This article is written by Parul Chaudharywho is pursuing a Diploma in data protection from LawSikho.

Introduction

Modern times have made man reliant on multiple technologies. In this dystopia of electrical sparks and binary systems, the line often gets blurred. Who the predator, who the saviour, is indistinguishable. Some rise to claim the messiah but are revealed to be Lucifer in disguise; identifying the wolf in sheep’s clothing is an ordeal, but it must be done. 

The matter at hand and under consideration in this article is primarily cyber theft, not your usual data leaks or piracy, but a dacoity that has never stopped but only increased in its pace.  Most regular users of technological services like the internet, smartphones, and social media are silent sufferers of this invisible atrocity.  The illusion of security falls short, and the mega Corp monstrosity begins to rear its ugly head when one takes a deep dive into the underbelly of shady advertisement deals, rigged systems, and unethical obsessions obstinately fixated on aiming, targeting, and monitoring. 

Few are aware of this secretive suction of individual information, all supposedly for the sake of maximizing profits. Both of these tech giants, Google and Facebook, have a policy of data collection and their primary revenue model is based on the use of this data for targeted ads. This ‘sustenance’ money comes from the trade-off of user privacy. 

Cycles of denials, acceptances, and apologies have turned the average consumer numb, but the experts and aware factions of the social structure feel threatened by this ‘ barge in’ policies. Understanding their fears, finding their validity, and identifying the sources would be the paramount purpose of this article.

The paper shall briefly look into how Google and Facebook monetize personal data and use them for advertisement purposes, and the privacy issues surrounding the same. 

How does Google collect data of its users?

There are multifarious ways in which we have laid bare our private information to Google specifically. If one uses an Android device or avails of Google’s services, it would be fair to not hope for much privacy. Within the past decade, many of the silicon valley ‘saints’ have faced accusations. 

Some of them got exposed for masquerading as fake privacy preachers and lost their credibility, and Google would be one of them. In Tech circles, it is a general consensus that password padlocks and data protection are mere illusions in the case of such gigantic corporations.

The primary sources of acquiring your data by Google would be the following:

Google Maps 

This application ensures your location tracking is on, and Google renders that data into its servers to present you with a route to your destination, all the while maintaining a log of your journeys, the landmarks, and the localities you’ve visited. Google maintains a timeline for your travels and stores that information; every day, every month, throughout the year. Google has a pretty good idea of where you go regularly and where you occasionally go, where you like to buy groceries from and where you go jogging. 

Google Search 

Not many have been able to escape using this search engine, and for a good reason, its indexing is one of the most precise and helpful ones out there. But this accuracy comes at the price of the bulk of information we give away to them; on average, everyone makes at least four Google searches every day. 

It does not seem like much but, if we look at the substantial figure of 2 trillion searches per year globally, the amount of information shared is mind-boggling. It is no surprise that Google uses this information to target personalized ads for its users. Every search a user has made, no matter deleted or not, is present in Google’s records. Unless you explicitly change your privacy settings, all of your searches will remain unscathed.

Google Play Services 

Every regular Android user gets preinstalled and irremovable Google play support on their smart device. These services are cognizant of the applications you have installed. And even monitor the interactions of users with non-Google applications to improve their products. 

Since almost all play store applications require Google play services to function, Google is aware of how much time people spend on any particular app. It also knows when they logged in and how often they use it. Sleeping and waking hours, contact details, and other sensitive personal particulars are known to Google. Not to forget that the Google play store has millions of apps, most of which are unchecked for spyware or malware. Such malicious apps are the roots of security breaches and data leaks.

YouTube 

YouTube is one of the biggest social platforms in modern times and houses unimaginable repositories of video information. But one must not forget that YouTube stores your watch history. It uses it in personalizing ads, video suggestions, and also to form your overall ad profile. Your health, your guilty pleasures, your desires, your marital/dating status, and your education are also a part of that very same profile.

Google Assistant/ Home/ Fit 

These services are branded as life-enhancing and productivity-increasing tools. One might argue for or against any of those claims, but one thing is for sure that these services have been blamed time and time again for violating user privacy. There have been accusations of microphone tapping primarily for targeted ads and customized experiences.

Gmail and Google Drive

Looking at the trend, it is not a far reach to assume that Gmail and Drive aren’t privacy-friendly either. Gmail stores every mail you have ever sent, received or deleted. The same goes for Drive as well, every file you’ve stored on it or transferred from it. It paints a scary picture for people who share confidential information and attachments using these apps/ web portals. 

Other Google services and applications

Google calendar, document editors (Docs, Sheets, and Slides), Google Classroom, Photos, Meet, Hangouts, Chat, Translate, and Lens, have tons of specifics on its user base. What you do or will do, when and where you go, why you go there, what you do and don’t, every single day all around the year, is very clearly evident to Google. It would be fair to say that a corporation knows more intimately about a person than their friends and family. 

However, after a lot of hue and cry about all the personal data that Google collects from its users and use it for advertising, the corporation now provides an option to customize the ads that one sees in all platforms that are either owned by Google or use its services, or which partner with Google to display ads, and it provides an option to each user to “turn off ad personalization”. 

But, even if you withdraw consent about personalized ads being shown to you, that does not mean Google ads stop tracking you or collecting your data. It will still collect information about you, like your general location and the matter of the web pages that you are browsing. So, it is truly quite difficult to completely block the widespread reach of such a tech mogul from reaching you.

The dominating position of these mega Corps over the users was also questioned by the Australian Competition and Consumer Commission. The ‘take it or leave it’ or ‘click to agree’ approach is not considered user and transparency-friendly, and it encourages users to not read before agreeing to their terms of use or privacy policy or cookie policy.

Another privacy issue regarding which Google has been questioned by the French data protection authority in 2012 was about the number of people that visited their privacy policy page after the corporation had modified some policies and failed to obtain fresh consent from the users regarding the new policy. The corporation refused to share the numbers and claimed that the communication about the new privacy policy was done by various methods to the users.

How does Facebook collect data on its users?

Facebook/ Messenger Apps and Website 

Facebook is not shy about storing humongous amounts of personal data of its users. Contacts on your device, SMSs, sent or received files (multimedia or otherwise), text messages, reactions, check-in locations, all of it is collected by them. Facebook stores all your interests and every like, comment, sticker, or post share. 

They use it for ad targeting primarily, but in the past, Facebook has been accused and found guilty of using such classified information for political personality profile creation without any permission of the users.  (The Cambridge Analytica controversy involved the data extraction of approximately 90 million Facebook profiles.

This information was in turn used for unfair advantage in the United States presidential election of 2016. There was also suspicion of manipulation of the Brexit referendum. Facebook was fined 5 billion dollars for this offense by the Federal Trade Commission and had to pay half a million pounds to the United Kingdom Information Commissioner’s Office.

Also, the AI face recognition used in Facebook for tagging and identifying individuals is a cause of concern for many. 

WhatsApp and Instagram

Facebook took over these two companies and managed to propel its once fading social media dominance across the web again. Gaining massive active user bases and access to their data meant more lucrative opportunities for Facebook. WhatsApp gains access to the user’s phone details, saved contacts, the files on their drives, and their login habits. 

Instagram has got equivalent access, but it lacks end-to-end encryption as a default feature which makes it even more vulnerable to data breaches.

Oculus 

Oculus is a virtual-reality-based company specializing in games, headsets, and other VR equipment. Ever since being acquired by Facebook, they have been under suspicion for gathering private info for targeted ads. The audio caught up on the microphone on the VR headsets could be used for the information raking.  

Tracks non-users as well

To hide from the far-reaching clutches of Facebook is extremely difficult. Some might assume deleting their Facebook profile would be enough to get rid of sneaky trackers and targeted ads; unfortunately, this is far from true. Facebook mentions in its privacy policy that they gather data both on and off their website, and from third-party partners and advertisers. According to a survey by the Helsinki School of Economics, of all the Facebook users who have read their privacy policy, 73% of them did not know that the company can use their data for advertising by sharing it with third parties.

Facebook has ensured to keep non-users in check by creating their shadow profiles. Your Shadow profile is generated via your contact details being on a Facebook user’s device or even simply uploading a picture with you in it. Facebook even can garner more data on users from other websites they visit. 

In the case of President of the Belgian Data Protection Authority v. Facebook (2015), the validity of the data processing practices of Facebook were questioned so far as it collects data of individuals who has not even signed up or created an account on Facebook, but still their data was being collected by the corporation’s servers with the use of ‘datr’ cookie along with the ‘Like button’ when they visited a Facebook page. 

However, there is no consent being obtained from such non-users or unregistered users before collecting and storing data about them. This runs contrary to Articles 7 and 10 of the EU General Data Protection Regulation, which requires unambiguous consent from the users for their data to be processed, and the duty on the data controller to inform the users about the purpose behind processing their data. 

Such lack of consent also runs counter to their promises of having a legitimate legal basis for all data processing that happens at Facebook. Moreover, the use of such social plug-ins can be considered as the collection being “excessive”, and stand in contrast with Article 6 of the EU General Data Protection Regulation.

In its long history, Facebook has been a constant center of attacks from all sorts of script kiddies and hackers. Facebook is well known for its slip-ups causing massive blunders. It is no news that data leaks and breaches are very rampant. Just this year, over 533 million users had their account details leaked online. And ever since its inception, Facebook has lost about 2 billion users’ data. 

Conclusion

The crux of the matter ultimately befalls upon trust. Any business transaction requires a certain degree of faith for both the parties involved to proceed. In the case of regular consumers, this is a one-sided event.  The non-tech-savvy people who are gullible are the ones who get exploited obviously into oblivion. 

Google or Facebook is not directly responsible for any of the data harvesting and misuse rampant on the internet today, but it is undeniable they are the enablers of this. The unending piles and bottomless pits of data contained on the servers of these mega-corps can be the cause of some catastrophic consequences. 

Several PR campaigns, interviews, and statements issued by these companies assure users not to worry about ads and monitoring. Many have found safer alternatives in Open Source software, operating systems, and unmonitored providers. In the past decade, we’ve seen surveillance states emerging, and their biggest tool is social media and surface websites. 

This rise in internet censorship, targeted ads, and constant information collection has given prominence to services like VPN and Tor (Client for Deep Web Accessibility). Also, not to forget that tech corporations like Google and Facebook have promised integrity and transparency several times to their customers but have failed to deliver. Numerous instances of scandals, data breaches, leaks, malware, and hacks have surfaced in recent years. 

These are everyday happenings and never cease to recur. The existence of free social media is to lure in the original product for sale, our data. If the companies do not back down, they might soon face a severe backlash in the form of boycotts. India’s Personal Data Protection Bill, based on the report of the Srikrishna Committee, is anticipated to intensify compliance requirements for such big corps for dealing with the users’ personal data. 

As the population of the world grows, so does its average knowledge and capabilities. Once the general public has become aware of their rights as users of such technology, there will be no choice but to adopt the new norm, a society free from unwanted snooping, surveillance, and despicable over the internet money-making tactics.

References

• https://www.theguardian.com/commentisfree/2018/mar/28/all-the-data-Facebook-Google-has-on-you-privacy 

• https://blog.hubspot.com/marketing/Google-search-statistics 

• https://www.cnet.com/tech/services-and-software/Google-collects-a-frightening-amount-of-data-about-you-you-can-find-and-delete-it-now/ 

• https://www.indiatvnews.com/technology/news-Google-spying-on-users-other-app-data-to-make-its-apps-better-know-what-is-it-636966 

• https://www.wired.com/story/Google-play-store-malware/ 

• https://arstechnica.com/gadgets/2021/07/Google-boots-Google-play-apps-for-stealing-users-Facebook-passwords/ 

• https://www.bbc.com/news/technology-50124713 

• https://www.which.co.uk/news/2020/01/are-alexa-and-Google-assistant-spying-on-us/

• https://www.google.com/amp/s/amp.smh.com.au/technology/accc-moves-to-stop-facebook-google-exploiting-users-data-20190726-p52b3k.html

• A. Gniewek, Google Privacy Policy- In Breach of EU Law? (2013) 7 Masaryk University Journal of Law and Technology 319, 322.

• https://www.thesun.co.uk/tech/5899953/Facebook-listening-texts-calls-how-to-stop/ 

• https://www.nytimes.com/2018/04/11/technology/personaltech/i-downloaded-the-information-that-Facebook-has-on-me-yikes.html 

• https://www.cnbc.com/2018/04/10/Facebook-cambridge-analytica-a-timeline-of-the-data-hijacking-scandal.html 

• https://www.theguardian.com/technology/2019/jul/12/Facebook-fine-ftc-privacy-violations 

• https://www.bbc.com/news/technology-50234141 

• https://vpnoverview.com/privacy/social-media/what-does-whatsapp-know-about-me/ 

• https://www.forbes.com/sites/zakdoffman/2020/08/16/why-you-should-not-use-Facebooks-new-instagram-messenger-whatsapp-iphone-android-security-warning/?sh=153c89fe1bda 

• https://foundation.mozilla.org/en/privacynotincluded/oculus-quest-2-vr-headset/ 

• https://www.makeuseof.com/should-you-trust-Facebook-with-oculus-quest-2-privacy/  

• O Pitkanen and VK Tuunainen, Disclosing Personal Data Socially – An Empirical Study on Facebook users’ Privacy Awareness (2012), 8 Journal of Information Privacy & Security 3,19.

• https://privacyaustralia.net/9-things-you-didnt-know-about-Facebook-privacy/ 

• https://www.reuters.com/article/us-Facebook-privacy-tracking-idUSKBN1HM0DR 

• https://www.makeuseof.com/tag/Facebook-shadow-profiles/ 

• https://www.businessinsider.in/tech/news/533-million-Facebook-users-phone-numbers-and-personal-data-have-been-leaked-online/articleshow/81889315.cms 

• https://www.google.com/amp/s/wap.business-standard.com/article-amp/economy-policy/india-s-personal-data-protection-bill-may-tighten-compliances-for-big-tech-120102400005_1.html

• A. Esteve, The business of personal data: Google, Facebook, and privacy issues in the EU and the USA (February 2017), 7 International Data Privacy Law 1 36-47, available at https://doi.org?10.1093/idpl/ipw026 

 

---

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.