us dollar social media

Who owns your personal data?

E&T examines the recent controversies surrounding data privacy concerns in relation to Facebook, Google, Twitter and Apple.

Attracting users to social networking sites and cloud computing sites is all about building trust. However, if recent news is anything to go by, consumers would be right to consider that the trust they have put into the Internet companies that run these services has been betrayed.

In recent months, it seems that not a day has gone by without another revelation that the private and personal data, the currency of these websites, has been compromised, misused or surreptitiously collected without the owner of the data's permission.

There has also been a concern that these companies have flouted strict data protection legislation that exists in many territories - and the veil of secrecy surrounding this organisation's business practices are being challenged by politicians, law enforcement and the judiciary in many countries.


Between 2006 and the beginning of 2010, search engine giant Google started a project to map and digitally photograph every road in every major city in more than 30 countries for its product Google Streetview. This car soon became a symbolic hate symbol among privacy and civil rights advocates, who claimed that Google were pushing the envelope on what type of information you could collect and publish on the Internet.

But images, it appears, is not all that the Streetview cars collected. It now turns out that Google collected over 600 Gigabytes of data from users of public and unprotected Wi-Fi access routers - which included Web pages visited and emails. All this was collected without the prior knowledge or permission of the router owners

All this only came to light when German data privacy regulators investigated Google's Streetview project - and Google had to admit to collecting the data - although the company claimed that they were not aware of their own data collection activities until the request was received and that none of this data was used in Google's search engine or other services. Google has said it will not destroy the data until permitted by regulators.

After an audit requested by Germany, in May of this year Google acknowledged that for years it had been mistakenly collecting personal data sent by consumers over wireless networks.

From Australia to the UK to back home in the US, there are now a number of parallel investigations being carried out after customers and consumer advocacy groups voiced concerns over privacy to police authorities and data protection regulators.

In each case Google said it would cooperate with any investigation. But Google is not the only company under scrutiny.


Even consumer tech companies such as Apple cannot escape criticism from the eagle-eyed German regulators.

Apple must 'immediately make clear' what data it collects from users of its products and for what purposes, Germany's justice minister was quoted as saying by Der Spiegel magazine.

'Users of iPhones and other GPS devices must be aware of what kind of information is being collected,' Sabine Leutheusser-Schnarrenberger told the German weekly.

The minister's criticism was aimed at changes Apple has made in its privacy policy whereby the company can collect data on the geographic location of the users of its products - albeit anonymously.

Leutheusser-Schnarrenberger said she expected Apple to 'open its databases to German data protection authorities' and clarify what data it was collecting and how long it was saving the data.

Germany has some of the toughest data protection laws in the world due to its experience with state surveillance systems once put in place by the Nazis and the former East German Stasi secret police.

The justice minister said it would be 'unthinkable' for Apple to create personality- or location-based user profiles.

'Apple has the obligation to properly implement the transparency so often promised by (CEO) Steve Jobs,' she said.


Microblogging service Twitter recently agreed to a settlement with the US Federal Trade Commission over charges it put its customers privacy at risk by failing to safeguard their personal information.

This agreement stems from a series of attacks last year on Twitter, the service that lets people send short messages to groups of followers.

Lapses in Twitter's security allowed hackers to send out fake tweets pretending to be from US President Barack Obama and Fox News. Hackers also managed to take administrative control of Twitter and gain access to private tweets, or short messages of 140 characters or less.

Between January and May 2009, hackers were 'able to view non-public user information, gain access to direct messages and protected tweets, and reset any user's password' and send tweets from any user account, according to the original FTC complaint.

Twitter acknowledged 45 accounts were accessed by hackers in January last year and 10 in April 2009 'for short periods of time'.

Twitter claims the January attack resulted in 'unauthorised joke tweets' from nine accounts. But the company also admitted that the hackers may also have accessed data such as email addresses and phone numbers.

In April, when another incident occurred, Twitter claims to have cut off the hacker's administrative access within 18 minutes of the attack and quickly informed affected users.

'When a company promises consumers that their personal information is secure, it must live up to that promise,' David Vladeck, director of the FTC's Bureau of Consumer Protection, said in a statement following the ruling.

'And if a company allows consumers to designate their information as private, it must use reasonable security to support that designation,' he added.

Under the terms of the settlement, Twitter will be barred for 20 years from 'misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information'.

Twitter must also establish a comprehensive security program that 'will be assessed by a third party every year for ten years', according to the FTC.


But most criticism surrounding data privacy is currently reserved for Facebook, which has faced the wrath of a consumer backlash when millions of users suddenly found their private details exposed and searchable on Google, Bing and Yahoo.

Facebook, whose privacy policies have come under attack both at home and abroad, now faces a stiff fine from Germany's Hamburg Commissioner for Data Protection and Freedom of Information for storing non-users' personal data without their permission. Founder Mark Zuckerberg appears to be relenting and is now beefing up security.

The issue came to the fore in recent months amid concern that Facebook's confusing privacy settings were making it possible for Internet stalkers, cyber criminals and even nosy neighbours to gain a wealth of information about its users without their knowledge or permission.

Facebook has now started to roll out changes that would give users more powerful tools to prevent personal information from being accessed by others.

For instance, Facebook will allow users to block all third parties from accessing their information without their explicit permission. It will also make less information available in its user directory and reduce the number of settings required to make all information private from nearly 50 to less than 15.

Even still, Facebook's default settings will continue to make it easy for users to obtain information about each other as its business walks a tightrope between protecting its user's privacy and promoting social networking. Users will have to opt out of default policies by which much of their data is publicly available.

The nonprofit Electronic Privacy Information Center, which has asked the US government to investigate Facebook's privacy policies, said that the new efforts do not go far enough.

'We think it's time for Congress to update the privacy laws. We can't be dependent on Facebook to decide on how much privacy people on the Internet will have. That's something that has to be established in law,' said EPIC executive director Marc Rotenberg.

Consumer power

What all these companies deal in is trust. Without trust, we would not allow them access to our private information. Therefore, it's important that they maintain our trust.

The tech companies that are least trusted at the moment are the social networking companies, according to a recent poll inthe US. Most Americans trust technology heavyweights such as Apple, Google and Microsoft more than social networking sites like Facebook and Twitter, according to the poll.

Nearly half of 2,100 adults questioned in a Zogby Interactive survey, said they trusted the big three technology firms 'completely' or 'a lot', compared to 8 per cent for Twitter and 13 per cent for Facebook.

Young adults aged 18 to 29 had slightly higher trust levels in Facebook with 20 per cent and Twitter with 15 per cent, compared to the levels of adults of all ages which were 7 per cent lower for both companies.

The back tracking by Internet companies on how they use our private data has demonstrated that they cannot take our trust for granted. If social networking becomes increasingly important to companies such as Google, Apple and Microsoft, they will have to be careful not to violate their users' trust in the future.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them