Most Americans Don’t Realize What Companies Can Predict From their Data
By mixing and matching information from various digital sources, they know far more than most people think.
rely on Google Maps to help them get to where they are going quickly and efficiently.
A major feature of Google Maps is its ability to predict how long different navigation routes will take. That鈥檚 possible because the mobile phone of each person using Google Maps sends data about its location and speed back to Google鈥檚 servers, where it is analyzed to generate new data about traffic conditions.
Information like this is useful for navigation. But the exact same data that is used to predict traffic patterns can also be used to predict other kinds of information 鈥 information people might not be comfortable with revealing.
For example, data about a mobile phone鈥檚 past location and movement patterns where a person lives, who their employer is, where they attend religious services and the age range of their children based on where they drop them off for school.
These predictions label who you are as a person and guess what you鈥檙e likely to do in the future. Research shows that people are largely unaware that these predictions are possible, and, if they do become aware of it, . In my view, as someone who studies how predictive algorithms affect people鈥檚 privacy, that is a major problem for digital privacy in the U.S.
How Is This All Possible?
Every device that you use, every company you do business with, every online account you create or loyalty program you join, and even the government itself collects data about you.
The your name, address, age, Social Security or driver鈥檚 license number, purchase transaction history, web browsing activity, voter registration information, whether you have children living with you or speak a foreign language, the photos you have posted to social media, the listing price of your home, whether you鈥檝e recently had a life event like getting married, your credit score, what kind of car you drive, how much you spend on groceries, how much credit card debt you have and the location history from your mobile phone.
It doesn鈥檛 matter if these data sets were collected separately by different sources and don鈥檛 contain your name. It鈥檚 still easy to match them up according to other information about you that they contain.
For example, there are identifiers in public records databases, like your name and home address, that can be matched up with GPS location data from an app on your mobile phone. This allows a third party to link your home address with the location where you spend most of your evening and nighttime hours 鈥 presumably where you live. This means the app developer and its partners have access to your name, even if you didn鈥檛 directly give it to them.
In the U.S., own the data they collect about you. This means they can legally sell this information to data brokers.
Data brokers are companies that are in the business of buying and selling data sets from a wide range of sources, including location data from . Data brokers combine data to create detailed profiles of individual people, which they .
Combined data sets like this can be used to predict what you鈥檒l want to buy in order to target ads. For example, a company that has purchased data about you can do things like connect your social media accounts and web browsing history with the route you take when you鈥檙e running errands and your purchase history at your local grocery store.
Employers use large data sets and predictive algorithms to make decisions about who to interview for jobs and . Police departments make lists of people who may be . FICO, the same company that calculates credit scores, also calculates a that predicts .
How Aware Are People About This?
Even though people may be aware that their mobile phones have GPS and that their name and address are in a public records database somewhere, it鈥檚 far less likely that they realize . That鈥檚 because privacy policies typically only include about how data that鈥檚 collected will be used.
, the Pew Internet and American Life project asked adult Facebook users in the U.S. about the predictions that Facebook makes about their personal traits, based on data collected by the platform and its partners. For example, Facebook assigns a 鈥渕ulticultural affinity鈥 category to some users, guessing how similar they are to people from different race or ethnic backgrounds. This information is used to target ads.
The survey found that 74 percent of people did not know about these predictions. About half said they are not comfortable with Facebook predicting information like this.
, I鈥檝e found that people are only aware of predictions that are shown to them in an app鈥檚 user interface, and that makes sense given the reason they decided to use the app. For example, a showed that people are aware that their tracker device collects their GPS location when they are exercising. But this doesn鈥檛 translate into awareness that the activity tracker company can predict where they live.
In another study, I found that Google Search users know that Google collects data about their search history, and Facebook users are aware that Facebook knows who their friends are. But that their Facebook 鈥渓ikes鈥 can be used to .
What Can Be Done About This?
Today鈥檚 internet largely relies on people managing their own digital privacy.
Companies ask people up front to consent to systems that collect data and make predictions about them. would work well for managing privacy, if people refused to use services that have privacy policies they don鈥檛 like, and if companies wouldn鈥檛 violate their own privacy policies.
But research shows that those privacy policies. And, even when companies face consequences for breaking their privacy promises, it doesn鈥檛 stop them from .
Requiring users to consent without understanding how their data will be used also allows companies to shift the blame onto the user. If a user starts to feel like their data is being used in a way that they鈥檙e not actually comfortable with, they don鈥檛 have room to complain, because they consented, right?
In my view, there is no realistic way for users to be aware of the kinds of predictions that are possible. People naturally expect companies to use their data only in ways that are related to the reasons they had for interacting with the company or app in the first place. But companies usually aren鈥檛 legally required to restrict the ways they use people鈥檚 data to only things that users would expect.
One exception is Germany, where the Federal Cartel Office that Facebook must specifically ask its users for permission to combine data collected about them on Facebook with data collected from third parties. The ruling also states that if people do not give their permission for this, they should still be able to use Facebook.
I believe that the U.S. needs stronger privacy-related regulation, so that companies will be more transparent and accountable to users about not just the data they collect, but also the kinds of predictions they鈥檙e generating by combining data from multiple sources.
This article is republished from under a Creative Commons license. Read the .
