A few thoughts about the ongoing misunderstanding around the use of personal data

Strava’s Heat Map can be beautiful. This was captured in the Nevada at the site of Burning Man.
Source: Strava

Over the weekend, an international security snafu erupted when it was “discovered” that anonymous Strava user data, actually released by the company last November, can be used to identify the location of up-till-now secret US Army bases, possibly putting soldiers in danger. 

Strava has defended the release of this information saying that  its map “represents an aggregated and anonymized view of over a billion activities uploaded to our platform, but also thatthe information was already made public by the users who uploaded it.” Strava also said that it’s “committed to helping people better understand our privacy settings.” It does sound a bit like Strava is blaming the users for not understanding what data is they’re sharing, what the default sharing setting are, and how to control those settings.

It comes back to this: “The controversy around Strava demonstrates a common issue with the relationship between tech companies and their users: People casually using an app often don’t understand what companies do with their data or how to properly protect it.”

This pervasive disconnect between what a company does with personal user data and what the users think it does with it plays out across so many different apps and services. As in most cases of “free,” if you’re not paying for the product, you are the product. Strava, a free app, has to make money somewhere, so along with premium membership it also sells aggregated, anonymized data such as cycling data: “We also have a metro business, which is aggregating and anonymizing commute data to sell that back to departments of transportation so they can better plan pedestrian bicycle routes in cities.”

Spotify: be humble.
Source: Adweek

This isn’t new. It just pops up every time a surprised media reports on some company’s data usage or another, sometimes with the backing of the company itself. In this case, Strava itself released the heat maps. Users were also outraged when Uber released its “walk of shame” data and Netflix and Spotify started using peculiar viewing/listening data in ads. Last year fury erupted when it turned out that Unroll.me, a service meant to unsubscribe users from unwanted emails, sold anonymized emailed Lyft receipts to Uber. CEO Jojo Hedaya’s response sounded familiar when he said it was “heartbreaking to learn that people were upset after discovering that Unroll.me sells data to make its service free. He believes the company wasn’t ‘explicit enough’ in telling users what it does, and that there will be clearer messaging in apps and the web.”

Facebook is another a free-to-use product that deeply profiles users and users often get upset when the depth of data is revealed. This week it reported that even with a decline in the number of daily users in the US and Canada and in the time spent on the site, an increase ad prices boosted revenue. Says Erin Griffith: “unfortunately for users, mining our personal data to better sell us stuff is the future of Facebook’s business. Over the years, Facebook has managed to rise above criticism over privacy and transparency by pointing to settings that purport to give users control over what they share and with whom. But those settings are complex and not well understood by users. Further, Facebook does not give users full control over their data.”

I’m curious if the disconnect between user’s expectation of privacy and what companies actually share comes from users not reading the terms of use or the intentionally vague phrasing of those terms. Perhaps the surprise comes from fact that the default settings for sharing are usually set at 11 and the controls for those settings are hidden deeply in the service to the point where users don’t realize they have a choice. Also, in many cases users don’t have a choice – either they consent to the collection of their personal data or they cannot use the app. In any case, I don’t think either data collection, the controls, or their default settings is going to change. Yet it would behoove companies to either communicate better about what data they collect and how it’s shared with their users or stop trying to use that data in their advertising or public relation attempts. Either get ahead of the outrage or don’t start it at all.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s