Why Do Companies Sell Your Personal Data? The Economics of Data Trade

Do you know what the hottest commodity on the market is these days? It’s not a trending stock or cryptocurrency. It’s information. Your information. The news is full of stories about data leaks and identity theft that target businesses and individuals that it makes us wary of giving anyone our personal information online or in the real world. Unfortunately, there’s rarely a choice anymore. It’s how commerce is done these days. Conducting business online is convenient, yes, but it has inspired a cottage industry in the buying, selling, and trading of data. Your information, even the most basic bits, is big business. From government tracking to other forms of privacy invasion, everyone seems to want to know what we’re doing online, where, and with whom. Why is your personal data worth so much? And how is it getting passed around so easily? Let’s explore. Businesses want consumer information so they can analyze it and use it to make decisions. It helps them with marketing to the right customers, of course, but they also use it to develop products and services, streamline their operations, and mitigate risk. This mass gathering and assessing of data is called data analytics, and there are four types of analytics that companies use: One of the scariest use cases for data collection is probably predictive analytics. Corporations are increasingly looking for ways to predict future behavior by users and consumers, usually so they can sell them something. Companies collect more than your name and email address. They also gather information on actions you take while online (behavioral data) and what devices you’re using (technical data). Let’s look at a few examples of each one. Data can be used to drive readership to news media, influence online recommendations for a more personal shopping experience, or provide you with entertainment choices on viewing media based on your past habits. These are generally seen as positive elements of consumerism that are intended to make you happy. We usually appreciate the personalization, even if we occasionally get a little creeped out when we like something on one platform and find related links to it on another seconds later. What we don’t like is when our data is taken without our consent and used for profit. Think about something so simple it’s almost invisible, but you use it every day to access the internet – your browser. A partial list of things it can record and remember is your location, type of connection you’re using, hardware, social media activity, and websites visited. In the hands of the right person it can connect all the dots to reveal a fairly complete picture of your online persona that will never, EVER go away and is available to anyone with the money to pay for it. Several privacy software have gained popularity in response to these kinds of collection methods in recent years, ranging from virtual private networks to secure browsers to password managers with end-to-end encryption—all with the goal of trying to slow the flow of our data. Every time you go online, your data is being collected. Even if all you’re doing is browsing cat toys on Amazon, your clicks, time spent on each webpage, browser info, IP address, and more are all being gathered up and recorded somewhere. Companies can get consumer data in one of three ways: An example of directly asking for data would be asking for your name and email address when you set up an account. Indirect data would be the tracking businesses do on their websites (clicks, pages visited, etc.) and social media accounts (likes, comments, views, etc.) The more “nefarious” data collection method, the one that makes people suspicious about data collection in general, is when companies combine the data they’ve gathered about you with other data they’ve acquired or purchased elsewhere to build a whole profile of you. This method is how we got de-anonymization. Companies that gather and sell data are legally required to anonymize it before selling, meaning they remove all the information that ties the data points to specific people. This doesn’t keep the data anonymous, though. Companies have ways of re-identifying people using shady cross-referencing. An excellent example of how easy it is to de-anonymize data came from two researchers at the University of Texas . They cross-referenced movie ratings released by Netflix with IMD ratings, time stamps, and public profile information available on IMD (many reviewers use their real names) and were able to identify Netflix users. You know those companies that brag about “not selling your data?” It sounds great, but it often turns out to be an empty promise. Why? The definition of “sell” is loose. They don’t directly sell the information to third parties, but they might sell access to it. Take social media ads, for example. These platforms gather demographic information about you such as your age, gender, job role, location, and interests. Then, they let advertisers pay to target people fitting specific demographic profiles. Facebook doesn’t sell your name and age or the fact that you’ve joined a Facebook group about moving to France—but it does sell space on your feed to advertisers promoting their international expat insurance. Often, you can’t opt out of your data being collected but you can state that you don’t want your data to be shared. This opt-out usually isn’t the default and you have to search for it in the privacy settings of your account. Some laws are trying to put a stop to the buying and trading of personal data. The EU’s GDPR law and California’s CPRA either require opt-in to data collection or a clear opt-out option. These regulations don’t always stop companies from selling data, however. Although some jurisdictions outlaw it, some companies require consent to data collection in order to use their products or services. Others charge users more if they don’t agree to data collection. Where these methods aren’t illegal, they’re highly frowned upon. In the information age, data is currency. Businesses and governments need it to make important decisions, marketers want it so their customers can experience better service, and criminals want it for profit. Giving away small bits and pieces of information one at a time doesn’t seem like a big deal. You’d be surprised how easy it is to get a clear picture of someone when piecing all those tiny, seemingly insignificant pieces of information together, though. If you want to be online, you basically can’t avoid data collection. You can try to control it, however: Website data practices weren’t created with your privacy and security in mind. They were developed to commoditize your personal information and squeeze it for every penny it’s worth. Your privacy is precious—more so than you think. Protect it.