Can California collect our personal data from Tech Giants?

I often hear friends complain about the unknown usage of the data that they sprinkle everywhere – while casting a like, pin, swipe, heart (…) – on the most addictive messaging, social or dating apps.

A majority of my surroundings thinks that this information should only be theirs, while they spread it frivolously to the world to meet their future match.

Even though I am at the opposite side of the paranoiac user behavior, I decided to give it a shot to try to provide a simple answer to one of this century’s public knowledge ‘must-have’:

How is our personal data shared between our government and the consumer apps that we use daily? Is this information flow really controlled and optimized?

 

The tech giants who collect massive amounts of personal data created value where it did not exist before, which added complexity to a cybersecurity environment that was not necessarily structured to answer their needs.  We had the chance to listen to Chris Cruz, CIO (Deputy Chief Information Officer) of the state of California, about his vision of the exciting turning point at which the public agencies are in terms of managing their data. California is home to many tech companies that have pioneered privacy enhancing technologies and initiatives such as encryption or bug bounty programs.  The state stores and manages the data of over 39 million citizens and of a wide range of subjects such as water, demographics, economy, transportation…

In 2016, California released an Open Data Portal to provide transparency and an easy access to all these information to citizens. The state’s challenge is to standardize the data sets by using metadata, as the actual organization of the information is very messy (all public agencies have been organizing their data differently since years!). Several major other IT projects are currently in development such as the transition to Cloud computing or the consolidation of the state’s many Data centers into a unique and main one.

The state thrives to strengthen the confidence of its citizens. California requires the state and local government agencies to provide at least 12 months of free identity theft protection and mitigation services to consumers affected by data breaches from government (leak of their personal information). Between 2012 and 2015, over 500 Californian residents were concerned by a compromission of their personal data, which I think is clearly not a lot in consideration of the huge amount of data managed and the mess in which it evolves.

The state counts on its public organizations to collect data. In 2016, Federal court ordered the release of the data of over 10 million Californian students, which highlights the growing amount of information the educational system now collects.

The massive aggregation and efficient management of data is key to the accuracy of the studies and plans led by the state to improve the general employment, security, environment etc… Sharing information with competent private entities, with a massive amount of structured data, is therefor an unbelievable opportunity. For example California planners make water allocation decisions based upon expertise, data and analytical tools coming from public AND private sources.

And… this is exactly when your likes, pins, swipes, hearts (…) get in the game!

Facebook is the largest user of the MySQL database, they rely on a heavily tweaked version of MySQL (5.6) to store the 500TB of data generated each day by their users. Hundreds of millions of photos are posted each day, and stored with all your data in one of their huge data centers (in the US or Europe, which represents over 800,000 square foot of data centers all cumulated).

You might be asking yourself about what Facebook, Pinterest or Twitter exactly know about you?

There are 4 different types of data that they store:

  • Private data (email, photos…)
  • Shared data (likes, conversations…)
  • Commercial data (advertiser account details)
  • Tracking and metadata (basically all that you do online = your location, website visits and much, much more)

If you want to see your data, Facebook has a feature in the settings allowing you to download all the data they own about you (usually 800 pages per user). You can also have fun on DataSelfie to understand how Facebook collects this data while you use the app. 🙂

The problem usually comes when you don’t necessarily agree with the metadata that these apps collect on you. California state does not force them to stop tracking consumers. Even though your browser can give a ‘do not track’ instruction to these sites, they have no obligation to acknowledge it. California state only requires these companies to disclose wether if they will or not follow the instruction, that’s it.

Social media tech giants and California state constantly fight regarding the opportunities of obtaining or exploiting data, in a context where the regulation is an extremely grey area.

For example, Facebook automatically assumed at a point that the parents of teenage Facebook users had granted permission for their children’s name to be used in advertising. The allegedly misleading privacy policy allowed the state (through the Federal Trade Commission) to exercise much greater influence into Facebook’s future treatment of consumer data by obtaining a 20 years consent order. This consent order was as well put in place with Twitter and Google.

In 2016, the Geofeedia case popped up. The company was compiling intelligence data collected through social platforms for use by police and other American law enforcement. Facebook and Twitter immediately suspended Geofeedia’s access to their data feeds. The thing is that it is just one of the myriad companies offering these services.

The most successful tech companies also fight irrelevant requests from authorities to hand over user data for specific cases (criminality related for example). Facebook publishes here publicly the report of all the requests made by the government and their advancement status.

Laws are not updated and leave lots of grey areas. However, California is a long pioneer in passing protective type of regulatory legislation on cybercrime, computer spyware and adware.

Coming to social media, the industry is globally lightly-regulated for online privacy. There is no clear definition about what the California government is able to ask to the companies and how, it seems to be more managed in a case by case scenario as the reciprocal needs, opportunities and issues arise.

If a company exposes or looses certain kind of personal data about their users, they must of course provide notice of the loss of the data subjects (for example the case of the stolen database of Ashley Madison in 2015, a commercial website enabling extramarital affairs).

California state also prevents employers from asking their employees to update their restriction preferences on Facebook to see their content.

Some situations are very difficult to sort out, such as what happens when a Facebook user dies: who inherits his data (aka password)? Three states proposed measures to regulate the death case scenario, and Facebook implemented a ‘Facebook Heir’ feature allowing you to actually choose the person (…before your die).

Sharing data held by business and corporations can help to improve policy intervention and the products that you love.

For example, LinkedIn is providing free data about demand for IT jobs in different markets which, when combined with open data from the Department of Labor, helps communities target efforts around training. Also, the development of sharing data platforms from pharmaceutical companies can generate an enormous value annually across the US health-care system.

In terms of consumer experience, the WhatsApp acquisition by Facebook allowed to mutualize the data of both companies, which (whatever were the critics on this) led to a better qualification and coordination of the content of both products that was completely benefiting the end user. This $19 billion acquisition says long on the value of the 10 years data collected by WhatsApp.

I personally don’t feel particularly alarmed about the fact that the apps that I love the most track about me probably more than I know myself, maybe because it actually makes me have such a better user experience and really get the most out of the product’s use. Where is the fun of using Zenly if you don’t allow your location to be tracked and shared?

I also feel like throughout time the collaboration on data sharing between the governments and the Tech Giants will evolve to a disruptive innovation and global project to allow the creation of considerable value in our society.

 

 

 

3+

Users who have LIKED this post:

  • avatar
  • avatar

2 comments on “Can California collect our personal data from Tech Giants?”

  1. This is a great article on the collection of personal data, Alexandra! You raise a really interesting point around privacy issues with regard to tech giants sharing personal data with government. This has been a hot topic lately, with investigations into recent terror attacks in London indicating that the attackers used WhatsApp to communicate in the lead up to the attacks. However, WhatsApp is encrypted, so the security services cannot read what people send. These recent attacks have raised the question – should we allow third party security services to access our personal data for safety purposes? I for one have no qualms with this, but many others are less keen on the idea, deeming it too intrusive.

    1+
  2. This is a really relatable and well written article! For an alternative perspective, in the UK, the ‘Snooper’s Charter’ bill became law, and it gives increasing state surveillance to the security services. Interestingly, most people in the UK are not even aware about this new law, and the sweeping powers the government now has. This matter around personal data collection definitely needs to be discussed publicly.

    1+

Comments are closed.