisition

      1. Anonymous Coward
        Anonymous Coward

        Re: This has always been the case in America...

        Actually, how could they "give it back"? Only by ensuring that they erased every last copy in their own possession. Including backups.

  2. Pascal Monett Silver badge
    Trollface

    "huge effects on things like competition between companies"

    Silly me, here I was thinking that companies competed by making a better product. Now, in the 3rd millennium, they will just compete by having better customer details.

    After all, who cares about the product, right ?

    1. Swarthy

      Re: "huge effects on things like competition between companies"

      I thought the customers' data is the product.

      1. Anonymous Coward
        Anonymous Coward

        Re: "huge effects on things like competition between companies"

        And with overpopulation at hand, "One dies, get another."

  3. The Nazz

    Simple solution

    Make it a criminal offence to pass on, sell, or even buy and store indirect personal information. With criminal liability falling on the persons involved, certainly the executives. And pass the legislation quickly.

    If for instance i buy some new windows from XXXX Co they obviously require certain personal information, name address and financial details as a minimum. But it should stop there and never be used by anyone else.

    It also strikes me as being very odd when you take up a serious matter with many of the UK authorities, "ah well, we can't do anything ...because of Data Protection!" If they were private companies they'd be trading the data around at will.

    1. Christoph

      Re: Simple solution

      "Either you delete all the illegally held data or we'll delete it for you"

      "You and whose army?"

      ScreeeeeeeeeKABOOM ScreeeeeeeeeKABOOM ScreeeeeeeeeKABOOM

      "Oh"

    2. Doctor Syntax Silver badge

      Re: Simple solution

      "With criminal liability falling on the persons involved, certainly the executives."

      We keep saying this but are such roles defined in law? Rather than target "the executives" go for the directors. That's a role that is defined in company law and they, ultimately, appoint the management chain.

    3. Mark 85

      Re: Simple solution

      Make it a criminal offence to pass on, sell, or even buy and store indirect personal information. With criminal liability falling on the persons involved, certainly the executives. And pass the legislation quickly.

      Unless the board or execs are bleeding off money to personal accounts, I can't recall any prosecution of a board or exec. The companies own the legislatures so fat chance of this ever passing.

      1. Adam 52 Silver badge

        Re: Simple solution

        Precise stats seem hard to come by, but 46 for Health and Safety breaches last year, about 300 for various paperwork offences and about 150 for fraud.

  4. pleb

    An offer I can't refuse

    The power imbalance is what annoys me. So Microsoft (or whichever) can include T&Cs that basically state, "we can slurp your data and do what we like with it, you forego any rights to class actions, etc. By continuing to use the software you confirm your consent".

    So my choice is to prostitute my legitimate expectations of privacy, or opt out of the norms of participation in modern economy.

    1. Charles 9

      Re: An offer I can't refuse

      That's pretty much how they set it up. It's called a Captive Market. Otherwise known as "You Might As Well Be Walking on the Sun."

    2. Anonymous Coward
      Anonymous Coward

      Re: An offer I can't refuse

      "So my choice is to prostitute my legitimate expectations of privacy, or opt out of the norms of participation in modern economy."

      So long as corporations are allowed to include it in their Terms of Service, you can be denied any legal right they choose. Once enough of them have excluded a legal right in their TOS, that legal right ceases to exist.

    3. Doctor Syntax Silver badge

      Re: An offer I can't refuse

      "So my choice is to prostitute my legitimate expectations of privacy, or opt out of the norms of participation in modern economy."

      It depends where you live and whether or not you're purchasing as a consumer or a professional. In the civilised world consumer protection legislation may well protect you if you're the former although you'd have to go to court to achieve that.

    4. Anonymous Coward
      Anonymous Coward

      The Last choice or non-choice really:

      ...'opt out of the norms of participation in modern economy.'.

      ... Talk about the Death_Of_Privacy!

  5. John Smith 19 Gold badge
    Gimp

    It's a simple idea. It's not *their" data it's *your* data. An idea even govt's don't want to get.

    So how obligated are we to supply accurate data?

    Should the giving of fake details become SOP?

    Should "anonymous" credit cards with no personal details on the front become a product?

    So far evidence is people are getting the privacy level they are prepared to fight for.

    And they aren't prepared to fight very hard.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's not *their" data it's *your* data.

      "So how obligated are we to supply accurate data?"

      Many T&Cs like Facebook's will obligate it, and if you don't cooperate, you give them carte blanche to de-anonymize you to get you back in line.

      "Should the giving of fake details become SOP?"

      Against the treasure trove of info already out there, including information provided by governments, we can't be sure fake details won't be ratted out as soon as we use them.

      And PS. Data created through an agent can legally be THEIR data. Consider how work copyrights apply.

      1. Doctor Syntax Silver badge

        Re: It's not *their" data it's *your* data.

        "Consider how work copyrights apply."

        And consider how Data Protaction rights apply, assuming you live in a country that recognises such things.

        1. Charles 9

          Re: It's not *their" data it's *your* data.

          Rights clash. Which takes precedence? In America, copyright would likely take precedence as it is a Constitutionally-enumerated responsibility of Congress (Article I, Section 8).

          1. Doctor Syntax Silver badge

            Re: It's not *their" data it's *your* data.

            "In America, copyright would likely take precedence"

            In the EU (and, theoretically in the UK after Brexit but that remains to be seen) it's privacy. GDPR requirements are eventually going to make anyone wanting to do business in Europe take this on board.

            1. Charles 9

              Re: It's not *their" data it's *your* data.

              So the GDPR specifically and explicitly takes precedence over all other regulations, including those of copyright? I say that because at least the copyright mandate is part of the US Constitution so therefore really can't be overridden without an Amendment.

      2. LaeMing
        Happy

        Re: It's not *their" data it's *your* data.

        Dead Trolls sung it best: https://www.youtube.com/watch?v=7eIUOUfhoJ8 :-)

    2. Peter Gathercole Silver badge
      Headmaster

      "their" data and "your" data.

      The idea of "ownership" of data is as complicated as with any other easily reproduced information, and this language is not helping.

      The whole concept of possession implies something physical. For example, if I have a unique watch, nobody else can have it at the same time as me.

      <pedant>As such, when it comes to personal information, it's really not "your data", it is "data about you".</pedant> Many people may have copies it without denying you. You don't ask an organization to return data about you, you ask to have it deleted. The fact that you exist means that information about you exists. (I'm not going to go all Descartes here, I promise.)

      In reality, what people should be talking about is whether an organization has a right to keep particular types of information about you, not whether they own it. They might own a dataset - a collection of data that has an existence of it's own, but basic information is as Jefferson said about ideas, "it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it". As long as information is known to others, you cannot really claim to be able to control access to it.

      I want to be clear. I'm not suggesting unrestricted data retention by organizations, merely that the language used about it should be changed.

      This is a philosophical argument, I admit, and I know I will probably be downvoted over it, but, hey, the way it is being presented in the media annoys me.

  6. HAL-9000

    Really?

    This must be in line for the no-shit sherlock awards

    1. This post has been deleted by its author

  7. Colin Tree

    take back control

    The only way to secure your data is to publish your data under a license which stops other entities accessing or using your data without your explicit permission and limitations and allows you to take legal action against them.

    1. Charles 9

      Re: take back control

      And THEY fire back by simply denying you access to their services until you allow them access on THEIR terms. Combined with the increasing necessity of these services (to link with remote family, maybe even get a job), this becomes the the "Walking on the Sun" retort.

  8. Anonymous Coward
    Anonymous Coward

    According to Criteo, most iOS users don't even know they are getting tracked

    Better data privacy and tracking practices need to start with reform by the largest players, like Criteo, the largest ad retargeter. In their own words, Criteo believes 95% of iOS users opt into being tracked by Criteo without their knowledge: "Only 5% of your users on average will see the header or footer. Where this is the case, the renunciation rate is generally less than 2%."

    https://accelerate.criteo.com/hc/fr-fr/articles/207473609-Extended-Browser-Support-EBS-de-Criteo

    Furthermore, a research outfit last week claimed that "Criteo’s usage of HSTS Super cookies is not only dangerous, but illegal." Surprisingly, Criteo responded with a lie, claiming that the company "provides full transparency and control to Safari users"

    https://which-50.com/hiding-gotham-city-research-asks-criteo-says-company-destroying-evidence/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like