Sunday, when people had other things to do and
weren’t supposed to pay attention, PayPal sent its account holders
an innocuous-sounding email with the purposefully bland title,
“Notice of Policy Updates.” They didn’t want people to read it
– lest they come away thinking that the NSA, which runs the most
expansive spying dragnet in history, is by comparison a group of
choirboys.
The email started with corporate blah-blah-blah
on privacy, that they were “constantly” changing things “to
give you more of what you want and improve your experience using us.”
Got
it. This is going to be for your own good.
The
email further discourages you from diving into it: So “this might
not be your favorite stuff to read… but if you are interested take
a look.” And this having gone out on a Sunday: “if you have other
pressing things to do we’ll understand.” The click-through ratio
of that
link to these policy changes must have been near absolute
zero. So I clicked on it.
Once on that page, you have to dig through some
dry verbiage before you get to what they cynically call their
“Privacy Policy.” Turns out, PayPal is a giant data hog.
It already has the information you hand over
when you sign up, including your name, “detailed personal
information such as date of birth,” address, phone number, banking
and/or credit card information. It further collects information about
all “your transactions and your activities.”
When you get on a PayPal site or use its
services, it collects “information sent to us by your computer,
mobile phone or other access device.” This “includes but is not
limited to” (so these are just examples): “data about the pages
you access, computer IP address, device ID or unique identifier,
device type, geo-location information, computer and connection
information, mobile network information, statistics on page views,
traffic to and from the sites, referral URL, ad data, and standard
web log data and other information.”
You
read correctly: “and other information” –
anything it can get.
PayPal also collects personal data by putting
cookies, web beacons (“to identify our users and user behavior”),
and “similar technologies” on your device so that you can be
tracked 24/7 even if you’re not using PayPal’s services, and even
if you’re not on any of its sites.
Wait, “similar technologies?” By clicking
on another link, you find out that they include pernicious “flash
cookies,” newfangled “HTML 5 cookies,” and undefined “other
web application software methods.” Unlike cookies, they “can
operate across all of your browsers.” And you can’t get rid of
these spy technologies or block them through your browser the way you
get rid of or block cookies. You have to jump through hoops to deal
with them, if they can be dealt with at all.
In
addition, PayPal sweeps up any information “from or about you in
other ways,” such as when you contact customer support and tell
them stuff, or when you respond to a survey (Just
Say No), or when you interact “with members of the eBay Inc.
corporate family or other companies.” Yup, it sweeps up information
even when you interact with other
companies!
It may also “obtain information about you
from third parties such as credit bureaus and identity verification
services.” And it may “evaluate your computer, mobile phone or
other access device to identify any malicious software or activity.”
So they’re snooping around your devices.
And when you download or use PayPal’s apps to
your smartphone, or access its “mobile optimized sites,” it
collects location data along with a host of other data on your mobile
device, including the unique identifier that ties it to you
personally in order to manipulate search results and swamp you with
location-based advertising “and other personalized content,” or
whatever.
After vacuuming up all this information “from
or about you,” PayPal will then “combine your information with
information we collect from other companies” and create a
voluminous, constantly growing dossier on you that you will never be
able to check into.
Who
all gets your personal information that PayPal collects? You guessed
it.
First,
it defines “personal information.” Turns out, much of your
personal information is
not“personal
information”: any information that PayPal has “made anonymous”
– we already know how anonymous that really is – is not “personal
information,” and thus can be freely shared with or sold to
whomever. And it shares the remaining “personal information”
with:
- eBay and its affiliates
- Contractors that “help with,” among other things, “marketing and technology services”
- Financial outfits (such as GE Capital) that help decide, for example, if you should receive pre-approved credit-card offers
- Credit bureaus and collection agencies, which get your account information
- Companies PayPal might merge with or be acquired by. There goes your entire dossier. You can’t stop it from being sold to the new entity, which might be a Chinese company.
- A basket of our favorite law enforcement and government agencies and “other third parties pursuant to a subpoena, court order, or other legal process….”
You
can’t opt out of their PayPal’s apparatus.
You can only opt out of receiving their ads and
pitches. And activating that “do not track” function in your
browser to keep PayPal off your back? No way José. “We do not
currently respond to DNT signals,” it says laconically.
So,
if you don’t like being surveilled like that, you’re still free
to close your PayPal account. But that’s not going to wipe out the
information PayPal has collected “from or about you,” and its
automatic systems continues to collect data through cookies, beacons,
and “similar technologies,” and through the sophisticated spy
capabilities that are part of any smartphone worth its salt
[hilarious video.... iPhone 5nSa].
PayPal
will simply mark your account as “closed” and you can’t get
into it anymore, but it will “retain personal information from your
account for a certain period of time” – probably forever – to
do all sorts things, including “take other actions as required or
permitted by law.” Yup, as permitted
by law.
It won’t do anything illegal with it. That’s the only promise.
Alas, there aren’t exactly a lot of legal restrictions in the US on
what companies can do with personal data.
PayPal is not unique. They’re all doing it.
They’re part of the enormously hyped bubble of Big Data whose
business model is to collect and monetize your personal information,
which has become part of a new asset class. And seeing this, the NSA
is dying of data envy.
But
government agencies are already on a roll with off-the-shelf
surveillance technologies, and they justify them with peculiar
rationales: According to the LA Police Department, anyone driving a
car in the greater Los Angeles Metropolitan area is automatically
part of a vast criminal investigation! Read…. Los
Angeles Cops Argue ALL Cars in LA Are Under Investigation
No comments:
Post a Comment