Consumers are waking up to the fact that companies collect a lot of personal information about them. But they may not be fully aware of exactly how much data is being pulled or how it is being used.
To help people fully grasp just how much data companies have on them, Clario put together fascinating charts detailing which companies are gathering the most data and exactly what types they are collecting. It’s pretty eye-opening. But even with such information, we don’t have any real insight into how these companies use the data.
You’re going to provide Instagram access to your camera roll. By granting that permission, Instagram could gain more access to your library than you intended. What is it doing with all of your pictures? We have no idea.
Winners: Amazon, Apple, and Dyson
In a recent survey, customers said they trust Amazon most with their personal data, closely followed by Netflix. This suggests that a nice, customizable experience can go a long way in the effort to woo users to share information. No one wants bad Netflix recommendations, and shoppers love to see items curated to their tastes and interests as part of their Amazon experience. This level of personalization is worth sharing personal data. In this sense, Amazon and Netflix could be considered winners because their users don’t mind allowing access to data because of what they receive in return. Yet it feels a bit odd to call a company a privacy “winner” that was recently slapped with a record $886.6 million EU fine for violating rules on processing personal data, as Amazon was.
Apple is another company typically viewed quite favorably for its data privacy stance because it has endeavored to bring data transparency to consumers. If consumers dislike others’ opaque privacy policies, trust evaporates. But if they believe Apple, by contrast, is being transparent with them, the company will continue to be perceived as a privacy winner. However, information is surfacing which shows that companies have been able to skirt Apple’s guidelines by data triangulation and device fingerprinting. These stealthy techniques provide enough unique information to still identify your phone, what apps you use, and potentially provide insights into how to target you—and there is no way to stop it.
Other companies, such as Dyson, stand out as unexpected privacy trailblazers. On its privacy page, not only is there a message outlining Dyson’s privacy commitment, but the company also very clearly highlights what information it collects, why, and how Dyson protects consumers’ rights, in a manner that can be quickly and easily understood.
Work in progress: Robinhood
Many companies are trying hard to rectify very complex systems that integrate user information across a surprisingly high volume of applications.
Take Robinhood for example. A hacker was able to gain access to the personal information of 7 million account holders. Thankfully, data collected, for the most part, was limited to names and emails, which seems harmless enough on the surface. But hackers are smart, and knowing that these individuals are Robinhood account holders suggests a certain financial profile. Their names and emails can then be used by bad actors to target them in various email schemes that can harm unknowing customers. The problem is that hanging on to any data, even seemingly innocuous data, makes the organization enticing to hackers who are broadening their techniques with extraordinary speed and precision.
It could have been much worse. It appears Robinhood encrypted the most sensitive data to such a degree that even its customer response teams couldn’t view it. The company was also transparent about the attack and contacted authorities immediately.
Losers: Facebook, Clubhouse, and the social powerhouses
Clubhouse has very aggressive data collection practices. It’s recording your voice, your conversations, and a whole lot more, but where it really fails is that the company is taking next to zero precautions with that data. In fact, the Stanford Internet Observatory (SIO) found that Clubhouse was so careless with user data that it posed “immediate security risks to Clubhouse’s millions of users, particularly those in China.”
Then you can look at cases like Facebook, where it’s clear that data collection practices cause another kind of real-world harm. Facebook and its other social properties know essentially everything about you: where you live, who your friends are, the products you love or hate, where you travel, how you spend, how you think, and much, much more based on your posts, pictures, and patterns.
One could argue that the company uses this information to create amazingly personal experiences, but it uses personal data to curate content, placing people in a bit of an echo chamber that affects their day-to-day perception of reality. Now the company is facing a reckoning. How it amends its algorithms and changes its data privacy practices will determine its fate.
What is clear is that just having a policy isn’t enough. Organizations must change how they think about user data and how they conduct business.
Daniel Barber Is the CEO and cofounder of DataGrail.
More must-read commentary published by Fortune:
- A.I. won’t break your company’s culture—and it might even boost morale
- The Fed isn’t likely to let inflation skyrocket, no matter what the doomsayers think
- How to get rid of waste and fraud in U.S. health care
- Tell your favorite celebrities deportation contractors don’t deserve their business
- Our autonomous future depends on educating drivers
Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.