The Difference Between Privacy and Exploitation: Why Understanding The User Data Conversation Is Important

The New York Times recently published a piece called “Just Don’t Call It Privacy,” and I think it helps to explain a fundamental misrepresentation in the United States of what’s really at issue when we talk about personal data.

Data collection giants, such as Amazon and Google, currently have pretty free reign over the information they collect on individuals who use their services. Even when headlines announced a huge data breach at Facebook, there was no mass exodus away from the social media platform.  After all, what does a data breach even mean? Everything related to the conversation about user data is termed using oversimplified vocabulary attached to abstract definitions, so of course it’s easy to get lost.

Despite this dramatic hurdle, we as users of these online services should be engaging in the conversation about our data. While the United State has been mostly passive about user data collection and application, other countries are actively pushing back and establishing boundaries with legislation. Why? That’s an important question to ask, and I think understanding the answer begins by understanding that although we talk about it in terms of “privacy,” privacy is not the problem.

To quote Natasha Singer in her NYT article (who phrased it so well):

What is at stake here isn’t privacy, the right not to be observed. It’s how companies can use our data to invisibly shunt us in directions that may benefit them more than us. (emphasis added)

To restate: when we’re talking about data collection through online services – like Google tracking emails and searches, or Facebook logging what links are clicked on whose timelines- the problem isn’t that these companies do these things (violating our “privacy” by doing so). The problem is what they do with our information after they collect it. We users need to be protected from the information we provide about us being used against us. The term privacy is everywhere, but it’s a red herring drawing the conversation in the wrong direction.

Per the “Just Don’t Call It Privacy,” NYT article:

“Congress should not be examining privacy policies,” Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a prominent digital rights nonprofit, told me last week. “They should be examining business practices. They should be examining how these firms collect and use the personal data of customers, of internet users.”(emphasis added)

What follows is a list of pretty straightforward real-world examples of user data exploitation (most sourced from the NYT article cited earlier). For the sake of clarity I have summarized beneath each link what user data was collected, what the user believed their data would be used for (termed “intended use”), and how the data was additionally used against them (termed “exploited use”):

“Facebook Accused of Allowing Bias Against Women in Job Ads”

  • user data collected: gender
  • intended use: for identification
  • exploited use: for bias in displaying job advertisements

“Dozens of Companies Are Using Facebook to Exclude Older Workers From Job Ads”

  • user data collected: birthday, birth year, age
  • intended use: for identification
  • exploited use: for bias in displaying job advertisements

“Google tracks your movements, like it or not”

  • users data collected: location
  • intended use: users believe they have control of being tracked
  • exploited use: location is still tracked, despite user preferences

“Amazon’s Next Big Business Is Selling You”

  • user data collected: purchasing history
  • intended use: for making returns or re-purchasing items
  • exploited use: match advertising with shopping patterns

And here’s yet another example from the NYT article where the user data exploitation isn’t quite as straightforward:

AT&T’s privacy policy says the mobile phone and cable TV provider may use third-party data to categorize subscribers, without using their real names, into interest segments and show them ads accordingly. That sounds reasonable enough.

Here’s what it means in practice: AT&T can find out which subscribers have indigestion — or at least which ones bought over-the-counter drugs to treat it.

In a case study for advertisers, AT&T describes segmenting DirecTV subscribers who bought antacids and then targeting them with ads for the medication. The firm was also able to track those subscribers’ spending. Households who saw the antacid ads spent 725 percent more on the drugs than a national audience.

Michael Balmoris, a spokesman for AT&T, said the company’s privacy policy was “transparent and precise, and describes in plain language how we use information and the choices we give customers.”

Hopefully, breaking down the conversation about personal data has helped explain that the issue isn’t that our data is collected (i.e. privacy), but how our data can be used against us – to manipulate us through targeted marketing strategies, to discriminate in unseen ways against us, to make us believe we aren’t being tracked when we are – and that’s just a few of the many possibilities.