“We don’t sell your data” is a hoax
We don’t sell your personal data is a claim you’ve probably heard before from internet companies. It is a phrase that is repeated by companies like Facebook, Google, Twitter, etc.
Although these companies gather vast amounts of personal information about their users and turn that data into billions of dollars in revenues, they do not directly sell that information to advertisers in the same manner that data brokers do.
But experts believe the disclaimers also serve as a diversion from the many other ways internet companies exploit personal data for profit, putting users’ privacy at risk.
How is my data still at risk?
Even without explicitly acquiring data from companies such as Facebook, Google and Twitter, legislators and privacy activists have pointed out ways that advertisers may still pay for access to it without actually purchasing it.
Data gathered through real-time bidding streams, targeted advertising leading people to websites that collect data, and companies using the data internally are some of the other data collection methods.
Facebook and Google don’t sell your data outright, but they do use it for targeted advertising, which gives marketers lots of opportunities to pay and acquire your personal information in return for your money.
Simply by clicking on an advertisement that directs the user to another website with an embedded tracking code, advertisers can collect information of visitors such as their IP address and device IDs.
Also read: Does digital technology affect cognition?
When ad agencies say they sell advertising, not personal data, they fail to mention that clicking on these ads typically leads to a website collecting personal data. Your personal information is readily available to firms who have paid for ad space on your screen.
Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation, stated that if the ad is targeted toward a specific demographic, advertisers would be able to derive personal information about visitors who came from that ad.
For example, if a marketer places a Facebook ad targeting pregnant moms, the advertiser may deduce that anybody who clicks on the link is someone Facebook believes is expecting a kid. It is possible for a website to gather device IDs and IP addresses after a person clicks on that link. This IP address might be connected with personal information such as “expecting parent.”.
Your query might be something like “Hey Google, help me find out how many people of ages 15-25 watched the Super Bowl last year”. Although they won’t provide you with the list, they’ll allow you to display ads to all of the individuals on that list. Certain individuals will click on those adverts, and you can very simply find out who those individuals are. That way you can buy data in a sense.
“Real-time bidding” is a technique that allows advertisers to buy data without it being deemed a transaction.
You may not even be aware of an ad until it shows on your screen. As soon as the advertisements load, websites sell screen real estate to the highest bidder in an automated auction.
Visiting a page starts a bidding process where hundreds of advertisers receive data such as an IP address, a device ID, and the visitor’s interests, demographics and location all at the same time. Even if they don’t win the bid, the advertisers have already collected a lot of personal information.
This ad auction procedure can contain information such as your age, location, and interests, when it comes to Google Ads, for example.
Instead of paying for the data itself, companies are paying just to be able to show an advertisement on a page you’ve already been to before. Some advertisers compile and resell this information, privacy activists claim.
Lindsey Barrett, a privacy expert, and former Georgetown Law scholar advises consumers to look for deletion and retention rules instead. It outlines how long companies store data and how to erase it. A company’s promise not to sell your data is far less credible.
Most people don’t know what companies are doing with their personal data, and there are too few restrictions on what the latter can do with it. Nothing in the statement “We don’t sell your data” indicates what the company practices indirectly.