This week, the Federal Trade Commission (FTC) of the United States issued a warning that it will take action against the illegal use and sharing of highly sensitive data by technology companies, as well as false claims about the anonymization of data.
"While many consumers may gladly offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently about having their thinly-disguised online identity associated with the frequency of their visits to a therapist or cancer doctor," Kristin Cohen of the FTC said. "While it's true that many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home," she added.
The sensitive nature of information about users' health and their precise whereabouts has prompted the agency to caution against opaque practices in the "shadowy ad tech and data broker ecosystem." Consumers have little to no knowledge about how their personal data is harvested, used, and processed, and this has prompted the agency to issue this warning.
In addition to this, it is common practice for mobile applications to incorporate software development kits (SDKs) that make the claim to collect and share anonymized user information with third parties. These third parties may include data aggregators, which are businesses that collect this type of data from a variety of sources and then sell access to it.
"These companies often build profiles about consumers and draw inferences about them based on the places they have visited," the FTC said, adding that the abuse of mobile location and health information exposes users to "significant harm." "These companies often build profiles about consumers and draw inferences about them based on the places they have visited."
In light of this, the consumer protection authority has stated that it intends to "vigorously enforce" the law in the event that it discovers instances in which sensitive data such as a person's location, health, or other sensitive information is exploited for financial gain or for other underhanded reasons.
According to another part of the report, "Companies may try to placate the privacy concerns of customers by claiming that they aggregate or anonymize data." "Companies that make claims about anonymization ought to be on guard, as making false claims about anonymization can constitute an unfair business practice and a violation of the Federal Trade Commission Act,"
The practice of protecting private or sensitive information by removing identifiers such as names, social security numbers, and addresses that connect an individual to stored data is referred to as data anonymization.
However, it has been demonstrated on numerous occasions that anonymized data can frequently be re-identified when multiple datasets are combined, thereby producing a "surprisingly clear picture of our identities."
According to data collected from 54,893 Android users over the course of seven months for the purpose of a study, it was discovered in 2016 that any four apps chosen at random can be used to re-identify a user in a dataset that has been pseudo-anonymized more than 95 percent of the time. This was based on the findings of the study.
Then, in July of this past year, Vice lifted the veil on a "entire overlooked industry" that explicitly functions to link mobile advertising IDs (MAIDs) collected by apps to personally identifiable information (PII), effectively defeating the anonymity protections. This "entire overlooked industry"
Post a Comment
Your suggestions and comments are welcome