November 24, 2022
  • November 24, 2022

Big Tech’s privacy policies are deliberately vague • The Register

By on June 6, 2022 0

Opinion “We value your privacy,” the pop-ups say. Better believe it. That privacy, or rather its removal, is worth half a trillion dollars a year to big tech and the rest of the digital advertising industry. That’s about a third of a percent of the world’s GDP, with or without wars and plagues.

You might expect such riches to be jealously guarded. Watch what those who “value your privacy” do to stop the laws from protecting it, what happens when a good law is passed, and what they try to do to shut it down afterwards.

The best outcome for big tech is if laws are absent or unnecessary. The latest survey of big tech lobbying in the US reveals a flotilla of nearly 500 salespeople/lawyers visiting US state legislatures, either trying to craft tech-friendly legislation to insert into bills on the confidentiality, either to mitigate through persuasion or simply to keep them off the books.

With Apple, Google, Meta and Microsoft frequently relying on the same groups of specialists, it’s fair to say that deadly rivals in the market find many common causes in the hallways.

You can see why they bother. A law that is good for us is very bad for them: four years after the adoption of the EU GDPR, bloodshed. The top six fines to date are shared between Amazon, Meta, and Google, with AWS parent company taking the top spot with an $844 million (€746 million) fine for tracking users without consent and not not having provided an opt-out. (He has already stopped making those payments, we note). Meta took second and fifth place for WhatsApp and Facebook: $241 million (€225 million) for a poor privacy policy and lack of transparency, and $64 million (€60 million) for having pushed cookies down users’ throats.

Google took bronze, fourth and sixth place, with a grand total of $161 million (€200 million) for a mix of all of the above. So that’s just under $1.3 billion (€1.2 billion), which sounds like a lot, but represents a quarter of a percent of global ad tech revenue. That leaves plenty of leftovers for lunches in the lobby.

There is also a lot to evolve the defenses. Last week, Meta announced a complete rewrite of its data policy. He makes major demands for clarity, in response to these fines for lack of same.

Does this really clarify things for users? Not even close, says researcher Wolfie Christl in a Surgically scathing Twitter feed.

The new policy is nearly silent on “personal data,” a term it almost entirely ignores in favor of ambiguous “information.” It elides “improving our service” with “showing more ads”, and brushes off entire categories of concerns, such as what data it collects from “partners, vendors and “third parties”” about you and what it happens.

Special processing is a 10,000 word section on how it justifies what it does, whatever it is, under EU GDPR and data protection law in other jurisdictions. It entangles its semantic web so deftly that Professor Lilian Edwards, Newcastle Chair of Law, Innovation and Society and avowed GDPR nerd, exasperated tweet: “It’s insane. […] if i can’t face this […] How could ordinary bettors?

What’s the point. All of these fines for misleading and confusing us were based on old policies, thoroughly analyzed and compared to evidence. With a completely rewritten policy, that process has to start all over again, but this time with a custom document designed to keep lawyers going for as long as possible. It’s cynical, but it’s effective.

The underlying problem is structural. If the companies won’t say what data is collected and how it is shared between their divisions and their partners, suppliers and third parties, these relationships need to change.

Businesses need to stop being monolithic black boxes, with every function responsible. For example, if the privacy policy defeats law professors, then demand a regulatory approval fee. Send it back. Apply independent approval before it is allowed to pass. Want dollars? Make sense.

Other industries have gone through processes like this. You can’t buy a car that isn’t the product of a huge legal and compliance framework that specifies safety down to component level, imposes strict controls on the consumables it uses, and benefits from a hundred years of consumer protection. .

Look at the ad tech industry. At worst, it allows its algorithms to radicalize people into murderous psychopathy, and at best, it operates a global surveillance machine that no one would ever allow if asked. Why then should she have claimed lenient treatment? Imagine if, in the 1980s, a regime had asked every citizen to install omniscient surveillance devices in their homes and carry one in their pocket. It would be considered the ultimate authoritarian nightmare. Yet here we are.

So, let’s make it easy to check. With the corporate structure visible, the data it runs on must be as well labeled and verifiable as any pharmaceutical raw material, with processes amenable to inspection and output controlled for purity. It would be a lot of work. That would be the price to pay for doing business.

We only accepted the armageddon of ad tech because it happened bit by bit, and we refused to believe where it would take us. How much less did we imagine the regulatory environment we would need to master it? Luckily, we don’t need much imagination or belief now that it’s here. We can see what he is doing.

A well-regulated market protects everyone, including the powerful, from the consequences of their own temptations. A market where we are free to use products without fear means a market where business can flourish within the rules and innovate without interference. After all, we also value their privacy. They just have to deserve it. ®