Just earlier this year, the EU passed GDPR, which established legal ramifications for companies that didn’t adhere to specified standards of privacy. But while GDPR certainly gives consumers more power and choice over how they want to share their data, hoards of personal data are still being collected and analyzed.
This isn’t illegal, of course; nearly all of today’s tech companies, by the very nature of the industry, rely on the gathering of personal data to do business at all. These companies are perfectly free to access and process our data so long as they comply with GDPR standards whenever necessary.
Even with GDPR, there are still many ways tech companies take advantage of our personal information. This is especially true when we use platforms or products owned by the biggest digital conglomerates, which have more windows through which to access our personal information than do small tech companies and startups.
So, which digital conglomerates infringe on our privacy the most? Here are the top three.
Ever since the infamous Cambridge Analytica Scandal (for which the tech giant was recently reprimanded with a ₤500,000 fine), Facebook has been treading more carefully. The scandal, together with the passage of GDPR, compelled Facebook to add more options to their privacy settings that give users more choice in how they want their personal data to be collected and used.
Nonetheless, Facebook faced another big security breach in September, when data fromup to 50 million Facebook accounts were exposed. This was because of a vulnerability in the ‘View As’ feature, which gave hackers access to user profiles. Unlike the Cambridge Analytica event, this was a vulnerability within Facebook itself–one that allowed malicious actors to directly take over user accounts.
While Facebook admitted its mistake and acted promptly to resolve the issue, its actions were less than transparent.
Rather than directly alerting users about the hack, Facebook simply sent affected users a cryptic message on their news feed that read “Your privacy and security are important to us. We want to let you know about recent action we’ve taken to secure your account.” Unfortunately, the message sounded like the usual we-care-about-your-privacy bunk that Facebook feeds us all the time, so many users remained unaware of the hack and weren’t given the opportunity to investigate whether their data had been stolen.
And that’s not all. Data security news site Secure Thoughts highlights yet another privacy concern unknown to many users: the Facebook-owned VPN app Onavo Protect. While the app claims to protect user browsing information, it’s actually giving Facebook access to all user traffic and online activity conducted through the app.
Because of its shady privacy record, both the EU and Congress alike have their eyes on Facebook right now–and users should, too.
Google, like Facebook, continues to be less concerned with giving users control over their personal information, and more concerned with collecting as much user data as legally possible. Privacy activist Max Schrems argues that while both companies are technically complying with the GDPR requirement of obtaining explicit user consent, they push consent to such a degree that this consent is practically forced.
“Facebook has even blocked accounts of users who have not given consent. In the end, users only had the choice to delete the account of hit the ‘agree’ button–that’s not a free choice, it more reminds (me) of a North Korean election process,” Schrems told CNBC in March.
He criticized Google for employing a similar strategy. According to Schrems, the tech giant unfairly forces users to consent to share their data if they’re using its Android operating system. The company requires users to give Google access to their data or else own “a 1,000-euro brick” they can’t use.
Whether or not Google’s strategy to obtain explicit consent is as extreme as Schrems alleges it to be, one thing is clear: Making consent compulsory (or, at the very least, getting users to believe that consent is compulsory) is a clear loophole in the GDPR–one that Google will continue to take advantage of for as long as it can.
Amazon is notorious for collecting personal data through dozens of different mediums. Not only does the tech giant gather data through its e-commerce platform, but it also collects data through its products. As Amazon continues to develop Internet of Things (IoT) products of its own, it’s making it easier for itself to collect the personal data of its shoppers.
Think about theAmazon Echo, the home assistant which “listens” to user commands, records conversations, and stores information about consumers’ preferences for music and news. Gathering music and news preferences isn’t trivial; indeed, implicit in this information is data about political affiliation, demographics, and hobbies.
Meanwhile, the new Echo Look takes privacy concern to the next level by including a camera. It’s designed to take pictures of you to provide fashion and shopping advice, but there are obvious privacy risks involved when Amazon’s servers are storing photographs of you or your family members.
Amazon has also recently come under fire for infringing on the privacy of its own employees. The tech giant has talked of developing a smart wristband for its workers that would track and record even the most minute details of the employees’ whereabouts, pace, and physical habits.
The wristwatch is a clear violation of employee privacy (not to mention worker rights); it would give the company access to such information as how quickly a worker is moving, when they stop to scratch their head or take a bathroom break, and where in the warehouse they’re located.
With so many mediums through which to collect the data of employees and consumers alike, concerned users should refrain from engaging with Amazon without first being aware of the risks.
Legal and public awareness of privacy issues may have increased, but it’s still too early to let our guards down when it comes to protecting our personal information. Companies–and tech giants in particular–will continue to try to find loopholes in the latest privacy regulations, and much of our data will continue to be exposed to vulnerabilities and hacks.
Amazon, Google, and Facebook point to some of the most prominent examples of user privacy infringement, but there are so many more companies that are also collecting our data and putting our privacy at risk. Whichever platforms we use, it’s our responsibility as users to remain ever vigilant.
About the Author: Shachar Shamir
Shachar Shamir is COO of Ranky, a marketing company based in Tel Aviv. As Ranky’s COO, Shachar helps startups around the world with their marketing and online growth needs. So far, he has helped more than 200 startups with hands-on solutions. Other than that, he offers startups consulting and mentoring solutions, on how to increment their presence online and gain more clients.