10
votes
Where do you draw the line when it comes to what data collection one can do on you?
(Presuming it's done purely for statistical purposes of course.)
I, like most of us am personally fine with age, sex, city level location and relationship status. I really dislike using real names though since I feel like it ties you to who you are in person, which I really dislike and I support people deciding not to fill them in because in some places even what I've outlined can get you in trouble.
I work in data collection, and while I can trust that my company isn’t using it for nefarious purposes, the amount of information collected can almost assuredly be used for less reputable means. I somewhat doubt that adtech can manage to use the data it currently collects on me for means beyond feeding algorithms that mostly give loosely relevant ads. That isn’t to say that it couldn’t use data in the future for more insidious practices, but the current data retention at most (legitimate businesses) negates their ability to perform retroactive analyses. This can all be prevented through as locking, though, and it’s the information you volunteer that can remain forever. To be honest, I’d be much more afraid of my ISP and the government being actually capable of modern day consequences.
With that in mind, I am much more afraid of information getting leaked than I am of it getting used for legitimate business. I’ve already been a part of some of the major data breaches (and paired with FB’s major breach last year), there’s enough information out there to easily steal my identity. Because of this, I don’t trust most sites and apps with real data.
Unless it necessitates a link to my real world identity (such as health or financial services...which are regulated), I mostly provide garbage information to sign up for any new service I come across. Too often do I just want to trial a piece of software or web service to then find that the questions are privacy invasive (beyond the needs for their business to operate). I generate fake profiles and disposable email addresses, and I never sign in with Google or Facebook out of convenience. The main linking identifier that’s more difficult to avoid is requiring a mobile number. If the service isn’t important enough to me I usually bounce and never return at that point.
Credit card numbers come and go, and some demographic characteristics can change over time, but there’s an increasing number of immutable data points that I’m wary of providing in any context (primary email, phone number, even username) since they can be a single identifier that continues to link future (and inevitable) data breaches. My own name is unique enough to find me, so I generally never provide it online.
Paradoxically, I think the one exception to the above is when I’m signing something in person. When requested for an email, I don’t generate a new disposable one (or just write a fake one). Something about that interaction with a friendly face on the other side disarms me. This isn’t always the case, but I’ve found myself acknowledging that maybe I’m just being overly paranoid and that there’s little harm for this charity/non-profit to have my information...despite them being by far the most frequent spam callers on my call history.
I probably think too much about this because it’s the field I work in, and I sometimes get apathetic because of the number of breaches and lack of awareness by my peers. Whether or not these minor safety protocols will have any tangible effect is yet to be determined, but I’d rather fall on the side of caution with the version of Pascal’s wager.
Almost all data, if obtained and pooled properly, can somehow be traced back to you. So while I also like it when I'm offered the possibility of not filling in what I don't want to share, I don't really do that out of privacy concern so much as out of a desire for common courtesy.
Where I draw the line is pretty simple: I want to know upfront what data is being collected, why, and be given the possibility to opt out at my own discretion. If I'm also allowed to request deletion of my previous data then even better.
If all of these concerns are answered, and depending on my mood if I'm being honest, I'd be pretty willing to share anything short of what I'd only share in confidence with medical professionals or a lawyer.
It depends on why a company needs that data. For a random website (internet forum, chatroom) I'm not comfortable with giving them any of that info you mentioned. I may mention my age but I try to keep that for private messages. However, I understand why that info may be needed for other websites, for example if I am on a website searching for a job. But before giving that info to a website I make sure the website lets me decide how I want to share it (I usually make my profile private, only available for recruiters, hidden from logged out users and search engines). I know that the data can still be leaked or sold but sometimes those websites are a necessity and not a choice.
I generally try to give as little as possible. I always look for the "not now" or "I'll do this later" button and then skip that stuff. So many sites are like, "You've only completed 10% of your profile," and I'm like, "No, it's as complete as it's getting!"
Even when I trust a company, I generally don't give them anything I'm not absolutely required to give to get what I want out of their service. The fact is that no matter how trustworthy the company is, there are a number of things they can't control:
It's kind of crazy the number of ways data can leak and how poorly secured most apps and web sites are. (I just had a website email me my password in plaintext yesterday. In 2020. It's insane. That shouldn't even be legal.) Most of the above list has happened to most companies, including all of the FAANG companies at one point or another. So these aren't crazy conspiracy theories. They're things that have actually happened, and they'll happen again. Most companies asking for data have no use for it and it's simply a liability. I have a landline I never answer for when I'm required to give a phone number. I have a throwaway email account for most stuff that I know is going to generate spam and be auto signed-up to mailing lists.