A question most of us rarely consider, however, is what happens to our data if a company goes bankrupt, or is bought by another company that may have far less respect for our privacy?
A recent survey by the New York Times, in fact, found that out of the 99 sites with English-language terms of service or privacy policies listed by Alexa as the top 100 websites in the US, 85 included such a clause. These include internet luminaries that harbor huge amounts of highly personal data on just about all of us, including Facebook, Google, Apple, Amazon and LinkedIn.
‘This information may include your IP address, device and software characteristics (such as type and operating system), location, activity on the Hulu Services including title selections and watch history, page views, ad data, referral URLs, network state, device identifiers or other unique identifiers such as advertising identifiers (e.g., “ad-ID” or “IDFA”), and carrier information.’
‘We may collect information about you from other sources, such as data aggregators, public databases, and our business partners. This may include information about your interests, demographic data, purchasing behavior, and your activities online (such as websites visited and advertisements viewed).’
‘If we sell all or part of our business, make a transfer of assets, or are otherwise involved in a change of control transaction, or in the unlikely event of bankruptcy, we may transfer information from or about you to one or more third parties as part of the transaction.’
And that’s it… absolutely no guarantees are made about what happens to your data subsequent to such an event.
The mass of data that all modern internet services collect about their customers as a matter of course these days (and Hulu is not alone here), in fact represents one of their major assets. It can provide a very detailed picture of an individual’s likes, dislikes, sexual preferences, religious views, health and fitness, addictions, and (most importantly of all), spending habits.
This kind of information is pure gold to web companies and marketers, who use it to deliver ever more personalized and targeted (and therefore higher yield) advertising to consumers. As executive director of EPIC.org, Marc Rotenberg, observes,
‘In effect, there’s a race to the bottom as companies make representations that are weak and provide little actual privacy protection to consumers.’
In 2012, dating website Ture.com filed for bankruptcy and attempted to sell its database of 43 million members to an unnamed ‘Canadian-based online dating service.’ This sale of huge amounts of incredibly personal and potentially damaging data was blocked by the Texas Attorney General on the grounds that,
Of the Alexa top 100 sites surveyed by the NYT, only 17 said they would alert users if their data was sold (such as by posting a message on their website). Only Etsy, Weather.com, ‘and a few other sites’ promised users the option to opt-out of their data being sold-on in the event of a ‘business transaction.’
The big question of then, of course, is what can we do about this terrible situation? Unfortunately the short answer ‘not very much’. Even if we take the time to wade through the ridiculously long and deliberately obtuse Terms of Service for every service that we use (an almost impossible task in itself) in order to determine if they are up to something sneaky (they almost all are!), then… what?
If we want to use the service then we have to agree to its ToS. Okay then, so why not just go elsewhere? Well, not only is it often very difficult to just choose to use another service (for example, if all your friends are on Facebook, and have no intention of going elsewhere), but (as the NYT survey demonstrates) they are all at it, and are just about as bad as each other!
What you can do is, where possible, signup to services and websites using a pseudonym, false personal information, and a dummy email address (although this will be stymied if you need to provide billing details). You can also use VPN to hide your true IP address, and anti-tracking browser extensions and tweaks to limit the amount of cross-site tracking performed by websites you visit (and therefore data collected about you.)
A real solution, however, would require meaningful legislation aimed at protecting internet users’ data, but as just about every government is in the pocket of big business, this is very unlikely to happen…