Being right about something that’s wrong isn’t very satisfying. This CBC article reports that the mobile app from my favourite provider of coffee and donuts was collecting personal location data inappropriately. The story, highlighting a report from Canada’s privacy commissioner, supports my ongoing contention that apps, in general, may be evil.
The level of detail in the CBC post is wonderful, showing how far we have come in understanding data privacy, discussing issues such as: user consent, lagging laws, third party providers, trade-offs of data for benefit, and viewing different types of data acquisition differently.
Reading the article flashed me back to circa 2017, when apps were relatively new. I stood at the front of a business strategy class, asking the students what the risks and benefits were of any data an app might collect. My questions didn’t spark much discussion, other than it was a savvy move to use emerging technology for better customer service and to stay competitive. A good business strategy answer but not the ethical analysis I hoped for related to the risks of data mining.
Privacy is a personal thing, defined as the ability of a person to decide what about them is public knowledge and who it is shared with. While we have generally accepted norms of what information should be private, people have individual ideas too. Some of us tell no one our age, others announce it to large groups of strangers.
What does privacy mean in everyday life?
- Privacy is about being in charge of our stuff. Each of us gets to decide who sees, and knows, our details.
- Privacy is power. There’s a reason evil villains in scifi and fantasy stories get control over the hero by knowing their full name/mother’s maiden name/secret ability etc. In reality, if your personal information is used by bad actors, it can result in financial, property or emotional loss.
- Unhealthy interest. On the evil villain theme, it’s just creepy when someone you barely know knows a lot about you. Sherlock Holmes and salespeople everywhere use this to set people off balance (i.e. shock them into making rash statements/decisions). Also, does ‘someone you barely know who knows a lot about you’ sound like any tech company you are familiar with? Intuitively we know that someone who is fascinated with your every move is wrongish and unlikely to have your best interests in mind.
Now, translate this into businesses collecting data about people. If an app suggests a customer buy a coffee right around the corner from where they are, is this a threat to their human rights? Seems like too much drama. However…
There is the grain of sand effect. One person is doing a little thing (giving up their date of birth) for one little thing (to get a discount on pet food) but this could lead to a database with the age and type of pet [food] of millions of people have, revealing more personal information about everyone’s home life than they agreed to provide.
The privacy invasion avalanche could start with pet food but before we know it there is a landslide of knowledge about everyone’s preferences for toiletries, insurance, snack-food, entertainment media, vacation destinations and more. Cross-referencing will allow determination of the credit history, sexual preferences, religious alliance and number of cars in a household. The moral dilemma of how to use this information appropriately is significant for organizations.
Too much drama? Data use was the insidiousness of the Cambridge Analytic scandal that involved Facebook. People played a fun trivia game on an app. The data was used. Cleverly targeted ads may have swayed the outcome of a national election and likely much more. Not trivial use of data.
The (mis)use of collected data is not equal. There are many people who, based on their cultural heritage or physical appearance, have their actions scrutinized more than others. For example, people of colour are often vulnerable to judgement based on where they are or who they are with. Invasions of privacy can lead to normal activities being misinterpreted or over-interpreted. Privacy is a fundamental human right because it allows people the freedom to do what they choose, without having to explain their actions. It provides a measure of safety, protection from being wrongfully judged.
And yet, apps are part of everyday life. It wasn’t long into the era of targeted ads on social media that people recognized they could trade off their personal information for discount coupons and lower prices. And thus it seems every company, service, media outlet, appliance and lightbulb has their own app.
Many of these organizations, with little expertise in digital technology, outsource app creation, from third party providers, like they would electricity, toilet paper, or coffee beans. This was my red flag in the Tim Horton’s story. Their app involved a vendor. As with all things externally sourced, there is the possibility1 that there are features that the buyer isn’t aware of or doesn’t fully understand.
The final straw, in invasion of privacy by apps, relates to the number of apps each of us has on our phone: dozens of (potentially poorly understood) collectors of information. Some may collect information from each other. Some may aggregate information in the same third party’s database. The data collected may move from company to company, as they are bought and sold, grow or go out of business. To me, this is the greatest risk, aggregation and cross-referencing of data to create a detailed profile of an individual without their knowledge.
Apps are potentially evil. The more apps, the more potential for evil. It’s the perfect storm of a seemingly trivial commodity (personal data), that consumers have learned can be traded for benefits (e.g. discounts), that is in the hands of, well, that isn’t always clear but likely large enterprises with their own agendas. All those apps you have on your phone may be communicating among themselves. The implications: personal choice, safety and freedom are at stake.
No apps will pass the download button on my phone. I don’t know if there is anything at stake, but it might be everything, so I err on the side of caution.
1 I don’t know if this was the case with the Tim Horton’s app. I’m generalizing about the risks of obtaining apps from external sources. The CBC article states that Tim’s stopped collecting the data, took corrective measures and increased privacy management a couple of years ago.