Telcos and airlines collect our web browsing histories and sell our location data. TV companies gather our viewing histories to target us with personalised ads. Banks collate our transaction histories. Transport companies collect our calendars and address books.
Why? Sometimes they claim it’s to offer a better service. Other times, they sell it to whoever will buy it.
And while many of these big companies provide ways to opt-out of sharing our data with others, you’ll often only discover these opt-outs by reading through the fine print and legalese of their privacy policies.
If you already know how big companies track you, and what they do with your data, stop reading now. But if you’d like to understand the privacy policies of several household Australian consumer companies, read on …
Foxtel
If you’re a paying Foxtel cable TV subscriber, be warned: your TV habits are being logged and used to target you with advertising and marketing. Foxtel says it stores data that “may include information such as preference information and viewing habits and other usage data” and “this may include information on your favourite shows and channels.”
Further, Foxtel says it may use this viewing data “to deliver targeted marketing, advertising and content from Foxtel and third parties on Foxtel websites and Foxtel Services, as well as Foxtel advertising on third party sites, in each case relating to your preferences or interests.”
A slide deck uploaded to the internet by Australian data analytics company Quantium (since taken down), says Foxtel has data on “every click on the remote since January 2014” relating to 110,000 households.
What’s more, Foxtel acknowledges it also hands over data to “Foxtel Partners” Telstra and News Australia (News Corp) — but “how they use your personal information is subject to their privacy policies,” Foxtel said.
But if you don’t want your personal information going to the Foxtel Partners, “please contact us on 131 999 or by email at privacy@foxtel.com.au.” Foxtel customers can also opt out of the many of the things Foxtel does with its customers’ data here.
Qantas
According to Qantas’ privacy statement, the company collects a range of personal information about its customers, including how they use the company’s wi-fi internet. “If you use wifi in our lounges or onboard our aircraft, we collect information about you, your device and how you use the wifi service,” says the airline’s privacy statement, in order to send “marketing messages that we believe are relevant to you.”
In order to access wi-fi onboard Qantas planes, customers need to provide a name and seat number, according to Ketan Joshi, who was one of the first to highlight the privacy concerns around it. Mr Joshi studied science at Sydney University and works in communications. Qantas also collects information about customers’ use of in-flight entertainment systems (the displays containing movies and entertainment), the statement says.
And if you use Qantas’ website or mobile apps, your geolocation (your coordinates), mobile telephone number or ID, and details of how you use the website or app are also logged.
The company says it may also collect information “from public sources (for example, Census data) and combine this information with information that we hold about you.”
The airline says it may also disclose your personal information to data processors (including operators of global travel distribution systems and reservation systems), customer service providers, and “managers of our credit and financial products.”
Uber
Did you know that if you use the Uber app, you’ve probably given it constant access to your calendar and address book? Anyone who has split an Uber with another Uber user is likely to have given Uber access to their entire address book.
“If you permit the Uber app to access the address book on your device, we may collect names and contact information from your address book for purposes such as facilitating social interactions through our services,” Uber’s privacy policy says. “If you permit the Uber app to access the calendar on your device, we collect calendar information such as event title and description, your response (Yes, No, Maybe), date and time, location, and number of attendees.”
Uber says it collects address books “to enable features such as fare splitting, sharing your trip status, and [to] make personalised recommendations for you and other riders.”
Meanwhile, calendar data is collected “to suggest destinations based on your calendar events and to customise your Uber experience”. Yes, you can enable or disable contacts or calendar syncing at any time via the privacy settings menu in the Uber app, but “if you disable contacts syncing, you will not be able to use features that use your contacts information,” Uber warns.
Your location at any point in time, even when the app isn’t open, may also be collected and sent back to Uber “in certain regions.” Past reports have indicated that Uber uses this information to predict where passengers might be picked up so that it can position drivers around those areas.
“If you are a rider, Uber may collect location information when the Uber app is running in the foreground. In certain regions, Uber may also collect this information when the Uber app is running in the background of your device if this collection is enabled through your app settings or device permissions,” its policy says.
Vodafone
Vodafone, in its privacy policy, says information it collects about customers includes “websites you visit and online searches you do.” In other words, your web browsing history.
Why? According to testimony before the Senate in 2014, it’s so customers can keep track of how much of their mobile phone’s data allowance they use on particular websites. (It was implemented in the lead up to Australia’s mandatory metadata retention regime, which requires the metadata of all Australians to be stored for two years to assist law enforcement.)
If a customer visited YouTube.com, for instance, Vodafone now enables them to see how many megabytes of data they used on this video-sharing site by logging into their account.
The idea behind the move to collect browsing history was to resolve billing disputes. It’s unclear from the privacy policy if browsing history is used for any other purpose.
Virgin Australia
Virgin Australia says in its privacy policy that it may collect personal information about its customers from other people or organisations.
“This may include our related entities and … third parties that provide us with services under a white label arrangement, marketing agencies, data analytics and market research providers”.
It says it may also “combine and compare” personal information that it holds about its customers with other information collected from, or held by, others. “We do this to better understand your interests and preferences, which helps us to enhance your experience,” the airline says.
“We do this to identify products, services that may be of interest to you, personalise your experience and enhance the products and services offered by us, our related entities and our airline and non-airline partners. In these cases, both we and these third parties have an interest in researching and analysing the services our customers want and personalising our offers so we’re better able to provide products and services that are relevant to you. We may also use trusted service providers to undertake the process of creating these insights.”
Virgin also says it may make “completely automated decisions” on “certain matters”.
“For example, we (including service providers acting on our behalf, such as those who provide data analysis and business intelligence services) may assess existing or potential customers’ interest in us and our and related products/services by logging your interaction with us via our website, our advertisements, the submission of forms or the number of ‘clicks’ that you make on emails that we send you,” Virgin’s policy says.
“In certain circumstances, we disclose this information to our trusted partners … the outcome of these activities will help us and our trusted partners to develop insights about you and better understand your preferences and interests. We and our partners may make marketing decisions about you based on these insights.”
Telstra
Similar to Vodafone, Telstra says in its policy it may collect information about customers including “how you use our internet services, such as information about websites visited.” It also says it collects customers’ “location when you are using our products and services”.
While it’s unclear why Telstra collects browsing histories, the reason it collects location data recently become apparent when it was revealed that it was selling it in an aggregated form for analytics purposes. As part of a program called “Location Insights,” data available to Telstra’s clients could be broken down into 15 minute increments, and demographics broken down by age groups and gender.
In its privacy policy under the heading “development and analysis,” Telstra attempts to justify its collection and sharing of data it learns about customers through their use of its network. “It’s important we understand your information and communication needs,” it says. “One of the ways we do this is through using analysis business intelligence techniques.
“This gives us high level insights into things like usage patterns, network performance, demographic trends and other types of behavioural data. In many cases this information is aggregated and de-identified when analysed. We may share these anonymised insights with select partners. In some cases we may create insights with your information on an identified basis but in those cases we would need to do so with your consent…”
Telstra customers can opt out to sharing location data here.
Optus
Optus shares customers’ web browsing histories with an advertising-technology company within its group of companies, called Amobee. This ad-tech company uses the data to personalise ads.
Unlike Telstra and Vodafone, Optus does not explicitly state it collects browsing data, despite it being revealed that it does.
Optus’ privacy policy does not mention Amobee by name, but does state: “The Optus Group may aggregate and process personal information and de-identified system information to generate new insights about our network, products and customers … the Optus Group may also share these insights with third parties on a commercial or non-commercial basis. If you would like to have your data excluded from these activities, you can opt out…”
Optus customers can opt out of various Optus sharing activities here.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.