Ninety-seven percent of smartphone users rely on Google Maps to help them get to where they go fast and efficiently.
An important part of Google Maps is its ability to predict how long different navigation routes will take. It's possible because the mobile phone for every person using Google Maps sends data about its location and speed back to Google's servers, where it is analyzed to generate new traffic data.
Information like this is useful for navigation. But the exact same data used to predict traffic patterns can also be used to predict other types of information – information that people may not be familiar with.
For example, data on cell phone's previous location and movement patterns can be used to predict where a person lives, who their employer is, participating in religious services and their age group based on where they release them to school.
These predictions indicate who you are as a person and guess what you are likely to do in the future. Research shows that people are largely unaware that these predictions are possible, and if they become aware of it, they may not like it. In my opinion, as a human being, studying how predictive algorithms affect people's privacy, a major problem for digital privacy in the United States
How is it all possible?
Every device you use, every business you deal with, every online account you create, or a loyalty program you participate in, and even the government itself collects data about you.
The types of data they collect include things like your name, address, age, social security or driver's license number, purchase transaction history, web browsing activity, voter registration information, whether you have children living with you, or speak a foreign language, the photos you sent to social security media, the listing price for your home, whether you have recently had a life event like getting married, your credit score, what kind of car you drive, how much you spend on groceries, how much credit card debt you have and the location history from your cell phone.
It does not matter if these datasets were collected separately by different sources and do not contain your name. It is still easy to match them for other information about you that they contain.
For example, there are identifiers in public databases, such as your name and your home address that can be matched with GPS position data from an app on your mobile phone. This allows a third party to connect your home address to the place you spend most of the night and night time – presumably where you live. This means that the app developer and its affiliates have access to your name even if you didn't give them directly.
In the United States, the businesses and platforms you interact with deal with the data they collect about you. This means that they can legally sell this information to data brokers.
Data brokers are companies involved in buying and selling datasets from a wide variety of sources, including location data from many mobile operators. Data brokers combine data to create detailed profiles of individual people they sell to other businesses.
Combined datasets like this can be used to predict what you want to buy to target ads. For example, a company that has purchased data about you can do things like linking your social media accounts and web browsing history to the route you take when running errands and your buying history at your local grocery store.
Employers use large datasets and predictive algorithms to make decisions about who should interview for jobs and predict who can quit. Police departments make lists of people who may be more likely to commit violent crimes. FICO, the same company that calculates credit score, also calculates a "medication adherence score" that predicts who will stop taking their prescription drugs.
How attentive are people about this?
While people may be aware that their cell phones have GPS and that their name and address are in a public registry somewhere, they are far less likely to realize how their data can be combined to create new predictions. This is because privacy policies typically include only one watch language on how data collected will be used.
In a January survey, Pew Internet and the American Life project asked adult Facebook users in the United States about the predictions Facebook makes about their personal traits, based on data gathered by the platform and its partners. For example, Facebook assigns a "multicultural affinity" category to some users, guessing how they correspond to people from different racial or ethnic backgrounds. This information is used to target ads.
The study showed that 74 percent of the population did not know about these predictions. About half said they were not safe with Facebook and predicted information like this.
In my research, I have found that people are only aware of predictions that appear to them in an application's user interface, and that makes sense because they decided to use the app. For example, a 2017 survey of fitness tracker users showed that people are aware that their tracking device gathers their GPS location when exercising. But that does not mean that the activity tracking company can predict where they live.
In another study, I found that Google Search users know that Google is collecting data about their search history, and Facebook users are aware that Facebook knows who their friends are. But people do not know that their Facebook "likes" can be used to accurately predict their political party affiliation or sexual orientation.
What can be done about this?
Today's internet is largely dependent on people who manage their own digital privacy.
Companies are asking people up front to agree to systems that collect data and make predictions about them. This approach would work well for managing privacy if people refused to use services that have privacy policies that they do not like and whose businesses would not violate their own privacy policies.
But research shows that no one reads or understands these privacy policies. And even when companies face the consequences of breaking their privacy promises, it doesn't prevent them from doing so again.
Requiring users to consent without understanding how their data will be used also allows businesses to shift the blame on the user. If a user begins to feel that their data is being used in a way that they are not actually safe with, they have no room to complain because they have given their consent, right?
In my opinion, there is no realistic way for users to be aware of the possible predictions that are possible. Of course, people expect companies to use their data only in ways related to the reasons they had to interact with the company or app in the first place. However, companies are usually not legally obliged to limit the ways they use people's data to only things that users would expect.
One exception is Germany, where on February 7, the Federal Cartel Office decided that Facebook should specifically ask its users permission to combine data collected about them on Facebook with data collected from third parties. The decision also says that if people do not give their permission for this, they still need to be able to use Facebook.
I think the US needs a stronger privacy-related regulation, so companies become more transparent and accountable to users about not only the data they collect, but also the kinds of predictions they generate by combining data from multiple sources.