Just a couple months ago, IBM CEO Ginni Rometty inveighed against big tech companies abusing people’s data at a privacy conference in Brussels. She cited a “trust crisis,” ascribing its origins to “the irresponsible handling of personal data by a few dominant consumer-facing platforms.” Rometty did not have to identify the subjects of her criticism by name, Facebook no doubt among them, for people to understand her point.
Now IBM finds itself uncomfortably lumped in with the offenders. The office of the city attorney of Los Angeles has filed suit against an IBM subsidiary for allegedly “deceiving users” about the business unit’s questionable data privacy practices, as the lawsuit states. The city’s complaint follows a recent investigation by the New York Times which drew attention to consumer data exploitation by The Weather Channel app, a forecasting service owned by The Weather Company, whose assets IBM bought for a reported $2 billion in 2015. (It is perhaps worth noting that David Kenny, former CEO of The Weather Company and later head of IBM’s artificial intelligence business, recently became CEO of Nielsen, the world’s largest market research company.)
Here’s the heart of the controversy: When The Weather Channel app requests permission to access a user’s location, it says it requires the information to offer “personalized local weather data, alerts and forecasts.” The app’s automatic pop-up box fails to mention that The Weather Company reserves the right to sell people’s geolocation data to advertisers and other third parties, like hedge funds, for a profit. That information is instead tucked away in a separate, nearly 10,000-word privacy policy, which one must seek out.
IBM maintains that its subsidiary has done no wrong. In response to the lawsuit, Saswato Das, an IBM spokesperson, said in a statement emailed to Fortune that “The Weather Company has always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously.”
That’s one view. Another view is that The Weather Company breached people’s trust in a way that recalls the transgressions of rival tech companies—transgressions Rometty herself criticized.
In truth, no one’s hands are entirely clean, even if some infractions are more glaring than others. When Facebook CEO Mark Zuckerberg last year told Congress that Facebook users are in control of their data and can delete them as they please, he subsequently dodged questions about so-called shadow profiles, the data his company maintains on people who are not users of Facebook services. Or consider Apple CEO Tim Cook, known to raise a stink about the “surveillance” practices of competitors, as he put it, while also speaking in Brussels. Cook stopped just short of naming the likes of Google and Facebook in his denunciation of advertising-based businesses; never mind that Google reportedly pays Apple billions of dollars to make its self-named search engine the default for Safari, Apple’s web browser.
Is it any wonder the world is undergoing a crisis of trust? Data privacy disclosures ought to be crystal clear. There should be no uncertainty about how one’s data are being used or where they’re flowing. During her talk in Brussels, Rometty told the audience that consumers “have very little power against the dominant internet platform companies.” In the absence of informed consent, she’s right.
A version of this article first appeared in Cyber Saturday, the weekend edition of Fortune’s tech newsletter Data Sheet. Sign up here.
