News sites frequently allow outside companies (many of which are not listed in the privacy policy) to track your behavior on the site (New York Times): News sites frequently allow outside companies to track your behavior on the site. Surveillance on news sites can be highly invasive, allowing companies and the government to exploit information about your political beliefs or health interests. Furthermore, since advertising revenue benefits news organizations, they are less likely to disclose their tracking practices or list outside companies in their privacy policy.

You may not see value in your personal information, but others do! Many free online services and other businesses (e.g. Twitter, Google, Facebook, credit cards, supermarket reward cards, etc.) make a profit from selling or using the data they collect about users. This applies both to information you post intentionally and to the hidden parts of your information footprint, such as information about your location. Even paid apps and services often collect data about you; paying more for something doesn’t guarantee the company isn’t also profiting indirectly by selling your data.

Get the Facts:

• Check before you sign up for a “free” service: How is that service making money?

Communicate About Preferences:

• Check your privacy status with companies. Banks, insurance providers, hospitals, and other companies are often legally bound to let you opt out of at least some types of data sharing. Pay attention to mail and email about privacy from companies and institutions; if you don’t respond, they may share your information by default.

Choose What You Use:

• Think through your preferences for how websites, apps, and services share your data, including:
  • How much data they collect and save about you (including personal/contact information, posts, and metadata);
  • How they use the data; and
  • Whether and under what circumstances they share the data with third parties;
• …and choose sites, apps, and services whose privacy policies are in line with those preferences.

FaceApp makes today’s privacy laws look antiquated (The Atlantic): FaceApp was an app available on both Android and iOS that went viral for modifying photos of its users’ faces to show them what they might look like when they’re much older. Many voiced concerns about how the images were stored, especially when it was revealed that the company behind the app was a relatively unknown Russian corporation.

In a response to criticisms of its privacy practices, FaceApp released a statement claiming that “most” photos are deleted within 48 hours. However, there are no legal guarantees for this in the privacy policy. Wireless Lab, which developed the app, also says users can request that their data be deleted, but the process for doing this is not noted in the policy either. Due to the non-existence of a federal data privacy legal framework, there is nothing the government can do to ensure that the company is doing what it says it is doing and not using these images for malicious purposes.

Laws regulating this type of data sharing are very limited. There is no national enforcement agency in the U.S. and, with the exception of California, there are no requirements forcing companies to report what information they share. In fact, governments are major users of collected online data; for example, in 2013, it was revealed that the U.S.’s National Security Agency (NSA) was regularly collecting data from social-media companies and cell-phone providers. Most companies, institutions, and governments are saving and exchanging information about you both openly and secretly.

Use Your Imagination:

• Think before you post! Ask yourself how this information could possibly be used against you, in any way, by anybody. How could it affect you if the information was made known to your family, your employer or business connections, casual acquaintances, insurance providers, telemarketers, your government, foreign governments…?

Insurers may use social media posts to justify suspending benefits (CBC): Canadian Nathalie Blanchard was on leave from work due to major depression. Her disability insurance company, Manulife, saw photos she posted on Facebook of her having fun on a vacation at the beach, which they took to mean she couldn’t possibly still be depressed. They suspended her sick leave benefits, and admitted to the press that they use Facebook to investigate clients.

Misuse of your information may result in financial, health-related, and emotional damage. The way your information is used may be innocuous or just mildly annoying, for example, to tailor which online ads you see. However, digital information can be used against you. In the worst-case scenario, if information posted by you or about you online is obtained by malicious people, it could be used for bullying, blackmail, threats, or coercion. It could also lead to hacks, fraud, or even identity theft.

Choose What You Use:

• Only give as much information as you need to for an app to be able to do its required function. Do not identify yourself to websites unless it is necessary for the functionality of the service. If the company or service provider doesn’t need that information to provide the service you want, either:
  • Don’t give them the information;
  • Give them made-up information*; or
  • Choose some other way of getting that service.
• For example, if a news website is requiring you to give them your birthday before accessing an article, consider either using a different website or providing a fake birthday.

* When making up information, stay within legal bounds; it’s usually not a good idea to make up information on government forms, or when you’re doing business with banks or other highly regulated services.