Unhealthy data-harvesting habits to stay away from

Anton P. | September 28, 2021

Is it acceptable for companies supplying debit cards for children to sell the sensitive data it collects? What about a mental health app letting advertisers know about your current emotional state? In both storylines, you would expect companies to do the opposite: to guard such data with their lives. Unfortunately, even the data you assume to be highly confidential can become a commodity exchanged between different companies. Let’s take a look at some of the suspicious and outright vicious data collection and sharing practices.

What constitutes unethical or unjust data collection?

All companies collect data, no exceptions. However, several factors determine whether their practices are transparent and trustworthy.

The details a company collects or requires. Some businesses will only collect the data necessary to provide services. Thus, you can justify the necessity for your physical address if a service will ship products to you. However, it becomes a questionable practice if companies get too greedy and collect data outside this scope.
Partners, daughter companies, and advertisers receiving data from that service. Mostly all companies share data with someone, be it advertisers or subsidiary companies. Even though this data exchange is common, its dominance does not justify it. For example, data brokers are one of the entities known to gather and sell consumer data. Although they anonymize most of this information, researchers claim that re-identifying individual users takes relatively little effort.
The format in which companies store collected data. Data breaches are, sadly, international threats affecting millions of users. Thus, how companies hold your data matters. From dilemmas like storing credit card information locally vs. in servers, there are many decisions businesses make. Of course, the chances are you won’t be able to know the whole operation behind data storing. However, you can find information on whether companies have reported issues in this area.
Keeping data records for longer than necessary. Businesses should not hold onto data for longer than estimated. Typically, services keep data as long as they deem it crucial for providing services. However, it is unclear what this might mean to different providers.

What habits are alarming? Examples

Before agreeing to give away data, check whether online services do not engage in the following (or similarly suspicious) activities.

According to Fortune, 250 executives at various companies admitted pursuing “sometimes unethical” data collecting practices. Furthermore, 33% of these senior executives forewarned consumers to learn more about how companies use their personal data. In some cases, questionable data gathering can even lead to services' end.

History of violating privacy policies

Dishonesty and lack of transparency never pay off in the end. Companies providing obscure and inaccurate privacy policies have a destiny, but not for glory. Recently, WhatsApp received fines of $267 million for violating EU privacy rules. All the disgrace and problems for, allegedly, failing to be transparent about their consumer data usage.

And according to our previous research, authorities capture companies red-handed more frequently than ever. Over the past three years, GDPR “gifted” fines of approximately €283,673,083. Since 2018, the European Union has reported 648 penalties for breaking the GDPR.

However, regular customers are unlikely to know anything before the storm hits. For instance, apps with millions install can secretly take too much data. Clean Master proved this true when Google removed it for unhealthy data collection.

The bright side is that users can look for clues in privacy policies or media outlets. If a particular company has a record of breaking users’ trust, you might want to take your business elsewhere.

Sharing sensitive data with advertisers

Kid-friendly apps and websites typically filter all the unsavory content. It is the general expectation, but it might not always be accurate. As per Vice, Greenlight, a debit card provider for kids, is one of the examples of overstepping the expected boundaries. According to its privacy policy, Greenlight has the right to share the following information:

Clients’ names.
Email addresses.
GPS location history.
Behavioral profiles.
Purchase history.
Birth dates.

Who gets this data from Greenlight? As explained, it can share such details with advertisers, collection agencies, and insurance companies. A rather vague entity to receive the data is “other service providers.” Thus, Greenlight may share children’s data with anyone it likes.

Furthermore, the company states to use gathered details for supplying tailored ads. Promotional content for children never sits well with experts. After all, ads can influence kids more than adults, leading to various issues.

Sadly, Greenlight is only one of the providers involved in similar activities. Dozens of services perform similarly questionable deeds. For instance, mental health and telemedicine apps are all under fire for struggling to protect their clients’ data.

The dilemma is whether you should trust app providers with some of the most sensitive details about your life. And since these applications do not abide by traditional laws for medical data, providers can act rather suspiciously. For one, you can notice ads adjusted to your medical or psychological conditions.

Unethical consumer targeting

Targeted ads might seem harmless until the promotional content you see turns toxic. As reported by The New York Times, companies might not have your best interests in mind.

The article in this particular case discussed Sky Bet, a popular gambling platform. According to research conducted, the platform compiled extensive records on its users, like mortgage details, location coordinates, banking records, etc. Gregg, a former user of the platform, discovered this after his long battle with addiction.

Sky Bet labeled him as a user to “win back,” leading to various tempting emails to Gregg. For instance, he would receive notifications for a chance to win more than $40,000 by playing slots. However, the platform might have known that Gregg had lost nearly $15,000 during his betting binge. Thus, it, allegedly, knew of his addiction and still attempted to keep him hooked.

Thus, many services might use invasive tracking and profiling techniques to harm users’ well-being indirectly. In some cases, targeting might be harmless, but it could trigger dangerous, addictive behavior for people like Gregg.

Storing data unencrypted

Retaining data unencrypted is one of the biggest mistakes companies make. Data breaches for such businesses can prove fatal. After all, if data leaks in plain text, performing damage control becomes far more complex.

Of course, some view encryption as a dangerous tool to aid hackers and criminals. However, it is the solution to many issues facing the tech industry. Thus, always regard encryption as a priority, and check whether companies do everything in their power to protect you.

“Collect everything” philosophy

Many companies no longer collect all information possible simply for a rainy day. The “collect everything” philosophy reflects businesses that gather as much as they can. They figure out its use only after harvesting data. Luckily, there are fewer examples of companies still following such principles. However, this decision might not be an independent one.

The main force preventing companies from gathering everything is regulations. The European Union and many US states have passed data protection laws. As a result, the law stops companies from harvesting more than necessary for serving clients.

VPNs collecting activity logs

Last but not least, we observe the tendencies in our VPN industry. One of the biggest red flags with providers is the data they collect. For instance, if a VPN collects your activity logs, it works against everything our industry stands for. When choosing a product, always read their privacy policies thoroughly.

Atlas values your data and the decision to fight back against invasive digital tracking practices. Thus, we do not collect any data related to your activities when connected to our servers.