“I AGREE” to you using my data?

By Philip Miller
on Mar 22, 2018

I Agree_Blog_Connect

How seriously do you take your privacy? I imagine that not many would consider showering or going to the loo in plain sight of others. These, after all, are private matters that as a rule we usually don’t share, unless, that is, we make an explicit decision to.

We also don’t consciously decide to share our information each and every time we use an electronic service like a website. To have to make the explicit choice every time we make a Google search or use Facebook would be crazy. After all, clicking “I AGREE”, without thinking, once is annoying enough! In the back of our heads we know that we are allowing people to use our data and the business of not agreeing is too much hassle as we would have to find some other service as a substitute.

Blog_IAgree_WebsiteTrackingIt was for this reason that I changed from Spotify to Apple Music a couple of years ago. I didn’t like a change they made in their conditions of use, giving them the right to more access to my life. I had already given permission to Apple for a lot, but their approach to defending my privacy is endearing to me. Remember the demands from the FBI and Apple not giving in? I didn’t see any reason to grant yet more access to another company. Sure, I lost a bit of functionality, but I don’t regret the choice. No app has permission to use my location when I don’t want it to, even if I have to allow it temporarily each and every time.

Over the last couple of years, there has been a definite trend to release more and more personal information to the internet. We choose to post a photo or a video, we choose to post a tweet, the list can go on and on. Then there are the releases of information we are not in control of, those made by other people on our behalf (with or without our explicit or tacit permission). How many holiday photos have been uploaded to the internet with you happening to be in the background? I must be in hundreds of photos crossing Tower Bridge!

I tend to be more guarded about what I release about myself and what sites I choose to use. I occasionally ask Google to forget what I search about, I occasionally delete old cookies, and I use incognito or private browsing where I can. I have Tor installed. I make these choices.

Firefox has a cool feature called Lightbeam that allows you to see the web of cookies tracking you – take a look, it is frightening! There are so many cookies in the visualisation that it slows down my state-of-the art computer just to render it. I don’t even use Facebook, but they still track me! There are literally thousands of examples of cookies there from services I have never knowingly touched.

Cookie tracking graph in Firefox Lightbeam

This isn’t what the Cambridge Analytica hoo-ha is about though. It’s about what happens to the data I don’t realise I am giving away after the “I AGREE” button is hit. Did anyone imagine that just because their friend uses an app that their data is available to a third party? How could that even be possible?

What happens behind the websites I access, what are they using my ‘data’ for? Sure - I get targeted advertising because Amazon and Google harvest my searches. What about all the apps I use? That simple free game that wants to know my location, why does it need to do this, what is it doing with that information? Why does an application need access to my photos? And if I say ‘Alexa’, what does that get used for?

At Solidatus we display our cookie policy for all to see. Our website’s homepage has a number of cookies, we use Google Analytics and a contact relationship management system called HubSpot. We are clear about what we use these things for and give you details for each of the third party’s own policies. We use this data ourselves and would never share it. We are as sure as we can be that no one uses this data for any purpose that is not in their own statements of privacy. Can we be sure of that? This is a harder question and one which I would not be comfortable answering.

The General Data Protection Regulation (GDPR) in the EU is clear about how we should handle personal data. Companies need to keep trackable internal records of the personal data held on EU citizens or face huge fines and reputational damage. What constitutes for personal data? Put simply, your name is personal data, your age, your email address etc…

Data lineage is a part of GDPR and Solidatus is already being used by various organisations to keep track of their data and visualise how and where it is used across end-to-end processes.

Solidatus won Most Innovative Data Privacy Vendor at the A-Team Awards in New York at the end of 2017, an award we are very proud of. We take data lineage very seriously and believe that there should be a clear and prompt response to the question, “Where does this data go?”

It would make much more sense than expecting a person to read a lot of, frankly, deliberately obscured legal language if they were presented with a lineage of where their data is being put to use or sold on.

If people could see where their data was going to be used would they still press “I AGREE”?

Protect your data! Contact us.

Topics: Regulatory Compliance, Data Lineage, GDPR, Data Governance

Author: Philip Miller

Co-Founder, Senior Architect, Analyst and Engineer with over 20 years’ experience within Financial Services specialising in high performance computing, complex event processing and system integration. He is an acknowledged expert is real-time regulatory reporting.
Find me on: