back to article US and Europe try to tame surveillance capitalism

The US Federal Trade Commission on Monday warned that data brokers need to rethink how they define sensitive data in light of recent enforcement actions involving antivirus vendor Avast, and location data providers X-Mode and InMarket. Europe, too, is moving in this area. The US trade watchdog has decided that browsing and …

  1. Neil Barnes Silver badge
    Stop

    How many times?

    "a unique and persistent device identifier" with its Jumpshot analytics business to track internet users' activities – including "each webpage visited, precise timestamp, the type of device and browser, and the city, state, and country."

    It's none of your fuckin' business.

    And websites wonder why people use advert blockers and script blockers...

    1. Pascal Monett Silver badge

      Brave. I use Brave exclusively on my smartphone. It has cut my bandwidth use by 80% at least, and I get what I want to see, not what advertisers want me to see.

      1. Michael Wojcik Silver badge

        I ended up dropping Brave and replacing it with Vivaldi on my phone, partly because Brave wasn't very stable, and partly because I was so tired of the damned cryptocurrency ads. I'd probably put up with one or the other if I had strong evidence that Brave makes a substantial difference; but I use my phone browser rarely, so it probably doesn't, in my case.

    2. ChoHag Silver badge

      Re: How many times?

      But that is their business...

      1. MyffyW Silver badge

        Re: How many times?

        It's certainly their business model

        But I agree with the first poster, it's none of their effing business :-)

      2. Benegesserict Cumbersomberbatch Silver badge

        Re: How many times?

        LiveRamp firmly believes that we are in compliance with all laws in the regions where we operate, including UK and EU laws.

        Belief being the holding of an idea to be true, in the absence of proof, or in spite of evidence to the contrary.

        If it were true, they would say they were in compliance, full stop.

        1. very angry man

          Re: How many times?

          I am of the belief that rubit's location be inferred and the location be promptly clensed with fire

    3. hoola Silver badge

      Re: How many times?

      Yet there are millions or people who are addicted to all the "Smart" tech with tracking and all sorts of shite clamouring for more.

      Everything has to be smart, connected and controlled by an App.

      I just don't get it.....

      Maybe I a too old but the entire stuff about collecting data really pisses me off. The "Legitimate Interest" stuff is just insane when you go through and reject them because it is on by default. Hundreds of companies, no clues as to what any of them do other than collect data to sell.

    4. An_Old_Dog Silver badge

      Re: How many times?

      You're right, and you're wrong. You're right: they have zero need-to-know. You're wrong: it is their business, in that they've made it their business -- their core revenue stream comes from collecting, matching, and reselling data on individuals.

      Have an upvote.

  2. Pascal Monett Silver badge
    Thumb Up

    "[The FTC] has decided that browsing and location data should be considered sensitive"

    Amen to that.

    That's going to be one heck of spanner in advertiser's inner workings, and I'm happy with that.

    1. heyrick Silver badge

      Re: "[The FTC] has decided that browsing and location data should be considered sensitive"

      Wait until they lobby for, and utilise, all the little loopholes...

      ...like the "legitimate interest" wheeze over here in Europe. No, fuck them, they have no legitimate anything when my browser clearly says "do not track me" and they're making a conscious and intentional choice to ignore that.

      1. hoola Silver badge

        Re: "[The FTC] has decided that browsing and location data should be considered sensitive"

        And crucially it is on by default and on most sites when you to "Reject All" for the cookies, it does not clear them.

  3. John Robson Silver badge

    Just ban tracking/targeting

    If you want to target adverts at people interested in tech, advertise on el-reg, if you want to target adverts at some other demographic, figure out where they are likely to be and advertise there.

    1. Jeff Smith

      Re: Just ban tracking/targeting

      Exactly. Baffles me that anyone considers targeted advertising to be even the slightest bit necessary, as if no one ever bought anything before 2005.

      1. codejunky Silver badge

        Re: Just ban tracking/targeting

        @Jeff Smith

        "Baffles me that anyone considers targeted advertising to be even the slightest bit necessary, as if no one ever bought anything before 2005."

        What John Robson mentioned is targeted advertising. The magazine advertising what readers might also be interested in is targeting. The online tracking/targeting is an attempt to be even more accurate (which I am sure most agree has laughable results currently).

        While I am somewhat concerned of private entities abusing data I am also concerned of the government demanding such data for abuse and even inserting a 'back door'. Currently governments are arguing for encryption they can decrypt at will, in the US the security services installed agents at social platforms.

        Without the security concern I would be happy for more accurate advertising to be honest. Seeing things I am interested in is better than stuff I dont care about, and that also works for the advertiser.

        1. John Robson Silver badge

          Re: Just ban tracking/targeting

          "Without the security concern I would be happy for more accurate advertising to be honest. Seeing things I am interested in is better than stuff I dont care about, and that also works for the advertiser."

          a) Has advertising ever been more accurate?

          I see you've recently bought a car, would you like a new car? That's the level of accuracy of the massive intrusion that is current practise.

          b) Without the loss of life I'd be all for murder.

          You can't get personally targeted advertising without the security concerns.

          1. codejunky Silver badge

            Re: Just ban tracking/targeting

            @John Robson

            "I see you've recently bought a car, would you like a new car? That's the level of accuracy of the massive intrusion that is current practise."

            As I said- 'which I am sure most agree has laughable results currently'

            "You can't get personally targeted advertising without the security concerns."

            Possibly, probably.

          2. Michael Wojcik Silver badge

            Re: Just ban tracking/targeting

            As I've mentioned in the past, I have on a number of occasions been served advertisements that were clearly to some extent targeted, which informed me of products I was not aware of, which were of interest to me, which I purchased (or had purchased for me as gifts), and which I appreciate owning. Mostly books, and mostly on my Amazon Kindle. (Though, oddly, another example which comes immediately to mind is my Grip 6 belt, which I like very much and only learned of through a YouTube ad, of all things. There's treasure everywhere; it's just a question of how much shit you have to dig through to find it.)

            So I can't claim targeted advertising has been of no benefit to me. Yes, I agree, 95% percent of it is woefully misdirected, and much of it is obnoxious. On YouTube most of the ads I see are for some horrendous game or for Grammerly, a software package I have despised since it first appeared and which has only succeeded in spurring my loathing of it since.

            That said, I strongly support opt-in on a fine-grained basis (e.g. merchant by merchant, and for wide-ranging merchants like Amazon, category-by-category; and also device-by-device). And only collecting very limited data, such as prior purchases with that merchant — no demographics, no location, no other ancillary information.

        2. Doctor Syntax Silver badge

          Re: Just ban tracking/targeting

          The online tracking/targeting is an attempt to be charge advertisers more by claiming to make it even more accurate

          FTFY Just remember, the advertising industry only sells one thing, advertising, and it only sells it to one group of people, advertisers.

          1. Zolko Silver badge

            Re: Just ban tracking/targeting

            I think that's the crux of the matter : marketing droids of a company buy adverts from other marketing droids in an ad-broker company. And they rake in billions doing that, which increases the price of the products of said company by as much, that every-body *ELSE* has to pay somehow. That's the very definition of parasites: they suck the blood of the host. The entire advertising business is a parasitic behavior, quite identical to the former Soviet propaganda : if the products were indeed as good as advertised, advertisement wouldn't be necessary in the first place

            1. jmch Silver badge

              Re: Just ban tracking/targeting

              "if the products were indeed as good as advertised, advertisement wouldn't be necessary in the first place"

              This is not strictly true, word of mouth is great but by itself isn't going to get the brand recognition to allow a vast / vastly increased customer base. There certainly IS a non-zero value both to businesses and to customers of some sort of advertising.

              The way I see it, the big issue isn't so much the advertisers as the ad brokers (primarily Google and Facebook), who on one hand are sucking up everyone's data to build detailed profiles (that are not necessary because it has been shown that micro-segmentation as currently implemented does not work), and are then conning ad buyers into spending more for these ineffective segmented views, and then double-conning them because they also own the ad exchanges and can therefore artificially set any price they can justify, and then triple-conning them because there is no independent way that advertisers can verify that their ads are being seen by humans (or the specifically targeted humans) at all.

              On the one hand it's up to advertisers to be smart enough to stop advertising through the ad brokers that are ripping them off and realise they could get the same results with traditional targeting ie advertise domain-specific goods/services on domain-specific websites, magazines, physical spaces. On the other hand it's up to users to block as much targeting as they can and lobby their politicians to outlaw indiscriminate data scraping.

            2. Michael Wojcik Silver badge

              Re: Just ban tracking/targeting

              if the products were indeed as good as advertised, advertisement wouldn't be necessary in the first place

              This is simply naïve. Maybe you belong to some cabal of product users who can evaluate all new products for merit and circulate a list of the best available, but here in the real world, there is no magical access to some merit-ranked list of what's for sale.

              In 2013, over 275,000 books were published in the US. I can't keep track of that many new publications. I can't even keep track of publications by all of the authors I like — I probably could, if I spent a fair bit of time creating a system for that, but I have better things to do.

              Thanks to Kindle advertisements, over the past few years I've discovered a number of authors whose books now rank among my favorites. There's no plausible way I would have found all of these otherwise. Yes, some other new-favorite authors I found in traditional bricks-and-mortar bookstores, for which I am eternally grateful; but bookstores can't carry everything, and when I browse in a bookstore (or library) I can't look at more than a small fraction of what they have available.

              Some of the websites I enjoy, I learned about through advertisements on other sites. Again, it's unlikely I'd have been introduced to them in any other way.

              I don't watch a lot of synchronous media, but I do occasionally watch something on YouTube. A couple of the creators I watch routinely were recommended by friends; a couple I knew of from other sources. Most are the results of YouTube recommendations occasionally getting it right. I have no idea what input vector resulted in YouTube's popping up a link to CPG Grey's history-of-Tiffany video a couple of years ago, but it did, and the result was a decent chunk of entertainment (across Grey's body of work) that I was also able to share with Granddaughter Major. Advertising FTW.

              It's a whole wide world out there, and due to sheer volume it's not particularly discoverable. Maybe you don't like advertising, full stop; fine, that's your opinion. But to claim that consumers would find everything they might value without it is sophomoric rubbish.

        3. gandalfcn Silver badge

          Re: Just ban tracking/targeting

          Diddums, bless.

      2. ChoHag Silver badge

        Re: Just ban tracking/targeting

        Nobody needs the tracking, least of all the advertisers, except the people who sell it.

        Advertising is convincing people to lie to themselves. Billboard owners have convinced advertisers to lie to themselves about the value of billboards with tracking.

  4. Mike 137 Silver badge

    An elephant in the middle

    A huge problem that the regulators seem oblivious of (or uncaring about) is the use by many organisations of third party intermediaries that the data subject has no means of circumventing, such as job advert aggregators that are often the only route for applicants to apply for roles, and event booking services the only route for buying tickets. It's anybody's guess what these intermediaries do with the personal data they process. Although many state in their T&Cs that they operate as 'data processors', there's plenty of evidence to the contrary.

    For example, one booking service, although ostensibly a data processor for event organisers, also declares itself a data controller for the purpose of event marketing "[w]here it is in accordance with your marketing preferences, we may use your Personal Data to contact you in the future for our marketing and advertising purposes" but provides no obvious mechanism for specifying such preferences unless the data subject creates an "account". As the data subject is compelled to use the booking service without the option, its actually questionable whether there is even a legitimate contract between it and the data subject, let alone any consent relationship, and probable the dual use of the data is not lawful, particularly as the two purposes are not compatible.

    Quite part from which, it's the legal duty of the party employing subcontractors to ensure that they process personal data on their behalf lawfully, so use of such questionable third parties should come home to roost, but it doesn't. A lot of businesses seem to believe that so long as they declare questionable (or even strictly unlawful) processing in their 'privacy statement' (or indeed merely refer the user to the third party's 'privacy statement') it's OK to go ahead. However, when I took this issue to the ICO in the UK, my complaint was rejected. When I challenged that decision I was told that it was "only an opinion", and that was the last I heard of it. So much for Regulation.

    1. Doctor Syntax Silver badge

      Re: An elephant in the middle

      Re your last paragraph: If the principals were actually held responsible for the activities for their agents it would kill the various attempts to enable EU & UK businesses to avoid any consequences of offloading stuff to foreign, mostly US, based service providers. As things stand they claim requirements are satisfied if the injured party can claim in the US against the US provider.

      I find it surprising that the obvious corollary hasn't appeared and wiped out that entire loophole: class actions in the US.

      1. Mike 137 Silver badge

        Re: An elephant in the middle

        " If the principals were actually held responsible for the activities for their agents it would kill the various attempts to enable EU & UK businesses to avoid any consequence"

        It would indeed. However the GDPR does hold principals legally responsible, so such 'attempts' are actually unlawful. The fundamental problem is that the regulators ignore this -- they simply reject complaints about it.

  5. Anonymous Coward
    Anonymous Coward

    Anonymous de-anonymization

    Re-identifiable pseudonymized persistent Ad IDs and the likes are great for stalking one's ex who now works under a different name at Islington Tennis Centre and Gym, brings your kids to Thornhill Primary School Islington, and lives in the battered-person safehouse above the Asiatic Thai Massage of Islington (Ryan Paterson dummy-data example).

    I'm real glad that such info is readily available for 3/4 of Americans, 2/3 of UK folks, and 1/3 of the French. With pervasive surveillance capitalism, efficient stalking is just a few dollars away! (</sarc>)

    1. Michael Wojcik Silver badge

      Re: Anonymous de-anonymization

      Agreed. Deanonymization was demonstrated convincingly multiple times in various studies. The data brokers hiding behind this sort of weak anonymization are lying, and they know it.

      With differential privacy it's possible to quantify just how much information is being leaked. Regulators could force data brokers to use DP, in an auditable fashion, and penalize them for exceeding some threshold; but that would be difficult, and it's hard to argue that it wouldn't be better to just force the third-party brokers out of business, frankly. (And I say that despite having defended limited targeted advertising upthread.)

      Unfortunately surveillance capitalism is one of those manifestations that's useful to both the private sector and the state, so the public-private tension that is responsible for most real reform isn't present. For every politician or regulator who sides with the consumer on this, there are a thousand law-enforcement and intelligence types clamoring for more surveillance and supporting the businesses that provide it.

  6. Doctor Syntax Silver badge

    I suppose the issue can be avoided by the various businesses offering the relevant government's agencies mates' rates.

  7. Omnipresent Bronze badge

    duh

    About time people catch on, Funny how the Government is the third or fourth most obscene guilty party in this racket, At least they are not profiteering off it, just spying. I can live with that in the interest of national security, It's the legal beavers I worry about, The ones making a profit on you. It's been pervasive for quite a while. When the nuclear powered AI robots take over, they will have you cornered like a rat.

  8. Potemkine! Silver badge

    "The IP address is often the join key"

    That's a good ad for VPN providers.

  9. SVD_NL Bronze badge

    "In fact, unique IDs which are assigned to an individual may be more identifying than a person's name."

    THIS^^^

    These tech companies conveniently interpret PII as information that can be used to identify someone by name

    Problem? if you know my name, you won't be able to figure out a whole lot. i've got minimal social media presence, my address won't show up anywhere, the most you can find is my LinkedIn profile.

    With the data this company collects, they know my home address, common contacts, interests, and a whole lot more.

    Yes, they won't know my name or SSN (they could probably figure it out though), they know exactly who i am.

    If someone walked came up to my door and said "hey i noticed you visited the pool a few times over the last couple of weeks, can i interest you in swimwear?", i would be a lot more alarmed than if a stranger mentions me by name.

  10. Jonathon Green
    Trollface

    Wouldn’t it be great if…

    …someone came up with a distributed computing project to generate enough fake traffic and inject enough spurious information into the datasets to make them completely valueless?

    Just a daydream I know, but if it happened I’d be happy to donate a few processor cycles and a bit of bandwidth…

  11. Strong as Taishan Mountains

    Where is the money?

    Surely the ad-buys cannot alone fuel such an industry.

    I suspect the main consumer of the gigantic piles of data from all this would be various parts of government. Governments have the endless cash to waste knowing my toothpaste research, Colgate maybe not so much.

    1. ecofeco Silver badge

      Re: Where is the money?

      The data is sold.

      It's the modern version of the mailing list. The money is in selling the contact information to other companies and ad agencies.

      This has been a thing long before any of us were born. And just as sleazing.

      And yes, corps have more than enough money to keep this ethereal market afloat and very, very profitable to all involved. Except you and I, of course.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like