Invisible Data Gathering Raises Privacy Concerns.
On top of that, while they say they don't use personal information, it's far from clear that is actually the case as much of it can be cross-referenced to individuals.
During his <a href="http://www.ibtimes.com/articles/39165/20100728/internet-facebook-apple-google-microsoft.htm">testimony before Congress</a> this week on online privacy, Joseph Turow, professor at the Annenberg School of Communications, mentioned three companies as examples of the kinds of companies that gather consumer data online: Rapleaf, Exelate and Medicx Media Solutions. All three collect different kinds of information, and all connect advertisers to target groups. All operate invisibly to the consumer -- that is, there isn't any obvious indication they are active (or not) when you visit a web site.
Rapleaf uses an automated system to gather information that would be available to anyone using a search engine, but that it aggregates it in one place. But it is not clear exactly how the information that is gathered is organized and made anonymous.
The company does have an option for people to see what data has been collected about them - one can register for the service. But Andrew Blumberg, an assistant professor of Mathematics at the University of Texas who writes extensively about privacy issues, says the problem is that to access it you have to know Rapleaf exists.
"The notion that I can log in and see what information they've collected about me is noble, if I don't know they exist they're still analyzing my data and possibly allowing others to take action based on data I generated and wasn't aware they'd collected. It's precisely this silent collection and analysis that is such a problem (and makes this sort of thing so dangerous and counterintuitive)," he said in an email.
Exelate CEO Meir Zohar says the company doesn't use anything personally identifiable, because it functions as a connection between advertisers and users, rather than a database. Mostly, it provides a connection between ad networks and web surfers, so that the company that is ostensibly advertising isn't always connected with the individual user.
The cookies themselves don't necessarily transmit any personal data. And Zohar says the targeted ads are based on what the user has shown interest in. For example, if one visits a travel site, that person would get ads for hotels in the destination city.
But Blumberg notes that Exelate too, runs into the invisibility problem - the user doesn't know what kind of information is being gathered. The cookies may not transmit personal data, but the information people do often provide - such as age, gender, and education level - can often be easily traced back to individuals when cross-referenced with other information. In addition to that, the browser ID, which transmits information such as what kind of computer is being used, can identify an individual.
Medical data is a bit better protected, as there are very strict rules about what can and cannot be public, governed by the Health Insurance Portability and Accountability Act (HIPAA).
Michael Weintraub, CEO at Medicx Media Solutions, says his company only uses data in such a way as to show what the prevalence of a certain medical condition is in a given geographical area, so that a pharmaceutical company, for example, can target certain regions.
Weintraub says the data is gathered by ZIP +4 codes, and if there are less than a certain number of households in a ZIP code then the numbers are aggregated so that it can't be traced to individual addresses. The data is from insurance claims and surveys conducted by another company, T5 Healthy Living.
Blumberg notes that while the protection is better, there is still the problem of how anonymous ostensibly anonymous health data is, though unlike other kinds of data there is some legal redress for consumers.
Generally, it's difficult at best to anonymize data at all and leave anything useful enough to be valuable, Blumberg says.
One solution is to take a similar line to that used in the European Union. The premise there is that the consumer owns his data until he says otherwise - basically an opt-in mechanism, rather than the current opt-out system. That is, the consumer would have to give affirmative consent to having data used.
|Printer friendly Cite/link Email Feedback|
|Publication:||International Business Times - US ed.|
|Date:||Jul 30, 2010|
|Previous Article:||Cold winds of austerity blow across Eastern Europe.|
|Next Article:||Next steps eyed as BP well work near end.|