Category: Privacy (page 2 of 2)

Sex in the city: Is there a reasonable expectation of privacy when having sex with the lights on?

When I read this post I could not help remembering the discussions within the Privacy module of the post grad learning programme I have recently enrolled in. A particular issue discussed was precisely the legitimate expectation of privacy regarding events which take place in public, such as those analysed in the Peck, Campbell or Von Hannover cases.

In the situation at stake, two office colleagues had sex in the workplace premises, with the lights on, having forgotten to pull the blinds down… and therefore in full view of transients and the customers of the pub located right across the street, who were able to observe the full scene, unnoticed from the inside.

The events were recorded by many (how useful are Smartphones in these situations!) and uploaded to the Internet. Obviously, it did not take long to spread both on social media and on the press and very quickly the couple has inadvertently become a viral sensation. Their sexual performance has been broadly gossiped, commented, assessed and rated. They have been publicly identified since then and details regarding their personal lives have been exposed.

Putting aside other pertinent considerations in regards of what internal proceedings the company should take, I would like to focus on the privacy issues at stake.

Our expectation of privacy does not forcefully depends of the place where the events take place. It is not because something happens in a public space or is visible by the public or from a public place that any reasonable expectation of privacy is automatically excluded. It suffices to think that most of our private life, such as conversations or encounters,  actually happens in public. How unfortunate would it be if that mere fact would ultimately deprive us of any expectation of living our lives discreetly. It would not be remotely reasonable to accept that people abdicate of their privacy expectations once they leave their homes. Specially when considering all the buzz surrounding smart TVs, our privacy is at risk even in our own households.

In this particular case, it was late in the evening and the couple expected to be alone in the office and away from peering eyes. It is unquestionbly a quite different situation than that of having sex in broad day light in a busy street, which would be more appropriately qualified as exhibicionism.

Moreover, the revealing and intimate nature of the activity cannot be ignored, considering that they were undressed and, well, having sex. I would say with some certainty that it is not something that most of us do not mind to be watched, recorded and commented, over and over, on a large-scale. And, in spite of being something that the public finds interesting, there is certainly not any public interest at stake.

Furthermore, despite acting on plain sight, the couple was absolutely unaware that their activities were being observed, let alone filmed. They did not give their consent – nor explicitly, nor implicitly – for their image to be captured. But, more relevant, they were certainly oblivious that those images and recordings would be disseminated at a large-scale. To be put within the public eye and the public attention which ensued were neither expected nor desired.

The moral damages at stake are evident. On a personal level, the couple has been publicly exposed, scorned, humiliated and shamed. Their dignity and self-esteem have been incessantly injured. At least for one of them, being married and with children, this exposure has also far more reaching consequences, affecting the family members concerned.

To say that the lesson to be learnt from this is to turn the lights off next time you intend to have sex is the easiest joke to make. However, such situations should not be socially treated so light-heartedly. Namely because with the advanced technologies available, it is getting easier to photograph and record events humiliating for someone. That is how many of the known cyber bullying situations actually start.  Technologies are evolving so fast that the general awareness and sensitivity are having a hard time keeping track of the issues at stake.

Perahps a very good first step would be for people to start accepting that it is not because they can see something, and are able to easily record it and quickly share it online, that it is legitimate to do so.It is so easy to laugh at someone’s expenses. And the next big joke could be any of us.

 

Mobile spyware or how to be connected with the last person you want to be connected with… your ex, who else?

Just be careful and monitor the apps installed in your phone.

Just be careful and monitor the apps installed in your phone.1)Copyright by LG under the Creative Commons Attribution 2.0 Generic

In my professional experience, I have dealt with and witnessed some quite serious and delicate situations subsequent to the ending of relationships and marriages. Stalking, threats, violence, harassment, attacks against property, home trespassing, defamation, nuisance to family members and closer friends, blackmail, outbursts of rage in the ex’s workplace or neighbourhood… I could go on, really, but you get the point. Let’s just euphemistically say that love has a very unromantic side which is not usually portrayed on romantic comedies.

In spite of all the good brought by technologies, they have a dark side which this blog – as you might have figured it out already by now – is usually about. Today’s post is not an exception. In fact, technologies have made a lot easier for unloved lovers to actually turn their partner’s or ex’s lives into hell.

How?

Well, with mobile monitoring software. This kind of technology has been legally around for quite a while now and is deemed the favourite tool for jealous (psycho?) lovers. Well, it suffices to type “app spy ex” on your favourite search engine to get a clear idea about their popularity.

You would be surprised about how easy it actually is. To start with, there are plenty of apps available in the market. A quick online search will give you an idea about the diversity of the options available. They are cheap, accessible and they are easy and quick to install.

Therefore, it suffices to gain a short access to the targeted mobile phone, let’s say, when the owner is taking a shower or trustfully provide the phone for a call. The app can even be set up before the Smartphone is offered as a birthday or a Christmas gift. How thoughtful!

In this regard, I would like to point out that when the app is side loaded (for instance, not from a legitimate app store such as Google playstore), there is the double risk of installing monitoring backdoors which could enable the access for third parties (besides your very personal spy) for unknown purposes.

Another sneakily effective way to monitor someone’s activities is to access the information contained in the cloud. It suffices to know the username and password, elements easily given away to your partner when you are in a trustful relationship. Cloud storage is another particular issue in itself due to its link to computers. As spyware could have been installed remotely through the e-mail, it is useless to change the login details for the cloud on the mobile phone, as those can be accessed on the computer.

What happens next?

Well, your unacknowledged personal spy will be able to access almost all activity which takes place on your cell phone: listen to and record your calls, scrutinize your messages, track your location, watch the photos and videos you shoot and monitor your online activities… or really just browse your Facebook account which actually contains by itself almost all this information.

As this wasn’t enough, these tracking technologies can run imperceptibility in the background, making it difficult to be detected. So unless your covert ‘admirer’ cannot help himself/herself but giving away hints about his/her privileged awareness of your life, you might not even suspect its existence.

The truth is a jealous partner or an ex who does not accept the ending of the relationship will be almost as effective as intelligence services in tracking you down. In fact, this kind of technology is increasingly becoming the favourite tool for abusers. Let’s not fool ourselves here. Women are the main victims of these technologies. Many do not even realise that they have a cloud account associated to their Smartphone.

Women experiencing domestic violence are particularly vulnerable in this context, as these technologies allow for the perpetuation of persecuting and intimidating behaviour when they try to flee an abusive relationship.

Of course, this kind of behaviour has always existed. From the old fashion ways of going through the pockets of a coat, listening to conversations, reading letters, looking for a trace of lipstick on a shirt, for a new piece of jewellery, to hiring a private detective or following the victim around… However, technologies have made all this so much easier and invasive.

Obviously technologies are not to blame. The subjacent motivations are. They are just a tool with great potential put to bad use. For instance, the very same technologies can be used for parent monitoring which is acceptable to a certain extent.

Thus said, I do not want to sound alarmist. But if you recently ended up a romantic relationship, and it happens that your ex was the jealous and possessive type, and/or that person suspiciously appears to know a lot about your current whereabouts and social activities, I would say that there is a fairly high chance that your phone is being spied on!

I would therefore advise you to have your mobile phone checked to confirm or exclude that possibility and, subsequently, be able to assess if you are the aim of any other kind of stalking.

Lastly, I would like to outline that such secretive interception of electronic communications is illegal, thus I would also recommend for you to seek legal advice in that regard.

References   [ + ]

1. Copyright by LG under the Creative Commons Attribution 2.0 Generic

Monitoring of employees in the workplace: the very private parts of a job in the EU private sector

Let us all see what you are doing.

Let us all see what you are doing.1)Copyright by MrChrome under the CC-BY-3.0

Whilst not all employers in the U.S.A. monitor their employees’ communications and activities, the majority do so, namely to evaluate their professional performance, to protect trade secrets, to prevent information security breaches or to avoid or reduce their liability in lawsuits.

So, incoming and outgoing email correspondence, telephone calls, websites visited and documents saved on the computer may be only some of the data accessed in this context.

This surveillance of employees’ electronic communications and activities over employer-provided facilities are generally deemed unlawful under the European Union law. Member States legal systems usually include constitutional laws, telecommunications laws, labour laws and criminal laws which are intended to be dissuasive.

Currently, there is no specific EU legislation regarding the privacy and protection of workers’ personal data at work.

Nevertheless, Article 31(1) of the Charter of Fundamental Rights of the European Union, whose application is mandatory whenever Member States apply EU law, states: “Every worker has the right to working conditions which respect his or her (…) dignity”.

In parallel, there are two EU Directives which can be applicable in these professional contexts. Although they do not specifically deal with any aspect of employment relationships nor address employee monitoring, they establish some privacy principles which are applicable regarding surveillance at workplace. These provisions are then furthered by Member States through their national legislation.

Firstly, we have the 95/46/EC Directive which relates to the protection of individuals with regard to the processing of personal data. Under this framework, data subjects are provided control over the collection, transmission, and use of their personal information. In fact, this instrument foresees that data subjects have the right to be notified of collection of personal information.

In this context, employers have to ensure that their surveillance is legitimate and restricted and must be transparent regarding any surveillance conducted. Any monitoring of the employees communications and activities, namely regarding the use of e-mail, the internet or phones, without their employee’s knowledge or consent, is unlawful.

Secondly, the 2002/58/EC Directive relates to the processing of personal data and the protection of privacy in the electronic communications sector. The interception of  communications over private networks, including e-mails, instant messengers, and phone calls, and generally private communications, are not covered as the instrument only refers to publicly available electronic communications services in public communication networks.

The European Convention for the Protection of Human Rights and Fundamental Freedoms (hereafter ‘ECHR’), in its article 8, reads as follows: “Everyone has the right to respect for his private and family life, his home, and his correspondence”.

Whilst the right to privacy at work has not yet be considered by the Court of Justice of the European Union, the European Court of Human Rights (hereafter ‘ECtHR’) has already ruled that the right to privacy right is not restricted to the household and extends to the workplace environment.

In fact, in Köpke v Germany, the Court stated as follows: “(…) that the concept of private life…may include activities of a professional or business nature and may be concerned in measures effected outside a person’s home or private premises(…)”.

In the Niemietz v. Germany case, the ECtHR included business relations, e-mails, and any other form of electronic communication in the concept of ‘private life and correspondence’, no distinction being made between private or professional correspondence.

In Halford v. UK Gov., the ECtHR held that the employer’s surveillance of the employee’s calls at work unjustifiably interfered with the employee’s right to privacy and correspondence. Communications via e-mail, fax, wireless, and any technological means is covered by the concept of correspondence.

Moreover, in the ruling Copland v United Kingdom, the ECtHR concluded that the fact that the calls or the e-mail usage occur in the office and, at least in theory, are business related, was irrelevant. Business correspondence and telephone calls may contain personal information, which is protected by human rights and by data protection law.

It also found that, even if the telephone monitoring was limited to “the date and length of telephone conversations” and “the numbers dialled,” and do not involve the content of the communications, it still violates article 8 of the ECHR.

The Court stated as well that article 8 is infringed where the monitoring is not previously communicated to the employees, as they have, in consequence, a “reasonable expectation” that they will not be.

However, a worker’s right to privacy at work is not absolute.

In Benediktsdóttir v. Iceland, the ECtHR concluded that the right to privacy and to correspondence has to be balanced with the other rights, namely those of the employer.

In this context, although not legally binding, the Article 29 Working Party (hereafter WP29) opinions provide important guidance. In fact, national data protection authorities take them into account when applying and enforcing national laws.

The WP29 issued an opinion on the processing of personal data in the employment context in 2001, concluding that “[t]here should no longer be any doubt that data protection requirements apply to the monitoring and surveillance of workers whether in terms of email use, internet access, video cameras or location data.” Therefore, monitoring must be proportionate, not excessive for the intended purposes, and carried out in the least intrusive way possible. Furthermore, it stated that, under the Data Protection Directive, employers may process data concerning their employees only with “unambiguous consent” or if the processing is “necessary.”

In 2002, the WP29 issue a Working Document on the surveillance of electronic communications in the workplace, in which was argued that the employee’s right to privacy should be balanced with the legitimate rights and interests of the employer, such specific and important business need, as efficiency or the right to protect the employer from harm caused by employees’ actions. Therefore, the monitoring activities should be necessary, proportionate and transparent.

In the WP29’s viewpoint, any monitoring of electronic communications should be exceptional, namely when necessary to obtain to obtain proof of certain actions of the worker; detect unlawful activity; detect viruses; or guarantee the security of its systems. Therefore, concealed or intrusive monitoring is generally unlawful.

In 2005, in its annual report, the WP29 has affirmed that “[i]t is not disputed that an e-mail address assigned by a company to its employees constitutes personal data if it enables an individual to be identified.

The WP29 stressed, in another Opinion, in 2006, that all online communications in the workplace are subjected to confidentiality protection, including those sent from workplace equipment for private as well as professional purposes. It suggested seven principles to ensure a proper monitoring: necessity regarding a specified purpose; a specified, explicit and legitimate purpose; prior notice to employees about the monitoring; the monitoring should be aimed to safeguard employer’s legitimate interests; personal data processed in connection with any monitoring must be adequate, relevant, and not excessive with regard to the purpose for which they are processed; data must be accurate and not retained for longer than necessary; and appropriate technical and organisational measures shall be implement regarding security.

The requirements at stake may vary according to the monitoring technologies used as some will require stricter standards according to the extent of interference with private life. For instance, in Uzun v. Germany, the ECtHR concluded that the monitoring via GPS is not as intrusive telephone tapping.

Considering that the data collected by the employer may constitute sensitive data, it can only be processed in the cases foreseen in Article 7 of the Directive 95/46. In this context, considering the disparity in the contractual positions at stake the employee’s consent may not deemed to legitimize the processing.

In this context, it is quite advisable for private employers established in the EU to set up clear and acknowledged internal policies or guidelines regarding the use of Internet and electronic equipment in the workplace, for instance as part of the work contract.

This legal and jurisdictional context highlights the challenge that companies and other organizations face when doing business in the European Union, especially those which also operate under U.S.A. law.

References   [ + ]

1. Copyright by MrChrome under the CC-BY-3.0

Game of drones or the not so playful side of the use of RPAS for recreational purposes

I am watching you.

I am watching you.1)Copyright by Don McCullough under the Creative Commons Attribution 2.0 Generic

If one of the gifts you have found underneath the Christmas tree was a drone 2)The term drone is used to describe any type of aircraft that is automated and operates without a pilot on board, commonly described as unmanned aerial vehicles (UAV). There are two types of drones: those which can autonomously follow pre-programmed flight routes and those which have remotely piloted aircrafts systems (RPAS). Only the latter are currently authorised for use in EU airspace., and it happens to have some camera installed on it, you should prepare yourself to embrace your new status of a data controller and face a new set of obligations regarding privacy and safety.

Indeed, whilst drones can be a lot of fun, there are serious considerations at stake which should not be ignored. In fact, the extensive range of their potential applications3)Despite drones were firstly used for military activities, they are increasingly used across the EU for civilian purposes. The civil use usually refers to those commercial, non-commercial and government non-military activities which are more effectively or safely performed by a machine, such as such as the monitoring of rail tracks, dams, dykes or power grids., the proliferation of UAVs with a camera, the collection of data and the subsequent use of such data, namely by private individuals for personal and recreational purposes raise concerns about the impact of these technologies on the safety, security, privacy and the protection of personal data.

As a matter of fact, a drone in itself does not imply the collecting and the processing of any personal data until you attach a camera to it. However, drones are increasingly equipped with high definition optical cameras and therefore are able to capture and record images of the public space. And while there are no apparent privacy concerns regarding the recording of landscapes, having a drone filming through the sky over your neighbourhood might lead to a very different conclusion. Drones have a high potential for collateral or direct intrusion regarding privacy, considering the height at which they operate, allowing to monitor a vast area and to capture large numbers of people or specific individuals. Despite individuals may not always be directly identifiable, their identification may still be possible through the context in which the image is captured or the footage is recorded.

It must be noted that people might not even be aware that they are being filmed or by whom and, as a result, cannot take any steps to avoid being captured if such activity is not made public. People ought not to know that the device is equipped with optical imaging and has recording capabilities. Moreover, because the amateur usage of a drone may not be visible, there is a high risk of being directed to covert and voyeuristic recording of their neighbours’ lives, homes and back gardens. How would you feel if a drone was constantly looming near your windows or in your backyard? Indeed, there is no guarantee regarding the legitimacy of the end to be achieved with the use of drones. None withstanding the fact that a drone may actually pose a threat to people’s personal safety, belongings and property, considering that it may fall, its increasing popularity as a hobby outlines the issue of discriminatory targeting, as certain individuals, such as children, young people and women, are particularly vulnerable to an insidious use of RPAS. This is particularly relevant considering that the images or footage is usually intended to be made publicly available, usually on platforms such as Youtube.

Furthermore, the recording may interfere with the privacy of individuals as their whereabouts, home or workplace addresses, doings and relationships are registered. In this context, the use of drones for hobbying purposes may have a chilling effect on the use of the public space, leading individuals to adjust their behaviour as they fear their activities are being monitored.

Thus considering, the use of this type of aerial technologies is covered by Article 7 and Article 8 of the EU Charter of Fundamental Rights which respectively establish the respect for private life and protection of personal data. Taking into account the abstract nature of the concept of privacy, the main difficulty will be to define when there is a violation at stake.

In addition, there are obviously data protection implications at stake where the drone is capturing personal data. EU data protection rules generally govern the collection, processing and retention of personal data. The EU Directive 95/46/CE and the proposed General Data Protection Regulation are applicable to the collection, processing and retention of personal data, except where personal data is collected in the course of a purely personal or household activity. Hence, the recreational use of drones is a ‘grey area’ and stands almost unregulated due to this household exemption.

Nevertheless, due to the risks at stake, both to privacy and to data protection, the extent to which the ‘household‘ exemption applies in the context of a personal and private use must be questioned.

In a recent ruling, the CJEU concluded that the partial monitoring of the public space carried out by CCTV is subjected to the EU Directive 95/46, even if the camera capturing the images is “directed outwards from the private setting of the person processing the data”. As already analysed here, the CJEU considered that the processing of personal data involved did not fall within the ‘household exemption’ to data protection laws because the camera was capable of identifying individuals walking on a public footpath.

As the RPAS operations may be quite similar to CCTV, but more intrusive, because they are mobile, cover a larger territory, collect a vaster amount of information, it is not a surprise that they may and should be subjected to the same legal obligations. Subsequent to this ruling, these technologies should be considered as potentially privacy-invasive. Consequently, private operators of drones in public spaces should be ready to comply with data protection rules.

Of course, the footage needs to contain images of natural persons that are clear enough to lead to identification. Moreover, and in my opinion, it is not workable to consider, in order for the household exemption to be applied, the images collateral and incidentally captured. Otherwise, selfies unwillingly or unknowingly including someone in the background could not be freely displayed on Facebook without complying with data protection rules. The footage must constitute a serious and systematic surveillance on individuals and their activities.

Therefore, information about the activities being undertaken and about the data processing (such as the identity of the data controller, the purposes of processing, the type of data, the duration of processing and the rights of data subjects), where it does not involve disproportionate efforts, shall be given to individuals (principle of transparency). Moreover, efforts should be made in order to minimize the amount of data obtained (data minimization). Moreover, the controller might need to ensure that the personal data collected by the drone camera is anonymised, is only used for the original purpose for which it was collected (purpose limitation), will be stored adequate and securely and will not be retained for longer than what is necessarily required.

In this context, individuals having their image captured and their activities recorded by the camera of a drone should be given guarantees regarding consent, proportionality and the exercise of their rights to access, correction and erasure.

Thus said, depending on where you are geographically located in the EU, there are obviously different rules regarding the legal aspects related to the use of drones. It is therefore important for individuals intending to operate a drone to get informed and educated about the appropriate use of these devices and the safety, privacy and data protection issues at stake in order to avoid unexpected liability.

References   [ + ]

1. Copyright by Don McCullough under the Creative Commons Attribution 2.0 Generic
2. The term drone is used to describe any type of aircraft that is automated and operates without a pilot on board, commonly described as unmanned aerial vehicles (UAV). There are two types of drones: those which can autonomously follow pre-programmed flight routes and those which have remotely piloted aircrafts systems (RPAS). Only the latter are currently authorised for use in EU airspace.
3. Despite drones were firstly used for military activities, they are increasingly used across the EU for civilian purposes. The civil use usually refers to those commercial, non-commercial and government non-military activities which are more effectively or safely performed by a machine, such as such as the monitoring of rail tracks, dams, dykes or power grids.

Uber – How much privacy are you willing to sacrifice for convenience?

Let's rideshare all your data?

Let’s rideshare all your data?

Ahhh how convenient it is to need a ride and to immediately have a car and a rider at our disposal at the distance of a click on our mobile phone… We used to call a taxi cab. Now it is much cooler: it is up to Uber.

Uber is a San Francisco headquartered company which specialized in the ridesharing services, made available through a Smartphone application. The very particularity of the service is that it does not own any car nor hires any driver. Indeed, Uber is a platform which is intended to put drivers and riders in touch, thus allowing for people having a car to make some extra money and for people who don’t to actually have at their disposal cheaper rides and to select the most suitable ride, among the several models nearby.

If you live in a city where the service is not available, you certainly already know it better from the protests held, a few months ago, by taxi drivers and taxi companies, in some capitals where it was implemented, which qualify it as an anticompetitive business.

Competition matters aside, the Uber business model is built upon customers personal data – which is information that could reasonably be used to identify them – and, therefore, raises privacy and data protection issues which cannot be ignored.

Indeed, in order to develop its customized services, Uber collects and processes a humongous amount of personal data from its customers, such as their name, e-mail address, mobile number, zip code and credit card information.

In addition, certain information – such as the browser used, the URL, all of the areas visited, and the time of day – may be automatically or passively collected while users visit or interact with the services. This data is referred to as ‘Usage Information’. In parallel, the IP address or other unique device identifier (for the computer, mobile or other device used to access the services) is collected.

Tracking information is also collected when the user travels in a vehicle requested via Uber services, as the driver’s mobile phone will send the customer’s GPS coordinates, during the ride, to its servers, including, but not limited to geographic areas. It is important to note that currently most GPS enabled mobile devices can define one’s location to within 50 feet!

This geo-location information is actually the core of the Uber business as it enables users to check which drivers are close to their location, to set a pick up location, and to ultimately allow users wishing so to share this information with others.

The amount of information regarding habits and movements, locations, destinations, workplaces, favourite social spots, which can be concluded from a user’s trip history and from the geo-location data tracked through mobile devices, is as a matter of fact quite surprising… and impressively accurate.

For instance, back in 2012, in a post entitled ‘Ride of Glory’ which is no longer available in its website but is greatly reproduced elsewhere, Uber was actually able to link rides taken between 10pm and 4am on a Friday or Saturday night, followed by a second ride from within 1/10th of a mile of the previous night’s drop-off point 4-6 hours later, to ‘one night stands’.

I suppose that this outcome makes most of us feel quite uncomfortable… One thing is for our whereabouts to be known. Another, quite different, is the conclusion which can be drawn based on that information.

Most of us do not really think about the implications of randomly giving away personal data. We easily sign up for supermarket value cards in order to get discounts over our grocery bills, thus allowing the retailer to track our purchases and consumption habits.

Besides being – at the very least – very unpleasant to have our sex lives revealed by the details of our rides to home, there is indeed a wide room for concern considering Uber’s policy and recent practices.

Uber has a very broad privacy policy to which users actually give their consent when they download its app. Indeed, it establishes very few limits to the use of the collected data. According to its policy, Uber can use the ‘Usage Information’ for a variety of purposes, including to enhance or improve its services. In fact, to attain that goal, Uber may even supplement some of the information collected about its customers with records from third parties.

Quite recently, it announced an “in-depth review and assessment of [its] existing data privacy program”. Certainly this willingness to change does not go unrelated to the comments of a senior executive suggesting Uber was planning to hire a team of opposition researchers to dig up dirt on its critics in the media, referring specifically to a female journalist, which were received with a wave of strong criticism.

Of course, this could have merely been a distasteful and off-the-record (because being off the record makes it all better) comment made in a fancy dinner party which does not represent the overall position of the company.

However, right afterwards emerged the rumour according to which Uber’s internal tool called “god view”, which shows the real-time location of vehicles and customers who have requested a car, as well as access to account history, is easily accessible for employees without rider’s consent. As a matter of fact, it was employed to access and track a reporter’s movements.

These facts cause little surprise to those who already are familiar with Uber’s very own promotion methodologies, some of which consisting, at launching parties, to feature a screen showing in real time where certain customers were.

This pattern is a sharp reminder of the risks at stake when giving away our personal data for convenience. And the information revealed by the amount of data made available, randomly, through an application on our mobile, tablet, computer or similar devices.

Imagine now, for instance, that you have a specific condition which requires frequent visits to a hospital or a specialized medical centre and that Uber would be able to conclude what is your health status as easily it did regarding the user’s nightly romantic encounters.

I hope that this situation will lead to the adoption of a very strict privacy policy which will end up elevating the privacy standards for the entire related-industry.

But considering all this, I must ask: how much privacy are you willing to sacrifice for your convenience?

Atlas or how tracking technology is getting smarter and more intrusive

Thumbs up on tracking everyone.

Thumbs up on tracking everyone, everywhere.

Traditionally, Atlas refers to a collection of maps, typically of the earth. But this concept is about to assume a much creepier meaning. It is now associated to a ‘people-based marketing’ model, meaning the tracking and mapping of consumer’s behaviours both online and offline, as they move across content, websites and apps with different devices.

I am referring to the new advertising platform called Atlas, recently announced by Facebook. The platform is an improved version of Atlas Advertiser Suite model, purchased from Microsoft in 2013, and is deemed to be more implacable than cookies technology, which it aims to eventually replace.

Currently, marketers usually target and track the performance of online advertisements through cookies. However, cookies have been failing the marketing industry due to the very limited outcomes they allow. Indeed, they are less and less reliable and increasingly ineffective due to browser settings and plug-ins which can block them. Moreover, they are not as effective on smart phones and tablets, the main tools to access internet nowadays, as on computer’s desktops. In addition, they do not distinguish among users and devices.

As a result, advertising companies, contrarily to their best interests, are unable to figure which advertisements are worthy and efficient.

Facebook, dressing a red cape over its blue clinging suit, proposes to solve these issues with Atlas.

How?

Well, taking advantage of the huge amount of data it collects about its members. After all, information as where people live or go, websites they visit, their preferences, interests and their interactions is highly valuable for marketing purposes. Indeed it enables marketing companies to target its advertisements more efficiently according to contextual and behavioural profiling.

But how?

While being logged in a Facebook account, each user has one unique identifier which distinguishes him or her from all the others. It is like a fingerprint.

Atlas will combine cookies with the unique Facebook individual identification to track users’ exposure to advertising across the web, linking their personal information to their browsing activity.

In this context, marketers and advertisers will be able to match the list of individuals who they know have bought their product, through purchasing details, and the list of advertisements that individuals have seen online.

As a result, they will be able to evaluate to what extent their targeted advertisements on Facebook influence its members’ purchases and to assess which ones are successful.

Getting a cold feeling of discomfort regarding your privacy?

Do.

While these might be good news for advertisers and marketers in general, users already worrying about their privacy and personal data will certainly find room for some additional concern.

Indeed, even if many other Internet companies, as Google and Yahoo, collect data on individuals based on their web browsing and other online activities and use it to target ads, Facebook raises the stake to a whole new level.

To start with, it distastefully shares data collected within social networking with third parties, advertisers and marketers. So, information provided by its members in a certain context will be used in another context.

In addition, while combining cookies with the Facebook ID, Atlas will enable to track online activities across devices of logged in users and to assess their reaction to advertising campaigns both across Facebook and third-parties websites and apps, both on desktop and mobile devices.

Therefore, Atlas applies a user’s Facebook identity beyond Facebook’s walls, resulting in exposing users who are logged in across devices to a new persistent tracking mechanism which I can’t help but picture as a constant and undesirable online stalker.

As, having purchased ad campaigns through Atlas, advertisers can choose whether or not to include it on Facebook, its primary intention is consequently to demonstrate that advertisements placed in its website do work, i.e., that online social behaviour and search habits of its members can be a faithful indicator of consumer interest and purchase intent. The aim is to attract advertisers and marketer’s interest in order to place ads on its platform, with the argument that ads bought through Atlas will be more effective than other platforms, because they will use data collected through Facebook.

This will enable Facebook to establish a demand-side platform, where marketers will be able to buy ads which target Facebook’s members as they move across the Web, and even target users through real-time bidding. Once a user has logged into Facebook on a device, Atlas will be able find that user and present personalized ads.

In this context, the core privacy concern is whether data can be utilized while maintaining users’ privacy rights. Facebook pledges that the whole process will be anonymous and that is not going to disclose personal information such as user’s names or locations to advertisers. It is said that marketers and advertisers won’t be able to access other details than those they already know. Furthermore, marketers won’t be able to take Atlas’s cross-device tracking information out of the Facebook system.

Nonetheless, it conveniently failed to acknowledge that this kind of marketing is targeted to us as identified individuals, despite no revelation of real names is involved.

Indeed, it belongs to an emerging strategy known as ‘onboarding’, which aims to link our offline life to our online activity. Instead of users’ actual names, Atlas targeting segments refer to age, gender and demographics and might eventually include political affiliations, credit card use and relationship status.

So, Facebook’s policy regarding real names might not be as well intended as it was firstly presented. As users are voluntarily submitting authentic information, just by using the social network on a regular basis, knowing its users’ real identities allows the building of detailed profiles of people.

It is already known that Facebook’s partners include Omnicom, Instagram and, possibly, Twitter.

Some consider that this aims to take down Google from its dominant position regarding online-display advertisements, taking advantage of the fact that Google’s targeting is primarily based on cookies, which don’t work on mobile phones and get confused across users and devices. Despite Facebook’s denials, Atlas will allow Facebook to build an advertisement network that would, like Google’s AdSense, extend its ads across the Web.

I don’t know one single person – except for my little cousin, who thrives with pub time on TV – that appreciates to have every webpage opened filled with ads. And it becomes worse when they are irrelevant!

Perhaps Atlas is just a way of ensuring that the advertisements we see are of more interest to users. Hopefully, it doesn’t mean that we will have to face a bigger amount of ads.

Anyway, Facebook’s members can’t opt out of Facebook’s data capture mechanisms entirely, although they will be able to view and change the types of ads they are presented with through the Ad Preferences portal.

But while some may argue that Atlas is just a new tool to make ads more relevant to users, one shouldn’t ignore that users are being made more relevant to advertisers. We are the product. Perhaps for those who need to socialize online, Ello is not such a bad option after all…

 

Newer posts

© 2018 The Public Privacy

Theme by Anders NorenUp ↑