“If you're not paying for the product, you're the product”.
This quote, originally from before the internet boom, rings truer than ever in 2019. To be clearer, the “product” isn't specifically you, but the result of the analysis of the numerous terabytes of data that the tech companies gather about you. Some people even dub data as “the new oil”, a.k.a. the most valuable asset to profit from. It's a fairly simplistic view, however, since data and oil are very different things, with different implications resulting from the transactions related to them. It's more helpful to view data as both an asset as a currency.
GDPR is already one year old and Google received the biggest fine to date. Shoshanna Zuboff's book on surveillance capitalism came out a few months ago. Data protection and cybersecurity are turning into lucrative industries. But the leading players of those – currently still – niche fields are very small enterprises compared to Facebook, Amazon, and Google. And the revenue of those industries is so high (Google's turnover was $39bn last quarter alone!) largely due to all the data they collect. The data is provided by us consumers, who love “free” Google services and the convenience they provide. But the truth is, we're helping Google make money with our data.
What is “paying with data”?
People's behavioral patterns are monitored, recorded, stored and ultimately monetized by Google. Theoretically, people know that – or at least they're supposed to when they sign up and “read the terms and conditions”. And a lot of organizations with a web presence use Google Analytics to monitor their consumers' behavior. So strictly speaking, Google does have the permission of the users to do whatever it pleases with the data.
However, the magnitude of the data collection process is rarely fully understood by the general public, not least because very few people actually understand the legalese of the Ts&Cs. The GDPR did impose requirements to make data collection policies in a clear and accessible format, which Google hasn't been able to do yet. And by handing over the data “in accordance” with these terms, users are paying for the traffic of that data to Google. There's often no option to pay actual money for Google's “free” services rather than submit information about your every move. Literally.
According to a comprehensive report about Google Data Collection created by Professor Douglas C. Schmidt of Vanderbilt University in 2018, available here, Google attempts to learn about every single internet user daily. And a lot of that collection takes place when the user isn't actually using their device. This is a very surprising and unsettling fact to learn. We read through the report and other papers on the subject and can report the following.
It's virtually impossible to uninstall Google Play from most Android devices. Android OS is closely connected with Google's entire ecosystem and is its key data collector mechanism, together with the Chrome browser. The amount of data communicated to Google through these two hubs, even when in “passive” mode, is staggering. This was discovered thanks to the research project of the Vanderbilt scientists called “a day in the life of a Google user”.
The experiment showed that the “passive” collection outnumbered the “active” by two-to-one. To give you an example, when you're using your Android phone or tablet on the metro to search for some new shoes, the “active” data collected is the search queries, but the “passive” is that you're traveling on a subway. Data is collected even when Wi-Fi or mobile data are switched off on an Android device.
It's also worth noting that Google Pay, which is enabled on Android devices, is a service that collects a lot of your financial data, including all transaction information, descriptions of what you've bought, and any associated deals. This info is treated as personal and is therefore fair game for usage and targeting, like all other info Google has access to.
The Vanderbilt report tells us that location tracking is where the biggest stream of data comes from. According to the findings obtained by the “day in the life of a Google user” experiment, an “inactive” Android device sends location info to Google 340 times during a 24-hour time period. That constitutes 35% of the data submitted to the tech company. This is done by monitoring your IP addresses and the GPS coordinates. So, Google, in essence, knows where you are at all times if you have an Android device or a Chrome user.
According to some investigations, Google continues location tracking even after you disable location services on your device. Like the majority of other data collected by the company, Google claims to do it for the sake of “improving the experience”. To properly turn off the tracking, you have to play around with the settings of a feature of your Google Account called Web & App Activity. This option is hard to find if you're not a tech-savvy person. We'll leave it to the European regulators to decide the extent to which it complies with the GDPR's requirements of fairness and transparency.
The free Gmail has a lot of great convenient features popular with many organizations and is the root of the Google account. However, the price of that freedom is, once again, you. The moment you get an e-mail from Amazon, for instance, confirming a purchase of shoes, Google will know all about it. Same with you arranging meetings via Google Calendar with your team at a specific sushi restaurant. You can definitely expect adverts related to either sushi places nearby or sushi cooking equipment sold in your neighborhood to be all over your online space within the shortest time period.
This is because the data about your IP address, your contacts, and your preferences have been sold to several advertisers to allegedly “improve your experience”. In reality, what's actually happening is that your behavior is being influenced, and so are your spending habits.
In addition, if you're using Gmail for work, as part of the G Suite product it sees all your corporate data, including proprietary and confidential information. A free service is never a good idea when it comes to information security. Google might take its security very seriously, but at the age where hacking is becoming an everyday occurrence, you don't want to risk it.
Finally, all your activity on websites for which you're using a Google account and a Gmail address to log on to are visible to Google. And since Google accounts are available for most portals, pretty much all your online activities can be viewed by Google. This kind of intrusion feels particularly painful in the digital age where privacy seems to becoming second to profit more and more often.
A picture is worth a thousand words – or in Google's case, bytes of information about you and your private life. Google is very good at scanning the metadata of your photos and determining the location, the activity and even the people on the photos. That, on the one hand, makes the search of your favorite memories more convenient. On the other, however, it's Google's AI that's doing that analysis, not people, and it doesn't always make the correct determinations. Plus, your photos almost always contain personal information that you're willingly providing to the Internet giant. Although Google says isn't currently using your photos for advertising purposes, there is nothing to suggest it might not do so in the future.
You might have an easy time with quitting Facebook, but it's much harder to leave Google without severe restrictions on the convenience of internet usage. If, for instance, you're using the Uber app, you're exposed to Google because the company uses Google Maps for the driver to find you. And that's just one example of many. Alternatives to Google do however exist, such as DuckDuckGo and Tutanota.
I didn't cover the rest of the Google apps like Google Docs, Google Assistant, Analytics, and YouTube, but it's safe to say that the majority of them operate in the same way. Free they may be – but Google still needs to make money. And your data is the biggest asset with which they do so.