Consumer Digital Touchpoints Online: It's messy

I asked everyone from Facebook to data brokers to Stan for my information. It got messy

It is almost impossible to understand your full Facebook data footprint. (Credit: ABC) 

It is almost impossible to understand your full Facebook data footprint. (Credit: ABC) 

28 April 2018

By technology reporter Ariel Bogle

Brands I've never heard of have my details.

Deciphering your Facebook data can be like leafing through a corporate-owned teen diary.

In 2007, one of my first comments was telling a friend she had a "fashionable mullet", but my online data footprint has exploded since then.

I downloaded my data from Facebook in an effort to understand how brands target me with personalised advertising — an activity that accounted for 98 per cent of the social giant's 2017 revenue.

Your name, age and location are the least of it. Every like, link and interaction can add to your profile, whether it's an inferred political preference — are you liberal or conservative? — or an interest in board games.

But as Wired has detailed, Facebook's data download provides an incomplete picture.

To fix that, I asked for my personal data (you can too, thanks to the Privacy Act) from everyone from data brokers to advertisers.

What did I find? That understanding who knows what about you online is a sisyphean undertaking. One that takes dozens of emails and almost one month.

What do data brokers know?

Ever heard of a data broker? If you haven't, that's no mistake.

"They rarely have a public presence," said Sacha Molitorisz, a digital privacy researcher at the University of Technology Sydney.

"My guess is there is an intuition somewhere there, that what they're doing might not be palatable to customers."

Data brokers are companies that may gather online and offline information — census data, surveys and purchase histories, for example — to create consumer profiles that they serve to advertisers.

In the market for a new car? An expectant mother? These are the types of insights they look for.

If advertisers want to reach these people, they can source special audience information from data brokers and target ads to them on Facebook.

This is allowed under Facebook's Partner Categories program, but after the Cambridge Analytica scandal, the company said it would be winding the option down.

A Facebook spokesperson said ad campaigns run this way would end by October 1, 2018.

For now, though, Facebook works with three providers in Australia: Quantium, Axciom and Experian.

I contacted all three and asked for my personal data. All three said they had nothing — but that's not the whole story.

How am I targeted?

Earlier this year I was served a Facebook ad for 100% Pure New Zealand. Facebook told me it was based on a dataset provided by the data analytics firm Quantium.

But if Quantium doesn't have my personal details, how does it target me?

The tourism ad was sent to two consumer segments — "outdoor enthusiasts" and "travellers" — a Quantium spokesperson said.

The company received de-identified purchase data, likely from Woolworths Rewards program, which was then used to create anonymous groups likely to purchase something based on their past shopping behaviour.

My de-identified data was probably in there. Then, apparently, Quantium matched it up with my de-identified data from Facebook.

"Publishers like Facebook de-identify their users' personal data utilising the same encryption algorithm used by Quantium," the Quantium spokesperson said.

"The de-identified data from both parties is passed into a secured anonymisation zone for matching purposes. This allows the two datasets to be matched without using any personal information."

In some cases, it gets more mysterious.

In Settings, Facebook lists the advertisers it says are running ads, using contact lists they uploaded to the platform.

Experian said it had no personal information about me, but Experian Data Quality is listed as having uploaded my contact information to Facebook.

A company spokesperson said it could not confirm why I was connected to Experian Data Quality.

"Based on the information you provided to us, we again confirm that Experian's Data Quality and Targeting (Marketing Services) in A/NZ does not hold any personal information on you," she wrote in an email.

Who else has your email?

Brands are only meant to upload contact lists to Facebook for advertising if they have permission to do so.

In the case of the video streaming service Stan, seeing its ad on Facebook made sense — I'm a subscriber, and apparently, I've watched the TV show Billions.

A Stan spokesperson said the ad I saw was intended to remind people "who may be fans of the show" that a new season was available.

It does this to highlight content the company thinks subscribers are interested in, using its internal analytics.

"We matched your encrypted email to data held by Facebook to facilitate the surfacing of that content," she added.

(I also asked for all my personal data from Stan, and the hours of television I've watched makes for a terrifying spreadsheet, by the way.)

 

The contact list mystery

But Stan is not the only brand that has my information.

As I write this article, there are more than 300 brands that Facebook lists as having my contact information — the majority of which I've never heard of.

There's a sushi restaurant in Perth, for example, called Tao Café. I've never visited.

I got in touch, and Tao Café office manager Annette Sparks was equally baffled about its appearance on my list.

But she said that the food delivery company Deliveroo ran ads on behalf of the company, and suggested that's how my contact details may have been bound up with the sushi venue.

So, onto Deliveroo.

While they couldn't discuss my personal situation, a spokesperson said Deliveroo does provide "marketing support" to its restaurant partners — essentially, it runs ads promoting them as part of the delivery service.

Did Deliveroo then share my email with cafes from Perth to Singapore? The company said no.

"Under no circumstances does Deliveroo share any customer details with restaurants or other third parties as part of these marketing campaigns," the spokesperson said.

I'm left none the wiser about why Tao Café was on the list — and there are other mysteries too.

According to Facebook's list, various American political candidates have my contact information.

As does the official Facebook page of the actress Kate Hudson.

What can I do?

Mark Zuckerberg has said Facebook users own their data, but it's an unusual kind of ownership.

Ownership feels largely meaningless when your data is scattered around the internet.

There is no one company to blame. The architecture of online advertising is set up this way.

"The issue is that in the digital space … personal data is very much sought after, and there are all [kinds of] different players who stand to benefit from access to that data," Mr Molitorisz said.

"There needs to be greater transparency with how our data is used."

This is the reality of surveillance capitalism, according to Professor Katina Michael, a privacy expert at the University of Wollongong.

Our data is a valuable commodity, and time is not on our side when it comes to understanding who wants it and where it's going.

"We don't measure it, we don't write it down like we do calorie-controlled diets," Professor Michael said. 

"We don't realise how much we're giving away."

Ariel Bogle, April 28, 2018, "I asked everyone from Facebook to data brokers to Stan for my information. It got messy", ABC Radio Nationalhttp://www.radioaustralia.net.au/international/2018-04-28/i-asked-everyone-from-facebook-to-data-brokers-to-stan-for-my-information-it-got-messy/1752610

Changes to digital privacy laws – but are consumers aware?

Consumers are not aware of new digital privacy laws, says Associate Professor Katina Michael.

pii.jpg

Are consumers really properly protected in this digital era with the introduction of new privacy laws now coming into effect?

According to Associate Professor Katina Michael from UOW’s Faculty of Engineering and Information Sciences and Vice Chair of the Australian Privacy Foundation, many consumers are unaware of changes taking place to privacy. In a recent interview broadcast nationally on ABC and a other interviews with SBS Radio and Ten’s Wake Up, Professor Michael said the majority of Australians were unaware who could access their personal information both in Australia and overseas.

She said when applying for a credit card or a home loan, do people really know that their personal credit history is being tracked and precisely what information is being stored about the products they purchase? 

New privacy laws have now been introduced following amendments being passed by Federal Parliament. The laws as they pertain to repayment history information are retrospective to December 2012. Under the new laws, large organisations and agencies that collect personal data are required to take reasonable steps to notify consumers about the collection of sensitive information, why it is being collected and whether or not it is onsold to third parties. Individuals will also be able to request access to their personal information and expect correction to their data if it is incorrect.

Large organisations that send personal data overseas would also be bound by new principles requiring them to take reasonable steps to ensure the data remain private and secure. The Australian Council of Civil Liberties says the laws needed to be updated to recognise the growth of social media websites over recent years where many users are posting personal information about themselves online. Professor Michael emphasised that consumers who used online dating web sites were particularly vulnerable to identity attacks, given the amount of data collected by the agency to perform “matches’ with prospective candidates that was publicly available.

The new laws also include more comprehensive credit reporting which will allow the reporting of information about an individual's credit history over the previous two years to credit providers. Individuals who make a loan or credit card payments more than five days late, may struggle to obtain credit products in the future as a result of the changes. 

Professor Michael told ABC interviewer Rod Quinn: How many consumers are really aware that if they have been only five days late with a payment this will be listed on their credit history? The same goes if one is more than 60 days late for a utility payment. The Australian Privacy Foundation welcomes some aspects of the new laws which it believes will help to strengthen consumers' rights such as civil penalties for companies who are in breach of the Act, and also new enforcement powers by the Privacy Commissioner.

Professor Michael believes the new laws covering personal data could fail if companies send information to countries with weak privacy laws and regulations, or none at all. If a security breach occurs in an overseas organisation organisation it may remain unknown to Australian consumers. She also thinks that small businesses should not have been exempted from the new privacy laws highlighting the fact that 80 per cent of Australia's businesses are small businesses hiring a quarter of Australia's population. Australia made attempts in the 1980s to centralise people’s information on to one card (combining Medicare and Social Security information for example). However, the Australia Card and the Access Card never got off the ground. 

Professor Michael told ABC listeners that there was a real danger in centralising people’s personal data all on to one card should that information fall into the wrong hands or encourage scope creep. “Having all that information in one place is just too penetrable,” she said.
Professor Michael fielded a range of listener enquiries during her ABC Radio interview.