Tech giants including Google and Facebook engage in extensive “one-way mirror” surveillance of their users, sharing the data they collect with third parties via a complex and unregulated system that puts private information at risk, according to a newly published study by the Electronic Frontier Foundation (EFF).
The non-profit digital rights group EFF released the new study Monday showing that many popular sites share the user data they collect with third-party businesses, including data brokers and advertisers. Consumers often have no knowledge that this activity is taking place or that their information is being shared with parties they had no intention of interacting with.
“Corporations have built a hall of one-way mirrors,” the report says. “But in the shadows behind the glass, trackers quietly take notes on nearly everything you do.”
EFF’s study comes as Silicon Valley giants have come under increasing government scrutiny for privacy violations.
In July, the Federal Trade Commission slapped Facebook with a record $5 billion penalty over privacy issues. The FTC imposed the fine after Facebook appeared to violate a 2011 decree that required the social media giant to give “clear and prominent notice” when sharing user data with others and to obtain “express consent.”
The sharing of private information with third parties can take several forms. Sites can sell the data they collect to data brokers, which in turn sell them to advertisers, research companies, governments, and many other entities.
Data brokers come in many shapes and sizes, from “mom and pop” marketing firms to major corporations, according to the EFF.
Oracle is one of the world’s largest brokers through its Bluekai division, a cloud-based data platform that the company acquired in 2014. Cambridge Analytica allegedly used data about Facebook “likes” to derive information about millions of voters. It then sold that data to political campaigns.
Google, Facebook, and Twitter engage in their own kind of data sharing through a “leasing” of their data tools to other parties, including advertisers, according to the study.
While the online giants don’t show advertisers the actual identities of individuals, advertisers can eventually figure that out by using data exchange services to match visitors with real-world identities.
Facebook has also given advertisers more transparency into its users by building “look-alike audiences” based on other groups of people.
The capability allows an advertiser to compile a list of visitors to its site and to then ask Facebook to create a “look-alike” audience of people who Facebook thinks are “similar” to the ones on the list. Advertisers can then target people on the “look-alike” audience.
But the study found that Facebook’s program is opaque and could leave user data vulnerable.
“These ‘look-alike’ features are black boxes,” the study said. “Without the ability to audit or study them, it’s impossible to know what kinds of data they use and what kinds of information about users they might expose.”
The study added: “We urge advertisers to disclose more information about them and to allow independent testing.”
The EFF study found that data brokers have operated “out of sight and out of mind of the general public” for years. But it found that there’s now a significant groundswell among consumers and government officials to shine a light on this sometimes shady practice.
“We may be approaching a turning point,” the report concluded.