Translator: Riaki Poništ
Reviewer: Ellen Maloney I'm a 26-year-old British Asian woman working in media and living
in a South West postcode in London. I have previously lived
at two addresses in Sussex, and two others in North East London. While growing up, my family lived
in a detached house in Kent and took holidays to India every year. They mostly did their shopping
online at Ocado, gave money to charities
and read the Financial Times. Now, I live in a recently converted flat
with a private landlord, and I have a housemate. I'm interested in movies and startups, and I have taken five holidays
in the past 12 months, mostly to visit friends abroad. I'm about to buy flights within 14 days. My annual salary is between
30,000 and 40,000 pounds a year. I don't own a TV or watch
any scheduled programming, but I do enjoy on-demand services
such as Netflix or Now TV. Last week, I passed
through Upper Street in North London on Monday and Wednesday
evenings at 7 p.m. I cook a little, but I tend to eat out
or get takeaways often. My favourite cuisines
are Thai and Mexican food. I don't own any furniture,
and I don't have any children. On weeknights, I tend
to spend the evenings with my university friends having dinner. I usually buy my groceries at Sainsbury's
but only because it's on my way home. I don't care for cars or own one. I don't like any form of housework, and I have a cleaner who lets
herself in while I'm at work. On Fridays, you'll find me
at the pub after work. At home, I'm far more likely
to be browsing restaurant reviews rather than managing my finances
or looking at property prices online. I like the idea of living abroad someday. I prefer to work as a team than on my own. I'm ambitious, and it's important to me
that my many thinks I'm doing well. I'm rarely swayed by others' views. This motley set of characteristics,
attitudes, thoughts, and desires come very close
to defining me as a person. It is also a precise
and accurate description of what a group of companies
I had never heard of, personal data trackers,
had learned about me. My journey to uncover
what data companies knew began in 2014, when I became curious
about the murky world of data brokers, a multi-billion-pound industry of companies that collect, package,
and sell detailed profiles of individuals based on their online
and offline behaviours. I decided to write about it
for Wired Magazine. What I found out shocked me, and reinforced my anxieties
about a profit-led system designed to log behaviours every time we interact
with the connected world. I already knew about my daily records
being collected by services such as Google Maps, Search, Facebook,
or contactless credit card transactions. But you combine that
with public information such as land registry,
council tax, or voter records, along with my shopping habits and real-time health
and location information, and these benign data sets
begin to reveal a lot, such as whether you're optimistic,
political, ambitious, or a risk-taker. Even as you're listening to me,
you may be sedentary, but your smartphone
can reveal your exact location, and even your posture. Your life is being converted
into such a data package to be sold on. Ultimately, you are the product. Ostensibly, we're all protected
by data protection laws. In the UK, the law states that any personal data set
has to be stripped of identifiers such as your name
or your National Insurance number. Personal data is considered anything
that can be traced directly back to you. without the need
for additional information. This doesn't mean it can't be sold on. It only means that they
need your permission. Simple examples of personal data include your full credit card number,
your bank statement, or a criminal record. However, I discovered that online
anonymity is a complete myth. Particulars such as your postcode,
your date of birth, and your gender can be traded freely
and without your permission because they're not considered
personal but pseudonymous. In other words,
they can't be traced back to you without the need
for additional information. So why does it matter if a bunch
of companies you've never heard of know your age or your
postcode, you may think. Well, it matters quite a lot. About a decade ago, Latanya Sweeney, a professor
of privacy at Harvard University proved that about 87% of US citizens
could be uniquely identified by just three facts about them: their zip code, their date
of birth, and their gender. In the UK, where we have
far fewer citizens serviced by much longer postcodes,
that probability is far higher. Professor Sweeney proved this
in a rather cheeky way when William Weld, a former governor
of Cambridge, Massachusetts, in the US decided to support the commercial release
of 135,000 state employee health records along with their families,
including his own. These records did not contain a name
or a social security number, but did contain hundreds of fields
of sensitive medical information including drugs prescribed,
hospitalisations, and procedures performed
on these employees. For $20, Professor Sweeney purchased the voter records
for Cambridge, Massachusetts, containing the names, zip codes,
dates of birth, and gender for every voter in the area, and then cross-referenced this
with their health records. Within minutes, she had pinpointed
Governor Welds' own health records. Only six people in Cambridge
shared his date of birth. Three of them were men. And he was the only one
living in his zip code. Professor Sweeney sent the governor
his health records in the post. (Laughter) Every day, we hear about new examples of companies digging ever deeper
into our personal lives. In the November US presidential election, a little-known British company
known as Cambridge Analytica was tasked with winning the election
for a certain candidate: Donald Trump, using data analytics. The company employed cookies online
to track people around the web, logging every website visited,
every search term typed, and every video watched. They also created a viral Facebook quiz
to dig into people's personalities, which was taken
by over six million people. In total, they managed to amass data
on 220 million voting Americans with an average of about 5,000 pieces
of data on each person. They then used this data
to understand people's inner feelings and then targeted adverts
to them on Facebook. Researchers have called them
a propaganda machine. It's not just large companies
digging into your life; it's free apps and small startups as well. I realised on my phone that every time I logged fitness data
into the app Endomondo, it was sharing my details
including my location and gender with third-party advertisers. WebMD, a symptom checkers app, was sharing even more
sensitive information including the symptoms, procedures,
and drugs viewed by users within its app with its third parties. Fitbit was sharing data with Yahoo. A pregnancy tracking app
was selling on information about its users' ovulation cycles
and fertility cycles with people or advertisers like InMobi. As long as my phone is turned on,
my location can be tracked, not just by the obvious apps
like Google Maps, but a whole host of unrelated services from Uber to Twitter, Photos,
Snapchat, TripAdvisor, and others. You're not even safe in your own home. In 2015, Samsung was found
to be recording people in the homes in which their TVs had been sold
using their voice recognition systems. They have now adapted this
so they only record when the voice recognition is activated. But the creepy factor remains. Even services like Google and Facebook, trusted and used
by billions around the world, have been accused of crossing the line. A few weeks ago, my husband and I
were driving home from work and discussing
where we should have dinner. I suggested a restaurant that I knew
was somewhere on our way back and then opened up Google Maps to plot it. Turns out it was already marked
on the map with a little bubble. That sinking feeling of being watched
is not unique to me. There have been several anecdotal reports
of people being shown adverts based on things and conversations
they were having in real life, prompting concerns that Facebook
and Google are eavesdropping on people via their personal devices. To piece together what all
these companies knew about me, I spoke to a data profiler called Eyeota. Eyeota uses cookies to assign me
to thousands of different categories, including my job,
how many children I have, and whether I'm likely to buy
Star Wars memorabilia. (Laughter) They don't know my name, but they know more about me
than my neighbours do. Eyeota also buys information
from third parties such as the credit rating agency Experian, which amasses a massive database
of 15 different demographic types and 66 lifestyles,
all based on people's post codes. Because Eyeota buys
this information, it knows that I'm more likely to take taxis home
rather than night buses late at night and that I'm very, very unlikely
to ever be found in a DIY store. (Laughter) It can then sell this information on
to the highest bidder. Sometimes, large data sets
can be useful for the public good, for example for the use
of health researchers or city and urban planners. But most of this information
being collected is sustained by advertisers
and traded commercially. In fact, eMarketer has predicted
that the online advertising industry, which is based almost completely
on data targeting and tracking, will hit an all-time high
of 77 billion dollars this year. If you think you don't care
about being unmasked, you may want to reconsider. Personalised browser ads may be harmless, but connecting disparate
aspects of your life to predict your future behaviour
could lead to unexpected consequences. For instance, decisions on whether your child
gets to go to a certain university or what price you pay for your home
or car insurance premiums could be made based on data given to third parties
that you never intended to, such as your own lifestyle habits
or family members' ailments. In 2014, Ross Anderson, a professor of Privacy and Security
at Cambridge University found that the NHS had been sharing
its hospitals' database, which included details of hospitalisations
for every citizen in Britain with the Institute
and Faculty of Actuaries, a body that was researching
how likely people are to develop chronic illnesses
at certain ages. Of course, this resulted in an increase
in health insurance premiums. As the amount of data that is collected
increases exponentially, it becomes much easier to identify you. For example, your Fitbit measures
our heart rate or your gait patterns and these can be used to estimate things like your height, your weight,
or even your gender. These are details that are very hard
to mimic or change. The data is no longer about you. It is you. Companies are also starting to predict
future behaviours - for example, whether you're a trustworthy driver,
a good employee, or a good credit risk, based on things
like your social media activity, your health and fitness,
or your home energy use. The more the companies know about you - where you live,
how many children you have, what your medical ailments are,
what you buy - your anonymity becomes irrelevant. What's more, you lose
your right to free choice, as companies make decisions
on your behalf without your knowledge. Along my journey of discovery,
my first reaction was shock. I immediately wrote to my local council and asked them to make
my voter records private. I made up a fake email address, and I started registering
with a fake age and gender. I turned off targeted advertising, and I asked Facebook to send me
all the information that they held on me, including things I had deleted, and spent hours
poring over it obsessively. But after a few weeks I realised
this was a pointless exercise. I couldn't be a digital hermit. It wasn't realistic for me to stop using social media, search
and navigation apps, and my iPhone, all a part of modern life
that I cherished and needed. Instead, I realised that the knowledge
itself was empowering. Knowing all the different ways in which my data
was being shared and collected made me more responsible
about where I put it. For example, I stopped signing up
to supposedly free services, for example, a VIP card
at my local hairdresser or a discount coupon at your supermarket. Whenever I download an app, I make sure to check my settings
to see what permissions it has. Anything that seems unnecessary
like access to my location, I turn off. Ultimately, there is hope. As more of us begin to realise
the extent of our data footprint, we will start to demand custody
and control of this data. Some critics have even suggested that people be paid for their data
in order to give them more control. This means it will become
too expensive for companies, governments, and non-profits to recklessly mine and hold our data,
and sell it on indiscriminately But until the data economy matures, and power moves back
from the corporation to the individual, I have lost more than my anonymity. I have given up my right
to self-determination and free choice. All I have left is my name. Thank you. (Applause)
