Skip to content
big tech and data privacy

Data Privacy: What Data Does Big Tech Have on You?

In today’s age, our data privacy has been challenged by the rise of Big Tech. There is a saying, “When we get something for free, then we end up being the products.” In the age of information, all the clicks we’ve left behind — and will leave behind in future — are being (will be) used to analyze us, rate us, package us, and sell them back to us.

In a 2019 article, the New York Times outlined how we have “secret consumer scores”: a hidden rating that determines how long we wait on hold when calling a business and what service we receive.

A Tinder algorithm of sorts — a low score sends you back to the queue, and a high score will fetch you an elite treatment. The society we live in today is witnessing an enormous amount of data flow and a rampant surge in algorithm systems that make decisions without us knowing whether these decisions are fair for us.

What does big tech do with your data?

Big Techs, also known as FAAMG (Facebook, Amazon, Apple, Microsoft, and Google), are competing to harvest as much data as possible and sell it to third-party applications and businesses.

Big Techs have acquired extraordinary amounts of data on individuals through internet browsers, email, weather applications, maps, and satellite navigation. These firms document how we browse, what food we enjoy, where we buy our socks, which music soothes us, what movies we watch, where we travel and how we let the world know about it.

Google contains 4.14 GigaBytes of data on me. (Those who wish to download their Google data may use this link.) When you download a copy of your Google data, you will see a folder containing multiple subfolders, each containing multiple .json files. 

In a folder labelled location history, Google kept a history of my monthly location data since 2016 — with great details about whether I was walking, running, tilting, cycling, or in the vehicle, along with timestamps of the activity, location name, latitude and longitude.

Another folder recorded the ads I may have seen based on my visited websites. In another, the files contained the details of the sites I have visited, images & videos I have searched for, apps I have opened and for how long. Even my Google Voice search recordings are listed in yet another file, along with the date and time. This is not just a story of Google.

In the New York Times report, Facebook was charged with holding personal data on their databases. Instagram, along with its parent company, Facebook, holds data on removed friends, phone books, blocked contacts, pictures, chat conversations, photos & videos sent and received, among other things. Instagram, of course, retains your search history to show targeted ads.

Even Alexa could be listening — carefully. According to a 2019 Bloomberg report, Amazon Inc. employs thousands to help the Alexa digital assistant powering Echo speakers. Amazon, however, claims that they use the users’ requests to Alexa to train their “speech recognition and natural language understanding systems.”

While we, the users of web services, may be generating enormous amounts of data, we have no control over it. In turn, the Big Techs constantly monitor how we produce data and recreate our choices to make us better products.

How is technology affecting data privacy?

We’re in an era of data collection and surveillance — whether we opt for it or not in several instances. Panopticon–that is what Michel Foucault would have called it. These companies have been hungry for the hyper-personalisation of user data to gain a competitive edge.

As a result, they want to know everything about a particular consumer (his/her needs, desires, and behaviours) to make valuable recommendations. This quest for hyper-personalisation leads to the misuse of user data.

A classic case of data misuse? Cambridge Analytica Scandal.

In early March of 2018, two leading newspapers, The Guardian and The New York Times, carried out a chilling report on how political consulting firm Cambridge Analytica, which worked for the Trump campaign, had harvested the personal data of millions of Facebook users without their consent to “build a powerful software program to predict and influence choices at the ballot box”.

The data was collected through an application called thisisyourdigitallife, which academic Aleksandr Kogan of Cambridge University built. In collaboration with Cambridge Analytica, Kogan had paid hundreds of thousands of users to take a personality test and agreed to collect their data for academic use. However, the app also collected data from test-takers and Facebook friends, accumulating unprecedented amounts of data.

According to some estimates, Cambridge Analytica harvested the private information of the Facebook profiles of more than 50 million users without their consent, making it one of the most significant data leaks in social media’s history. The Cambridge Analytica Scandal exposed how third-party developers easily accessed users’ data and sold it to companies that misused this information.

Since the 2018 Cambridge Analytica Scandal, user data privacy has become mainstream. These data privacy concerns have put Big Techs under the radar of privacy watchdogs. In the last few years, we have seen (in many instances) how the Big Techs have mishandled consumer data or mined data without the user’s consent. Data privacy concerns do not just stop with personal privacy but encompass many issues related to what data protection means to democracy and who owns our data.

So, what can we do about data privacy?

Data privacy concerns how data is collected, stored, managed, and shared with other third-party entities. It focuses on the individuals’ right to know the purpose of data collection, privacy preferences, and compliance with privacy laws.

Three ways of dealing with data privacy concerns are interconnected and overlapping. At first, the onus of data privacy lies on individual data users. On the personal front, we need to know what is personal to us and share the data only when necessary with entities we know we can trust.

Always Pay Attention to the URL and Ensure it Begins with https://

When we open our emails, we should not click on links embedded in unsolicited emails as they may open an unsecured and harmful webpage. Always pay attention to the URL and ensure it begins with “https://”, as “s” indicates the URL is encrypted and secure.

Do not give unnecessary access to cookies — and occasionally delete the cookies from your browser. You (the data users) may take precautionary measures while securing your data.

Check your data rights: GDPR and CCPA.

Secondly, we need our governments to take the necessary steps to regulate big tech and protect individuals’ rights to data privacy. There’s GDPR (the General Data Protection Regulation) 2018 in the European Union that gives individuals more control over their data.

According to the law, data controllers must not collect personal data without the consent of the data subjects. They must disclose any data collection, declare its lawful basis and purpose, and state how long data is being retained and if it is being shared with any third parties or outside of the EEA.

In 2020, California State of the United States legislated a new data privacy law, i.e., CCPA (California’s Consumer Privacy Act), to enhance its residents’ privacy rights and consumer protection.

The law empowers its residents to know what personal data is collected about them and/or whether it is sold to third-party entities. It requests these business entities to delete its consumers’ data. The proposed Personal Data Protection Bill in India seeks to regulate personal data collection, storage, and handling.

However, there are fears about how these laws might turn the country into an “Orwellian state” — due to government bodies’ exemption from accessing personal data. More regulation is likely to come in 2021.

Innovating Dynamic CVV to support data privacy

Third, we need to innovate newer ways of dealing with data products, with a priority on data privacy. For instance, in 2018, Pittsburgh-based PNC Bank piloted a card with dynamic CVV, changing the card’s CVV every 30 to 60 minutes.

The dynamic CVV technology was created to fight card-not-present fraud, which has been rising for years. In another example, we can see that passwords are replaced with cryptographic keys and multiple layers of biometrics.

Signal: A way forward?

Signal, a California-based messaging application run by a not-for-profit organisation, offers users end-to-end encryption. Signal’s “Sealed Sender” feature makes conversations more secure as the platform cannot access private messages or media or store them on its servers.

While WhatsApp provides end-to-end encryption for messages, it can access other private information — another good reason to shift sides.

Presearch – decentralised search engine

Another innovation, Presearch, is a decentralised, open-source search engine with enhanced privacy features. Built on the blockchain, Presearch rewards its users with PRE crypto tokens. They do not track or store any information or searches.

As a result, the users control their data. Along similar lines, Tim Berners-Lee, creator of the World Wide Web, has led an exciting project called “Solid” (derived from “socially linked data”) that aims to radically change the way web applications work today and empower users of data, their freedom to choose where their data resides, and who is allowed to access it.

PODS – Personal Online Data Stores

Solid is all about PODS – personal online data stores. Here, an individual has a PODS in which all the personal data is stored. You may choose to host the data wherever you wish. Instead of uploading data to remote services, the services are granted permission to access the data in one of your PODS.


Cover Picture: Yang Jing on Unsplash


3 thoughts on “Data Privacy: What Data Does Big Tech Have on You?”

  1. An interesting dialogue is value comment. I feel that you must write more on this matter, it may not be a taboo subject however generally persons are not sufficient to talk on such topics. To the next. Cheers

what do you think of the above post?