ThinkTank_Logo_black
The wait is over
Ailance™ ThinkTank is here!

Mass surveillance uncovered! Over 40,000 apps send location data

Location data and other sensitive data are sent via apps.
Categories:

In recent years, global data trading has reached a dimension that not only raises data protection issues, but also poses considerable risks to privacy and security. A new data set provides profound insights into the mechanisms of the data market and the vulnerability of personal data. The data set, which reached the media platform netzpolitik.org via a US data trader, comprises 380 million location data from 137 countries that are linked to around 40,000 apps.

US data broker offers location data worldwide

The data set comes from the US data trader Datastream Group, which now operates under the name Datasys. It shows how comprehensive and precise the location data collected is. Users of popular apps such as Wetter Online, Focus Online and Kleinanzeigen were located with astonishing accuracy. The data is often collected under the pretext of "advertising purposes", but frequently ends up in the hands of data traders who sell it on or even give it away.

What is particularly explosive is that the data set not only contains location data, but also Mobile Advertising IDs (MAIDs), which act like digital fingerprints. Together with information about device models and network operators, this allows detailed movement profiles to be created and people to be identified.

Sensitive data systematically collected

The EU's General Data Protection Regulation (GDPR) places particular emphasis on the protection of sensitive data, especially data that reveals movement profiles or personal preferences. Article 9 GDPR protects data on sexual orientation, health and religion as "particularly sensitive".

However, this data set shows that this sensitive data is systematically collected and traded. Apps such as Grindr, Hornet and health apps that explicitly contain such information are also affected. This illustrates the gaps in the implementation of the GDPR.

Another problem is the lack of transparency. Users can hardly see who has access to their data and for what purposes it is used. The consents that many apps obtain are often inadequate or non-transparent and do not meet the requirements of the GDPR.

Reading tip: Data minimization and data economy - ECJ overturns obligation to address customers when purchasing tickets online

Real Time Bidding (RTB) as a data loophole

Much of the data apparently originates from so-called Real Time Bidding (RTB), a mechanism for the automated allocation of advertising space. Bidstream data, including MAIDs and IP addresses, is passed on to hundreds of companies.

This practice often violates the GDPR, as the data is often processed without valid consent and the purpose - advertising - is changed during further processing.

Controlling these data flows is difficult even for the app operators. As the data set shows, many providers do not even know how the data that their own apps collect ends up with data traders. This non-transparent data transfer leads to a considerable loss of control for consumers and operators.

Comprehensive profiling possible through advertising data

The analysis of the "Databroker Files" makes it clear that the trade in location data has far-reaching consequences. Individuals are exposed to potential risks such as stalking, blackmail or discrimination. People who use sensitive apps such as dating apps or health apps are particularly at risk. The publication of movement profiles also poses considerable risks for security-relevant occupational groups such as military personnel.

In addition, the anonymity of users is removed by linking MAIDs with other data. This leads to comprehensive profiling, which can be used not only for advertising purposes but also for monitoring purposes.

Secret services and other organizations can use this data for advertising-based intelligence (ADINT), as previous research by Netzpolitik.org has shown.

Regulatory and political consequences of the "Databroker Files"

The results of the Databroker Files highlight the need for a stricter legal framework. The Federal Ministry of Consumer Protection is therefore calling for a comprehensive reform of data protection, including an EU-wide ban on personalized advertising. Technical standards that prevent the collection of identifying data are also considered necessary.

The data protection authorities, on the other hand, have a duty to use their powers of investigation and sanction more consistently. The Bavarian State Data Protection Commissioner has already announced that he will use the findings of the research as an opportunity for his own investigations.

The Databroker Files reveal massive deficits in global data protection. The loss of control over personal data and the dangers of comprehensive surveillance are alarming. Effective protection of privacy requires not only the consistent application of existing laws such as the GDPR, but also new, stricter regulations at European level.

The planned Digital Fairness Act offers the opportunity to regulate the rampant practices of data traders and better protect consumers. It remains to be seen whether this opportunity will be seized. What is clear, however, is that without decisive action, global data trading threatens to remain an uncontrollable risk to the privacy of millions of people.

Source: New dataset reveals 40,000 apps behind location tracking - netzpolitik.org

Do you need support in optimizing your data protection processes? We are at your disposal. Contact us and we will develop tailor-made data protection and compliance solutions for you.

Please feel free to contact us:
Phone: +1 (954) 852-1633
Mail: info@2b-advice.com

Tags:
Share this post :
en_USEnglish