Thoughts on monetising user data

Aral Balkan asked me to “cut to the chase, Bruce: do you find anything wrong with the business models of Facebook & Google (monetising data)?”

It’s something I’ve been thinking a lot about, but it needs more than 140 characters, so here goes. Note that these are my personal opinions. I work for Opera, which has business relationships with Google, Facebook, and its own advertising arm of the business.

But I also use Google and Facebook services privately so have my own views as a user; again, these are my opinions, not those of my employers.

I work on the web, but at home on my own, so I use Facebook and Twitter a lot. Not only is it useful for discussing work, but it’s my “watercooler”. I don’t mind that the personal stuff I write is publicly available, although I keep my location secret and no longer put the names of my kids online. (Facebook stuff isn’t public. I only really use it as it’s where non-geek real-life friends are.)

I don’t much mind that Google tracks my searching habits around the Web (although I would pay money not to have to watch Treehouse Woman again on YouTube, because she’s too shinyhappy, and puts her coffee down on a wooden surface without using a coaster).

The annoyance I find is offset by the fact that I understand why they do this; it’s how they make money to support the services I use for free, which are primarily Search, Gmail and YouTube. (I get no benefit from Google+.)

In short – I understand that “I am the product being sold”, and am OK with that. Similarly, I’m fine with getting tailored money-off vouchers for products that I use, sent to me by supermarkets who know what I use because they monitor it. I opt in, because I see value in that. You may not; that’s fine.

As long as the companys’ privacy settings are both clear, and honoured by the company, I don’t see this data gathering and data mining as inherently intrusive. I’m not sure that all companies privacy settings are sufficiently clear, however; I read a case study some years ago in which a good-sized sample of people were asked what privacy settings they had on their social networking, and it was compared with the actual setting – very few matched. The Facebook Android app permissions are certainly opaque.

Perhaps companies that do monetize data could make their privacy settings more transparent, and be even more obvious that the price of free is your data. But I think the latter is pretty obvious to those who give it a little thought; we can’t always handhold stupid people. There should certainly be a simple method to delete all one’s data and history from public view, and which will be removed from the company’s server/ archive within a defined period of time.

What annoys me most is when people or organisations use my data without my permission. For example, a few years ago, my wife had a minor car accident. Somewhere in the chain of insurance company, loss adjusters and repairs garage, our phone number was given to an unauthorised third party and occasionally I receive a phone call from a call centre trying to sell me “no win, no fee” ambulance-chasing legal services.

But beyond annoyance, what alarms me is secretive State intrusion into my life through my digital tracks. I assume that all companies – whether a supermarket loyalty scheme or a social network – regularly comply with warrants from law-enforcement agencies going about their legitimate work.

Let’s assume that the social networks and search engines, as they claim, don’t just hand over all their data to the governmental snoops. It then seems to me that, unless they’ve been fantastically lax with their security – which is certainly possible, but unlikely, given that it’s their core cash-generating asset – they can’t be blamed for the actions of the government.

We know from Edward Snowden that some companies’ data is just wholesale hacked by NSA, GCHQ and other state bodies. The legality of this is being debated in courts at the moment. The morality of this is clear (to me): it’s wrong. “If you’ve nothing to hide, you’ve nothing to fear” is the refrain of the KGB, the Gestapo and every despot across the globe.

Government intrusion isn’t new. When I was a teenager, I joined a communist party. My letters from them were always opened (and no others). Presumably, this was done actually by the UK Post Office on police orders – that is, complete collusion, even thought there was no warrant or reason to fear an idealistic but naive 17 year old. It’s also long been rumoured that the voting slips of all UK communist voters were cross-referenced against their counterfoils and the names of communist voters given to Special Branch and MI5.

In short, to answer Aral’s question: I don’t feel that commercial organisations using data that I’ve opted to provide them, for the purposes they said they’ll use if for, is wrong. It’s part of modern capitalism, which contains plenty I have to hold my nose about, but that’s a much longer blog post which I can’t be bothered to write.

The worrisome aspect is states illegally stealing our data from those companies, and putting us under constant surveillance, justified by keeping us safe from this year’s bogeymen.

But those same social networks and web companies allow us to share information on what they’re doing and organise in order to protest against it. The tension between individual liberty (I believe privacy is an integral part of liberty) and state control is not new. The threat may be greater because of technology, but the platform to fight it from is greater, too.

8 Responses to “ Thoughts on monetising user data ”

Comment by Jake Archibald

As you point out, paying for something does not prevent you being sold as a product. You can pay for cable TV or cinema tickets, but you’re still being sold to advertisers.

I’ve seen some suggesting that if you give data willingly to Google/Facebook, you deserve to have it stolen by the NSA. This is horrific victim-blaming.

I don’t pay for banking, but my bank trades with the money I store there. I do not deserve to have my money stolen because of this.

Comment by Luke Watts

Really great to see a post of this tone pop up, it pre-empts one of my own which would likely never quite get written.

I happily ‘pay’ for Google’s free services via search and browsing history as I see it being a fair trade(Maps, Search, Mail, Calendar, Drive, Docs). However I don’t use Facebook because in my own view, for the amount of information they are able to collect about me, it is not worth being able to ‘Like’ people. Though I know there must be a few people who happily make that trade off.

The idea of data gaining traction as a form of ‘currency’ is really interesting, and could really be instrumental in moving forward with the privacy discussion.
So if this is a modern currency, how does it work? Can we withdrawal it from institutes we’ve invested it in?
Potentially there are a myriad of values to it, some buyers may only be interested in current/live streams of behaviour whereas others may want huge amounts of historical data.

The main problem I see with this model is informed consent, there certainly needs to be a much wider discussion about getting users to understand the value of their data and protecting their right to withdrawal it.

This is secondary to the wholesale harvest of data by our democratically elected government via ISPs, which I believe is a more important conversation than corporations figuring out how they are going to pay for everything.

Comment by olivvv

We are terribly naive. If we look at past new tech, how much time did it take from idealistic engineering to terrific use ?

from cars to tanks ? from Wrights brothers planes to bombers ?
At what point do techies loose control ? at what point do they loose their soul ?

Yperite was created by nobel price laureate, fritz Haber. He also created the Zyklon B. He was a german jew and died in 1934 in exile.

He had no control over his brainchild.

We cannot expect secret service not to blow up their legal frame. They always do that, in every country. We cannot expect military industrial to not try to raise their businesses and power.

We, techies, have a vague awareness that some morally wrong stuff is going on, but we keep providing tools to these guys.

Comment by David

Then you trust the good and nice profit-seeking companies, but not the ugly and bad democratic governments ?

Comment by Bruce

@olivv “We, techies, have a vague awareness that some morally wrong stuff is going on, but we keep providing tools to these guys.” What’s your solution? That we uninvent the computer?

@David, I trust that the profit-seeking companies are sensitive enough to public opinion that they wouldn’t risk pissing their customers off too much, or they’d go elsewhere.

I don’t trust the security services, as it seems that they are unaccountable, undemocratic and operate above the law.

Comment by David

I work for a for-profit IT company and see how tempting and easy it is to use or abuse the data.
The purpose still is to get money.
And remember, you are not the customer of FB. The customers they’re trying not to piss off are the ones who can pay to have access to the data. And those can be, I don’t know… mafias i.e.

The purpose of the ones who govern us, on the other hand is getting reelected. We all are the customers, suppliers and shareholders of our country. We can fire the ones who mess up.

So your position is kind of the opposite of mine.

However, if the letters from my party (communist or not) would be opened, maybe I’d think like you. What a country you live in !
Get a new voting system. Majoritarian representation is terrible. :-)

Comment by Bruce


“The purpose of the ones who govern us, on the other hand is getting reelected. We all are the customers, suppliers and shareholders of our country. We can fire the ones who mess up.”

I wish that were true. But in the UK, both the main parties are authoritarian (it was the Labour Blair/ Brown governments that tried to bring in ID cards). And we can’t fire the Security Services.

Comment by olivvv

@bruce I think we could have watch and reat to some evolution much faster. For instance cookies were quickly used in a non-intended manner, with users tracked across multiple websites. Most users did ignore that.I think we should have fixed a long time ago.

Often it is being said that technologies are not bad by themselves, its only their uses by humans that can be bad.

I think such statement is wrong. Yes, intercontinental missiles can also be used to land astronautes on the moon and put science satellites in orbit. Thats the usual exemple.

Now lets look at continental missiles. No good use of such stuff. Pure shit.

Some tools are bad by themselves.

Design matters and it should strongly take into account that there is entities out there that have interestes very opposed to users.