Did you know that to read the privacy policies of all the websites you engage with each year (about 96 sites according to a study by NordVPN) it would take more than 46 hours?

We are conditioned to dismiss the tedious work of reviewing these policy documents based on the belief that we have “nothing to hide.”

But I’d like to convince you otherwise…

Because you may not have something to hide, but those siphoning off your data do have every reason to hide/bury/obscure what they are doing with your details.

So it’s time to regain control of this exchange.

It’s Not Inevitable

You can be “pro tech,” and excited about AI’s potential, while at the same firmly anti-surveillance. You can also be far savvier about the role all of our data plays as the “new oil” fueling AI innovation.

One of the most influential voices regarding the current commercial data ecosystem is Harvard professor Shoshana Zuboff. In her book, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, Zuboff says this:

“We grow numb to these incursions and the ways in which they deform our lives. We succumb to the drumbeat of inevitability, but nothing here is inevitable. Astonishment is lost but can be found again.” (pg. 194)

Just think…

If we could collectively turn our resignation into “astonishment” the axis of power may shift.

Be Astonished

What better way to recapture a bit of this healthy incredulousness than to recap a few aspects of a Big Tech privacy policy, like Meta’s.

But before I dig in (and you begin to feel a bit queasy) consider this: every single decision you make from a small change in behavior online to reading a few lines of a privacy policy, or participating with commentary on legislation, takes all of us one step forward.

You don’t need to reject the Big Tech brands you love, you just need to consider more seriously the commercial exchange made for their products and services. You aren’t paying with money in most cases, but with your personal data, so why not “budget” accordingly?

Meta Privacy Policy, Version June 26, 2024

The Meta policy is incredibly long and covers every service, every activity, every detail of a consumer’s interaction with the ever-expanding Metaverse.

I don’t believe they are out to bamboozle us, but instead have created a business that we’ve allowed to flourish with our willingness to participate without question. And they are far from alone.

But I’m hoping that by providing a few highlights here you may decide to dig in a bit and start to ask a few important questions yourself (full printable version here):

First, What is Collected?

• To start it’s important to note the sheer scale of what is collected by the company. It’s impossible to list it all. For ease, let’s just say: “everything,” for example:

  • Every detail of your phone down to your “battery level, signal strength, and available storage.” Every other (even unrelated) app on the device is noted too.

  • Meta also monitors the movement of your mouse: “What you’re doing on your device, like whether our app is in the foreground or if your mouse is moving.”

  • When you give access to your photos, the company accesses the metadata embedded in those images (e.g., the details of where the photo was taken and when) If you grant “full image control” then this metadata is made available even for images you haven’t added to the platform.

  • Have you turned off location tracking? Well, it doesn’t matter, Meta still can access your location: “We also receive and use some location-related information even if Location Services is turned off.” This includes: IP addresses, which we use to estimate your general location. We can use IP addresses to estimate your specific location if it’s necessary to protect the safety and security of you or others.” Who decides on what constitutes the “safety and security of you or others”…?

Why is the Data Collected?

• You’ll find lots of suggestion throughout their privacy policy that all of the data collected is for your “benefit." The hope, we can only suppose, is that declarations of good and benefit will shut down any request for more specifics.

  • “One reason we collect this information is to make your experience better. For example, if we know that your phone and TV are connected to the same network, we can help you use your phone to control a video stream on your TV."

• Even beyond “better” you’ll find declarations that Meta data collection prevents “harm.” Although you’d be forgiven for asking “what harm,” and by whose definition…?

  • “Here are some ways we promote safety, security and integrity,” they say.

    • Verify accounts and activity Verify? how?

    • Find and address violations of our terms or policies. In some cases, the decisions we make about violations are reviewed by the Oversight Board. They may use information we have when they review our decisions. What decisions are you comfortable with this board making?

    • Investigate suspicious activity. What defines suspicious?

    • Detect, prevent and combat harmful or unlawful behavior Again, what, and who, defines “harmful” behavior?

    • Identify and combat disparities and racial bias against historically marginalized communities Sounds great, but who is deciding and based on what criteria?

    • Detect and prevent spam and other bad experiences What’s “bad”?

    • Detect when someone needs help and provide support AI to “detect” suicide risk - how do we feel about that?

    • Detect and stop threats to our personnel and property What specifically does this mean? “Stop” suggests some actual physical action. How?

  • Remember, this all may sound great at first blush until you are on the other side of this nebulousness and are accused of “wrongdoing.”

Who Has Access to Our Data?

Ironically, Meta declares that our data is not “sold” but instead “shared.” Only it happens to be shared with tens of millions of people (at best and likely more) including: advertisers (there are more than 10 million advertisers), advertising networks, a long list of partners (good luck trying to understand the difference between each partner cohort), measurement vendors, marketing vendors, service providers (including those who look into “suspicious activity”) third parties, and “other third parties” (see how easily the policy wears you down with a lack of specifics?).

• “Research goals” is another interesting area where your data is shared. Specifically they say for:

  • Our business or mission

  • Social good. (Of course “social good” nestles in some AI)

  • Technological advancement

  • Safety and security on our products

  • Public interest

  • Health and wellbeing

• I hope at a minimum it’s clear that we are discouraged for digging farther in the name of some beneficence and that the broad strokes of access they permit themselves is, frankly, insane. But this is only clear if you aren’t bored to tears first while combing through.

Is it Too Late to Do Anything?

Okay, “congratulations,” you say, “we are astonished, now what?”

First, I believe that all of us have the capacity to decide what’s best for ourselves and our families with the right information available to us. So being savvy and aware is a significant start.

Big Tech makes, and will continue to make, billions of dollars off of our data. Maybe you are cool with that, maybe you aren’t. But in any case if we have “assets” that are valuable to a company, then we should act like it.

Remember: it’s not inevitable…

A Few Tips

It’s really quite easy if you take just a bit of time to familiarize yourself with your devices and the different privacy policies you’ve opted into. I’ve also mentioned before how great the Consumer Reports Permission Slip app is in helping to provide an overview of the apps you use. Here are also a few steps I have taken:

• Turn off location tracking except where you definitely need it, such as with maps.

• Familiarize yourself with all of the privacy features on your phone. I start by default with everything set to off.

• You’ll notice that with every update Apple automatically opts you into new features, such as letting Siri “learn” from apps. So remember to check on what new access has been granted with each new version of iOS.

• Delete apps you don’t use. Really, get rid of unused apps, you can always add them again later.

• Consider using a VPN service at home to mask your IP address.

• Turn off Wi-Fi when you are out and about unless you need it (this makes it harder to access your information over any public networks that your phone may connect to). And especially when it comes to stores you have an app for, they can get a lot more data from you when you step inside.

• Consider limiting the access services have to your photos. You can also turn on and then off each time you upload an image to a site. But do remember that all of the photos you add to platforms such as Meta can be used for whatever purpose they see fit — even if you have a “private” account.

• Clean up your devices now again by removing cookies, unused apps, and files.

• Familiarize yourself with the privacy policies of the apps your kids use. If you don’t have time to do this for yourself, work with your kids to do a sweep.

Just one step at a time, that’s really all it takes. What will you start with? Let me know.