Are you data-aware?

The only thing GDPR has achieved is showing us how little control we really have over our personal data and how difficult it is to manage.

Since it came into being, websites have used every devious way possible to make it virtually impossible to find out what they are doing and what we can do about it. Many started off with a simple privacy statement and easy opt-outs, but that soon escalated to wading through many pages, far too much text to be bothered with and controls hidden in their murkiest depths. You are even told to visit other sites that will give you much of the same, so impossible to control.

Many sites won’t even let you continue unless you agree to their data harvesting. Many sites opt-outs don’t work at all.

Then if you regularly clear out temporary files and cookies, you have to start again.

Opting in or out to marketing is another pitfall. You might be happy to receive marketing emails from a company, but not all its partners and this is not always made clear. If I can’t opt out of ‘selective partners’, I don’t opt in at all.

When GDPR was introduced, every operating system should have released a user interface to give us real control over our personal data so we could build up our own databases of who was allowed to pry into our lives and online travels. Websites could ask and be told NO once and for all.

2

|

Reply

Kevin says:

https://www.which.co.uk/help/our-policies-and-standards/1975/which-privacy-notice

Taking a look at Which’s policies I’m quite surprised to find the following. I wasn’t even aware that Which were engaging with commercial retailers to foist more junk on me, since I’m paying a subscription I DON’T expect to be the product:

Buried amongst the long list:
*** to develop and carry out marketing activities and competitions;
*** to serve you adverts on other websites about things which you’ve shown an interest in on our own website, or relating to campaigns you have interacted with;

And under cookie policy (by the way set to default ON), at the bottom of the page, expand the list:
https://www.which.co.uk/help/our-policies-and-standards/1979/our-cookies-policy-your-cookies-preferences

Under “Advertising & Targeting cookies”:
An example of the many third parties is Lead Intelligence:
“These are cookies used by Lead Intelligence – a lead management platform that streamlines the lead buying and management process for agencies and advertisers providing them with significantly more insight and reliability.”

Excuses that your data is anonymised are dubious since it’s notoriously difficult to effectively anonymise data, especially now in the world of big data when this stuff is cross referenced so easily. If a consumer rights organisation is adopting a rather cavalier attitude, what are the likes of Facebook/google etc up to?

0

|

Reply Hide replies ∧

George Martin says:

Hi Kevin. Our apologies for the delay while we consulted the relevant teams to address these concerns. We now have a full response, which I’m able to share with you below. Thank you for your patience.

Like most organisations, Which? carries out a number of marketing activities via post, email and digital channels. This is always carried out to support our own products and services, and never to facilitate other companies targeting you. Beyond our base of members we want to continue to promote our products, services, tools and advice to a wider range of consumers. As a not-for-profit charitable organisation all the money we make from our commercial operations, including the revenue from our membership subscriptions, is used to support the activities of the Which? Group, not least the campaigning and lobbying work we do on behalf of consumers.

We use platforms such as Google, Bing, Facebook and Amazon as primary sources to locate new people likely to be interested in what we offer, and to serve them with relevant adverts on those platforms. We also use them to serve adverts on people who may have visited our site(s) to encourage them to return. Users can of course opt out of such activity by switching off cookies in our websites or the platforms’ websites as appropriate. Cookies dropped in relation to this activity allow us to effectively track our performance and ensure that our limited marketing money is spent efficiently. On occasion we do use other 3rd parties to conduct such activities on our behalf – you mentioned Lead Intelligence as an example of such a 3rd party, but we can report that this arrangement is no longer in place and we have updated the Cookies Policy to reflect this.

The only cookies defaulted to On are those classified as “Essential & Performance” cookies. Cookies relating to Insight and Advertising & Targeting are defaulted to Off at the point of entry to the site – as per our initial Cookie message, these will only be dropped if you click OK or continue to browse or use the site. Plus, you can of course turn them off at any time via the Consent tool.

We can assure you that data collected via cookies is anonymised with nothing classified as personally identifiable.

-1

|

Reply

malcolm r says:

@gmartin, George – good morning 🙂
“The only cookies defaulted to On are those classified as “Essential & Performance” cookies. Cookies relating to Insight and Advertising & Targeting are defaulted to Off ….“.

I’ll take issue with this. I have never thought about cookies on the Which? site, nor thought to try and find them. So have not changed mine. However, when I just looked both “User experience and insight cookies” and “Advertising and targeting cookies” are set to “active”. Not of my doing.

I’ll also be quite unkind in response to this statement: “As a not-for-profit charitable organisation all the money we make from our commercial operations, including the revenue from our membership subscriptions, is used to support the activities of the Which? Group, not least the campaigning and lobbying work we do on behalf of consumers.“. A pity, then , that those activities included a failed venture in India and a failed mortgage advice operation that wasted getting on for £40 million that would (should) have been more prudently used, let alone the trivial £2.4 million paid in bonuses to support….. four staff.

Sorry, it’s a dull morning 🙁

p.s. this comment would be more appropriately made in a Convo only available to Which? Members as it is critical of the organisation’s competence and rewarding ethos, something best kept from public view – if only there were one.

2

|

Reply

NFH says:

I find the ICO to be ineffective at enforcement. For example, Three (mobile network) fails to make usage history available online to prepaid customers, only to postpaid customers. If one makes a GDPR request to Three for one’s personal usage data (including charge data), then Three sends the usage history, but incorrectly populates the charge column with 0 for every item of usage, which is blatantly false data, particularly on a prepaid account with no bundles where every item of usage is individually chargeable. When I reported this to the ICO, the ICO’s response was pathetic and it made no effort to require Three to comply with the GDPR, despite this affecting a large number of customers.

1

|

Reply

NFH says:

I also made another complaint to the ICO about Uber on 12th February 2019, to which I have still not even received an acknowledgement from the ICO. I am consistently disappointed with the ICO.

1

|

Reply

h says:

4 June 2019

A few questions for Steve Wood

Why are some companies allowed to ask employees to give them Power of Attorney over their own personal bank accounts as a condition of being made manager?

They can’t even withdraw money for food and water without permission from company accountants and senior managers after they agree

Why aren’t tracking pixels, which are tiny invisible pictures 1×1 pixels in size, loaded by advertising company websites, addressed properly in ICO policy? Most of you know about tracking cookies, but I never see tracking pixels mentioned, and those have been around for years

If you visit a website using a browser that has all cookies turned off, you will still be tracked because adverts also load the invisible pixel picture from the advertiser’s website

Saying no to cookies doesn’t stop the tracking picture from being sent to your computer

0

|

Reply

Castle says:

4 June 2019

Earlier this year I was sent a number of unsolicited marketing emails from the same company. Since I wasn’t a customer of the company I sent them a Subject Access Request, (SAR), to find out where they had got my details from. The company refused to reply to my SAR unless I provided them with a copy of my passport, which I naturally refused.

I asked for help from the ICO who have now replied to tell me that the company is right; if you don’t provide a copy of your passport then the company doesn’t have to reply.

2

|

Reply

Kevin says:

Taking a look at Which’s policies I’m quite surprised to find the following link. I wasn’t even aware that Which were engaging with commercial retailers to foist more junk on me, since I’m paying a subscription I DON’T expect to be the product:

…/help/our-policies-and-standards/1975/which-privacy-notice

Buried amongst the long list:
*** to develop and carry out marketing activities and competitions;
*** to serve you adverts on other websites about things which you’ve shown an interest in on our own website, or relating to campaigns you have interacted with;

And under cookie policy (by the way set to default ON), at the bottom of the page, expand the list:
…/help/our-policies-and-standards/1979/our-cookies-policy-your-cookies-preferences

Under “Advertising & Targeting cookies”:
An example of the many third parties is ‘Lead Intelligence’:
“These are cookies used by Lead Intelligence – a lead management platform that streamlines the lead buying and management process for agencies and advertisers providing them with significantly more insight and reliability.”

Excuses that your data is anonymised are dubious since it’s notoriously difficult to effectively anonymise data, especially now in the world of big data when this stuff is cross referenced so easily. If a consumer rights organisation is adopting a rather cavalier attitude, what are the likes of Facebook/google etc up to?

2

|

Reply Hide replies ∧

pa says:

Isn’t it surprising?

Which kept quiet about the whole thing.

Not very honest, are they?

0

|

Reply

Kevin says:

I originally submitted this on 31st May, 10 days ago, with the full Which URL’s, but it’s been on “Your comment is awaiting moderation – we’ll get to it as soon as we can” status. Despite contacting them a few days ago, the original is still, shall we say, ’embargoed’.

Ironic given the topic and author.

2

|

Reply

DerekP says:

Kevin, as you seem to have discovered, any full web links sentence posts to “moderation” but posts with incomplete stub links usually appear immediately.

0

|

Reply

alfa says:

I see another of my posts has been removed with no explanation.

Removed and held posts are becoming a bit of a problem. By the time they are released their dates put them way down the pecking order so nobody knows they are there.

1

|

Reply

alfa says:

Hi Kevin,

We had a discussion about this last year you might be interested to read.
https://conversation.which.co.uk/home-energy/the-lobby/#comment-1532445

The page has been migrated but does work eventually if you keep refreshing it.

1

|

Reply

Kevin says:

Hi Alfa, thanks for the link, as you say, a couple of refreshes necessary.
The quoted policies I referred to do not seem to be in strict alignment with the policies as stated by Which’s Adam Gillet?
I don’t have a problem with functional cookies, but the Which policy doesn’t restrict the use of them, and explicitly allows marketing and targeted advertising.
The answer here has got to be to NOT collect the data in the first place unless there’s a specific, risk assessed requirement for it.

2

|

Reply

malcolm r says:

The post just dropped on my doormat, urging me to join Nextdoor for my parish – a “free online network sharing recommendations for traders, discuss safety and local issues, plan neighbourhood events, post things for sale, and much more”“.

It all sounds very good. I looked at the websire and find “With offices in San Francisco, London and Amsterdam, Nextdoor was founded in 2010 and is funded by Benchmark Capital, Greylock Partners, Kleiner Perkins Caufield & Byers, Tiger Global Management, and Shasta Ventures as well as other investors and Silicon Valley angels.“. “As of December 2017 Nextdoor had raised $285 million in financing.[16] About $75 million in new funding announced that month put its valuation at $1.5 billion” (Wiki). My suspicious mind tells me that they will have a way of making money from this operation, presumably from knowledge of those who register. so despite the attraction I’m wary of joining in.

Does anyone – Which? – know anything about this operation?

0

|

Reply Hide replies ∧

alfa says:

Do you remember Streetlife? It was a really useful forum that could be based in your area for discussing local issues.

Streetlife was bought by Nextdoor and the way it worked totally changed. I don’t know if it still the same, but it was too invasive of your privacy, you could no longer be anonymous and your address was shown to everybody else on the site.

0

|

Reply

malcolm r says:

alfa, thanks. My impression as well.

0

|

Reply

malcolm r says:

Here’s a bit about it:
https://www.komando.com/tips/392828/how-to-protect-your-privacy-on-neighborhood-sites-like-nextdoor/all

0

|

Reply

alfa says:

Best steered clear of methinks.

1

|

Reply

John Ward says: