Christl Networks K .indd

Transcript

1 Wolfie Christl, Sarah Spiekermann Networks of Control

2

3 Wolfie Christl, Sarah Spiekermann Dingliche Kreditsicherheiten in der Insolvenz in Mittel- und Networks of Control Osteuropa A Report on Corporate Surveillance, Digital Tracking, Big Data & Privacy herausgegeben von Dr. Martin Winner Universitätsprofessor an der WU Wien und Dr. Romana Cierpial-Magnor Senior Scientist an der WU Wien Wien 2016 Wien 2016

4 Contents Preface ... ... 7 Introduction ... 1. ... 9 Analyzing Personal Data ... ... 11 2. 2.1 Big Data and predicting behavior with statistics and data mining ... ... 11 2.2 ... ... 13 Predictive analytics based on personal data: selected examples The “Target” example: predicting pregnancy from purchase behavi or ... 14 2.2.1 Predicting sensitive personal a ttributes from Facebook Likes ... . 14 2.2.2 2.2.3 Judging personality from phone logs and Facebook data ... ... ... 16 ... 19 2.2.4 Analyzing anonymous website visitors and their web searches ... Recognizing emotions from keyboard typing patterns ... ... ... 20 2.2.5 2.2.6 ... ... 20 Forecasting future movements based on phone data ... 2.2.7 Predicting romantic relations an d job success from Facebook dat a ... 21 2.3 De-anonymization and re-identification ... ... ... 21 3. Finance, Insuran ce and Work ... 24 Analyzing Personal Data in Marketing, ds ... ... 25 3.1 Practical examples of predicting personality from digital recor Credit scoring and personal finance ... ... ... 28 3.2 3.3 and workforce analytics ... ... ... 31 Employee monitoring, hiring Insurance and healthcare ... ... ... 35 3.4 3.5 Fraud prevention and risk management ... ... ... 38 3.6 ... ... 41 Personalized price discrimination in e-commerce ... Recording Personal Data – De vices and Platforms ... 45 4. 4.1 Smartphones, mobile devices and apps – spies in your pocket? .. ... ... 46 4.2.1 Data abuse by apps ... ... ... 48 4.2 Car telematics, tracking-based insurance and the Connected Car ... ... 52 Wearables, fitness trackers and h 4.3 ealth apps – measuring the sel f ... ... 58 Bibliografische Information Der Deutschen Nationalbibliothek 4.3.1 veillance and influence on beha vior ... 60 A step aside – gamification, sur Example: Fitbit’s devices and apps ... 4.3.2 ... ... 62 Alle Angaben in diesem Fachbuch erfolgen trotz sorgfältiger Bearbeitung ohne Gewähr, ... 64 ... Transmitting data to third parties ... 4.3.3 eine Haftung der Herausgeber oder des Verlages ist ausgeschlossen. / Every effort has been made to ensure the accuracy of the texts printed in this book. The editors and 4.3.4 Health data for insurances and corporate wellness... ... ... 65 the publisher accept no liability in the case of eventual errors. ... 4.4 Ubiquitous surveillance in ... 69 an Internet of Things? ... 4.4.1 72 ... Examples – from body and home to work and public space ... Copyright © 2016 Facultas Verlags- und Buchhandels AG Data Brokers and the Business of Personal Data... 76 5. facultas Universitätsverlag, 1050 Wien, Österreich 5.1 The marketing data economy and the value of personal data ... ... 76 ... 80 5.2 ... Thoughts on a ‘Customers’ Life time Risk’ – an excursus ... Alle Rechte, insbesondere das Recht der Vervielfältigung und der Verbreitung sowie der Übersetzung, sind vorbehalten. / This work is subject to copyright. All rights ... 82 scoring and fraud detection ... From marketing data to credit 5.3 ... are reserved, specifically those of reprinting, broadcasting and translation. 5.4 ... 84 Observing, inferring, modeling and scoring people ... ... 5.5 ... 87 ... ta management platforms ... Data brokers and online da Titelbild/Cover photo: © B.A.C.K. Grafik- und Multimedia GmbH 5.6 Cross-device tracking and linkin g user profiles with hidden ide ntifiers ... ... 90 Bild/photo Wolfie Christl: © CC-BY Ivan Averintsev ... 94 Case studies and exa mple companies ... 5.7 ... Bild/photo Sarah Spiekermann: © privat Acxiom – the world's largest com mercial database on consumers . 5.7.1 ... 94 Satz und Druck: Facultas Verlags- und Buchhandels AG 5.7.2 ... 9 7 Oracle and their consumer data brokers Bluekai and Datalogix .. Printed in Austria 01 ... 1 5.7.3 Experian – expanding from credit scoring to consumer data ... ISBN 978-3-7089-1473-2 y ... 104 arvato Bertelsmann – credit scoring and consumer data in German 5.7.4 5

5 Contents Preface ... ... 7 Introduction ... 1. ... 9 Analyzing Personal Data ... ... 11 2. 2.1 Big Data and predicting behavior with statistics and data mining ... ... 11 2.2 ... ... 13 Predictive analytics based on personal data: selected examples The “Target” example: predicting pregnancy from purchase behavi or ... 14 2.2.1 2.2.2 ttributes from Facebook Likes ... . 14 Predicting sensitive personal a 2.2.3 Judging personality from phone logs and Facebook data ... ... ... 16 ... 19 2.2.4 Analyzing anonymous website visitors and their web searches ... Recognizing emotions from keyboard typing patterns ... ... 2.2.5 ... 20 2.2.6 Forecasting future movements based on phone data ... ... ... 20 2.2.7 Predicting romantic relations an d job success from Facebook dat a ... 21 2.3 ... ... 21 De-anonymization and re-identification ... Finance, Insuran ce and Work ... 24 3. Analyzing Personal Data in Marketing, Practical examples of predicting personality from digital recor ds ... 3.1 ... 25 3.2 Credit scoring and personal finance ... ... ... 28 3.3 Employee monitoring, hiring and workforce analytics ... ... ... 31 3.4 ... ... 35 Insurance and healthcare ... 3.5 Fraud prevention and risk management ... ... ... 38 3.6 Personalized price discrimination in e-commerce ... ... ... 41 4. Recording Personal Data – De vices and Platforms ... 45 Smartphones, mobile devices and apps – spies in your pocket? .. ... ... 46 4.1 ... 4.2.1 Data abuse by apps ... ... 48 4.2 ... ... 52 Car telematics, tracking-based insurance and the Connected Car Wearables, fitness trackers and h f ... ... 58 4.3 ealth apps – measuring the sel A step aside – gamification, sur vior ... 60 4.3.1 veillance and influence on beha ... ... 62 4.3.2 Example: Fitbit’s devices and apps ... Transmitting data to third parties ... ... ... 64 4.3.3 4.3.4 ... ... 65 Health data for insurances and corporate wellness... an Internet of Things? ... ... ... 69 4.4 Ubiquitous surveillance in Examples – from body and home to work and public space ... 4.4.1 72 ... 5. Data Brokers and the Business of Personal Data... 76 5.1 The marketing data economy and the value of personal data ... ... 76 5.2 time Risk’ – an excursus ... ... ... 80 Thoughts on a ‘Customers’ Life scoring and fraud detection ... ... ... 82 5.3 From marketing data to credit Observing, inferring, modeling and scoring people ... ... 5.4 ... 84 5.5 Data brokers and online da ta management platforms ... ... ... 87 5.6 Cross-device tracking and linkin g user profiles with hidden ide ntifiers ... ... 90 5.7 Case studies and exa mple companies ... ... ... 94 5.7.1 Acxiom – the world's largest com mercial database on consumers . ... 94 5.7.2 Oracle and their consumer data brokers Bluekai and Datalogix .. ... 9 7 Experian – expanding from credit scoring to consumer data ... ... 1 01 5.7.3 y ... 104 arvato Bertelsmann – credit scoring and consumer data in German 5.7.4 5 5

6 5.7.5 LexisNexis and ID Analytics – scoring, identity, fraud and cred it risks ... 106 Preface tional security, banks and insu 5.7.6 rers ... 108 Palantir – data analytics for na Alliant Data and Analytics IQ – payment data and consumer score 5.7.7 s ... 109 ooks into how life insurers started to In his book “How Our Days Became Numbered” historian Dan Bouk l Lotame – an online data management platform (DMP) ... . 110 ... 5.7.8 end of the nineteenth century. A few companies predict people’s lives and their relative risk of death at the 5.7.9 Drawbridge – tracking and recogn izing people across devices ... ... 111 models and rough demographic information. started to quantify, sort and rate people, based on statistical which serve to characterize each Today, a vast landscape of partially interlinked databases has emerged ... 112 5.7.10 Flurry, InMobi and Sense Networks – mobile and location data .. credit card, or our ‘smart’ TV sets detailed one of us. Whenever we use our smartphone, a laptop, an ATM or Adyen, PAY.ON and others – payment and fraud detection ... ... 1 5.7.11 15 information is transmitted about our behaviors and movements to servers, which might be located at the ... MasterCard – fraud scoring and marketing data ... 5.7.12 ... 116 tions is monitored, analyzed and assessed by a other end of the world. A rapidly growing number of our interac y companies we have rarely ever heard of. network of machines and software algorithms that are operated b 6. Summary of Findings and Discussion of its Societal Implications ... 118 consent, our indivi dual strengths and and hardly with our effectively informed Without our knowledge ... 119 ... Ubiquitous data collection ... 6.1 es, successes, secrets and – most importantly – tunes, illness s, miseries, for weaknesses, interests, preference A loss of contextual integrity ... ... ... 120 6.2 purchasing power are surveyed. If we don’t score well, we are not treated as equal to our better peers. ... The transparency issue ... 6.3 ... 121 We are categorized, excluded and sometimes invisibly observed b y an obscure network of machines for ... Power imbalances ... ... 123 6.4 ractices. having any control over such p potential misconduct and without ... 124 6.5 Power imbalances abused: systematic discrimination and sorting ... While the media and special interest groups are aw are of these developments for a while now, we 126 ... themselves ... Companies hurt consumers 6.6 and believe that the full degree and has not abuse scale of personal data collection, use and – in particular – 6.7 ... 127 ... Long term effects: the end of dignity? ... is the gap we want to close with been scrutinized closely enough. This the study presented in this book. ... 129 ... Final reflection: From voluntary to mandatory surveillance? ... 6.8. A time, where a new scale of corporate t an important moment in time. Our investigation is published a 7. Ethical Reflections on Personal Data Markets (by Sarah Spiekermann) ... 131 of smartphones, apps, social networks and e, amplified by the rising use surveillance is becoming effectiv ... 131 ... 7.1 A short Utilitarian reflect ion on personal data markets ... ambient intelligence devices. Many of today’s devices and servi ces are deeply embedded in our private lives. In the early 2000s, we could believe that turning the computer off or not using a mobile phone would protect ... 133 ... tion on personal data markets . 7.2 A short deontological reflec our privacy. Many people believed that if they did not have a s hare in the digital world their lives would not be ... 7.3 A short virtue ethical refle ction on personal data markets ... 136 affected by it. But, as this report shows in detail, old player s in fields such as dire ct marketing, loyalty ... 138 ... 7.4 Conclusion on ethical reflections ... increasingly teaming up with the new online programs, credit reporting, insurance and fraud prevention are ... 139 Recommended Action ... 8. players and their pervasive data ecosystems. They make use of o ur clicks and swipes and link them with our ... 140 ... 8.1 Short- and medium term aspects of regulation ... “offline” purchases. Specialized data companies help others to recognize us across devices and platforms and tributes to an ongoing evaluation of how . Each of our interactions con provide access to behavioral data ... 144 ... 8.2 Enforcing transparency from outside the “black boxes” ... “valuable” or potentially “risky” we might be for companies. Al gorithmic decisions based on our personal data 8.3 Knowledge, awareness and education on a broad scale ... ... ... 145 . Those of us presumed options, opportunities and life-chances play an increasingly important role for our 8.4 A technical and le gal model for a privacy-friendly digital economy ... ... 147 k of personal data market playe rs and their machines can expect to face unworthy by the invisible networ List of tables ... ... 151 1 serious disadvantages. They have been categorized as “waste” by data brokers. List of figures ... ... 152 While we were writing this repor t and analyzing all the facts f or it, we became increasingly appalled. While References ... ... 155 both of us have been working on privacy for a while and are awa re of what is happening, the pure scale of it has overwhelmed us. We are wonde ous data-driven IT world makes us ring whether the modern ubiquit sacrifice our dignity. The reade rs of this book shall decide fo r themselves. The title “Networks of Control” is justified by the fact that t here is not one single corpo rate entity that by itself controls today’s data flows. Man ge scale to complete their profiles about us y companies co-operate at a lar through various networks they ha ve built up. The profiles they trade are filled with thousands of attributes per person. These networked databases are not only abused to di scriminate against people with specific profile attributes, but also attempt to make us change our behavior at scale . Data richness is increasingly used to correct us or incentivize us to correct ourselves. It i s used to “nudge” us to act differently. As a result of nomy suffers. Very swiftly we lose control of this continued nudging, influencing and incentivation, our auto 1 ome. New York Times, June 16, Singer, Natasha (2012): Mapping, and Sharing, the Consumer Gen 2012. Online: http://www.nytimes.com/2012/06/17/technology/acxi om-the-quiet-giant-of- consumer-database-marketing.html 6 7 6

7 LexisNexis and ID Analytics – scoring, identity, fraud and cred it risks ... 106 5.7.5 Preface tional security, banks and insu 5.7.6 rers ... 108 Palantir – data analytics for na Alliant Data and Analytics IQ – payment data and consumer score 5.7.7 s ... 109 ooks into how life insurers started to In his book “How Our Days Became Numbered” historian Dan Bouk l Lotame – an online data management platform (DMP) ... . 110 ... 5.7.8 end of the nineteenth century. A few companies predict people’s lives and their relative risk of death at the 5.7.9 Drawbridge – tracking and recogn izing people across devices ... ... 111 models and rough demographic information. started to quantify, sort and rate people, based on statistical which serve to characterize each Today, a vast landscape of partially interlinked databases has emerged ... 112 5.7.10 Flurry, InMobi and Sense Networks – mobile and location data .. credit card, or our ‘smart’ TV sets detailed one of us. Whenever we use our smartphone, a laptop, an ATM or Adyen, PAY.ON and others – payment and fraud detection ... ... 1 5.7.11 15 information is transmitted about our behaviors and movements to servers, which might be located at the ... MasterCard – fraud scoring and marketing data ... 5.7.12 ... 116 tions is monitored, analyzed and assessed by a other end of the world. A rapidly growing number of our interac y companies we have rarely ever heard of. network of machines and software algorithms that are operated b 6. Summary of Findings and Discussion of its Societal Implications ... 118 consent, our indivi dual strengths and and hardly with our effectively informed Without our knowledge ... 119 ... Ubiquitous data collection ... 6.1 es, successes, secrets and – most importantly – tunes, illness s, miseries, for weaknesses, interests, preference A loss of contextual integrity ... ... ... 120 6.2 purchasing power are surveyed. If we don’t score well, we are not treated as equal to our better peers. ... The transparency issue ... 6.3 ... 121 We are categorized, excluded and sometimes invisibly observed b y an obscure network of machines for ... Power imbalances ... ... 123 6.4 ractices. having any control over such p potential misconduct and without ... 124 6.5 Power imbalances abused: systematic discrimination and sorting ... While the media and special interest groups are aw are of these developments for a while now, we 126 ... themselves ... Companies hurt consumers 6.6 and believe that the full degree and has not abuse scale of personal data collection, use and – in particular – 6.7 ... 127 ... Long term effects: the end of dignity? ... is the gap we want to close with been scrutinized closely enough. This the study presented in this book. ... 129 ... Final reflection: From voluntary to mandatory surveillance? ... 6.8. A time, where a new scale of corporate t an important moment in time. Our investigation is published a 7. Ethical Reflections on Personal Data Markets (by Sarah Spiekermann) ... 131 of smartphones, apps, social networks and e, amplified by the rising use surveillance is becoming effectiv ... 131 ... 7.1 A short Utilitarian reflect ion on personal data markets ... ambient intelligence devices. Many of today’s devices and servi ces are deeply embedded in our private lives. In the early 2000s, we could believe that turning the computer off or not using a mobile phone would protect ... 133 ... tion on personal data markets . 7.2 A short deontological reflec our privacy. Many people believed that if they did not have a s hare in the digital world their lives would not be ... 7.3 A short virtue ethical refle ction on personal data markets ... 136 affected by it. But, as this report shows in detail, old player s in fields such as dire ct marketing, loyalty ... 138 ... 7.4 Conclusion on ethical reflections ... increasingly teaming up with the new online programs, credit reporting, insurance and fraud prevention are ... 139 Recommended Action ... 8. players and their pervasive data ecosystems. They make use of o ur clicks and swipes and link them with our ... 140 ... 8.1 Short- and medium term aspects of regulation ... “offline” purchases. Specialized data companies help others to recognize us across devices and platforms and tributes to an ongoing evaluation of how . Each of our interactions con provide access to behavioral data ... 144 ... 8.2 Enforcing transparency from outside the “black boxes” ... “valuable” or potentially “risky” we might be for companies. Al gorithmic decisions based on our personal data 8.3 Knowledge, awareness and education on a broad scale ... ... ... 145 . Those of us presumed options, opportunities and life-chances play an increasingly important role for our 8.4 A technical and le gal model for a privacy-friendly digital economy ... ... 147 k of personal data market playe rs and their machines can expect to face unworthy by the invisible networ List of tables ... ... 151 1 serious disadvantages. They have been categorized as “waste” by data brokers. List of figures ... ... 152 While we were writing this repor t and analyzing all the facts f or it, we became increasingly appalled. While References ... ... 155 both of us have been working on privacy for a while and are awa re of what is happening, the pure scale of it has overwhelmed us. We are wonde ous data-driven IT world makes us ring whether the modern ubiquit sacrifice our dignity. The reade rs of this book shall decide fo r themselves. The title “Networks of Control” is justified by the fact that t here is not one single corpo rate entity that by itself controls today’s data flows. Man ge scale to complete their profiles about us y companies co-operate at a lar through various networks they ha ve built up. The profiles they trade are filled with thousands of attributes per person. These networked databases are not only abused to di scriminate against people with specific profile attributes, but also attempt to make us change our behavior at scale . Data richness is increasingly used to correct us or incentivize us to correct ourselves. It i s used to “nudge” us to act differently. As a result of nomy suffers. Very swiftly we lose control of this continued nudging, influencing and incentivation, our auto 1 ome. New York Times, June 16, Singer, Natasha (2012): Mapping, and Sharing, the Consumer Gen 2012. Online: http://www.nytimes.com/2012/06/17/technology/acxi om-the-quiet-giant-of- consumer-database-marketing.html 7 7 6

8 many aspects in our life. The id ry well capable of acting responsibly is slowly ea and trust that humans are ve Introduction 1. evaporating. Our main goal was to investigate and A few words on how this report was created and on its structure: In 1994 David Lyon, a Canadian so lled "The Electronic Eye: ciologist, published a book ca Classifying and e report thereafter first accumulates the facts summarize today’s personal data ecosystem. For this purpose, th The Rise of Surveillance Society" . In this book Lyon foresaw th e rise of a surveillance people sorting es from different areas and industries we aim we were able to discover. Based on an extensive range of exampl , in which databases belonging to corporations and governments society routinely collect, of what is happening. Some of these corporate practices have already been to create a better understanding store, retrieve and process precise details of the personal liv es of individuals (Lyon 1994, discussed by others, but many of them have been rarely investig ated up to now, or not at all. However, this p.3). Lyon also introduced the concept of social sorting . Building on the work of Oscar l and scope of corporate surveillance, digital selection of examples is needed to understand the full potentia he constant classification Gandy, he described how electronic surveillance would lead to t large part of our investigation is descriptive. tracking and of the business models in place today. Therefore a and sorting of populations according to varying criteria, based on software algorithms This shall enable others to use our findings for their research , conclusions and ongoing initiatives. In later ata (Lyon 2003, p. 13 et seq.). As the individual groups using personal data and group d sections we provide a discussion of the societal and ethical im plications, and recommended actions to generated by the algorithms are ng would be discriminatory treated differently, this sorti challenge these developments. . per se and thus may affect choices and life-chances of individuals A few words on the history of this report. A shorter first version of this report was a single-authored p iece the mid 1990s and many David Lyon’s predictions of a surveillance society were made in Corporate n a study he conducted on behalf of the in German by Wolfie Christl who accumulated a lot of material i put the raised threats far off probably doubted the realism of his predictions at the time or surveillance consumer protection department of the Austrian Chamber of Labou r (Österreichische Arbeiterkammer). This s Lyon described have for future generations to care about. Today, many of the aspect 2 . This original piece was translated by the Vienna University of study was published in November 2014 is invading everyday life already become reality. The digital collection of personal data , while keeping only its most important parts. A master student of Sarah Economics and Business (WU) d dislikes of billions of more and more. The clicks, locations, paths, networks, likes an d provided some additional research. Spiekermann, Isabella Garraway, helped with this translation an online users are stored, processed and utilized to an extent that was unthinkable only a dated the investigation with extra research. Between January and August 2016, Wolfie Christl extended and up ss of tracking and few years ago. By now, thousands of companies are in the busine an ethical reflection , adding in particular riched and amended all sections Sarah Spiekermann overhauled, en s of citizens that live in countries with a well-developed analyzing every step in the live Sarah, added reflections on a “Customer’ on personal data markets. Esther Görnemann, a Ph.D. student of digital infrastructure. Whether shopping in a store, using a sm artphone or surfing the rt was done by Wolfie Christl, Esther Lifetime Risk” index. The final editing and shaping of the repo web, digital traces are systematically collected everywhere. Mo reover, an increasing Facultas lishing house Görnemann, Sarah Spiekermann and Sabrina Kirrane before the pub took over. ast information beyond number of devices are now equipped with sensors that can broadc unt of profiling that is the private domain of the phone. These sensors increase the amo being done on individuals and their behavior. The information i s collected and shared Wolfie Christl & Sarah Spiekermann ements are evaluated. across services, platforms and d evices. Then, behaviors and mov Comprehensive personal Individuals’ personality and interests are analyzed in detail. ital communication and automatically. And finally dig profiles are created and updated gs in the physical world are i ndividually tailored; mostly advertisements as well as offerin according to their estimated profit potential for the company. Against this background, we argue that the surveillance society has effectively materialized. This is not only the result of the extent of governmental surv eillance, which was brought to public attention b y Edward Snowden, but it is a lso caused by the systematic surveillance corporat ions have started to engage in. tematic and routine attention to personal urveillance S is defined as „the focused, sys What is rection” details for purposes of influence, management, protection or di (Lyon 2007, p. 14). surveillance? focused , when it is oriented toward the individual, even though aggreg ate Surveillance is when it is intentional, deliberate, and data may be used in the process. It is systematic depending on certain protocols and techniques; when it doesn’t happen randomly or spontaneously. In addition, surv eillance happens when data coll ection becomes a routine . eaucratic administration” based on information In “societies that depend on bur ly, surveillance results in technology it occurs as a “normal” part of everyday life. Usual power relations, in which the “watchers are privileged” (ibid). The facts presented in this book give an account of how these t hree criteria are evolving, the “smarter” our cities, infrastructures and devices become. The questions investigated in this report w of the practices in today’s The objective of this report is to give a comprehensive overvie Networks of 2 Alltag. Studie von Cracked Labs Christl, Wolfie (2014): Kommerzielle digitale Überwachung im control? personal data ecosystems and their implications for individuals and society. The report im Auftrag der Bundesarbeitskammer. Wien, November 2014. Online : addresses the following questions: http://crackedlabs.org/dl/Studie_Digitale_Ueberwachung.pdf 8 9 8

9 many aspects in our life. The id ry well capable of acting responsibly is slowly ea and trust that humans are ve Introduction 1. evaporating. Our main goal was to investigate and A few words on how this report was created and on its structure: In 1994 David Lyon, a Canadian so ciologist, published a book ca lled "The Electronic Eye: Classifying and e report thereafter first accumulates the facts summarize today’s personal data ecosystem. For this purpose, th The Rise of Surveillance Society" . In this book Lyon foresaw th e rise of a surveillance people sorting we were able to discover. Based on an extensive range of exampl es from different areas and industries we aim routinely collect, society , in which databases belonging to corporations and governments of what is happening. Some of to create a better understanding these corporate practices have already been es of individuals (Lyon 1994, store, retrieve and process precise details of the personal liv discussed by others, but many of them have been rarely investig ated up to now, or not at all. However, this . Building on the work of Oscar p.3). Lyon also introduced the concept of social sorting l and scope of corporate surveillance, digital selection of examples is needed to understand the full potentia he constant classification Gandy, he described how electronic surveillance would lead to t large part of our investigation is descriptive. tracking and of the business models in place today. Therefore a and sorting of populations according to varying criteria, based on software algorithms This shall enable others to use our findings for their research , conclusions and ongoing initiatives. In later using personal data and group d As the individual groups ata (Lyon 2003, p. 13 et seq.). plications, and recommended actions to sections we provide a discussion of the societal and ethical im treated differently, this sorti generated by the algorithms are ng would be discriminatory challenge these developments. per se and thus may affect choices and life-chances of individuals . iece A shorter first version of this report was a single-authored p A few words on the history of this report. the mid 1990s and many David Lyon’s predictions of a surveillance society were made in Corporate in German by Wolfie Christl who n a study he conducted on behalf of the accumulated a lot of material i probably doubted the realism of his predictions at the time or put the raised threats far off surveillance consumer protection department of the Austrian Chamber of Labou r (Österreichische Arbeiterkammer). This s Lyon described have for future generations to care about. Today, many of the aspect 2 Vienna University of . This original piece was translated by the study was published in November 2014 already become reality. The digital collection of personal data is invading everyday life Economics and Business (WU) of Sarah , while keeping only its most important parts. A master student d dislikes of billions of more and more. The clicks, locations, paths, networks, likes an d provided some additional research. Spiekermann, Isabella Garraway, helped with this translation an online users are stored, processed and utilized to an extent that was unthinkable only a dated the investigation with extra research. Between January and August 2016, Wolfie Christl extended and up ss of tracking and few years ago. By now, thousands of companies are in the busine riched and amended all sections an ethical reflection , adding in particular Sarah Spiekermann overhauled, en s of citizens that live in countries with a well-developed analyzing every step in the live Sarah, added reflections on a “Customer’ on personal data markets. Esther Görnemann, a Ph.D. student of digital infrastructure. Whether shopping in a store, using a sm artphone or surfing the Lifetime Risk” index. The final editing and shaping of the repo rt was done by Wolfie Christl, Esther web, digital traces are systematically collected everywhere. Mo reover, an increasing took over. Görnemann, Sarah Spiekermann and Sabrina Kirrane before the pub Facultas lishing house number of devices are now equipped with sensors that can broadc ast information beyond the private domain of the phone. These sensors increase the amo unt of profiling that is being done on individuals and their behavior. The information i s collected and shared Wolfie Christl & Sarah Spiekermann ements are evaluated. evices. Then, behaviors and mov across services, platforms and d Individuals’ personality and interests are analyzed in detail. Comprehensive personal automatically. And finally dig ital communication and profiles are created and updated ndividually tailored; mostly advertisements as well as offerin gs in the physical world are i according to their estimated profit potential for the company. Against this background, we argue that the surveillance society has effectively This is not only the result of the extent of governmental surv materialized. eillance, which y Edward Snowden, but it is a was brought to public attention b lso caused by the ions have started to engage in. systematic surveillance corporat tematic and routine attention to personal urveillance is defined as „the focused, sys S What is (Lyon 2007, p. 14). rection” details for purposes of influence, management, protection or di surveillance? focused , when it is oriented toward the individual, even though aggreg ate Surveillance is systematic data may be used in the process. It is when it is intentional, deliberate, and depending on certain protocols and techniques; when it doesn’t happen randomly or eillance happens when data coll spontaneously. In addition, surv ection becomes a routine . on information In “societies that depend on bur eaucratic administration” based technology it occurs as a “normal” part of everyday life. Usual ly, surveillance results in power relations, in which the “watchers are privileged” (ibid). The facts presented in this book give an account of how these t hree criteria are evolving, the “smarter” our cities, infrastructures and devices become. The questions investigated in this report The objective of this report is to give a comprehensive overvie w of the practices in today’s Networks of 2 Alltag. Studie von Cracked Labs Christl, Wolfie (2014): Kommerzielle digitale Überwachung im control? and society. The report personal data ecosystems and their implications for individuals : im Auftrag der Bundesarbeitskammer. Wien, November 2014. Online addresses the following questions: http://crackedlabs.org/dl/Studie_Digitale_Ueberwachung.pdf 9 9 8

10 As comprehensive information on corporate practices is often mi ssing, incomplete or Corporate x d Data networks: Who are the players in today’s networks of digital tracking an s as examples t o illustrate wider ces and companie outdated, we selected some servi sources personal data business? How do tech companies, data brokers, on line data practices. We did so with the help of various corporate website s, marketing materials, , collate, share and management platforms and many other businesses actually collect brochures, data catalogs, case studies, corporate videos, devel oper guides, API docs etc. On ? How is information recorded b y smartphones and make use of personal information versions of corporate resource occasion we also used historical s. Information published other devices linked with customer records in companies? by trade magazines in online marketing turned out to be particu larly revealing. We also Data network’s sources: Which kinds of information are recorded and shared by x entatives at conferences. That said, many corporate included talks of company repres thermostats and cars, smartphones, fitness trackers, e- readers, smart TVs, connected port is only based on publicly practices are kept as secret as possible. The fact that this re gs lead to ubiquitous and many other devices and platforms? Will the Internet of Thin available information is, therefore, a limitation. surveillance of everyday life? x Where is information being used in other contexts or for The scope of data networks: Data-intensive companies communicate in a vague and ambiguous w ay, however they are other purposes than it was initially collected for? To what ext ent is today’s marketing more open when it comes to selling their services and in this c ontext they reveal internal h as fraud data ecosystem merging with appl ications of risk management suc treated with caution practices through public statements. Such statements have to be alytics, background prevention, identity verification, credit scoring, insurance an es may have cited them though. Some of the sources, which cite corporate representativ checks for employers and landlords, or even law enforcement? out of context (and without us b ources may be altered or eing able to know this). Some s x How data networks observe the population: How is personal data analyzed in times vanish from the Internet soon. C products and services ompanies constantly change the website visits, app usage, of Big Data? What is inferred from purchases, calls, messages, sources that we found a they offer. Some companies are acquired by others. Some of the nsitive personal web searches and likes? How can analytics be used to predict se few months ago when this study was uptaken are no longer available online, however we mining and Big Data attributes and to judge personality? Where are methods of data have still included them along with the date when they were acc essed. Especially in analytics used today in fields su ch as marketing, retail, insur ance, banking, healthcare chapters 3, 4 and 5 we often cit ents at length for the e and document corporate statem ated and ranked by sumers profiled, categorized, r and work? To what extent are con ompleteness of these due to the ambiguity and inc purpose of evidence. Nevertheless, businesses? ith caution and when corporate sources the information in this report must be read w Do the fundamental principles of advertising How data networks exercise control: x citing it, please make sure that as a scientific fact. you don’t present our findings that have been in effect for decades still hold? Or did adverti sing perhaps turn to tion? How are people something different through real-time targeting and personaliza onalized content, rewards and o nudged and influenced using pers ther incentives based on digital tracking? 2. Analyzing Personal Data These questions are addressed in four main chapters that focus on: the analysis of Structure of “We feel like all data is credit data, we just don’t know how to use it yet” 3 ), the use of analytics by businesses ( chapter 3 ), devices and personal data ( chapter 2 Douglas Merrill, former Chief Information Officer at Google, 20 12 the report platforms ( chapter 3 ) and the business of personal data ( ). This structure was chapter 4 "Big data is the new plutonium. In its natural state it leaks, contaminates, chosen as a reasonable functional differentiation, but it is st ill a compromise. In practice harms. Safely contained & harnessed it can power a city” these fields are highly interconnected. Subsequently - based on the findings - the 4 Robert Kirkpatrick, Director UN Global Pulse, 2014 lance on individuals and socie implications of corporate surveil ty are summarized and n ). This includes issues such as how automated decisions based o chapter 6 discussed ( digital profiling may affect the s may this lead to unfair lives of consumers and how thi cal reflection on personal discrimination, social exclusion and other harms. After an ethi behavior with statistics and data mining Big Data and predicting 2.1 data markets by Sarah Spiekermann ( chapter 7 recommended action ) an overview about In the course of digitalization, storage and com s multiplied tremendously. puting power ha ). chapter 8 is provided ( Since the turn of the millennium, data is stored, processed and analyzed on a much higher Methodology Big Data often refers to the processing of level than ever before. In public debate, the term s of analysis and these large amounts of data, sometimes it also refers to method Networks of corporate surveillance remain largely obscure. Thei r services, apps, o areas of application. There i prediction, and sometimes even t s no established definition, platforms and algorithms are sometimes comprehensible on the su rface, but the deeper 5 term that is often used as a buzzword. it has been branded as a vague functionalities are opaque and s till poorly understood by the majority of users. It is therefore not surprising that the information presented hereaft er is grounded in many years of research by the authors. ematic literature review and The report is based on a syst analysis of hundreds of documents and builds on previous resear ch by scholars in various disciplines such as computer science, information technology, d ata security, economics, marketing, law, media studies, so ciology and surveillance studi es. Existing academic 3 Hardy, Quentin (2012): Just th York Times, 24.03.2012. Online: e Facts. Yes, All of Them. New research was utilized where applicable and available. Sources a lso include reports by ants-to-gather-the-data- 5/business/factuals-gil-elbaz-w http://www.nytimes.com/2012/03/2 universe.html [27.07.2016] international organizations, regu lators, data protection author ities, privacy advocates, 4 44641 [27.07.2016] Tweet: https://twitter.com/rgkirkpatrick/status/5358307412473 rch and consulting firms. In civil rights organizations, industry associations, market resea 5 Harford, Tim (2014): Big data: are we making a big mistake? F inancial Times, 28.03.2014. online archives of newspapers, online media and blogs addition, systematic searches in Online: http://www.ft.com/intl/cms/s/2/21a6e7d8-b479-11e3-a09a -00144feabdc0.html were conducted. [27.07.2016] 10 11 10

11 As comprehensive information on corporate practices is often mi ssing, incomplete or Corporate x d Data networks: Who are the players in today’s networks of digital tracking an s as examples t o illustrate wider ces and companie outdated, we selected some servi sources personal data business? How do tech companies, data brokers, on line data practices. We did so with the help of various corporate website s, marketing materials, , collate, share and management platforms and many other businesses actually collect brochures, data catalogs, case studies, corporate videos, devel oper guides, API docs etc. On ? How is information recorded b y smartphones and make use of personal information versions of corporate resource occasion we also used historical s. Information published other devices linked with customer records in companies? by trade magazines in online marketing turned out to be particu larly revealing. We also Data network’s sources: Which kinds of information are recorded and shared by x entatives at conferences. That said, many corporate included talks of company repres thermostats and cars, smartphones, fitness trackers, e- readers, smart TVs, connected port is only based on publicly practices are kept as secret as possible. The fact that this re gs lead to ubiquitous and many other devices and platforms? Will the Internet of Thin available information is, therefore, a limitation. surveillance of everyday life? x Where is information being used in other contexts or for The scope of data networks: Data-intensive companies communicate in a vague and ambiguous w ay, however they are other purposes than it was initially collected for? To what ext ent is today’s marketing more open when it comes to selling their services and in this c ontext they reveal internal h as fraud data ecosystem merging with appl ications of risk management suc treated with caution practices through public statements. Such statements have to be alytics, background prevention, identity verification, credit scoring, insurance an es may have cited them though. Some of the sources, which cite corporate representativ checks for employers and landlords, or even law enforcement? out of context (and without us b ources may be altered or eing able to know this). Some s x How data networks observe the population: How is personal data analyzed in times vanish from the Internet soon. C products and services ompanies constantly change the website visits, app usage, of Big Data? What is inferred from purchases, calls, messages, sources that we found a they offer. Some companies are acquired by others. Some of the nsitive personal web searches and likes? How can analytics be used to predict se few months ago when this study was uptaken are no longer available online, however we mining and Big Data attributes and to judge personality? Where are methods of data have still included them along with the date when they were acc essed. Especially in analytics used today in fields su ch as marketing, retail, insur ance, banking, healthcare chapters 3, 4 and 5 we often cit ents at length for the e and document corporate statem ated and ranked by sumers profiled, categorized, r and work? To what extent are con ompleteness of these due to the ambiguity and inc purpose of evidence. Nevertheless, businesses? ith caution and when corporate sources the information in this report must be read w Do the fundamental principles of advertising How data networks exercise control: x citing it, please make sure that as a scientific fact. you don’t present our findings that have been in effect for decades still hold? Or did adverti sing perhaps turn to tion? How are people something different through real-time targeting and personaliza onalized content, rewards and o nudged and influenced using pers ther incentives based on digital tracking? 2. Analyzing Personal Data These questions are addressed in four main chapters that focus on: the analysis of Structure of “We feel like all data is credit data, we just don’t know how to use it yet” 3 ), the use of analytics by businesses ( chapter 3 ), devices and personal data ( chapter 2 Douglas Merrill, former Chief Information Officer at Google, 20 12 the report platforms ( chapter 3 ) and the business of personal data ( ). This structure was chapter 4 "Big data is the new plutonium. In its natural state it leaks, contaminates, chosen as a reasonable functional differentiation, but it is st ill a compromise. In practice harms. Safely contained & harnessed it can power a city” these fields are highly interconnected. Subsequently - based on the findings - the 4 Robert Kirkpatrick, Director UN Global Pulse, 2014 lance on individuals and socie implications of corporate surveil ty are summarized and n ). This includes issues such as how automated decisions based o chapter 6 discussed ( digital profiling may affect the s may this lead to unfair lives of consumers and how thi cal reflection on personal discrimination, social exclusion and other harms. After an ethi behavior with statistics and data mining Big Data and predicting 2.1 data markets by Sarah Spiekermann ( chapter 7 recommended action ) an overview about In the course of digitalization, storage and com s multiplied tremendously. puting power ha ). chapter 8 is provided ( Since the turn of the millennium, data is stored, processed and analyzed on a much higher Methodology Big Data often refers to the processing of level than ever before. In public debate, the term s of analysis and these large amounts of data, sometimes it also refers to method Networks of corporate surveillance remain largely obscure. Thei r services, apps, o areas of application. There i prediction, and sometimes even t s no established definition, platforms and algorithms are sometimes comprehensible on the su rface, but the deeper 5 term that is often used as a buzzword. it has been branded as a vague functionalities are opaque and s till poorly understood by the majority of users. It is therefore not surprising that the information presented hereaft er is grounded in many years of research by the authors. ematic literature review and The report is based on a syst analysis of hundreds of documents and builds on previous resear ch by scholars in various disciplines such as computer science, information technology, d ata security, economics, marketing, law, media studies, so ciology and surveillance studi es. Existing academic 3 Hardy, Quentin (2012): Just th York Times, 24.03.2012. Online: e Facts. Yes, All of Them. New research was utilized where applicable and available. Sources a lso include reports by ants-to-gather-the-data- 5/business/factuals-gil-elbaz-w http://www.nytimes.com/2012/03/2 universe.html [27.07.2016] international organizations, regu lators, data protection author ities, privacy advocates, 4 44641 [27.07.2016] Tweet: https://twitter.com/rgkirkpatrick/status/5358307412473 rch and consulting firms. In civil rights organizations, industry associations, market resea 5 Harford, Tim (2014): Big data: are we making a big mistake? F inancial Times, 28.03.2014. online archives of newspapers, online media and blogs addition, systematic searches in Online: http://www.ft.com/intl/cms/s/2/21a6e7d8-b479-11e3-a09a -00144feabdc0.html were conducted. [27.07.2016] 11 11 10

12 META Institute (2001), which According to a definition dating back to a report from the and to predict their future behavior . The technologies used are summarized under the A vague term became popular during the last years, the term “Big” refers to the three dimensions term “data mining”. Their outcomes and results don’t have to be completely accurate in l about probabilities. every case. A certain amount of fuzziness is accepted. It is al velocity (the increasing rate at which it is produced volume (the increasing size of data), variety and transmitted) and (the increasing range of formats and representations In the context of corpo rate surveillance, is, according to surveillance studies data mining Identify 6 uses an “intentionally subjective” McKinsey The consulting company employed). a process to transform “raw data into information scholar Oscar H. Ga ndy (2006, p. 364), valueable e is beyond the ability of definition, stating that Big Data “refers to datasets whose siz c intelligence” for an organiza tion’s goals. It is “directed that can be utilized as strategi customers, typical database software tools to capture, store, manage, and analyze”. The size of towards the identification of behavior and status markers that serve as reliable indicators avoid risk datasets that could be referred to as Big Data could “vary by s ector, depending on what on identifying the most of a probable future”. Companies analyzing customer data focus f datasets are common in nly available and what sizes o kinds of software tools are commo valuable customers, the best prospects, and on minimizing risk. Similarly, from a business 7 a particular industry”. alyzing data from different perspective, data mining has been defined as the “process of an on in many fields – from The processing of large amounts of digital data has become comm perspectives and summarizing it into useful information – infor mation that can be used in In many 11 order to increase revenue, reduce the costs, or both”. tronomy to many sectors of ology, genomics, physics and as scientific fields such as meteor ... fields business, financial markets, industry and government. Massive d ata are generated and teresting patterns from large In a technical sense data mining is the task of “discovering in processed in financial reporting , telecommunication, web search, social media and amounts of data”, based on methods from statistics, pattern rec ognition and machine government surveillance as well as by sensor networks in manufa cturing plants or analysis, classification, assoc iation analysis and social learning – for example, cluster airplanes. Every second, every device from smartphones to machi nes in industry are network analysis (see Han et al 2011). Although the terms data mining and predictive , software applications are generating lo generating sensor data g files and Internet users are often used synonymously in media and public discussions, a analytics structured ams (see Krishnan 2013). are generating clickstre classification of data mining me thods has been suggested by Koh Hian and Chan Kin Leong (2011, p. 4). According to them, data mining methods are classi fied according to the But Big Data is not only about v cording to Mayer- olume, velocity and variety. Ac Probabilities purpose they serve: Schönberger and Cukier (2013, p. ng math to huge quantities of 2 et seq.) it is about “applyi instead of ties”, it turns exact numbers i nto “something more data in order to infer probabili precise x Methods for description and visualization three major shifts : probabilistic than precise”, and it causes numbers x Methods for association and clustering x Today it is possible to “analyze vast amounts of data about a t opic rather than be forced Methods for classification and estimation (prediction) x to settle for smaller sets” The “willingness to embrace data’ s real-world messiness rather than privilege x exactitude” Predictive analytics 2.2 based on personal data: selected examples x est for elusive causality” ions rather than a continuing qu A “growing respect for correlat g sensitive information about The following section will explore the possibilities of derivin Statistical correlations describe the “relation existing between phenomena or things or people’s lives from digital records that on the surface do not seem to carry a lot of y, be associated, or occur between mathematical or statistical variables which tend to var information and shed light on the information that can be infer red from transactional data 8 . But “correlation does not together in a way not expected on the basis of chance alone” such as purchases, calls, messages, likes and searches. 9 found between two variables an If a statistical correlation is d it is imply causation”. 10 The selection of analysis methods summarized in the following c hapters show that today’s spurious correlation . assumed to be a causal relationship by mistake it is called a digitally tracked data allows companies to predict many aspects of a person’s Society can benefit from the technologies and practices known a s Big Data in many fields, Analyzing personality as well as sensitive personal attributes . Although these methods are based often without the use of personal data. However, it has also be come common for personal d conclusions are probabilities their outcomes an on statistical correlations and companies to use statistical methods to analyze large amounts o f very personal information considered good enough to automatically . sort, rate and categorize people information – to recognize patterns and relations, to profile, rate and judge people nducted by the U.S. After a brief summary of the often cited predictive analysis co A summary are several academic studies on predictive analytics Target supermarket chain of academic oration with companies reviewed. Some of these studies were partly conducted in collab research Microsoft like Nokia , . However, the majority of such analyses and their Facebook , and 6 Ward, Jonathan Stuart and Adam Barker (2013): Undefined By Data: A Survey of Big Data practical applications are realized by companies that don’t pub lish details about their Definitions. arXiv:1309.5821, 20.09.2013. Online: http://arxiv. org/pdf/1309.5821v1.pdf practical application of predictive analytics. [27.07.2016] 7 Dobbs, Richard; Roxburgh, Brown, Brad; Bughin, Jacques; Manyika, James; Chui, Michael; for innovation, competition, and Charles; Hung Byers, Angela (2011): Big data: The next frontier ne: productivity, McKinsey&Company, McKinsey Global Institute. Onli cKinsey/Business Functions/Bus iness Technology/Our http://www.mckinsey.com/~/media/M _full_report.ashx [27.07.2016] Insights/Big data The next frontier for innovation/MGI_big_data 8 http://www.merriam-webster.com /dictionary/correlation [27.07. 2016] 9 Helen Beebee, Christopher Hitchcock, Peter Menzies (2012): Th e Oxford Handbook of Causation. OUP Oxford. 11 10 nt Association (2012): Data Min ing: Concepts, ious-correlations Many examples can be found on: http://www.tylervigen.com/spur Information Resources Manageme Methodologies, Tools, and Applications. IGI Global, 2012. [28.07.2016] 12 13 12

13 . The technologies used are summarized under the and to predict their future behavior META Institute (2001), which According to a definition dating back to a report from the A vague term term “data mining”. Their outcomes and results don’t have to be completely accurate in became popular during the last years, the term “Big” refers to the three dimensions l about probabilities. every case. A certain amount of fuzziness is accepted. It is al volume (the increasing size of data), velocity (the increasing rate at which it is produced variety and transmitted) and (the increasing range of formats and representations In the context of corpo rate surveillance, is, according to surveillance studies data mining Identify 6 uses an “intentionally subjective” McKinsey The consulting company employed). a process to transform “raw data into information scholar Oscar H. Ga ndy (2006, p. 364), valueable e is beyond the ability of definition, stating that Big Data “refers to datasets whose siz c intelligence” for an organiza tion’s goals. It is “directed that can be utilized as strategi customers, typical database software tools to capture, store, manage, and analyze”. The size of towards the identification of behavior and status markers that serve as reliable indicators avoid risk datasets that could be referred to as Big Data could “vary by s ector, depending on what on identifying the most of a probable future”. Companies analyzing customer data focus f datasets are common in kinds of software tools are commo nly available and what sizes o valuable customers, the best prospects, and on minimizing risk. Similarly, from a business 7 a particular industry”. alyzing data from different perspective, data mining has been defined as the “process of an perspectives and summarizing it into useful information – infor mation that can be used in on in many fields – from The processing of large amounts of digital data has become comm In many 11 order to increase revenue, reduce the costs, or both”. tronomy to many sectors of ology, genomics, physics and as scientific fields such as meteor ... fields business, financial markets, industry and government. Massive d ata are generated and teresting patterns from large In a technical sense data mining is the task of “discovering in processed in financial reporting , telecommunication, web search, social media and amounts of data”, based on methods from statistics, pattern rec ognition and machine government surveillance as well as by sensor networks in manufa cturing plants or analysis, classification, assoc iation analysis and social learning – for example, cluster airplanes. Every second, every device from smartphones to machi nes in industry are network analysis (see Han et al 2011). Although the terms data mining and predictive , software applications are generating lo generating sensor data g files and Internet users are often used synonymously in media and public discussions, a analytics structured ams (see Krishnan 2013). are generating clickstre classification of data mining me thods has been suggested by Koh Hian and Chan Kin Leong (2011, p. 4). According to them, data mining methods are classi fied according to the But Big Data is not only about v cording to Mayer- olume, velocity and variety. Ac Probabilities purpose they serve: Schönberger and Cukier (2013, p. ng math to huge quantities of 2 et seq.) it is about “applyi instead of ties”, it turns exact numbers i nto “something more data in order to infer probabili precise x Methods for description and visualization three major shifts : probabilistic than precise”, and it causes numbers x Methods for association and clustering x Today it is possible to “analyze vast amounts of data about a t opic rather than be forced Methods for classification and estimation (prediction) x to settle for smaller sets” The “willingness to embrace data’ s real-world messiness rather than privilege x exactitude” Predictive analytics 2.2 based on personal data: selected examples x est for elusive causality” ions rather than a continuing qu A “growing respect for correlat g sensitive information about The following section will explore the possibilities of derivin Statistical correlations describe the “relation existing between phenomena or things or people’s lives from digital records that on the surface do not seem to carry a lot of y, be associated, or occur between mathematical or statistical variables which tend to var information and shed light on the information that can be infer red from transactional data 8 . But “correlation does not together in a way not expected on the basis of chance alone” such as purchases, calls, messages, likes and searches. 9 If a statistical correlation is d it is found between two variables an imply causation”. 10 hapters show that today’s The selection of analysis methods summarized in the following c spurious correlation . assumed to be a causal relationship by mistake it is called a predict many aspects of a person’s digitally tracked data allows companies to Society can benefit from the technologies and practices known a s Big Data in many fields, Analyzing personality as well as sensitive personal attributes . Although these methods are based often without the use of personal data. However, it has also be come common for personal d conclusions are on statistical correlations and probabilities their outcomes an companies to use statistical methods to analyze large amounts o f very personal information . sort, rate and categorize people considered good enough to automatically information – to recognize patterns and relations, to profile, rate and judge people nducted by the U.S. After a brief summary of the often cited predictive analysis co A summary are several academic studies on predictive analytics Target supermarket chain of academic oration with companies reviewed. Some of these studies were partly conducted in collab research Microsoft like Nokia , . However, the majority of such analyses and their Facebook , and 6 Ward, Jonathan Stuart and Adam Barker (2013): Undefined By Data: A Survey of Big Data practical applications are realized by companies that don’t pub lish details about their Definitions. arXiv:1309.5821, 20.09.2013. Online: http://arxiv. org/pdf/1309.5821v1.pdf practical application of predictive analytics. [27.07.2016] 7 Dobbs, Richard; Roxburgh, Brown, Brad; Bughin, Jacques; Manyika, James; Chui, Michael; for innovation, competition, and Charles; Hung Byers, Angela (2011): Big data: The next frontier ne: productivity, McKinsey&Company, McKinsey Global Institute. Onli cKinsey/Business Functions/Bus iness Technology/Our http://www.mckinsey.com/~/media/M _full_report.ashx [27.07.2016] Insights/Big data The next frontier for innovation/MGI_big_data 8 http://www.merriam-webster.com /dictionary/correlation [27.07. 2016] 9 Helen Beebee, Christopher Hitchcock, Peter Menzies (2012): Th e Oxford Handbook of Causation. OUP Oxford. 11 10 nt Association (2012): Data Min ing: Concepts, ious-correlations Many examples can be found on: http://www.tylervigen.com/spur Information Resources Manageme Methodologies, Tools, and Applications. IGI Global, 2012. [28.07.2016] 13 13 12

14 The “Target” example: predicting pregnancy from purchase behavior 2.2.1 s and voluntarily provided 58,466 users from the United States, who participated in survey 13 . This app app called Facebook demographic information through a specific myPersonality e information based on the One of the most cited examples about the prediction of sensitiv , i.e. their positive associations with popular also analyzed what they “liked” on Facebook and its Target U.S. supermarket chain analysis of everyday digital data is the case of the sicians and books. websites or other content in areas such as products, sports, mu attempt to identify pregnant cus behavior. As Charles tomers based on their shopping al attributes quite ically predict sensitive person Researchers were able to automat 12 Duhigg reported in the New York Times and in his book “The Power of Habit” (Duhigg an average of 170 Likes per accurately, solely based on user: Facebook nd interactions its customers. All purchases a assigns a unique code to all of Target 2012), are recorded – regardless of whether people are paying by credi t card, using a coupon, Predicted a ttribute Prediction accuracy help line, opening an email filling out a survey, mailing in a refund, calling the customer 95% – “Caucasian vs. African American” Ethnicity or visiting their website. Additionally, Target from them buys additional information on Gender 93% customers from data brokers. 88% Gay? Duhigg spoke extensively with a statistician from , whose marketing analytics Target Identifying Political views – “Democrat vs. Republican” 85% and finding ways to analyzing the behavior of customers department was tasked with unique 82% Religious vie ws – “Christianity vs. Islam” pler tasks was to identify n reported that one of the sim increase revenue. The statisticia moments in 75% Lesbian? Christmas. Another parents with children and send them catalogues with toys before ves people’s li Smokes cigarettes? 73% example he gave was the identification of customers who bought swimsuits in April and to cohol? Drinks al 70% send them coupons for sunscreen in July and weight-loss books i n December. But the main 65% Uses drugs challenge was to identify those major moments in consumers’ liv es when their shopping on would be effective in behavior becomes “flexible” and the right advertisement or coup Single or in a relationship? 67% causing them to start shopping i e graduation, marriage, n new ways – for example colleg 60% ll together at 21? Were the parents sti igg, specific g to a researcher cited by Duh divorce or moving house. Accordin Table 1: Predicting personal attributes from Fa cebook Likes. Source: Kosinski et al 2013. he right time, could change a c ustomer’s shopping advertisements sent exactly at t themselves as gay when behavior for years. This shows that, for example, 88% of participants who declared Not obvious ay by the analysis based on were correctly classified as g providing their demographic data Likes, but One of the most lucrative moments would be the birth of a child . The shopping habits of Estimating 14 to e statistical method of logisti Likes only. Researchers used th Facebook c regression correlations exhausted, new parents would be the more flexible than at any o ther point in their lives. birth dates predict these dichotomous variab les (e.g. yes/no) above. In add ition, they also used linear ’s statistician, they identified cant to 25 products which were signifi Target According to 15 age, which was predicted correctly for to predict numeric variables like regression create a so called “ pregnancy prediction” score and could even estimate the birth date. It 75% of participants. As the researc hers explain, only a “few users were associated with is important to understand that they didn’t simply look at purc hases of baby clothes or Likes explicitly revealing their attributes”. For example, “les s than 5% of users labeled as about buggies, which would be obvious. Instead, they analyzed statistical patterns ay”, “Gay Marriage” or “I gay were connected with explicit ly gay groups” such as “Being G people purchasing certain quantities of specific lotions, soaps , hand sanitizers, cotton love Being Gay”. Predictions rely on less obvious, but more popular Likes such as balls, washcloths or nutritional in time. supplements at precise points “Britney Spears” or “Desperate Housewives” – which proved to be weak indicators of being gay. It’s remarkable that even the question whether user’ s parents have stayed ds of personalized When pregnant women were identified they received different kin Influencing together after this user was 21 years old was correctly predict ed with an accuracy of 60%. of their pregnancy. Duhigg advertisements, coupons or other incentives at specific stages behavior also reported that a father reached out to and accused them of encouraging his Target sually considered as rather This study shows that sensible per sonal attributes, which are u Likes are a daughter to get pregnant, because they sent coupons for baby cl othes to her. To her private, can be automatically and accurately inferred from rath er basic information about type generic father’s surprise it turned out that the girl was indeed pregna nt and did not tell him about online behavior. According to Kosinski et al, Facebook Likes represent a very generic type of data it. of digital records about users, similar to web searches, browsing histories and credit Facebook card transactions Likes related to music and artists are very . For example, about became one of Target Regardless of whether this anecdote is true, Duhigg’s research similar to data about songs listened to or artists searched for online. Yet, in comparison to how today’s companies are collecting and analyzing the most prominent examples of web searches and purchases the Likes of Facebook users are publicly accessible by default. to influence their customer’s behavior on an individual level. personal data 2.2.2 tributes from Facebook Likes Predicting sensitive personal at is possible to accurately A study conducted at the University of Cambridge showed that it Just 170 predict ethnicity, religious and political views, relationship status, gender, sexual Facebook orientation based on as well as a person’s consumption of alcohol, cigarettes and drugs Likes the analysis of Likes (see Kosinski et al 2013). The analysis was based on dat a of Facebook 13 http://www.mypersonality.org/wiki 14 12 logistic.html See e.g. http://www.biostathan dbook.com/simple Charles Duhigg: How Companies Learn Your Secrets. New York Ti mes, 16.02.2012. cited am 15 gression.html ook.com/linearre See e.g. http://www.biostathandb ing-habits.html 14.09.2014 von http://www.nytimes.com/2012/02/19/magazine/shopp 14 15 14

15 58,466 users from the United States, who participated in survey s and voluntarily provided The “Target” example: predicting pregnancy from purchase behavior 2.2.1 13 app called Facebook demographic information through a specific . This app myPersonality One of the most cited examples about the prediction of sensitiv e information based on the also analyzed what they “liked” on Facebook , i.e. their positive associations with popular and its Target U.S. supermarket chain analysis of everyday digital data is the case of the sicians and books. websites or other content in areas such as products, sports, mu attempt to identify pregnant cus behavior. As Charles tomers based on their shopping al attributes quite ically predict sensitive person Researchers were able to automat 12 and in his book “The Power of Habit” (Duhigg Duhigg reported in the New York Times an average of 170 Likes per user: accurately, solely based on Facebook its customers. All purchases a Target 2012), nd interactions assigns a unique code to all of are recorded – regardless of whether people are paying by credi t card, using a coupon, ttribute Predicted a Prediction accuracy filling out a survey, mailing in a refund, calling the customer help line, opening an email Ethnicity 95% – “Caucasian vs. African American” buys additional information on or visiting their website. Additionally, from them Target 93% Gender customers from data brokers. Gay? 88% Duhigg spoke extensively with a statistician from Target , whose marketing analytics Identifying 85% – “Democrat vs. Republican” Political views analyzing the behavior of customers department was tasked with and finding ways to unique 82% Religious vie ws – “Christianity vs. Islam” pler tasks was to identify n reported that one of the sim increase revenue. The statisticia moments in 75% Lesbian? Christmas. Another parents with children and send them catalogues with toys before es v people’s li 73% Smokes cigarettes? swimsuits in April and to example he gave was the identification of customers who bought cohol? 70% Drinks al send them coupons for sunscreen in July and weight-loss books i n December. But the main 65% Uses drugs challenge was to identify those major moments in consumers’ liv es when their shopping behavior becomes “flexible” and the right advertisement or coup on would be effective in 67% Single or in a relationship? causing them to start shopping i n new ways – for example colleg e graduation, marriage, ll together at 21? 60% Were the parents sti g to a researcher cited by Duh divorce or moving house. Accordin igg, specific cebook Likes. Source: Kosinski et al 2013. Table 1: Predicting personal attributes from Fa he right time, could change a c ustomer’s shopping advertisements sent exactly at t themselves as gay when This shows that, for example, 88% of participants who declared behavior for years. Not obvious were correctly classified as g providing their demographic data ay by the analysis based on Likes, but One of the most lucrative moments would be the birth of a child . The shopping habits of Estimating 14 Likes only. Researchers used th Facebook e statistical method of logisti c regression to correlations ther point in their lives. exhausted, new parents would be the more flexible than at any o birth dates les (e.g. yes/no) above. In add ition, they also used linear predict these dichotomous variab Target According to ’s statistician, they identified 25 products which were signifi cant to 15 age, which was predicted correctly for to predict numeric variables like regression create a so called “ and could even estimate the birth date. It pregnancy prediction” score 75% were associated with hers explain, only a “few users of participants. As the researc is important to understand that hases of baby clothes or they didn’t simply look at purc s than 5% of users labeled as Likes explicitly revealing their attributes”. For example, “les statistical patterns about buggies, which would be obvious. Instead, they analyzed ay”, “Gay Marriage” or “I gay were connected with explicitly gay groups” such as “Being G , hand sanitizers, cotton people purchasing certain quantities of specific lotions, soaps less obvious, but more popular Likes love Being Gay”. Predictions rely on such as balls, washcloths or nutritional supplements at precise points in time. “Britney Spears” or “Desperate Housewives” – which proved to be weak indicators of s parents have stayed being gay. It’s remarkable that even the question whether user’ ds of personalized When pregnant women were identified they received different kin Influencing together after this user was 21 years old was correctly predict ed with an accuracy of 60%. of their pregnancy. Duhigg advertisements, coupons or other incentives at specific stages behavior Target and accused them of encouraging his also reported that a father reached out to sonal attributes, which are u This study shows that sensible per sually considered as rather Likes are a daughter to get pregnant, because they sent coupons for baby cl othes to her. To her private, can be automatically and accurately inferred from rath er basic information about type generic nt and did not tell him about that the girl was indeed pregna father’s surprise it turned out online behavior. According to Kosinski et al, Facebook Likes represent a very generic type of data it. of digital records about users, similar to web searches, browsing histories and credit card transactions . For example, Facebook Likes related to music and artists are very about became one of Target Regardless of whether this anecdote is true, Duhigg’s research online. Yet, in comparison to similar to data about songs listened to or artists searched for how today’s companies are collecting and analyzing the most prominent examples of web searches and purchases the Likes of Facebook users are publicly accessible by default. personal data to influence their customer’s behavior on an individual level. 2.2.2 Predicting sensitive personal at tributes from Facebook Likes A study conducted at the University of Cambridge showed that it is possible to accurately Just 170 predict ethnicity, religious and political views, relationship status, gender, sexual Facebook orientation as well as a person’s consumption of alcohol, cigarettes and drugs based on Likes Facebook a of the analysis of Likes (see Kosinski et al 2013). The analysis was based on dat 13 http://www.mypersonality.org/wiki 12 14 dbook.com/simple mes, 16.02.2012. cited am Charles Duhigg: How Companies Learn Your Secrets. New York Ti See e.g. http://www.biostathan logistic.html 15 ook.com/linearre See e.g. http://www.biostathandb gression.html ing-habits.html 14.09.2014 von http://www.nytimes.com/2012/02/19/magazine/shopp 15 15 14

16 22 Judging personality from phon e logs and Facebook data 2.2.3 istical correlations between sm artphone metadata , the following significant stat analysis the inverted variant and personality traits were detected (instead of “neuroticism” The five-factor model of personality, also known as the Big Five model, is one of the “emotional stability” was used): 16 It has been the subject of nearly 2,000 leading models of personality psychology. 17 Many studies have proven its publications alone between 1999 and 2006. Smartphone usage - Open- Emotional Conscientious Agreeable Extra- - 18 version ness ness ness Stability The model is reproducibility and consistency among different groups of age and culture. regularly used in the context of predicting user characteristic s based on digital data. - 0.26 - 0.23 Office - 0.18 Apps most frequently - 0.16 - 0.18 Calender - 0.18 19 ong five dimensions: According to the “Big Five” model, every person can be rated al „Big Five“ used: - 0.15 - 0.26 Internet personality rated as high in this dimension could be Personality Dimension People who are - 0.15 Camera model Extraversion assertive, energetic, enthusiastic, outgoing, talkative Active, Video/Music -0.18 kind, sympathetic, trusting Appreciative, forgiving, generous, Agreeableness Calls rec eived 0.15 0.13 0.20 organized, planful, reliable, responsible, thorough Efficient, Conscientiousness Ø duration of incoming calls 0.12 0.18 Neuroticism self-pitying, tense, touchy, unstable, worrying Anxious, Missed calls - 0.12 curious, imaginative, insightful, original, wide interests Openness Artistic, 0.17 Unique contacts called Table 1: The five dimensions of the “Big Five ” personality model. Source: McCrae and Joh 1992. -0.13 - 0.13 Unique contacts SMS sent to Nokia Research showed that these “Big Five” A Swiss study in collaboration with word length (sent) 0.14 - 0.15 Ø Recording a with an accuracy of up personality traits can be predicted based on smartphone metadat smartphone aits having p<0.01, ranked by absolute value of r Table 3: Pairwise correlations between features and tr Source: Chittaranjan et al 2011 to 75,9% (see Chittaranjan et al 2011). At first 83 persons wer e asked to assess usage themselves using a questionnaire. Second, their communication b ehavior was tracked The table above shows the probabi lity of certain personality tr aits based on data about A lack of For example, the following using special software installed on their phones for 8 months. er number of calls, were smartphone usage. For example, participants who received a high emotional data was recorded: more likely to be agreeable (r = 0.20) and emotionally stable ( r = 0.15). In contrast, stability? be open for new experience app more, were less likely to participants who used the Office Category Which data was recorded and analyzed? 23 (r=-0.26). Relationships with a c orrelation coeff icient < 0.5 a re weak but still exist. used: Office, Internet, Maps, Mail, usage App Number of times the following apps were Video/Audio/Music, YouTube, Calendar, Camera, Chat, SMS, Games Furthermore, a machine learning model was developed to automatically classify users Rating users Call logs Number of incoming/outgoing/missed calls, number of unique contacts called and based on their smartphone metadata. who called, average duration of incoming/outgoing calls, ... unique contacts Do participants score a) low or b) high in these personality traits? Prediction accuracy SMS logs Number of received/sent text messages, number of recipients/senders, Ø word length, ... 71.5 % Emotional Stability Bluetooth Number of unique Bluetooth IDs, times most common Bluetooth ID is seen, ... Extraversion 75.9 % Table 2: Recorded mobile phone data to predict pe rsonality traits. Source: Chittaranja et al 2011 Openness for Experience 69.3 % Chittaranjan et al. recorded “da ta that provides information ab out other data”, also known Phone usage 74.5 % Conscientiousness 21 20 not the contents of the communication. – Applying multiple regression as metadata and Agreeableness 69.6 % personality Table 4: Accuracy of predicting personality traits from phone data. Source: Chittaranjan et al 2011 lows individuals to be scheme was used, which only al Although a binary classification Significantly shows that it is possible to rated as either low or high in one of the five dimensions, this above chance 16 McCrae, R. R.; John, O. P. (1992): An introduction to the five -factor model and its Applications. infer the personality type of users based on phone usage with u p to 75.9% accuracy, Journal of Personality, 60, pp.175-215. Online: which is significantly above chance. multi/pdf/5factor-theory.pdf http://www.workplacebullying.org/ 17 John, Oliver P.; Naumann, Laura P.; Soto, Christopher J. (2008): Paradigm Shift to the Integrative and , ENS Lyon Researchers of limited themselves even more and only used Harvard MIT Another study earch. 3. Edition, pp. 114-117. k of Personality Theory and Res Big Five Trait Taxonomy. Handboo 24 which all carriers keep abo ut their customers – the (CDR), so-called Call Data Records based on phone .edu/~johnlab/2008chapter.pdf Online: http://www.ocf.berkeley 25 . Their study (see same records that governments are accessing for ”data retention ” logs 18 racy of its theoretical basis. For There are also assessments doubting the significance and accu Montjoye et al 2013) was based on both questionnaires and mobil e phone logs of 69 r analysis is criticized, see e.g. Block, example, its explicit focusing on the statistic method of facto Jack (2010): "The five-factor framing of personality and beyond : Some ruminations". Psychological participants in the United States. Data was recorded over 14 mo nths with software Inquiry 21 (1): 2–25. Online: http://psychology.okst k_2010.pdf ate.edu/faculty/jgrice/psyc4333/Block_Jac 19 McCrae, R. R.; John, O. P. (1992): An introduction to the fiv e-factor model and its Applications. Journal of Personality, 60:175-215, 1992. Online: 22 http://www.workplacebullying.org/ multi/pdf/5factor-theory.pdf See e.g. http://www.biostathandb ook.com/multiple regression.htm l 20 23 See e.g. http://www.statstutor.ac.uk/resources/uploaded/pearso http://www.merriam-webster.c om/dictionary/metadata ns.pdf 21 24 could also argue, that information To be precise, due to different definitions of “metadata” one See e.g. https://www.privacyinternational.org/node/76 25 See e.g. https://www.epic.org/pr retention.html ivacy/intl/data_ such as the „average word length” of text messages is not metad ata. 16 17 16

17 22 analysis istical correlations between sm artphone metadata , the following significant stat 2.2.3 e logs and Facebook data Judging personality from phon and personality traits were detected (instead of “neuroticism” the inverted variant Big Five The five-factor model of personality, also known as the model, is one of the “emotional stability” was used): 16 It has been the subject of nearly 2,000 leading models of personality psychology. 17 Many studies have proven its between 1999 and 2006. publications alone - Emotional Extra- Open- Conscientious - Agreeable Smartphone usage 18 ness ness Stability version ness The model is among different groups of age and culture. reproducibility and consistency regularly used in the context of predicting user characteristic s based on digital data. Apps most - 0.18 Office - 0.23 - 0.26 frequently - 0.18 - 0.16 - 0.18 Calender 19 ong five dimensions: According to the “Big Five” model, every person can be rated al „Big Five“ used: Internet - 0.15 - 0.26 personality rated as high in this dimension could be Personality Dimension People who are - 0.15 Camera model assertive, energetic, enthusiastic, outgoing, talkative Active, Extraversion Video/Music -0.18 Agreeableness kind, sympathetic, trusting reciative, forgiving, generous, App 0.20 Calls rec 0.13 0.15 eived Conscientiousness Efficient, organized, planful, reliable, responsible, thorough Ø duration of incoming calls 0.18 0.12 self-pitying, tense, touchy, unstable, worrying Anxious, Neuroticism - 0.12 Missed calls Openness Artistic, curious, imaginative, insightful, original, wide interests Unique contacts called 0.17 Table 1: The five dimensions of the “Big Five ” personality model. Source: McCrae and Joh 1992. -0.13 - 0.13 Unique contacts SMS sent to A Swiss study in collaboration with showed that these “Big Five” Nokia Research Ø word length (sent) 0.14 - 0.15 Recording a with an accuracy of up personality traits can be predicted based on smartphone metadat smartphone aits having p<0.01, ranked by absolute value of r Table 3: Pairwise correlations between features and tr Source: Chittaranjan et al 2011 to 75,9% (see Chittaranjan et al 2011). At first 83 persons wer e asked to assess usage Second, their communication b ehavior was tracked themselves using a questionnaire. lity of certain personality tr The table above shows the probabi aits based on data about A lack of For example, the following using special software installed on their phones for 8 months. er number of calls, were smartphone usage. For example, participants who received a high emotional data was recorded: r = 0.15). In contrast, more likely to be agreeable (r = 0.20) and emotionally stable ( stability? app more, were less likely to be open for new experience participants who used the Office Category Which data was recorded and analyzed? 23 (r=-0.26). Relationships with a c orrelation coeff icient < 0.5 a re weak but still exist. App usage N umber of times the following apps were used: Office, Internet, Maps, Mail, Video/Audio/Music, YouTube, Calendar, Camera, Chat, SMS, Games Furthermore, a machine learning model was developed to automatically classify users Rating users Call logs N umber of incoming/outgoing/missed calls, number of unique contacts called and based on their smartphone metadata. unique contacts who called, average duration of incoming/outgoing calls, ... score a) low or b) high in these personality traits? Do participants Prediction accuracy ... of received/sent text messages, number of recipients/senders, Ø word length, Number logs SMS 71.5 % Emotional Stability most common Bluetooth ID is seen, ... Bluetooth Number of unique Bluetooth IDs, times 75.9 % Extraversion rsonality traits. Source: Chittaranja et al 2011 Table 2: Recorded mobile phone data to predict pe 69.3 % Openness for Experience ta that provides information ab out other data”, also known Chittaranjan et al. recorded “da Phone usage Conscientiousness 74.5 % 21 20 – Applying multiple regression not the contents of the communication. as metadata and 69.6 % Agreeableness personality Table 4: Accuracy of predicting personality traits from phone data. Source: Chittaranjan et al 2011 lows individuals to be scheme was used, which only al Although a binary classification Significantly shows that it is possible to rated as either low or high in one of the five dimensions, this above chance 16 McCrae, R. R.; John, O. P. (1992): An introduction to the five -factor model and its Applications. infer the personality type of users based on phone usage with u p to 75.9% accuracy, Journal of Personality, 60, pp.175-215. Online: which is significantly above chance. http://www.workplacebullying.org/ multi/pdf/5factor-theory.pdf 17 John, Oliver P.; Naumann, Laura P.; Soto, Christopher J. (2008): Paradigm Shift to the Integrative and ENS Lyon Researchers of MIT , Harvard limited themselves even more and only used Another study Big Five Trait Taxonomy. Handboo earch. 3. Edition, pp. 114-117. k of Personality Theory and Res 24 which all carriers keep abo ut their customers – the so-called Call Data Records (CDR), based on phone .edu/~johnlab/2008chapter.pdf Online: http://www.ocf.berkeley 25 . Their study (see ” same records that governments are accessing for ”data retention logs 18 racy of its theoretical basis. For There are also assessments doubting the significance and accu Montjoye et al 2013) was based on both questionnaires and mobil e phone logs of 69 r analysis is criticized, see e.g. Block, example, its explicit focusing on the statistic method of facto Jack (2010): "The five-factor framing of personality and beyond : Some ruminations". Psychological participants in the United States. Data was recorded over 14 mo nths with software Inquiry 21 (1): 2–25. Online: http://psychology.okst k_2010.pdf ate.edu/faculty/jgrice/psyc4333/Block_Jac 19 McCrae, R. R.; John, O. P. (1992): An introduction to the fiv e-factor model and its Applications. Journal of Personality, 60:175-215, 1992. Online: 22 http://www.workplacebullying.org/ multi/pdf/5factor-theory.pdf See e.g. http://www.biostathandb ook.com/multiple regression.htm l 20 23 See e.g. http://www.statstutor.ac.uk/resources/uploaded/pearso http://www.merriam-webster.c om/dictionary/metadata ns.pdf 21 24 could also argue, that information To be precise, due to different definitions of “metadata” one See e.g. https://www.privacyinternational.org/node/76 25 See e.g. https://www.epic.org/pr retention.html ivacy/intl/data_ such as the „average word length” of text messages is not metad ata. 17 17 16

18 installed on smartphones. The raw data recorded was divided int o groups of indicators, for example: 2.2.4 and their web searches ymous website visitors Analyzing anon Category Evaluated Data Several studies focus on how to s users doing web infer personality from anonymou calls and text messages, variance E.g. Average time interval between Regularity searches or visiting websites. Diversity E.g. Entropy of contacts, contacts to interactions ratio, number of contacts Microsoft Research At the University of Cambridge , a study in cooperation with about Personality E.g. Daily distance traveled, number and entropy of visited places Movement “Personality and Website Choice” was conducted, which determine d correlations between profiles based mmunication, response rates Active Behaviour Eg. Percent of self-initiated co visited websites and, again, the “Big Five” (see Kosinski et al 2012). More than 160 000 on website Table 5: Evaluated mobile phone data. Source: Montjoye et al 2013 app Facebook oned rovided by the previously menti users were evaluated, data was p ts visi “myPersonality”. Results included “Big Five” profiles of thousa nds of websites, based on After applying a machine learnin g model Montjoye et al. were ab le to classify users along visitors. The following table the personality of their average shows three websites in the they were able to rate three grades of each of the “Big Five” dimensions. For example, traits of the average visitors context of arts and “do it yourself”. The predicted personality participants as low, average or high in neuroticism. A comparis on of the automated of those websites are quite similar: predictions with the personality traits measured by questionnai res lead to the following results: Domain Conscienti- Default Frequ- Neuro- Agreeable - Extra - Open version ness ousness -ness ticism ency deviation c) high in these personality traits? Prediction accuracy Do participants score a) low b) average - 0.42 - 0.05 0.16 - 0.19 3,154 0.40 0.01 deviantART.com – 0. 02 63% Neuroticism 639 - 0.10 -0.16 - 0.23 0.23 Tumblr.com 0.22 0.03 61% Extraversion 612 Etsy.com 0.1 0.03 0.07 -0.26 0.14 0.41 Openness 49% Table 7: “Big Five” profiles of average visitors of three websites. Source: Kosinski et al, 2012 Conscientiousness 51% Agreeableness 51% When “Big Five” website profiles are known for many websites, t hey can be used to ited those websites – estimate the character of unknown, anonymous users who also vis ts from phone data. Source: Montjoye et al 2013 Table 6: Accuracy of predicting personality trai without the need for additional information. nce that personality can be According to the authors, their study “provides the first evide Another study by app, also based on data from the Microsoft Research, myPersonality Age and reliably predicted from standard mobile phone logs”. On average , the results were 42% analyzed 133 million search querie s from 3.3 million unique use rs of the search engine gender better than random. Bing (see Bi et al 2013). Based on anonymous search queries it was possible to predict the computer-based personality judgments could A newer study from 2015 suggests that Judging ely. Religious and age of users and the gender with 74% and 80% accuracy respectiv (see Youyou et al 2015). Again, be even more accurate than those made by humans personality political views were also inferred rather accurately from web s earches. app. And, Facebook analysis was based on data obtained through the “myPersonality” better than A Belgian study examined the automatic prediction of demographic attributes like gender, Education level again, the researchers Michal Kosinski and David Stillwell were involved. They compared humans? age, level of education and occupation from anonymous website v isitors (See De Bock and and occupation ” using the results of the “accuracy of human and computer-based personality judgments Van den Poel 2010) More than 4,000 users participated in an online survey indicating . questionnaires from 17,622 participants and data about Facebook Likes from 86,220 their demographic information, w hile in parallel their clickstr eam data was extracted out on Facebook Likes (r = participants. Their automated predictions on personality based behavior with regard to of log files of 260 associated Belgian websites. Their surfing icipant’s Facebook friends 0.56) were more accurate than those of people, who are the part visited websites was evaluated based on frequency, duration, th e time of the day and the and filled out a questionnaire (r = 0.49). While the judgements of individuals considered day of the week. After a trainin g and scoring phase, rather rel iable predictions about the , the answers of as “spouse” (r = 0.58) were more exact than the computer models demographic attributes of anonymous visitors of websites were derived: participants considered as “family” (r = 0.50) were also less accurate than the predictions of the machines. Error rate Possible values Attribute Male Gender ; female 4.94 – 6.23 % In addition to the “Big Five” per l further examined “13 life sonality traits, Montjoye et a life ty” such as own to be related to personali outcomes and traits previously sh Age Age 2.92 – 4.05 % and older 12-17; age 18-24; age 25-34; age 35-44; age 45-54; age 55 satisfaction, impulsivity, depression, sensationalist interest, political orientation, Top 1.99 – 3.01 % management; middle management; farmer, craftsman, small Occupation substance use and physical health . As a result the “validity of the computer judgments” ; blue collar worker; housewife / business owner; white collar worker was again “higher than that of human judges in 12 of the 13 cri teria”. They state that houseman; retired; unemployed; student; other Likes “represent one of the mos t generic kinds of digital foot Facebook print” and that their Education 2.56 – 4.03 % None or prima ry/elementary; lower/junior high school; high school; e areas of psychological results present “significant opportunities and challenges in th college; university or higher level assessment, marketing, and privacy”. om website visits. Source: De Bock vel of education and occupation fr Table 8: Predicting gender, age, le and Van den Poel 2010 The indicated error rates represent the average absolute error of the estimations in percentage. 18 19 18

19 installed on smartphones. The raw data recorded was divided int o groups of indicators, for example: and their web searches ymous website visitors Analyzing anon 2.2.4 Category Evaluated Data Several studies focus on how to infer personality from anonymou s users doing web E Regularity .g. Average time interval between calls and text messages, variance searches or visiting websites. .g. Entropy of contacts, contacts to interactions ratio, number of contacts Diversity E , a study in cooperation with Microsoft Research about At the University of Cambridge Personality E .g. Daily distance traveled, number and entropy of visited places Movement d correlations between “Personality and Website Choice” was conducted, which determine profiles based Eg. Active Behaviour Percent of self-initiated co mmunication, response rates 2012). More than 160 000 visited websites and, again, the “Big Five” (see Kosinski et al on website Table 5: Evaluated mobile phone data. Source: Montjoye et al 2013 rovided by the previously menti oned Facebook app users were evaluated, data was p ts visi “myPersonality”. Results included “Big Five” profiles of thousa nds of websites, based on le to classify users along After applying a machine learnin g model Montjoye et al. were ab shows three websites in the the personality of their average visitors. The following table three grades of each of the “Big Five” dimensions. For example, they were able to rate context of arts and “do it yourself”. The predicted personality traits of the average visitors participants as low, average or high in neuroticism. A comparis on of the automated of those websites are quite similar: predictions with the personality traits measured by questionnai res lead to the following results: Default Neuro- Agreeable Extra- Conscienti- - Open Frequ- Domain ousness ency ticism ness deviation version -ness Do participants score a) low b) average c) high in these personality traits? Prediction accuracy - 0.05 - 0.42 - 0.19 0.40 deviantART.com – 0. 02 0.01 3,154 0.16 Neuroticism 63% 0.23 - 0.23 -0.16 - 0.10 Tumblr.com 639 0.03 0.22 Extraversion 61% 0.07 -0.26 0.14 0.41 0.1 Etsy.com 612 0.03 Openness 49% Table 7: “Big Five” profiles of average visitors of three websites. Source: Kosinski et al, 2012 Conscientiousness 51% When “Big Five” website profiles are known for many websites, t hey can be used to Agreeableness 51% ited those websites – estimate the character of unknown, anonymous users who also vis Table 6: Accuracy of predicting personality trai ts from phone data. Source: Montjoye et al 2013 without the need for additional information. According to the authors, their study “provides the first evide nce that personality can be myPersonality Microsoft Research, also based on data from the app, Another study by Age and reliably predicted from standard mobile phone logs”. On average , the results were 42% analyzed 133 million search querie rs of the search engine s from 3.3 million unique use gender better than random. anonymous search queries it was possible to predict the Bing (see Bi et al 2013). Based on computer-based personality judgments could A newer study from 2015 suggests that Judging ely. Religious and age of users and the gender with 74% and 80% accuracy respectiv (see Youyou et al 2015). Again, be even more accurate than those made by humans personality political views were also inferred rather accurately from web s earches. analysis was based on data obtained through the “myPersonality” Facebook app. And, better than A Belgian study examined the automatic prediction of demographic attributes like gender, Education level involved. They compared again, the researchers Michal Kosinski and David Stillwell were humans? age, level of education and occupation from anonymous website v isitors (See De Bock and and occupation the “accuracy of human and computer-based personality judgments ” using the results of Van den Poel 2010) More than 4,000 users participated in an online survey indicating . data about Facebook Likes from 86,220 questionnaires from 17,622 participants and hile in parallel their clickstr eam data was extracted out their demographic information, w on Facebook Likes (r = participants. Their automated predictions on personality based behavior with regard to of log files of 260 associated Belgian websites. Their surfing 0.56) were more accurate than those of people, who are the part icipant’s Facebook friends visited websites was evaluated based on frequency, duration, th e time of the day and the and filled out a questionnaire (r = 0.49). While the judgements of individuals considered g and scoring phase, rather rel iable predictions about the day of the week. After a trainin as “spouse” (r = 0.58) were more exact than the computer models , the answers of demographic attributes of anonymous visitors of websites were derived: participants considered as “family” (r = 0.50) were also less accurate than the predictions of the machines. Attribute Error rate Possible values 4.94 – 6.23 % ; female Gender Male In addition to the “Big Five” per l further examined “13 life sonality traits, Montjoye et a outcomes and traits previously sh own to be related to personali ty” such as life Age and older 2.92 – 4.05 % Age 12-17; age 18-24; age 25-34; age 35-44; age 45-54; age 55 satisfaction, impulsivity, depression, sensationalist interest, political orientation, 1.99 – 3.01 % Occupation Top management; middle management; farmer, craftsman, small substance use and physical health . As a result the “validity of the computer judgments” ; blue collar worker; housewife / business owner; white collar worker teria”. They state that was again “higher than that of human judges in 12 of the 13 cri houseman; retired; unemployed; student; other Likes “represent one of the mos t generic kinds of digital foot print” and that their Facebook None or prima ry/elementary; lower/junior high school; high school; 2.56 – 4.03 % Education results present “significant opportunities and challenges in th e areas of psychological level college; university or higher assessment, marketing, and privacy”. vel of education and occupation fr Table 8: Predicting gender, age, le om website visits. Source: De Bock and Van den Poel 2010 The indicated error rates represent the average absolute error of the estimations in percentage. 19 19 18

20 2.2.5 yboard typing patterns Recognizing emotions from ke When the prediction model was subsequently extended to include the mobility data from user’s friends, the uld be reduced to less than 20 average error of the prediction co A Canadian study dealt with the recognition of user emotion by analyzing the rhythm of 27 rived based on The friendship relation between two users was, for example, de meters . their typing patterns on a standard keyboard (see Epp et al 201 1). 12 participants were one of them appearing in the address book of others. monitored for 4 weeks using specific software, , and which recorded every keystroke The researchers outline that previous work has already shown th at “human movement is Use cases? l states throughout their tionnaire about their emotiona showed a dialog with a short ques predictable to a certain extent at different geographic scales” (De Domenico et al 2012, p. day. contains a small number of 1). In their study, they point to the fact that their “dataset icipants. The researchers Recorded data included all key press and release events of part Typing e claims about the general vali users, so it is difficult to mak dity of this finding” (ibid., p. 4). rouped keystrokes into two- then analyzed the timing of single keystroke events, but also g patterns on a social contacts can increase However, the authors show that knowledge about a user’s letter (e.g. “ab”, “cd”) and thre ombinations, and prepared it as e-letter (e.g. “asd”, “sdf”) c standard asting movements of the accuracy of predictions about that user considerably. Forec follows: ard keybo people based on digital records could be used in several fields from marketing to governments. For example, could keep a special eye on law enforcement authorities -letter combinations Three -letter combinations Two people whose movements don’t conform to the predicted ones. pressed & key 2 pressed between key 1 pressed & key 2 pressed Duration between key 1 Duration between key 1 Duration Duration between key 2 pressed & key 3 pressed pressed & key 2 released Predicting romantic relations a nd job success from Facebook data 2.2.7 Duration Dura tion between key 1 released & key 2 pressed between key 1 pressed & key 3 released in direct collaboration with Facebook in 2013, analyzed A study, which was conducted ... ... data from 1.3 million randomly chosen users who had between 50 and 2,000 friends, and Table 9: Keyboard input evaluated. Source: Epp et al, 2011 who list a “relationship status” kstrom et al 2013). in their user profile (see Bac number of mistakes Additionally, they prepared variables like the (backspace and delete Many mistakes The focus of the analysis was to examine relationships amongst users. The basic question Identifying (e.g. punctuation, numbers). Longer pauses number of special characters keys) and the in typing? under consideration was: “given all the connections among a per son’s friends, can you partners and in typing were excluded. After applying machine learning models and classification e alone?” To recognize recognize his or her romantic partner from the network structur predicting algorithms, they achieved rather impressive results: was number of mutual friends romantic relationships between two users, not only the ps breaku examined but also how deeply those friends were . Using machine interconnected Nervousness Tired Sadness Hesitancy Relaxation Confidence hers were able to identify the true partner from the user’s learning algorithms, the researc 83% 82% 83% 84% 88% 77% s . To a limited extent they were even able to predict if couple 60% of cases friends list in Table 10: Accuracy of predicting emotional states from keystroke dynamics. Source: Epp et al, 2011 will separate in near future. Couples, who declared a relations hip status in their profile, by the algorithm, had a 50% higher probability of not recognized as couples but were Although those predictions are dichotomous (e.g. more or less “ nervous”), they were able Up to 88% separation within 2 months. to automatically identify emotio nal states of users based on th eir keystroke dynamics with accuracy an accuracy of up to 88%, which is clearly above chance (50%). between individuals offers a large analysis of social networks As this study reveals, the Experiments as phone and email contacts potential for predictive analytics. Other digital records such on users is an important part of The researchers suggest that the “ability to recognize emotions between people offer similar options. building intelligent computers” and see their work in the conte xt of “affective computing”, which refers to “computing that relates to, arises from, or del iberately influences 29 28 During a very controversial regularly conducts experiments on users. Facebook 26 In their related work section, Epp et al state that in prior a pproaches, emotions”. experiment leading to a study published in 2014, not only the b ehavior of users was computers successfully identified emotional states based on “fa cial expressions, gestures, was manipulated (see analyzed without their knowledge, but also the user’s newsfeed vocal intonation, and language”. Keystroke dynamics have also b een successfully used to Kramer et al 2014). identify and authenticate users. 2.2.6 nts based on phone data Forecasting future moveme De-anonymization and re-identification 2.3 Based on the analysis of smartph researchers in the U.K. one data from 25 participants, I know where were able to predict what the participants’ probable geographic position would be 24 you will be In many fields from scientific research to digital communicatio n technology data sets, ble to exploit the hours later. In their study from 2012, De Domenico et al were a tomorrow... which include information on individuals, are anonymized or pse udonymized to protect correlation between movement data and social interactions in order to improve the individuals. user. accuracy of forecasting of the future geographic position of a Using data logs from 25 phones, including “GPS traces, telephon e numbers, call and SMS Mobility data history, Bluetooth and WLAN histo the future GPS coordinates ry”, the scientists forecasted from friends 27 re Going. MIT Technology See also: Talbot, David (2012) : A Phone that Knows Where You' ge error of 1,000 meters. of the users based on their movement. This resulted in an avera ://www.technologyreview.com/new s/428441/a-phone-that- Review, 09.07.2012. Online: http knows-where-youre-going/ [06.06.2016] 28 Hill, Kashmir (2014): 10 Other Facebook Experiments On Users, Rated On A Highly-Scientific mirhill/2014/07/10/facebook- WTF Scale. Forbes, 10.07.2014. http://www.forbes.com/sites/kash experiments-on-users [27.07.2016] 29 26 Picard, R.W. Affective Computing. MIT Press, Cambridge, 1997, p.3 See e.g. Tufekci (2014) 20 21 20

21 When the prediction model was subsequently extended to include the mobility data from yboard typing patterns 2.2.5 Recognizing emotions from ke uld be reduced to less than 20 average error of the prediction co user’s friends, the A Canadian study dealt with the recognition of user emotion by analyzing the rhythm of 27 The friendship relation between two users was, for example, de rived based on . meters 1). 12 participants were their typing patterns on a standard keyboard (see Epp et al 201 one of them appearing in the address book of others. which recorded every keystroke , and monitored for 4 weeks using specific software, at “human movement is The researchers outline that previous work has already shown th Use cases? tionnaire about their emotiona l states throughout their showed a dialog with a short ques at different geographic scales” (De Domenico et al 2012, p. predictable to a certain extent day. 1). In their study, they point to the fact that their “dataset contains a small number of icipants. The researchers Recorded data included all key press and release events of part Typing users, so it is difficult to mak e claims about the general vali dity of this finding” (ibid., p. 4). rouped keystrokes into two- then analyzed the timing of single keystroke events, but also g patterns on a However, the authors show that knowledge about a user’s social contacts can increase letter (e.g. “ab”, “cd”) and thre e-letter (e.g. “asd”, “sdf”) c ombinations, and prepared it as standard the accuracy of predictions about that user considerably. Forec asting movements of follows: ard keybo people based on digital records could be used in several fields from marketing to governments. For example, law enforcement authorities could keep a special eye on -letter combinations Three -letter combinations Two people whose movements don’t conform to the predicted ones. Duration between key 1 pressed & key 2 pressed Duration 2 pressed between key 1 pressed & key between key 1 pressed & key 2 released Duration between key 2 pressed & key 3 pressed Duration 2.2.7 nd job success from Facebook data Predicting romantic relations a key 1 released & key 2 pressed Duration between key 1 pressed & key 3 released Dura tion between in 2013, analyzed A study, which was conducted Facebook in direct collaboration with ... ... randomly chosen users who had between 50 and 2,000 friends, and data from 1.3 million Table 9: Keyboard input evaluated. Source: Epp et al, 2011 who list a “relationship status” kstrom et al 2013). in their user profile (see Bac number of mistakes Additionally, they prepared variables like the (backspace and delete Many mistakes The focus of the analysis was to examine relationships amongst users. The basic question Identifying number of special characters (e.g. punctuation, numbers). Longer pauses keys) and the in typing? son’s friends, can you under consideration was: “given all the connections among a per partners and and classification in typing were excluded. After applying machine learning models e alone?” To recognize recognize his or her romantic partner from the network structur predicting algorithms, they achieved rather impressive results: was number of mutual friends romantic relationships between two users, not only the ps breaku interconnected . Using machine examined but also how deeply those friends were Tired Relaxation Nervousness Hesitancy Sadness Confidence learning algorithms, the researc hers were able to identify the true partner from the user’s 82% 77% 88% 83% 84% 83% . To a limited extent they were even able to predict if couple friends list in s 60% of cases Table 10: Accuracy of predicting emotional states from keystroke dynamics. Source: Epp et al, 2011 will separate in near future. Couples, who declared a relations hip status in their profile, but were by the algorithm, had a 50% higher probability of not recognized as couples Although those predictions are dichotomous (e.g. more or less “ nervous”), they were able Up to 88% separation within 2 months. to automatically identify emotio eir keystroke dynamics with nal states of users based on th accuracy an accuracy of up to 88%, which is clearly above chance (50%). between individuals offers a large analysis of social networks As this study reveals, the Experiments potential for predictive analytics. Other digital records such as phone and email contacts on users is an important part of The researchers suggest that the “ability to recognize emotions between people offer similar options. building intelligent computers” and see their work in the conte xt of “affective computing”, which refers to “computing that relates to, arises from, or del iberately influences 29 28 During a very controversial regularly conducts experiments on users. Facebook 26 In their related work section, Epp et al state that in prior a pproaches, emotions”. experiment leading to a study published in 2014, not only the b ehavior of users was computers successfully identified emotional states based on “fa cial expressions, gestures, was manipulated (see analyzed without their knowledge, but also the user’s newsfeed vocal intonation, and language”. Keystroke dynamics have also b een successfully used to Kramer et al 2014). identify and authenticate users. 2.2.6 nts based on phone data Forecasting future moveme De-anonymization and re-identification 2.3 Based on the analysis of smartph researchers in the U.K. one data from 25 participants, I know where were able to predict what the participants’ probable geographic position would be 24 you will be In many fields from scientific research to digital communicatio n technology data sets, ble to exploit the hours later. In their study from 2012, De Domenico et al were a tomorrow... which include information on individuals, are anonymized or pse udonymized to protect correlation between movement data and social interactions in order to improve the individuals. user. accuracy of forecasting of the future geographic position of a Using data logs from 25 phones, including “GPS traces, telephon e numbers, call and SMS Mobility data history, Bluetooth and WLAN histo the future GPS coordinates ry”, the scientists forecasted from friends 27 re Going. MIT Technology See also: Talbot, David (2012) : A Phone that Knows Where You' ge error of 1,000 meters. of the users based on their movement. This resulted in an avera ://www.technologyreview.com/new s/428441/a-phone-that- Review, 09.07.2012. Online: http knows-where-youre-going/ [06.06.2016] 28 Hill, Kashmir (2014): 10 Other Facebook Experiments On Users, Rated On A Highly-Scientific mirhill/2014/07/10/facebook- WTF Scale. Forbes, 10.07.2014. http://www.forbes.com/sites/kash experiments-on-users [27.07.2016] 29 26 Picard, R.W. Affective Computing. MIT Press, Cambridge, 1997, p.3 See e.g. Tufekci (2014) 21 21 20

22 Pseudonymization utes involves the replacement of names and other identifying attrib ile phone users and obility data of 1.5 million mob A study from 2013 analyzed the m Anonymized 4 data points The EU General Data its. with pseudonyms, for example by combinations of letters and dig proved that just four spatio-temporal data points were enough t o uniquely identify 95% of - and de are enough Protection Regulation defines it as the “processing of personal data in such a manner that four times and locations where users made or received the users. The combination of identified be attributed to a specific dat the personal data can no longer a subject without the use of nt people (see Montjoye et al calls 2013b). According to is highly unique amongst differe 30 When additional information, fo r example how names relate to additional information”. was another study, a combination of just four apps installed on a users’ smartphone pseudonyms, is known, pseudonymity can be easily reverted. In c ontrast, the purpose of ith lists of installed apps of sufficient to re-identify 95% of the users amongst a data set w is to get rid of any information that would allow the re-ident anonymization ification of (Achara et al 2015). It might be reasonably assumed that other 54,893 smartphone users individuals. There are many challenging aspects and concepts ar ound pseudonymity and types of similar data such as Facebook and purchases, search terms, visited websites anonymity (see Pfitzmann and Hansen 2010). provide similar results. Likes tes should be considered as Besides the fact that different assessments about which attribu ractice to re-identify users. Academic studies aside, such technologies are already used in p “personally-identifiable”, many of today’s companies are using terms such as browser fingerprints For example, online marketers and data brokers use device or 31 There are also “anonymized” or “de-identified” in ambiguous or even wrong ways . their web fingerprints to re-identify users based on t he specific characteristics of mple Paul Ohm (2009) fundamental problems concerning anonymization today, as for exa a from iris, voice and face seeBujlow et al 2015). Also biometric dat browsers and devices ( showed. keystrokes and mouse dynamics (see Mudholkar recognition as well as analyses of ingerprints or DNA profiles. people – akin to traditional f 2012) can be used to re-identify ed data records it may Depending on the kind and quantity of anonymized or pseudonymiz Re-identify still be possible to identify a person. If, for example, a smal l data set doesn’t contain names, but instead , it is often possible to identify a person by initials and birthdates means of additional databases or , for example because the publicly available information 32 A study from 1990 discovered that combination of initials and birthdates is often unique. zip code, gender and birth date was unique for 216 of 248 million the combination of e makes identification possible . Consequently, data U.S. citizens (87%) and therefor records with names removed but zip codes, gender and birth dates still included cannot be t is not sufficient to only rem seen as anonymized. Therefore, i ove obviously identifying to anonymize data information such as name, social insurance number or IP address records. The more detailed a data record is, the more potential links to other sources. In addition, „Anonymous“ y a person, even if data seems the better the technologies use are the easier it is to identif searches to be anonymized. Since more and more various data about indivi duals is stored, this issue AOL published detailed “anonymous” log became increasingly severe. When, for example, files about web searches of 675,000 users in 2006, some of them could be identified just based on their search history (see Ohm 2009). In recent years, elaborate statistical methods for de-anonymiza tion were developed. „Anonymous“ When Netflix published an “anonymized” data set containing movi e ratings of 500,000 movie ratings subscribers in 2006, a study show easily identified, when a ed that a subscriber could be bit of background knowledge abou t this person was available. To achieve this, researchers Netflix compared and linked the “anony mized” movie ratings of the subscribers with , where users often used their real publicly available reviews on the website imdb.com imdb.com names. On average between two and eight reviews from were needed to identify see Narayanan and Shmatikov 200 8). persons in the Netflix dataset ( 30 Full definition: pseudonymization means the “processing of pe rsonal data in such a manner that the personal data can no longer be attributed to a specifi c data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the per sonal data are not attributed to an identified or identifiable natural person” (see EU 2016). 31 See chapter 5.6 32 Pelleter, Jörg (2011): Organisatorische und institutionelle H erausforderungen bei der Implementierung von Integrierten Versorgungskonzepten am Beispi el der Telemedizin. Schriften zur Gesundheitsökonomie, Univers ität Erlangen Lehrstuhl für Ges undheitsmanagement, S. 296ff 22 23 22

23 ile phone users and obility data of 1.5 million mob A study from 2013 analyzed the m Pseudonymization utes involves the replacement of names and other identifying attrib Anonymized 4 data points The EU General Data proved that just four spatio-temporal data points were enough t o uniquely identify 95% of its. with pseudonyms, for example by combinations of letters and dig - and de are enough Protection Regulation defines it as the “processing of personal data in such a manner that four times and locations where users made or received the users. The combination of identified be attributed to a specific dat the personal data can no longer a subject without the use of nt people (see Montjoye et al calls 2013b). According to is highly unique amongst differe 30 When additional information, fo r example how names relate to additional information”. was another study, a combination of just four apps installed on a users’ smartphone pseudonyms, is known, pseudonymity can be easily reverted. In c ontrast, the purpose of ith lists of installed apps of sufficient to re-identify 95% of the users amongst a data set w is to get rid of any information that would allow the re-ident anonymization ification of (Achara et al 2015). It might be reasonably assumed that other 54,893 smartphone users individuals. There are many challenging aspects and concepts ar ound pseudonymity and types of similar data such as Facebook and purchases, search terms, visited websites anonymity (see Pfitzmann and Hansen 2010). provide similar results. Likes tes should be considered as Besides the fact that different assessments about which attribu ractice to re-identify users. Academic studies aside, such technologies are already used in p “personally-identifiable”, many of today’s companies are using terms such as browser fingerprints For example, online marketers and data brokers use device or 31 There are also “anonymized” or “de-identified” in ambiguous or even wrong ways . their web fingerprints to re-identify users based on t he specific characteristics of mple Paul Ohm (2009) fundamental problems concerning anonymization today, as for exa a from iris, voice and face seeBujlow et al 2015). Also biometric dat browsers and devices ( showed. keystrokes and mouse dynamics (see Mudholkar recognition as well as analyses of ingerprints or DNA profiles. people – akin to traditional f 2012) can be used to re-identify ed data records it may Depending on the kind and quantity of anonymized or pseudonymiz Re-identify still be possible to identify a person. If, for example, a smal l data set doesn’t contain names, but instead , it is often possible to identify a person by initials and birthdates means of additional databases or , for example because the publicly available information 32 A study from 1990 discovered that combination of initials and birthdates is often unique. zip code, gender and birth date was unique for 216 of 248 million the combination of e makes identification possible . Consequently, data U.S. citizens (87%) and therefor records with names removed but zip codes, gender and birth dates still included cannot be t is not sufficient to only rem seen as anonymized. Therefore, i ove obviously identifying to anonymize data information such as name, social insurance number or IP address records. The more detailed a data record is, the more potential links to other sources. In addition, „Anonymous“ y a person, even if data seems the better the technologies use are the easier it is to identif searches to be anonymized. Since more and more various data about indivi duals is stored, this issue AOL published detailed “anonymous” log became increasingly severe. When, for example, files about web searches of 675,000 users in 2006, some of them could be identified just based on their search history (see Ohm 2009). In recent years, elaborate statistical methods for de-anonymiza tion were developed. „Anonymous“ When Netflix published an “anonymized” data set containing movi e ratings of 500,000 movie ratings subscribers in 2006, a study show easily identified, when a ed that a subscriber could be bit of background knowledge abou t this person was available. To achieve this, researchers Netflix compared and linked the “anony mized” movie ratings of the subscribers with , where users often used their real publicly available reviews on the website imdb.com imdb.com names. On average between two and eight reviews from were needed to identify see Narayanan and Shmatikov 200 8). persons in the Netflix dataset ( 30 Full definition: pseudonymization means the “processing of pe rsonal data in such a manner that the personal data can no longer be attributed to a specifi c data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the per sonal data are not attributed to an identified or identifiable natural person” (see EU 2016). 31 See chapter 5.6 32 Pelleter, Jörg (2011): Organisatorische und institutionelle H erausforderungen bei der Implementierung von Integrierten Versorgungskonzepten am Beispi el der Telemedizin. Schriften zur Gesundheitsökonomie, Univers ität Erlangen Lehrstuhl für Ges undheitsmanagement, S. 296ff 23 23 22

24 37 , this is not only about improving logistical business movements and transactions Analyzing Personal Data in Marketin g, Finance, Insurance and Work 3. processes, but also about monitoring and controlling employees. Similarly, when United ! Healthcare tically detect records and analyzes customer calls to call centers, to automa “The privileged, we’ll see time and again, are pr ocessed more by people, the masses by machines” 38 , this data could potentially be l center agents. also used to sort and rate cal dissatisfaction Cathy O’Neill , 2016 nology providers, which Possibly, the same audio analysis technology from the same tech “Data scientists created the means to predict how voters will vote, or how patients will unsatisfied custo in this case is used to identify mers and impr ove service, can be used by ll pay off debts. It wasn’t long before follow treatment protocols, or how borrowers wi fraud prevention companies and intelligence agencies to discove r suspicious behavior proaches could be applied to predicting HR realized the same technologies and ap how employees will behave around key metrics like attrition and performance” 33 n resources consulting firm Talent Analytics, 2014 Greta Roberts, CEO of Huma 3.1 Practical examples of predicting personality from digital records ods applied to The following chapter depicts how Big Data and data mining meth applying the “Big Five” The analysis of personal traits based on digital records, often elds of marketing, retail, information about human beings are already being used in the fi academic papers and has gained popularity in many model, was discussed in numerous insurance, finance and at work. A significant focus is put on areas where these methods different areas. Several websites were launched, letting users automatically calculate their are applied in ways that could impact or harm individuals. “Big Five” profile based on Facebook likes or texts written, fo r example, by the 39 University of Cambridge . of the Psychometrics Centre This section introduces examples in several business fields – s tarting with an overview Examples in about how the predictive models on personality examined in the previous chapters are different fields GCHQ Even the British intelligence agency has used it, as was pointed out by one of the five other In addition, already used in marketing, credit scoring and voter targeting. documents leaked by Edward Snowden. One of the slides shows tha t they had investigated areas were chosen for further exploration, ranging from personalized pricing based on correlations between the five personality traits and web browse rs used – such as Chrome, digital tracking to work, insura nce, finance and risk managemen t. Some fields of 40 Firefox, Safari and Internet Explorer. lack completeness (e.g. his chapter (e.g. education) or application are not covered in t Twitter . IBM predicted the “Big Five” personality traits by analyzing what users posted on Analyzing marketing). Michelle Zhou, the leader of IBM ’s “User Systems and Experience Research Group”, personality for Marketing is one of the areas where the a nalysis and exploitation of per sonal data is explained to Technology Review more desire for rewards and that extroverted persons had marketing precisely understand already very common at a large scale. Customer analytics try to attention – for example, as bonus miles within a frequent flyer program. Call center agents consumers’ behaviors and preferences down to the individual le vel – to attract, avoid, onality. She also believes could react differently, depending on consumers’ predicted pers persuade, retain or to get rid of them. Further examples of com mon practices can be found that customer conversion rates could become higher if this kind of knowledge is taken in chapters 4 and 5 about data-gathering devices and data broke rs. into consideration– for example, in order to identify the custo mers that are susceptible to 41 marketing emails or phone calls. It is often between different areas of application. An app like difficult to draw the line Across contexts BagIQ , which offers consumers to calc ulate a health score from autom atically logged and purposes goes beyond testing. They use online quizzes and “psychometric ” personality VisualDNA Online quizzes 34 loyalty as well as to health. online and offline food purchases, is related to marketing and 42 40 . Up to now the tests were taken by more than tests to gather data from consumers ng aspects of consumer While digital marketing technology is more and more incorporati 43 Based on the collecte d data and analytics “without any paid incentive”. million people es are increasingly using scoring and risk management, insurers and credit rating compani has created personality profiles, which could be used to predict a wide range of VisualDNA data about individuals, which we social media, marketing and re collected in the context of 44 45 across the globe: people e “Big Five”, for 500 million personal attributes, including th 35 has already registered a pa tent about credit scoring. online advertising. Facebook cial network platforms, on Predictive technologies such as face recognition are used on so Marketing, 36 n and law enforcement. consumer devices as well as for marketing, identity verificatio fraud and Fraud analytics based on vast am ounts of data from different so urces is used by employment lso to prevent benefits intelligence agencies as well as by insurance companies – and a fraud and social program abuse (see chapter 3.5). When tracks and analyzes package UPS 37 anies. SAS Institute, May 2013. Davenport, Thomas H., Jill Dyché (2013): Big Data in Big Comp -in-Big-Comp Online: http://www.sas. com/resources/ anies.pdf [01.08.2016] asset/Big-Data 38 Ibid. 39 For example: http://applymagicsauce.com [01.08.2016] 40 33 Roberts, Greta (2014): Making The Business Case For Predictiv on 2012. Online: NBC News Investigations: GCHQ PowerPoint Slideshow Presentati e Talent Analytics. SAP http://www.statewatch.org/news/201 4/apr/snowden_youtube_nbc_doc ument.pdf [01.08.2014] Business Innovation, 12.05.2014. Online: http://blogs.sap.com/i nnovation/human- 41 0921 [01.08.2016] resources/making-business-case-predictive-talent-analytics-0125 ert (on Twitter). MIT Simonite, Tom (2013): Ads Could Soon Know If You’re an Introv 34 Technology Review, 08.11.2013. Online: http://www.technologyrev iew.com/news/520671/ads- https://bagiq.com [01.08.2016] 35 could-soon-know-if-youre-an-introvert-on-twitter [01.08.2016] nology/archive/2015/09/faceboo ks-new-patent-and- http://www.theatlantic.com/tech 42 6] http://www.visualdna.com/press- and-news/?p_id=7601 [01.08.201 digital-redlining/407287/ [25.01.2016] 36 43 See e.g. Wadhwa, Tarun (2016): How Facial Recognition Will So on End Anonymity. Heatstreet, http://www.visualdna.com/profiling [01.08.2016] 44 tion-will-soon-end-anonymity June 2, 2016. Online: http://heatst.com/tech/how-facial-recogni http://www.visualdna.com/press- and-news/?p_id=7601 [01.08.201 6] 45 [01.08.2016] http://www.visualdna.com/profiling [01.08.2016] 24 25 24

25 37 movements and transactions , this is not only about improving logistical business Analyzing Personal Data in Marketin g, Finance, Insurance and Work 3. processes, but also about monitoring and controlling employees. Similarly, when United ! Healthcare tically detect records and analyzes customer calls to call centers, to automa “The privileged, we’ll see time and again, are pr ocessed more by people, the masses by machines” 38 , this data could potentially be l center agents. also used to sort and rate cal dissatisfaction Cathy O’Neill , 2016 nology providers, which Possibly, the same audio analysis technology from the same tech “Data scientists created the means to predict how voters will vote, or how patients will unsatisfied custo in this case is used to identify mers and impr ove service, can be used by ll pay off debts. It wasn’t long before follow treatment protocols, or how borrowers wi fraud prevention companies and intelligence agencies to discove r suspicious behavior proaches could be applied to predicting HR realized the same technologies and ap how employees will behave around key metrics like attrition and performance” 33 n resources consulting firm Talent Analytics, 2014 Greta Roberts, CEO of Huma 3.1 Practical examples of predicting personality from digital records ods applied to The following chapter depicts how Big Data and data mining meth applying the “Big Five” The analysis of personal traits based on digital records, often elds of marketing, retail, information about human beings are already being used in the fi academic papers and has gained popularity in many model, was discussed in numerous insurance, finance and at work. A significant focus is put on areas where these methods different areas. Several websites were launched, letting users automatically calculate their are applied in ways that could impact or harm individuals. “Big Five” profile based on Facebook likes or texts written, fo r example, by the 39 University of Cambridge . of the Psychometrics Centre This section introduces examples in several business fields – s tarting with an overview Examples in about how the predictive models on personality examined in the previous chapters are different fields GCHQ Even the British intelligence agency has used it, as was pointed out by one of the five other In addition, already used in marketing, credit scoring and voter targeting. documents leaked by Edward Snowden. One of the slides shows tha t they had investigated areas were chosen for further exploration, ranging from personalized pricing based on correlations between the five personality traits and web browse rs used – such as Chrome, digital tracking to work, insura nce, finance and risk managemen t. Some fields of 40 Firefox, Safari and Internet Explorer. lack completeness (e.g. his chapter (e.g. education) or application are not covered in t Twitter . IBM predicted the “Big Five” personality traits by analyzing what users posted on Analyzing marketing). Michelle Zhou, the leader of IBM ’s “User Systems and Experience Research Group”, personality for Marketing is one of the areas where the a nalysis and exploitation of per sonal data is explained to Technology Review more desire for rewards and that extroverted persons had marketing precisely understand already very common at a large scale. Customer analytics try to attention – for example, as bonus miles within a frequent flyer program. Call center agents consumers’ behaviors and preferences down to the individual le vel – to attract, avoid, onality. She also believes could react differently, depending on consumers’ predicted pers persuade, retain or to get rid of them. Further examples of com mon practices can be found that customer conversion rates could become higher if this kind of knowledge is taken in chapters 4 and 5 about data-gathering devices and data broke rs. into consideration– for example, in order to identify the custo mers that are susceptible to 41 marketing emails or phone calls. It is often between different areas of application. An app like difficult to draw the line Across contexts BagIQ , which offers consumers to calc ulate a health score from autom atically logged and purposes goes beyond testing. They use online quizzes and “psychometric ” personality VisualDNA Online quizzes 34 loyalty as well as to health. online and offline food purchases, is related to marketing and 42 40 . Up to now the tests were taken by more than tests to gather data from consumers ng aspects of consumer While digital marketing technology is more and more incorporati 43 Based on the collecte d data and analytics “without any paid incentive”. million people es are increasingly using scoring and risk management, insurers and credit rating compani has created personality profiles, which could be used to predict a wide range of VisualDNA data about individuals, which we social media, marketing and re collected in the context of 44 45 across the globe: people e “Big Five”, for 500 million personal attributes, including th 35 has already registered a pa tent about credit scoring. online advertising. Facebook cial network platforms, on Predictive technologies such as face recognition are used on so Marketing, 36 n and law enforcement. consumer devices as well as for marketing, identity verificatio fraud and Fraud analytics based on vast am ounts of data from different so urces is used by employment lso to prevent benefits intelligence agencies as well as by insurance companies – and a fraud and social program abuse (see chapter 3.5). When tracks and analyzes package UPS 37 anies. SAS Institute, May 2013. Davenport, Thomas H., Jill Dyché (2013): Big Data in Big Comp -in-Big-Comp Online: http://www.sas. com/resources/ anies.pdf [01.08.2016] asset/Big-Data 38 Ibid. 39 For example: http://applymagicsauce.com [01.08.2016] 40 33 Roberts, Greta (2014): Making The Business Case For Predictiv on 2012. Online: NBC News Investigations: GCHQ PowerPoint Slideshow Presentati e Talent Analytics. SAP http://www.statewatch.org/news/201 4/apr/snowden_youtube_nbc_doc ument.pdf [01.08.2014] Business Innovation, 12.05.2014. Online: http://blogs.sap.com/i nnovation/human- 41 0921 [01.08.2016] resources/making-business-case-predictive-talent-analytics-0125 ert (on Twitter). MIT Simonite, Tom (2013): Ads Could Soon Know If You’re an Introv 34 Technology Review, 08.11.2013. Online: http://www.technologyrev iew.com/news/520671/ads- https://bagiq.com [01.08.2016] 35 could-soon-know-if-youre-an-introvert-on-twitter [01.08.2016] nology/archive/2015/09/faceboo ks-new-patent-and- http://www.theatlantic.com/tech 42 6] http://www.visualdna.com/press- and-news/?p_id=7601 [01.08.201 digital-redlining/407287/ [25.01.2016] 36 43 See e.g. Wadhwa, Tarun (2016): How Facial Recognition Will So on End Anonymity. Heatstreet, http://www.visualdna.com/profiling [01.08.2016] 44 tion-will-soon-end-anonymity June 2, 2016. Online: http://heatst.com/tech/how-facial-recogni http://www.visualdna.com/press- and-news/?p_id=7601 [01.08.201 6] 45 [01.08.2016] http://www.visualdna.com/profiling [01.08.2016] 25 25 24

26 children as well as information a any details about earlier bout voting registration and m voting behavior. From this raw data, the company predicts “swin g” voters and estimates 54 people’s political views, for example: Ideology of Voters Description People who are likely moderate conservatives Moderate conservative People who are likely very conservative Very conservative People who are likely establishment conservatives Establishment conservative L iberal beral leaning People who are likely li Libertarian People who are likely libertarian leaning People who likely support Tea party the Tea Party logy of voters. Source: Cambridge Analytica Table 11: Data models to predict political ideo 55 Figure 1: Types of data offered by VisualDNA. Source: Screenshot VisualDNA website ecific political issues are pr edicted: Also the likely opinions about sp purposes, but also for The company offers its data for marketing and online targeting Credit risk and Description Specific Issues 46 According to their website customer data management and even to predict credit risk . insurance Fiscally Responsible Pe ople who are likely to oppose government spending ian, Callcredit and MasterCard across four continents to they started to work with “Exper Pro life People who have a high likelihood of being pro -life 47 MasterCard states in a ions and even billions of people ”. find banking solutions for mill Pro environment People who have a high likelihood of prioritiz ing the environment report that firms “like VisualDN A and EFL have p gness to repay and other redicted willin People who have a high likelihood of prioritizing gun rights as an important Pro gun rights can use in assessing risk factors and generate a personal credit-risk score lenders issue applicants”. In 2016 the company started to collaborate with Admiral , a leading UK 48 ioritizing national security as an Pro National Security People who have a high likelihood of pr The assessment”. insurer , to “explore the impact of pers onality on motor insurance risk important issue Psychometrics Centre University of Cambridge , where much of the academic research of the Anti Obamacare People w ho are likely to oppose the Affordable Care Act on the prediction of “Big Five” personality traits from digital records was conducted, lists 49 VisualDNA as a partner. People who are likely to oppose Immigration Anti immigration l opinions. Source: Cambridge Analytica Table 12: Data models to predict politica Cambridge Analytica used predictive models based on the Similarly, the consulting firm Voter 50 for Ted Cruz’s U.S. presidential candidate campaign. The “Big Five” personality traits Targeting es and ads. People who are targeted with specific messag Based on this data, voters can be Personalized firm is not affiliated with the University of Cambridge , but a subsidiary of UK-based SCL be addressed categorized as moderate-conservative and anti-immigration could messages Group . The company states that it helped the campaign to “identify l ikely pro-Cruz caucus pro-environment. differently than people who are categorized as libertarian and voters and reach out to them with messages tailored to resonate specifically with their states it helped the campaign “devise messages for a variety o Cambridge Analytica f direct- 51 by “combining advanced data anal ytics with psychological resear ch”. personality types” mail pieces, digital ads includin g video spots, and customized scripts for volunteers to use In a promotion video, their CEO explains that the “more you kno w about someone, the while contacting voters”. According to the Guardian, the compan y has “harvested data on wants and needs”. more you can align a campaign with their requirements or their 56 millions of unwitting Facebook users”. Subsequently, it would be possible to “take one specific issue and communicate it in 52 sees itself as “[w]orking at the forefront SCL Group ’s parent company Cambridge Analytica Defense multiple ways to different audiences depending on their persona lities”. ement agency”, but also as ly as a “global election manag of behavioural change” and not on them llion Americans”, which enables uses a “database of over 220 mi Cambridge Analytica Data on 220 resolution, including hological approaches to conflict a “leading practitioner of psyc 53 According to their website, their to sort and categorize people along different segments . million citizens 57 , providing “governments and population messaging and information operations” analytics is based on data such as age, gender, ethnicity, inco me, relationship status, 58 militaries with defence and homeland security solutions” 46 http://www.visualdna.com/ creditandrisk [01.08.2016] 47 Ibid. 48 6] and-news/?p_id=7601 [01.08.201 http://www.visualdna.com/press- 49 http://www.psychometrics.cam.a 6] c.uk/client-showcase [01.08.201 50 on millions of unwitting Davies, Harry (2015): Ted Cruz using firm that harvested data 54 Facebook users. The Guardian, 11.12.2015. Online: https://www.t heguardian.com/us- Ibid. 55 ser-data [01.08.2016] z-president-campaign-facebook-u news/2015/dec/11/senator-ted-cru Ibid. 51 56 Davies, Harry (2015): Ted Cruz using firm that harvested data https://cambridgeanalytica.org/news/cambridge-analytica-congr on millions of unwitting atulates-senator-ted-cruz- on-iowa-caucus-win [01.08.2016] Facebook users. The Guardian, 11.12.2015. Online: https://www.t heguardian.com/us- 52 Cambridge Analytica (2015): Applying Data Science to Politica l Campaigns. YouTube video, news/2015/dec/11/senator-ted-cru z-president-campaign-facebook-u ser-data [01.08.2016] 57 published on Aug 13, 2015. Onl h?v=c_SlD7D_xug [01.08.2016] ine: https://www.yo utube.com/watc https://sclgroup.cc [01.08.2016] 58 53 https://cambridgeanalytica.org/datamodels [01.08.2016] http://web.archive.org/web/20160109175653/http://scldefence.c om/ [08.08.2016] 26 26 27

27 any details about earlier bout voting registration and m children as well as information a voting behavior. From this raw data, the company predicts “swin g” voters and estimates 54 people’s political views, for example: Ideology of Voters Description Moderate conservative People who are likely moderate conservatives People who are likely very conservative Very conservative Establishment conservative People who are likely establishment conservatives People who are likely li Liberal beral leaning People who are likely libertarian leaning Libertarian the Tea Party People who likely support Tea party Table 11: Data models to predict political ideo logy of voters. Source: Cambridge Analytica 55 Figure 1: Types of data offered by VisualDNA. Source: Screenshot VisualDNA website Also the likely opinions about sp edicted: ecific political issues are pr purposes, but also for The company offers its data for marketing and online targeting Credit risk and Description Specific Issues 46 According to their website predict credit risk customer data management and even to . insurance Fiscally Responsible Pe ople who are likely to oppose government spending they started to work with “Exper across four continents to ian, Callcredit and MasterCard -life Pro life People who have a high likelihood of being pro 47 states in a MasterCard ”. find banking solutions for mill ions and even billions of people Pro environment ing the environment People who have a high likelihood of prioritiz report that firms “like VisualDN redicted willin gness to repay and other A and EFL have p People who have a high likelihood of prioritizing gun rights as an important Pro gun rights risk factors and generate a personal credit-risk score lenders can use in assessing issue applicants”. In 2016 the company started to collaborate with Admiral a leading UK , 48 ioritizing national security as an Pro National Security People who have a high likelihood of pr The insurer onality on motor insurance risk assessment”. , to “explore the impact of pers important issue Psychometrics Centre of the University of Cambridge , where much of the academic research Anti Obamacare People w ho are likely to oppose the Affordable Care Act records was conducted, lists on the prediction of “Big Five” personality traits from digital 49 VisualDNA as a partner. likely to oppose Immigration Anti immigration People who are l opinions. Source: Cambridge Analytica Table 12: Data models to predict politica Similarly, the consulting firm used predictive models based on the Cambridge Analytica Voter 50 for Ted Cruz’s U.S. presidential candidate campaign. The “Big Five” personality traits Targeting targeted with specific messag Based on this data, voters can be es and ads. People who are Personalized University of Cambridge SCL , but a subsidiary of UK-based firm is not affiliated with the be addressed categorized as moderate-conservative and anti-immigration could messages ikely pro-Cruz caucus Group . The company states that it helped the campaign to “identify l differently than people who are categorized as libertarian and pro-environment. voters and reach out to them with messages tailored to resonate specifically with their Cambridge Analytica states it helped the campaign “devise messages for a variety o f direct- 51 ch”. by “combining advanced data anal ytics with psychological resear personality types” mail pieces, digital ads includin g video spots, and customized scripts for volunteers to use w about someone, the In a promotion video, their CEO explains that the “more you kno while contacting voters”. According to the Guardian, the compan y has “harvested data on more you can align a campaign with their requirements or their wants and needs”. 56 millions of unwitting Facebook users”. Subsequently, it would be possible to “take one specific issue and communicate it in 52 sees itself as “[w]orking at the forefront SCL Group ’s parent company Cambridge Analytica Defense multiple ways to different audiences depending on their persona lities”. ement agency”, but also as ly as a “global election manag of behavioural change” and not on Cambridge Analytica uses a “database of over 220 mi llion Americans”, which enables them Data on 220 resolution, including hological approaches to conflict a “leading practitioner of psyc 53 According to their website, their to sort and categorize people along different . segments million citizens 57 , providing “governments and population messaging and information operations” me, relationship status, analytics is based on data such as age, gender, ethnicity, inco 58 militaries with defence and homeland security solutions” 46 creditandrisk [01.08.2016] http://www.visualdna.com/ 47 Ibid. 48 http://www.visualdna.com/press- and-news/?p_id=7601 [01.08.201 6] 49 http://www.psychometrics.cam.a 6] c.uk/client-showcase [01.08.201 50 on millions of unwitting Davies, Harry (2015): Ted Cruz using firm that harvested data 54 heguardian.com/us- Facebook users. The Guardian, 11.12.2015. Online: https://www.t Ibid. 55 ser-data [01.08.2016] news/2015/dec/11/senator-ted-cru z-president-campaign-facebook-u Ibid. 56 51 Davies, Harry (2015): Ted Cruz using firm that harvested data on millions of unwitting atulates-senator-ted-cruz- https://cambridgeanalytica.org/news/cambridge-analytica-congr heguardian.com/us- Facebook users. The Guardian, 11.12.2015. Online: https://www.t on-iowa-caucus-win [01.08.2016] 52 l Campaigns. YouTube video, Cambridge Analytica (2015): Applying Data Science to Politica ser-data [01.08.2016] news/2015/dec/11/senator-ted-cru z-president-campaign-facebook-u 57 h?v=c_SlD7D_xug [01.08.2016] published on Aug 13, 2015. Onl ine: https://www.yo utube.com/watc https://sclgroup.cc [01.08.2016] 53 58 https://cambridgeanalytica.org/datamodels [01.08.2016] http://web.archive.org/web/20160109175653/http://scldefence.c om/ [08.08.2016] 27 27 26

28 data such as which items customer of day, taking into s are purchasing, at what time Credit scoring and personal finance 3.2 67 reported to have 155 JD.com consideration “their history of buying expensive items”. 68 predict the In recent years, several companies around the globe started to Baidu In 2016, a partnership with – China’s dominant web search million customers. creditworthiness of individuals b ased on data from many sources . Some of them purchase ZestFinance ’s underwriting technology to Baidu’s provider – was announced, to “apply data from a wide range of third parties, some use mobile and lo cation data, social network search, location, and payment data in order to improve credit s coring decisions in 69 profiles or even carefully watch how many mistakes the applican ts make when filling out They state that Baidu’s “rich user search data will be valuable for loan China”. an online form. While most of these companies can still be cons idered as “startups”, some underwriting and assessing credit risk”. rted to partner with major of them already received hundreds of millions in funding or sta Lenddo oring and identity verification , a company focused on credit sc based in Hong Kong Valueable players in finance. For example, , which was previously mentioned in the VisualDNA 70 , uses a and operating in 20 countries such as India, South Korea, Mexic o and Philippines friends . MasterCard chapter on analyzing personality, started to work with wide range of data sources. Acco rding to its chairman Jeff Stew art, Lenddo helps dozens of 71 logy to other companies. Some of the companies are providing their credit scoring techno Credit scoring Their is “derived LenddoScore ions of smartphones globally. banks analyze data from mill Others are also running online pl atforms offering payday loans, usually with rather high for social good from the customer’s social data and online behavior” – includin g mobile data, browser interest rates. Near ly all of them are constantly emphasizing, that their products will help data, application data, transact ional data from telecom compani es, as well as data from who don’t have access the underbanked and unbanked – people without a credit history, web publishers and social networks. In its factsheet, Lenddo also mentions “mouse data”, to traditional financial institutions. This is especially a pro blem for people in many ending patterns” and “form “biometrics”, “digital footprints”, “personality analysis”, “sp 72 73 countries in South America, Asia or Africa. However, requiring people to expose their most A CNN article points out that Lenddo’s analyses include “everything from a filling”. aises serious ethical concerns. private details to Big Data algo rithms in order to get a loan r smartphone user's messaging and browsing activity, to the apps and Wi-Fi network they reveal behavioural use [...] Elements such as foreign language used and text length One example is the U.S.-based company ZestFinance, which sees itself as “tech platform All data is patterns”. Even the battery level could impact the calculated c redit score for a user: “the 59 . Its founder Douglas Merrill, former that applies Google-like math to credit decisions” credit data hat can convey how company looks at how that changes over a specific duration -- t , said in 2012: “We feel like all data is credit data, we Google Chief Information Officer at Lenddo identity verification ’s consistent someone is and how much they plan ahead.” just don’t know how to use it yet”. And he added: “Data matters . More data is always fication”. It is based on similar data, and can additionally technology is called “Social Veri 60 offers its credit scoring techn ZestFinance ors in ology to lenders and to collect better”. 74 On an earlier version of “also be configured to include d ocument and/or face capture”. 61 but also runs an own online “auto financing, student len ding, legal and healthcare”, edit score is based on their “c ’s FAQ stated that the users’ cr haracter” Lenddo its website, 62 platform to provide loans to consumers. heir score “both and their “connections” to their “community” who would impact t elective when adding positively and negatively”. Therefore, customers ought to be “s w data elements s are based on “thousands of ra ZestFinance explains that its scoring model Data from 75 63 members” to their community. For example, people and data collected from borrowers”. including third-party data smartphones ng moves since they graduated from college repay less who “made a number of small housi and social Kreditech has developed a “credit scoring technology which uses The German company GPS data, 64 stated that it “analyzes thousands ZestFinance than those who have moved fewer times”. networks? artificial intelligence and machine learning to process up to 2 0,000 data points per social media financial information to technology of potential credit variables—everything from 76 Poland, digital banking products to consumers in They offer loans and application”. and shopping usage —to better assess factors like the potential for fraud, the ris k of default, and the 77 On their platform Mondeo, Spain, Czech Republic, Russia, Mexico – but not in Germany. behavior 65 According to Fortune, the company looks customer relationship”. viability of a long-term y offer a “digital wallet”, they claim to have 2,000,000 “consumers scored” and additionall 66 According to Cathy O’Neill at “ how people use smartphones and social network ”. 78 79 , doesn’t publish Kreditech Unlike earlier which also serves as a “Prepaid MasterCard”. ZestFinance (2016), also uses “observations, such a s whether applicants use proper spelling and capitalization on th ng it takes them to read it, eir applications forms, how lo and whether they bother to look at the terms and conditions”. , China’s second largest e-commerce In 2015, ZestFinance JD.com started to partner with Credit scoring 67 Rao, Leena (2015): This partnership wants to bring credit sco res to China. Fortune, June 25, 2015. ers’ past and present business. According to Fortune, they will “use data from consum based on web Online: http://fortune.com/2015/06/25/zestfinance-jd-credit-chi na [28.07.2016] ” to predict credit risk to customers and Chinese lenders based on online shopping habits searches 68 1.08.2016] http://ir.jd.com/phoenix.zhtml?c=253315&p=irol-homeProfile [2 69 BSOLUTEFINALFINAL.pdf https://www.zestfinance.com/pdf/BaiduZestFinancePressRelease_A [28.07.2016] 70 https://lenddo.com/about.html [28.07.2016] 71 ine credit scores. CNN Money, Aug. Hope King, L. (2016): This startup uses battery life to determ 59 nddo-smartphone-battery- 24, 2016. Online: http://money.cnn.com/2016/08/24/technology/le e.com/our-story.html https://www.zestfinanc 60 loan/index.html Hardy, Quentin (2012): Just th e Facts. Yes, All of Them. New York Times, 24.03.2012. Online: 72 ants-to-gather-the-data- http://www.nytimes.com/2012/03/2 5/business/factuals-gil-elbaz-w coring-Factsheet-2015.pdf [28. https://lenddo.com/pdfs/Lenddo-S 07.2016] 73 universe.html [27.07.2016] ine credit scores. CNN Money, Aug. Hope King, L. (2016): This startup uses battery life to determ 61 24, 2016. Online: http://money.cnn.com/2016/08/24/technology/le nddo-smartphone-battery- ZestFinance_Collections_Model https://www.zestfinance.com/pdf/ .pdf [28.07.2016] 62 loan/index.html 74 BaiduZestFinancePressRelease_A https://www.zestfinance.com/pdf/ BSOLUTEFINALFINAL.pd https://lenddo.com/pdfs/Lenddo-V erification-Factsheet-2015.pdf [28.07.2016] 75 f [28.07.2016] com/pages/faq 40629080959/https://www.lenddo. https://web.archive.org/web/201 63 2016] https://www.zestfinance.com/pd f/ZestCashHollerREV.pdf [28.07. [28.07.2016] 76 64 .pdf [28.07.2016] https://www.kreditech.com/what-we-do [28.07.2016] https://www.zestfinance.com/pdf/ ZestFinance_Collections_Model 77 65 http://fortune.com/2015/12/01/tech-loans-credit-affirm-zest [ Ibid. 28.07.2016] 78 66 https://www.monedo.com [28.07.2016] Ibid. 28 28 29

29 data such as which items customer of day, taking into s are purchasing, at what time Credit scoring and personal finance 3.2 67 reported to have 155 JD.com consideration “their history of buying expensive items”. 68 predict the In recent years, several companies around the globe started to Baidu In 2016, a partnership with – China’s dominant web search million customers. creditworthiness of individuals b ased on data from many sources . Some of them purchase ZestFinance ’s underwriting technology to Baidu’s provider – was announced, to “apply data from a wide range of third parties, some use mobile and lo cation data, social network search, location, and payment data in order to improve credit s coring decisions in 69 profiles or even carefully watch how many mistakes the applican ts make when filling out They state that Baidu’s “rich user search data will be valuable for loan China”. an online form. While most of these companies can still be cons idered as “startups”, some underwriting and assessing credit risk”. rted to partner with major of them already received hundreds of millions in funding or sta Lenddo oring and identity verification , a company focused on credit sc based in Hong Kong Valueable players in finance. For example, , which was previously mentioned in the VisualDNA 70 , uses a and operating in 20 countries such as India, South Korea, Mexic o and Philippines friends . MasterCard chapter on analyzing personality, started to work with wide range of data sources. Acco rding to its chairman Jeff Stew art, Lenddo helps dozens of 71 logy to other companies. Some of the companies are providing their credit scoring techno Credit scoring Their is “derived LenddoScore ions of smartphones globally. banks analyze data from mill Others are also running online pl atforms offering payday loans, usually with rather high for social good from the customer’s social data and online behavior” – includin g mobile data, browser interest rates. Near ly all of them are constantly emphasizing, that their products will help data, application data, transact ional data from telecom compani es, as well as data from who don’t have access the underbanked and unbanked – people without a credit history, web publishers and social networks. In its factsheet, Lenddo also mentions “mouse data”, to traditional financial institutions. This is especially a pro blem for people in many ending patterns” and “form “biometrics”, “digital footprints”, “personality analysis”, “sp 72 73 countries in South America, Asia or Africa. However, requiring people to expose their most A CNN article points out that Lenddo’s analyses include “everything from a filling”. aises serious ethical concerns. private details to Big Data algo rithms in order to get a loan r smartphone user's messaging and browsing activity, to the apps and Wi-Fi network they reveal behavioural use [...] Elements such as foreign language used and text length One example is the U.S.-based company ZestFinance, which sees itself as “tech platform All data is patterns”. Even the battery level could impact the calculated c redit score for a user: “the 59 . Its founder Douglas Merrill, former that applies Google-like math to credit decisions” credit data hat can convey how company looks at how that changes over a specific duration -- t , said in 2012: “We feel like all data is credit data, we Google Chief Information Officer at Lenddo identity verification ’s consistent someone is and how much they plan ahead.” just don’t know how to use it yet”. And he added: “Data matters . More data is always fication”. It is based on similar data, and can additionally technology is called “Social Veri 60 offers its credit scoring techn ZestFinance ors in ology to lenders and to collect better”. 74 On an earlier version of “also be configured to include d ocument and/or face capture”. 61 but also runs an own online “auto financing, student len ding, legal and healthcare”, edit score is based on their “c ’s FAQ stated that the users’ cr haracter” Lenddo its website, 62 platform to provide loans to consumers. heir score “both and their “connections” to their “community” who would impact t elective when adding positively and negatively”. Therefore, customers ought to be “s w data elements s are based on “thousands of ra ZestFinance explains that its scoring model Data from 75 63 members” to their community. For example, people and data collected from borrowers”. including third-party data smartphones ng moves since they graduated from college repay less who “made a number of small housi and social Kreditech has developed a “credit scoring technology which uses The German company GPS data, 64 stated that it “analyzes thousands ZestFinance than those who have moved fewer times”. networks? artificial intelligence and machine learning to process up to 2 0,000 data points per social media financial information to technology of potential credit variables—everything from 76 Poland, digital banking products to consumers in They offer loans and application”. and shopping usage —to better assess factors like the potential for fraud, the ris k of default, and the 77 On their platform Mondeo, Spain, Czech Republic, Russia, Mexico – but not in Germany. behavior 65 According to Fortune, the company looks customer relationship”. viability of a long-term y offer a “digital wallet”, they claim to have 2,000,000 “consumers scored” and additionall 66 According to Cathy O’Neill at “ how people use smartphones and social network ”. 78 79 , doesn’t publish Kreditech Unlike earlier which also serves as a “Prepaid MasterCard”. ZestFinance (2016), also uses “observations, such a s whether applicants use proper spelling and capitalization on th ng it takes them to read it, eir applications forms, how lo and whether they bother to look at the terms and conditions”. , China’s second largest e-commerce In 2015, ZestFinance JD.com started to partner with Credit scoring 67 Rao, Leena (2015): This partnership wants to bring credit sco res to China. Fortune, June 25, 2015. ers’ past and present business. According to Fortune, they will “use data from consum based on web Online: http://fortune.com/2015/06/25/zestfinance-jd-credit-chi na [28.07.2016] ” to predict credit risk to customers and Chinese lenders based on online shopping habits searches 68 1.08.2016] http://ir.jd.com/phoenix.zhtml?c=253315&p=irol-homeProfile [2 69 BSOLUTEFINALFINAL.pdf https://www.zestfinance.com/pdf/BaiduZestFinancePressRelease_A [28.07.2016] 70 https://lenddo.com/about.html [28.07.2016] 71 ine credit scores. CNN Money, Aug. Hope King, L. (2016): This startup uses battery life to determ 59 nddo-smartphone-battery- 24, 2016. Online: http://money.cnn.com/2016/08/24/technology/le e.com/our-story.html https://www.zestfinanc 60 loan/index.html Hardy, Quentin (2012): Just th e Facts. Yes, All of Them. New York Times, 24.03.2012. Online: 72 ants-to-gather-the-data- http://www.nytimes.com/2012/03/2 5/business/factuals-gil-elbaz-w coring-Factsheet-2015.pdf [28. https://lenddo.com/pdfs/Lenddo-S 07.2016] 73 universe.html [27.07.2016] ine credit scores. CNN Money, Aug. Hope King, L. (2016): This startup uses battery life to determ 61 24, 2016. Online: http://money.cnn.com/2016/08/24/technology/le nddo-smartphone-battery- ZestFinance_Collections_Model https://www.zestfinance.com/pdf/ .pdf [28.07.2016] 62 loan/index.html 74 BaiduZestFinancePressRelease_A https://www.zestfinance.com/pdf/ BSOLUTEFINALFINAL.pd https://lenddo.com/pdfs/Lenddo-V erification-Factsheet-2015.pdf [28.07.2016] 75 f [28.07.2016] com/pages/faq 40629080959/https://www.lenddo. https://web.archive.org/web/201 63 2016] https://www.zestfinance.com/pd f/ZestCashHollerREV.pdf [28.07. [28.07.2016] 76 64 .pdf [28.07.2016] https://www.kreditech.com/what-we-do [28.07.2016] https://www.zestfinance.com/pdf/ ZestFinance_Collections_Model 77 65 http://fortune.com/2015/12/01/tech-loans-credit-affirm-zest [ Ibid. 28.07.2016] 78 66 https://www.monedo.com [28.07.2016] Ibid. 29 28 29

30 94 ing anymore today. much information about the data sources they are using for scor Apart from the “ultimate data monetarization platform for mobile network o perators”. , the company asks loan applica nts to share information According to the Financial Times “credit scoring models” for use in “traditional loan applicatio n processing”, they also offer on their browsing history and shopping habits as well as data f rom their social media hood of the default based on “Credit & Risk Models for Retailers”, which predict the “likeli 95 80 In 2016, they announced a “multi-year The applicant’s interactions with Kreditech ’s websites are also being accounts. nd off-line retailers”. Telco data for on-line a 81 82 and even the kind of fonts installed on computer can play a ro In 2012, le. partnership” with analyzed, Equifax , one of the largest consumer cr edit reporting agencies in the according to an earlier pres s release, the company used “[l]ocation data (GPS, micro- U.S., to “help Equifax expand its credit scoring capabilities i n Latin America”. In behavioral analytics (likes, friends, locations and posts), social graph geographical), untry of operation” “partnership with local telecommunications companies in each co (movement and duration on the webpage), people's e-commerce shopping behavior and propensity, and risk ’s scoring technology should help to “assess creditworthiness, Cignifi 96 83 device data rating systems)”. (apps installed, ope based on mobile phone usage data surers”. ” for “banks, retailers, and in 85 84 Kontomatik offers a “Banking API” (application programming Kreditech ’s subsidiary Accessing 86 87 , that “allows financial org anisations to perform KYC interface) for banks and lenders bank data 3.3 Employee monitoring, hiring and workforce analytics 88 They explain that their product lets credit scoring and contextual offers online”. companies “access banking data” of their users with “95 support ed banks” in “8 available 97 , in today’s world of work, vast amounts of information As Frank Pasquale summarized 89 ’s credit scoring product “ Financial Health Indicator Kontomatik ” promises countries”. about employees are collected and analyzed – from traditional t ime tracking and data to benefit from “detailed fina to help online lending companies ncial assessment of their 98 to monitoring keystrokes and tones of from devices and machines used by the workers 90 On their developer website they explain that end users are ask ed for bank clients”. voice. More and more companies are trying to measure “workers’ performance, levels of credentials in order to be able to use “screen scraping to mimi c a human using a web concentration, attentiveness, and physical condition”. In wareh ouses, employees are asked reements with supported browser” to access bank data. Therefore, they would not need ag 99 One to wear connected handheld scanne n GPS tags. rs, electronic armbands or eve 91 banks – which they call “permissionless innovation”. employer was even found forcing employees to use an app on thei r smartphone, which 100 monitored their location 24/7. Cignifi uses the previously mentioned m obile phone data to calculate The U.S. Company Credit scoring 92 According to a promotional video, they “partner with “credit risk and marketing scores”. based on While in many European countries, ongoing monitoring of employe es is more restricted Combining rds” such as “call duration, mobile operators and analyze patterns from users call data reco phone data onsiderable efforts to by regulation, many companies throughout the world are making c available data uently called, and the timing, time calls are made, who initiates a call or text, numbers freq ombine available data on employ ees. More and more enhance workforce tracking and c frequency and amount that uses top up their prepaid phones” to “help predict people specialized service providers ar ply predictive analytics to e developing technologies to ap 93 willingness and ability to repay a loan or propensity to respond to a marketing offer”. . Consultants and technology providers often workforce data as well as to recruiting emphasize the opportunities for both business needs and employe es. Cignifi According to its website, partners with large mobile phone network providers such Mobile Airtel , Telefonica (Philippines) – they see themselves as as (India) and Globe Telecom providers and Evolv , claimed , the self-declared “leader in big data workforce optimization” For example, Data credit rating 101 on “over 3 million employees to have access to “500 million points of employment data” on 3 million agencies 102 . As part of the hiring assessment process, in a variety of industries and job types” employees 79 h.com/#kreditechnology 40701082523/http://www.kreditec https://web.archive.org/web/201 utilized criteria, such as the web browsers used according to media reports, the company [28.07.2016] 103 It also included criteria such when sending a job application, as performance predictors. 80 Vasagar, Jeevan (2016): Kreditech: A credit check by social m edia. Financial Times, 19.01.2016. Online: http://www.ft.com/cms/s/0/12dc4cda-ae59-11e5-b955-1a1d2 98b6250.html [28.07.2016] 81 Ibid. 82 huljunge. Welt, 17.04.2015. Online: ): Gegen Kreditech ist die Schufa ein Sc Seibel, Karsten (2015 http://www.welt.de/finanzen/verbr aucher/article139671014/Gegen-Kreditech-ist-die-Schufa-ein- Schuljunge.html [28.07.2016] 83 94 xpansion of B2C microloans and http://cignifi.com [29.07.2016] Kreditech (2012): Kreditech raises 4m USD for international e 95 roll-out of B2B 'Scoring as a Service' products. Press release, 17.12.2012. Available on an earlier http://cignifi.com/creditfinance [29.07.2016] 96 version of their website: Cignifi and Equifax (2016): Cignifi and Equifax Partner to Bri ng Next-Generation Credit Scores to .com/kreditech-raises-4m- g/web/20140117000645/http://www.kreditech https://web.archive.or Unbanked Population in Latin America. Press release, March 30, 2016. Online: usd-for-international-expansion-of-b2c-microloans-and-roll-out- of-b2b-scoring-as-a-service- http://www.businesswire.com/news/h -Equifax-Partner-Bring- ome/20160330005361/en/Cignifi products , and on other platforms: http://www.dgap.de/dgap/News /dgap_media/kreditech-raises- Next-Generation-Credit-Scores [29.07.2016] 97 service- usd-for-international-expansion-microloans-and-rollout-scoring- Pasquale, Frank (2015): The Oth er Big Brother. The Atlantic, S ep 21, 2015. Online: products/?newsID=743379 [28.07.2016] http://www.theatlantic.com/busine urveillance-activists/406201 ss/archive/2015/09/corporate-s 84 [31.07.2016] https://www.kreditech.com/what-we-do [28.07.2016] 85 98 http://kontomatik.com/ [28.07.2016] See also chapter 4.5 on the Internet of Things 99 86 Solon, Olivia (2015): Wearable Technology Creeps Into The Work http://kontomatik.com/press [28.07.2016] place. Bloomberg, August 7, 87 g.com/news/articles/2015-08-07 2015. Online: http://www.bloomber /wearable-technology- “KYC” means “know your customer”. 88 creeps-into-the-workplace [31.07.2016] http://kontomatik.com/ [28.07.2016] 89 100 Ibid. Ibid. 101 90 t/company/news-and- 41009143203/http://www.evolv.ne https://web.archive.org/web/201 http://kontomatik.com/post/kontomatik-announces-financial-health-indicator [28.07.2016] 91 h-big-data-workforce-solutions http://developer.kontomatik.com [29.07.2016] events/press-releases/evolv-achi eves-triple-digit-booking-growt 102 92 http://cignifi.com/company [29.07.2016] -data-whats-getting- http://www.cnbc.com/2014/02/12/inside-the-wacky-world-of-weird 93 crunched.html Cignifi (2016): How does Cignifi work? Promotional video on Y ouTube, published on Jun 22, 103 Ibid. 7.2016] com/watch?v=AEJs0gw6PKw [29.0 2016. Online: https://www.youtube. 30 31 30

31 94 the “ultimate data monetarization platform for mobile network o perators”. Apart from ing anymore today. much information about the data sources they are using for scor “credit scoring models” for use in “traditional loan applicatio n processing”, they also offer According to the Financial Times , the company asks loan applica nts to share information hood of the default based on “Credit & Risk Models for Retailers”, which predict the “likeli rom their social media on their browsing history and shopping habits as well as data f 80 95 In 2016, they announced a “multi-year The applicant’s interactions with ’s websites are also being Kreditech nd off-line retailers”. Telco data for on-line a accounts. 81 82 In 2012, le. and even the kind of fonts installed on computer can play a ro partnership” with analyzed, Equifax , one of the largest consumer cr edit reporting agencies in the according to an earlier pres s release, the company used “[l]ocation data (GPS, micro- U.S., to “help Equifax expand its credit scoring capabilities i n Latin America”. In behavioral analytics (likes, friends, locations and posts), social graph geographical), untry of operation” “partnership with local telecommunications companies in each co (movement and duration on the webpage), people's e-commerce shopping behavior and propensity, and risk ’s scoring technology should help to “assess creditworthiness, Cignifi 96 83 device data rating systems)”. (apps installed, ope based on mobile phone usage data surers”. ” for “banks, retailers, and in 85 84 Kontomatik offers a “Banking API” (application programming Kreditech ’s subsidiary Accessing 86 87 , that “allows financial org anisations to perform KYC interface) for banks and lenders bank data 3.3 Employee monitoring, hiring and workforce analytics 88 They explain that their product lets credit scoring and contextual offers online”. companies “access banking data” of their users with “95 support ed banks” in “8 available 97 , in today’s world of work, vast amounts of information As Frank Pasquale summarized 89 ’s credit scoring product “ Financial Health Indicator Kontomatik ” promises countries”. about employees are collected and analyzed – from traditional t ime tracking and data to benefit from “detailed fina to help online lending companies ncial assessment of their 98 to monitoring keystrokes and tones of from devices and machines used by the workers 90 On their developer website they explain that end users are ask ed for bank clients”. voice. More and more companies are trying to measure “workers’ performance, levels of credentials in order to be able to use “screen scraping to mimi c a human using a web concentration, attentiveness, and physical condition”. In wareh ouses, employees are asked reements with supported browser” to access bank data. Therefore, they would not need ag 99 One to wear connected handheld scanne n GPS tags. rs, electronic armbands or eve 91 banks – which they call “permissionless innovation”. employer was even found forcing employees to use an app on thei r smartphone, which 100 monitored their location 24/7. Cignifi uses the previously mentioned m obile phone data to calculate The U.S. Company Credit scoring 92 According to a promotional video, they “partner with “credit risk and marketing scores”. based on While in many European countries, ongoing monitoring of employe es is more restricted Combining rds” such as “call duration, mobile operators and analyze patterns from users call data reco phone data onsiderable efforts to by regulation, many companies throughout the world are making c available data uently called, and the timing, time calls are made, who initiates a call or text, numbers freq ombine available data on employ ees. More and more enhance workforce tracking and c frequency and amount that uses top up their prepaid phones” to “help predict people specialized service providers ar ply predictive analytics to e developing technologies to ap 93 willingness and ability to repay a loan or propensity to respond to a marketing offer”. . Consultants and technology providers often workforce data as well as to recruiting emphasize the opportunities for both business needs and employe es. Cignifi According to its website, partners with large mobile phone network providers such Mobile Airtel , Telefonica (Philippines) – they see themselves as as (India) and Globe Telecom providers and Evolv , claimed , the self-declared “leader in big data workforce optimization” For example, Data credit rating 101 on “over 3 million employees to have access to “500 million points of employment data” on 3 million agencies 102 . As part of the hiring assessment process, in a variety of industries and job types” employees 79 h.com/#kreditechnology 40701082523/http://www.kreditec https://web.archive.org/web/201 utilized criteria, such as the web browsers used according to media reports, the company [28.07.2016] 103 It also included criteria such when sending a job application, as performance predictors. 80 Vasagar, Jeevan (2016): Kreditech: A credit check by social m edia. Financial Times, 19.01.2016. Online: http://www.ft.com/cms/s/0/12dc4cda-ae59-11e5-b955-1a1d2 98b6250.html [28.07.2016] 81 Ibid. 82 huljunge. Welt, 17.04.2015. Online: ): Gegen Kreditech ist die Schufa ein Sc Seibel, Karsten (2015 http://www.welt.de/finanzen/verbr aucher/article139671014/Gegen-Kreditech-ist-die-Schufa-ein- Schuljunge.html [28.07.2016] 83 94 xpansion of B2C microloans and http://cignifi.com [29.07.2016] Kreditech (2012): Kreditech raises 4m USD for international e 95 roll-out of B2B 'Scoring as a Service' products. Press release, 17.12.2012. Available on an earlier http://cignifi.com/creditfinance [29.07.2016] 96 version of their website: Cignifi and Equifax (2016): Cignifi and Equifax Partner to Bri ng Next-Generation Credit Scores to .com/kreditech-raises-4m- g/web/20140117000645/http://www.kreditech https://web.archive.or Unbanked Population in Latin America. Press release, March 30, 2016. Online: usd-for-international-expansion-of-b2c-microloans-and-roll-out- of-b2b-scoring-as-a-service- http://www.businesswire.com/news/h -Equifax-Partner-Bring- ome/20160330005361/en/Cignifi products , and on other platforms: http://www.dgap.de/dgap/News /dgap_media/kreditech-raises- Next-Generation-Credit-Scores [29.07.2016] 97 service- usd-for-international-expansion-microloans-and-rollout-scoring- Pasquale, Frank (2015): The Oth er Big Brother. The Atlantic, S ep 21, 2015. Online: products/?newsID=743379 [28.07.2016] http://www.theatlantic.com/busine urveillance-activists/406201 ss/archive/2015/09/corporate-s 84 [31.07.2016] https://www.kreditech.com/what-we-do [28.07.2016] 85 98 http://kontomatik.com/ [28.07.2016] See also chapter 4.5 on the Internet of Things 99 86 Solon, Olivia (2015): Wearable Technology Creeps Into The Work http://kontomatik.com/press [28.07.2016] place. Bloomberg, August 7, 87 g.com/news/articles/2015-08-07 2015. Online: http://www.bloomber /wearable-technology- “KYC” means “know your customer”. 88 creeps-into-the-workplace [31.07.2016] http://kontomatik.com/ [28.07.2016] 89 100 Ibid. Ibid. 101 90 t/company/news-and- 41009143203/http://www.evolv.ne https://web.archive.org/web/201 http://kontomatik.com/post/kontomatik-announces-financial-health-indicator [28.07.2016] 91 h-big-data-workforce-solutions http://developer.kontomatik.com [29.07.2016] events/press-releases/evolv-achi eves-triple-digit-booking-growt 102 92 http://cignifi.com/company [29.07.2016] -data-whats-getting- http://www.cnbc.com/2014/02/12/inside-the-wacky-world-of-weird 93 crunched.html Cignifi (2016): How does Cignifi work? Promotional video on Y ouTube, published on Jun 22, 103 Ibid. 7.2016] com/watch?v=AEJs0gw6PKw [29.0 2016. Online: https://www.youtube. 31 31 30

32 104 es for hourly work”. as how many social networks somebody uses “to evaluate candidat iven day” and a score that indi “complete a transaction on any g cates “how satisfied the 115 customer was with the service they received”. Aside from data from questionnaires and employment histories Evolv, reportedly also asures of job performance such collected data about “various me as customer satisfaction Another company providing similar technologies is Workday , which “incorporates people, Analyzing the 106 105 In 2015 was acquired by Evolv , Cornerstone , a NASDAQ listed company surveys”. business, and talent data in a single system” and enables compa nies to “gain detailed tone of voice which offer cloud-based software for human resources. insight” into “employee data such as behavior, productivity, sk ills, and aspirations” on a 116 is a U.S. startup focusing on specific kinds of data. It Humanyze In contrast, promises companies to “recruit, train and manage their people” and serves Cornerstone wide scale. Measuring ion patterns of team members an offers to analyze the communicat d provides a wearable including employees from untries and in 42 languages”, “over 25 million people in 191 co employee 117 According to TechCrunch, the “badge” device to record behavioral data of employees. Deutsche Post “hundreds of the world’s largest companies” such as and Xerox , Walgreens performance 107 They offer several products from recruiting, training and perf ormance device contains a microphone, a motion sensor and a Bluetooth c onnection and measures DHL . 108 . In this ne services management to analytics and “unified talent management” as onli eracted with” and “what aspects such as “how people moved through the day, who they int 118 their tone of voice was like”. Cornerstone case, data about employees is managed by Performance . The company’s hile product offers to “measure individual employee performance”. W Management ingly use predictive hiring, companies also increas In the context of recruiting and Algorithmic productivity, and managers are able to “continuous ly encourage goal achievement, r on “Networked analytics to automatically rank and score applicants. In a pape Hiring ive “continuous feedback and coaching” – for example development”, employees can rece Employment Discrimination”, summarized how large companies in the U.S. Data & Society 109 For example, managers in retail can “observe employees “social feedback and badges”. use Applicant Tracking Systems (ATS) to automatically “score and sort resumes” and to performing service competencies directly from the field, in rea l-time” and provide 2014). Only the applications a “rank applicants” (see Rosenblat nd resumes with top scores 110 “ratings”. ithms are not only based on tr are considered. The sorting algor aditional criteria such as Cornerstone ’s Insights product promises to apply “sophisticated data science to workfo rce education certificates, but sometimes also incorporate online t ests to assess personality Monitor, technology to c ollect and anal data” and uses “machine learning yze data from every and cognitive skills – or even u ists to non-work related data se third-party data from blackl compare and such as social media profiles. ts down to the individual segment of the employee lifecycle” to obtain “actionable insigh filter workers 111 With their dations” employee, including immediate risks, opportunities and recommen HireIQ ruitment is One example of a company providing predictive analytics for rec , which Predicting product companies can “[i]dentify performance & compensation g aps”, “[c]ompare View nt and is used by “dozens” offers web-based interview technology for call center recruitme poor nd use “filters to create selected employees' succession metrics & performance reviews” a 119 in more than one million interviews. The company’s “hiring of Fortune 500 companies performers 112 Cornerstone In a press release short lists of people to solve key talent challenges”. 120 “automatically identifies applicants who exhibit the analytics” technology and risks ” from recruiting to network of shared talent data explains that they offer the “ largest 121 Reversely, the service characteristics of long-tenured, well-performing employees”. management activity performance management, representing “nearly 16 years of talent promises to "identify those who are likely to be poor performer s and early-tenure flight 113 According to across more than 19 million users” from “more than 2,200 organizations”. 122 The company’s “virtual interviewing” technology supports sever al interviewing risks". a Cornerstone representative cited in Fortune, other companies can compare th eir e evaluation of typing techniques such as quizzes and math assessments, surveys and th 114 ’s “large data sets”. Cornerstone “historical internal data” with 124 123 . the applicant’s voice But it centers on analyzing skills. A whitepaper about long-term unemployed provides details on the kind of data and the Scores on product promises to “analyze ke Audiolytics ’s HireIQ ics to y audio and speech characterist Voice scoring Cornerstone uses. In this case they compiled “performance data on entry type of analytics employees r vocal energy, answer predict likely performance”. It calculates “candidate scores fo of call center performance data points level frontline sales and service workers” with “nearly 500,000 125 ” to “identify applicants who exhibit energy and personality”. length, and pace candidates oyees used for analysis from nearly 20,000 employees” from 6 employers. Data about empl such as the average time employees needed to key performance indicators included 115 Cornerstone (2014): The Truth About the Long Term Unemployed. Whitepaper. Online: 104 per/csod-wp-long-term- https://www.cornerstoneondemand.co m/sites/default/files/whitepa Ito, Aki (2013): Hiring in the A ge of Big Data. Bloomberg, October 25, 2013. Online: unemployed-102014.pdf [30.07.2016] http://www.bloomberg.com/news/art icles/2013-10-24/new-way-to-as sess-job-applicants-online- 116 games-and-quizzes [30.07.2016] Workday (2016): Workday Talent Management. Online: 105 https://forms.workday.com/Documents/pdf/datasheets/datasheet-wo rkday-talent- Ibid. 106 management.pdf [31.07.2016] http://www.nasdaq.com/symbol/csod [30.07.2016] 107 117 http://www.humanyze https://www.cornerstoneondemand.com/company [30.07.2016] .com [31.07.2016] 108 118 Ibid. prove Decision Making. Miller, Ron (2015): New Firm Combines Wearables And Data To Im 109 TechCrunch, Feb 24, 2015. Online: https://techcrunch.com/2015/0 2/24/new-firm-combines- https://www.cornerstoneondemand.com/performance [30.07.2016] 110 wearables-and-data-to-improve-decision-making [31.07.2016] https://www.cornerstoneondemand.com/retail [30.07.2016] 111 119 https://www.cornerstoneondemand. com/news/press-releases/corner stone-ondemand- http://www.hireiqinc.com/company [31.07.2016] 120 announces-cornerstone-insights-unlocking-big-data-potential [30 .07.2016] http://www.hireiqinc.com/solutions [31.07.2016] 112 121 com/resources/datasheet/corner https://www.cornerstoneondemand. stone-view/4860 HireIQ (2015): Emotional Assessments: A Disruptive Innovation in Candidate Selection. A Hiring Optimization White Paper. Online [30.07.2016] : http://www2.hireiqinc.com/l/6892/2015-04- 113 f [31.07.2016] 29/39jpt9/6892/155518/HireIQ___Audiolytics_White_Paper_FINAL.pd com/news/press-releases/corner https://www.cornerstoneondemand. stone-ondemand- 122 Ibid. .07.2016] announces-cornerstone-insights-unlocking-big-data-potential [30 114 123 http://www.hireiqinc.com/solutions [31.07.2016] can tell you who to hire. Vanian, Jonathan (2015): Cornerstone OnDemand thinks big data 124 Fortune, May 12, 2015. Online: http://fortune.com/2015/05/12/co rnerstone-recruiting-data Ibid. 125 [30.07.2016] Ibid. 32 33 32

33 104 iven day” and a score that indi “complete a transaction on any g cates “how satisfied the es for hourly work”. as how many social networks somebody uses “to evaluate candidat 115 customer was with the service they received”. Aside from data from questionnaires and employment histories Evolv, reportedly also asures of job performance such collected data about “various me as customer satisfaction Another company providing similar technologies is Workday , which “incorporates people, Analyzing the 106 105 In 2015 was acquired by Evolv , Cornerstone , a NASDAQ listed company surveys”. business, and talent data in a single system” and enables compa nies to “gain detailed tone of voice which offer cloud-based software for human resources. insight” into “employee data such as behavior, productivity, sk ills, and aspirations” on a 116 is a U.S. startup focusing on specific kinds of data. It Humanyze In contrast, promises companies to “recruit, train and manage their people” and serves Cornerstone wide scale. Measuring ion patterns of team members an offers to analyze the communicat d provides a wearable including employees from untries and in 42 languages”, “over 25 million people in 191 co employee 117 According to TechCrunch, the “badge” device to record behavioral data of employees. Deutsche Post “hundreds of the world’s largest companies” such as and Xerox , Walgreens performance 107 They offer several products from recruiting, training and perf ormance device contains a microphone, a motion sensor and a Bluetooth c onnection and measures DHL . 108 . In this ne services management to analytics and “unified talent management” as onli eracted with” and “what aspects such as “how people moved through the day, who they int 118 their tone of voice was like”. Cornerstone case, data about employees is managed by Performance . The company’s hile product offers to “measure individual employee performance”. W Management ingly use predictive hiring, companies also increas In the context of recruiting and Algorithmic productivity, and managers are able to “continuous ly encourage goal achievement, r on “Networked analytics to automatically rank and score applicants. In a pape Hiring ive “continuous feedback and coaching” – for example development”, employees can rece Employment Discrimination”, summarized how large companies in the U.S. Data & Society 109 For example, managers in retail can “observe employees “social feedback and badges”. use Applicant Tracking Systems (ATS) to automatically “score and sort resumes” and to performing service competencies directly from the field, in rea l-time” and provide 2014). Only the applications a “rank applicants” (see Rosenblat nd resumes with top scores 110 “ratings”. ithms are not only based on tr are considered. The sorting algor aditional criteria such as Cornerstone ’s Insights product promises to apply “sophisticated data science to workfo rce education certificates, but sometimes also incorporate online t ests to assess personality Monitor, technology to c ollect and anal data” and uses “machine learning yze data from every and cognitive skills – or even u ists to non-work related data se third-party data from blackl compare and such as social media profiles. ts down to the individual segment of the employee lifecycle” to obtain “actionable insigh filter workers 111 With their dations” employee, including immediate risks, opportunities and recommen HireIQ ruitment is One example of a company providing predictive analytics for rec , which Predicting product companies can “[i]dentify performance & compensation g aps”, “[c]ompare View nt and is used by “dozens” offers web-based interview technology for call center recruitme poor nd use “filters to create selected employees' succession metrics & performance reviews” a 119 in more than one million interviews. The company’s “hiring of Fortune 500 companies performers 112 Cornerstone In a press release short lists of people to solve key talent challenges”. 120 “automatically identifies applicants who exhibit the analytics” technology and risks ” from recruiting to network of shared talent data explains that they offer the “ largest 121 Reversely, the service characteristics of long-tenured, well-performing employees”. management activity performance management, representing “nearly 16 years of talent promises to "identify those who are likely to be poor performer s and early-tenure flight 113 According to across more than 19 million users” from “more than 2,200 organizations”. 122 The company’s “virtual interviewing” technology supports sever al interviewing risks". a Cornerstone representative cited in Fortune, other companies can compare th eir e evaluation of typing techniques such as quizzes and math assessments, surveys and th 114 ’s “large data sets”. Cornerstone “historical internal data” with 124 123 . the applicant’s voice But it centers on analyzing skills. A whitepaper about long-term unemployed provides details on the kind of data and the Scores on product promises to “analyze ke Audiolytics ’s HireIQ ics to y audio and speech characterist Voice scoring Cornerstone uses. In this case they compiled “performance data on entry type of analytics employees r vocal energy, answer predict likely performance”. It calculates “candidate scores fo of call center performance data points level frontline sales and service workers” with “nearly 500,000 125 ” to “identify applicants who exhibit energy and personality”. length, and pace candidates oyees used for analysis from nearly 20,000 employees” from 6 employers. Data about empl such as the average time employees needed to key performance indicators included 115 Cornerstone (2014): The Truth About the Long Term Unemployed. Whitepaper. Online: 104 per/csod-wp-long-term- https://www.cornerstoneondemand.co m/sites/default/files/whitepa Ito, Aki (2013): Hiring in the A ge of Big Data. Bloomberg, October 25, 2013. Online: unemployed-102014.pdf [30.07.2016] http://www.bloomberg.com/news/art icles/2013-10-24/new-way-to-as sess-job-applicants-online- 116 games-and-quizzes [30.07.2016] Workday (2016): Workday Talent Management. Online: 105 https://forms.workday.com/Documents/pdf/datasheets/datasheet-wo rkday-talent- Ibid. 106 management.pdf [31.07.2016] http://www.nasdaq.com/symbol/csod [30.07.2016] 107 117 http://www.humanyze https://www.cornerstoneondemand.com/company [30.07.2016] .com [31.07.2016] 108 118 Ibid. prove Decision Making. Miller, Ron (2015): New Firm Combines Wearables And Data To Im 109 TechCrunch, Feb 24, 2015. Online: https://techcrunch.com/2015/0 2/24/new-firm-combines- https://www.cornerstoneondemand.com/performance [30.07.2016] 110 wearables-and-data-to-improve-decision-making [31.07.2016] https://www.cornerstoneondemand.com/retail [30.07.2016] 111 119 https://www.cornerstoneondemand. com/news/press-releases/corner stone-ondemand- http://www.hireiqinc.com/company [31.07.2016] 120 announces-cornerstone-insights-unlocking-big-data-potential [30 .07.2016] http://www.hireiqinc.com/solutions [31.07.2016] 112 121 com/resources/datasheet/corner https://www.cornerstoneondemand. stone-view/4860 HireIQ (2015): Emotional Assessments: A Disruptive Innovation in Candidate Selection. A Hiring Optimization White Paper. Online [30.07.2016] : http://www2.hireiqinc.com/l/6892/2015-04- 113 f [31.07.2016] 29/39jpt9/6892/155518/HireIQ___Audiolytics_White_Paper_FINAL.pd com/news/press-releases/corner https://www.cornerstoneondemand. stone-ondemand- 122 Ibid. .07.2016] announces-cornerstone-insights-unlocking-big-data-potential [30 114 123 http://www.hireiqinc.com/solutions [31.07.2016] can tell you who to hire. Vanian, Jonathan (2015): Cornerstone OnDemand thinks big data 124 Fortune, May 12, 2015. Online: http://fortune.com/2015/05/12/co rnerstone-recruiting-data Ibid. 125 [30.07.2016] Ibid. 33 33 32

34 Subsequently, a “proprietary alg h candidate’s orithm automatically scores eac 3.4 Insurance and healthcare 126 ” to assess In addition, the system is able to provide “[a]utomatic scores interview”. 127 the early origins of As Dan Bouk showed in his book “How Our Days Became Numbered”, “ ”. language proficiency, fluency, critical thinking, and active listening ineteenth century, when the phenomenon we call “Big Data” date back to the end of the n Other examples include , which offers a mobile game to measure “abilities, Knack Gamified life insurance companies started to predict people’s lives and relative risk of death, to competencies, and interpersonal and work skills” and to “identify the right people” in assessment atistical individuals”. quantify, sort and to rate them – they started to make them ”st hiring. It promises to “predict potential in real time” as peop le play, and calculates a 128 atistical and predictive methods for a long time. More Insurance companies have used st Big Data in is another startup also offering games for pymetrics “Knack Score” for every player. e data sources and than a century later, insurers s eem to be slower, employing mor insurance recruitment. Their games are based on “neuroscience research” a nd promise to “assess 90 understanding that many advanced predictive technology. Possibly, because it is common “snapshot of a person’s key cognitive and personality traits”, which should result in a 129 of these technologies are unreliable. Certainly, because the in surance sector is by far more unique characteristics”. regulated than, for example, the general digital economy, inclu ding social media platforms, Today, many human resource departments of large companies have established analytics People online marketing and consumer data brokers. The also outlines Boston Consulting Group departments or are buying technology from external companies. T hese technologies are analytics ta” that bank have, that insurance companies do not have the “rich transactional da often labeled as “talent management”, “workforce analytics” or “people analytics”. Oracle , because insurers have less frequent interactions with customers . In the context of Big one of the largest providers of business software, criticizes c ompanies that are still storing Data, they see the “highest pote f the insurance value chain ntial” in the following areas o and managing data on their employees in separate data “silos”, which, according to Oracle , (see Brat et al, 2013): 130 Companies are encouraged to f ocus on employee data such as need to be broken down. Risk assessment and pricing x , key projects, gagement, attendance, adoption demographics, skills, rewards, en -selling and chum prevention) Marketing and sales (e.g. cross x rformance ratings and data capt ured from the use of assignments, goal attainment, pe instruments. Fraud detection x x Claims prevention and mitigation Bersin by Deloitte means people analytics , According to Josh Bersin, the founder of Always-on orkforce productivity to “bringing together all the people data in the company” – from w surveillance Risk assessment and pricing based on digital records of consume rs’ everyday behavior are Risk 131 He states that companies are now “opening up the floodgates” t o customer satisfaction. already well-established. based on actual, digitally monitored Car insurance rates assessment “’always-on’ listening tools” and recommends to “pull data from many different systems”, re than 10 years ago. By now, driving behavior were started mo life, health and dental based on for example: n the insurance programs including data from wearables and activity trackers are also o digital rise. The latter sometimes also incorporates data from purchase s into risk assessments tracking business data x and pricing, for example, by asking consumers to provide access to data about the kind of x human resources data such as “tenure, salary history, job mobil ity, location, training ms are mostly focused on reward ing – or, sometimes food that they buy. These progra history, performance rating” punishing – customers depending on how much their recorded beha vior conforms to the x “data about individual people at work” such as “patterns of com munication, location, system’s rules. These programs are further investigated in chap ters 4.3, 4.4 and 4.5. feedback (ie. from pulse surveys), testing and assessment data, and soon heartbeat and There are other ways how insurers and healthcare providers use predictive analytics for Credit scores other biometrics” d offline sources risk assessment. Consumer data from the wide range of online an and consumer ch as structures, locations, te x am sizes and “who “organizational network data” su available today can be useful fo r insurance companies in many d ifferent ways. In the data reports to whom” United States, it is already common for car insurers to use dat a from credit reports to external data or “data collected during recruitment” like job h x istory, schooling, Neill (2016) these scores, create their own risk scores for drivers. According to Cathy O’ experience, and educational history raphic data about consumers, ar e often more relevant to which include all kinds of demog and “new sources of data like location, travel schedule, commut e time, and now even x pricing than driving records. One major insurance company deriv ed its pricing from fitness, heartbeat” hich are “based on how sorting the population into more than 100,000 micro segments, w much each group can be expected to pay”. This resulted in disco unts of up to 90% and increases of up to 800% for individual consumers. ce of practices like this. Already insurance, there is less eviden In the field of life and health Predicting conducted a test to Aviva back in 2010, the U.S. branch of the large British insurer health from of 60,000 insurance applicants based on consumer data estimate individual health risks purchases , which is traditionally used for marketing. According to the purchased from data brokers 126 http://www.hireiqinc.com/vo ice-matters [31.07.2016] 127 Wall Street Journal, the predictive model was developed togethe r with the consulting firm http://www.hireiqinc.com/solutions [31.07.2016] 128 https://www.knack.it [31.07.2016] and aimed to examine whether ’s traditional methods of health assessment Aviva Deloitte 129 https://pymetrics.com/the-science [31.07.2016] based on blood and urine tests could be replaced by analyzing p urchases, lifestyle choices 130 ge for HR. Research Report, CIP/Oracle (2013): Talent analytics and big data – the challen compared the traditional l status. Consequently, they and information about financia November 2013. Online http://www.oracle.com/us/products/applica tions/human-capital- 6] management/talent-analytics-and-big-data-2063584.pdf [31.07.201 131 Bersin, Josh (2016): People Anal ytics Market Growth: Ten Thing s You Need to Know. July 1, 2016. Online: http://joshbersin.com/2016/07/people-analytics-ma rket-growth-ten-things-you- need-to-know [31.07.2016] 34 35 34

35 Subsequently, a “proprietary alg h candidate’s orithm automatically scores eac 3.4 Insurance and healthcare 126 ” to assess In addition, the system is able to provide “[a]utomatic scores interview”. 127 the early origins of As Dan Bouk showed in his book “How Our Days Became Numbered”, “ ”. language proficiency, fluency, critical thinking, and active listening ineteenth century, when the phenomenon we call “Big Data” date back to the end of the n Other examples include , which offers a mobile game to measure “abilities, Knack Gamified life insurance companies started to predict people’s lives and relative risk of death, to competencies, and interpersonal and work skills” and to “identify the right people” in assessment atistical individuals”. quantify, sort and to rate them – they started to make them ”st hiring. It promises to “predict potential in real time” as peop le play, and calculates a 128 atistical and predictive methods for a long time. More Insurance companies have used st Big Data in is another startup also offering games for pymetrics “Knack Score” for every player. e data sources and than a century later, insurers s eem to be slower, employing mor insurance recruitment. Their games are based on “neuroscience research” a nd promise to “assess 90 understanding that many advanced predictive technology. Possibly, because it is common “snapshot of a person’s key cognitive and personality traits”, which should result in a 129 of these technologies are unreliable. Certainly, because the in surance sector is by far more unique characteristics”. regulated than, for example, the general digital economy, inclu ding social media platforms, Today, many human resource departments of large companies have established analytics People online marketing and consumer data brokers. The also outlines Boston Consulting Group departments or are buying technology from external companies. T hese technologies are analytics ta” that bank have, that insurance companies do not have the “rich transactional da often labeled as “talent management”, “workforce analytics” or “people analytics”. Oracle , because insurers have less frequent interactions with customers . In the context of Big one of the largest providers of business software, criticizes c ompanies that are still storing Data, they see the “highest pote f the insurance value chain ntial” in the following areas o and managing data on their employees in separate data “silos”, which, according to Oracle , (see Brat et al, 2013): 130 Companies are encouraged to f ocus on employee data such as need to be broken down. Risk assessment and pricing x , key projects, gagement, attendance, adoption demographics, skills, rewards, en -selling and chum prevention) Marketing and sales (e.g. cross x rformance ratings and data capt ured from the use of assignments, goal attainment, pe instruments. Fraud detection x x Claims prevention and mitigation Bersin by Deloitte means people analytics , According to Josh Bersin, the founder of Always-on orkforce productivity to “bringing together all the people data in the company” – from w surveillance Risk assessment and pricing based on digital records of consume rs’ everyday behavior are Risk 131 He states that companies are now “opening up the floodgates” t o customer satisfaction. already well-established. based on actual, digitally monitored Car insurance rates assessment “’always-on’ listening tools” and recommends to “pull data from many different systems”, re than 10 years ago. By now, driving behavior were started mo life, health and dental based on for example: n the insurance programs including data from wearables and activity trackers are also o digital rise. The latter sometimes also incorporates data from purchase s into risk assessments tracking business data x and pricing, for example, by asking consumers to provide access to data about the kind of x human resources data such as “tenure, salary history, job mobil ity, location, training ms are mostly focused on reward ing – or, sometimes food that they buy. These progra history, performance rating” punishing – customers depending on how much their recorded beha vior conforms to the x “data about individual people at work” such as “patterns of com munication, location, system’s rules. These programs are further investigated in chap ters 4.3, 4.4 and 4.5. feedback (ie. from pulse surveys), testing and assessment data, and soon heartbeat and There are other ways how insurers and healthcare providers use predictive analytics for Credit scores other biometrics” d offline sources risk assessment. Consumer data from the wide range of online an and consumer ch as structures, locations, te x am sizes and “who “organizational network data” su available today can be useful fo r insurance companies in many d ifferent ways. In the data reports to whom” United States, it is already common for car insurers to use dat a from credit reports to external data or “data collected during recruitment” like job h x istory, schooling, Neill (2016) these scores, create their own risk scores for drivers. According to Cathy O’ experience, and educational history raphic data about consumers, ar e often more relevant to which include all kinds of demog and “new sources of data like location, travel schedule, commut e time, and now even x pricing than driving records. One major insurance company deriv ed its pricing from fitness, heartbeat” hich are “based on how sorting the population into more than 100,000 micro segments, w much each group can be expected to pay”. This resulted in disco unts of up to 90% and increases of up to 800% for individual consumers. ce of practices like this. Already insurance, there is less eviden In the field of life and health Predicting conducted a test to Aviva back in 2010, the U.S. branch of the large British insurer health from of 60,000 insurance applicants based on consumer data estimate individual health risks purchases , which is traditionally used for marketing. According to the purchased from data brokers 126 http://www.hireiqinc.com/vo ice-matters [31.07.2016] 127 Wall Street Journal, the predictive model was developed togethe r with the consulting firm http://www.hireiqinc.com/solutions [31.07.2016] 128 https://www.knack.it [31.07.2016] and aimed to examine whether ’s traditional methods of health assessment Aviva Deloitte 129 https://pymetrics.com/the-science [31.07.2016] based on blood and urine tests could be replaced by analyzing p urchases, lifestyle choices 130 ge for HR. Research Report, CIP/Oracle (2013): Talent analytics and big data – the challen compared the traditional l status. Consequently, they and information about financia November 2013. Online http://www.oracle.com/us/products/applica tions/human-capital- 6] management/talent-analytics-and-big-data-2063584.pdf [31.07.201 131 Bersin, Josh (2016): People Anal ytics Market Growth: Ten Thing s You Need to Know. July 1, 2016. Online: http://joshbersin.com/2016/07/people-analytics-ma rket-growth-ten-things-you- need-to-know [31.07.2016] 35 35 34

36 methods to predict health risks such as diabetes, high blood pr essure or depression with Aviva , the the results obtained from predictions based on consumer data. A ccording to 132 th those of purely traditional underwriting decisions”. results were “closely aligned wi A presentation by a Deloitte representative explains that third-party data was acquired Diabetes, , a consumer data broker. It included “ from over 3,400 fields of data Equifax ” about depression occupation, education, income le g this consumer data the vel and sports activities. Usin or cancer? company had built models to “pre ed with any of 17 diseases dict if individuals are afflict 133 acco related cancer, cardiova (e.g. diabetes, female cancer, tob scular, depression, etc.)”. In another report by Deloitte they state that they “do not propose predictive models as replacements for underwriters”, medical tests would still be im portant. But these models could be used to “identify the higher risk applicants early”. N evertheless, they conclude 134 and legal questions”. that predictive analytics in life insurance “may raise ethical Similarly, the consulting firm confirmed in 2012 that it helped to predict the McKinsey Social isolation hospital costs of patients from c yor”. They used information onsumer data of a “large US pa about demographics, family structure, purchases, car ownership and other data to for hospital costs were 24% higher “construct a social isolation index” and found that an for socially connected indi viduals”. McKinsey concluded “socially isolated individuals th efore high-cost episodes dentify key patient subgroups b that such insights could help “i 135 occur”. website, screenshot Figure 2: Data sets and models to predict heal th. Source: GNS Healthcare 31.07.2016 Another U.S. company goes beyond this. GNS Healthcare sees itself as a “big data analytics Predicting 136 th that “applies causal machine learning technology to match heal company” health risks GNS Healthcare’s MAX in ow interventions drive changes product promises to quantify “h interventions to individual patients”. It promises to “unlock v alue from increasingly rich ing adverse events, sub- behavior” and to predict the “risk of negative outcomes, includ records, mobile health streams of patient data, including data from electronic medical optimal outcomes and progression to disease states”. Their identifies “people IEScore 137 139 GNS devices, medical and pharmacy claims, genomics, consumer behavi or, and more”. likely to participate in interventions”. offers to predict individual he alth risks, progression of illn esses, medication Healthcare 140 with the large insurer Aetna to predict the “future In 2014, GNS Healthcare partnered Individual 138 adherence or intervention outcomes from a wide range of data: dividual level” for 36,944 th a population level and an in risk of metabolic syndrome on bo risk profiles policyholders, based on a wide range of data – from insurance e ligibility, medical and pharmacy claims records, scr demographic variables such as eenings and lab results to 141 The results were published age, body mass index, ethnicity, cigarette usage and sleep. r models was “good to the predictive ability of thei as a study, which concludes that for example, they mention a excellent”. The researchers created “individual risk profiles”, “46-year-old male”, who had “92% predicted probability of devel oping metabolic syndrome within 12 months, and a 73% probability of developing abnormal blood glucose”. ive analytics within only They emphasize that they achieved good results based on predict Exclude three months, as “opposed to the longitudinal studies take”. years that clinical trial and hopeless cases? nd “targeted Their methodology would allow “personalized risk predictions” a interventions for individuals with or at risk of metabolic synd rome” or, as they state, 132 “individualized targeting based on personalized data”. This cou ld help to improve Scism, Leslie and Mark Maremont (2010): Insurers Test Data Pro files to Identify Risky Clients. Wall Street Journal. Updated Nov. 19, 2010. Online: “intervention program design, im pact, and returns” and also “re duce costs”. According to a http://www.wsj.com/articles/SB100014240527487046486045756207509 98072986 [31.07.2016] 133 Kroll, Alice and Ernest A. Testa (2010): Predictive Modeling f or Life Insurance Seminar. Society of 010-tampa-pred-mod-4.pdf Actuaries, May 19, 2010. Online: https://www.soa.org/files/pd/2 [31.07.2016] 134 139 Deloitte (2010): Predictive Modeling for Life Insurance. April 2010. Online: Ibid. 140 https://www.soa.org/files/pdf/re [31.07.2016] search-pred-mod-life-batty.pdf Steinberg, Greg (2014): Using “Big Data” to Predict – and Impr ove – Your Health. Aetna Website, 135 predict-and-improve-health June 2014. Online: https://news.aetna.com/2014/06/big-data-can- in healthcare value. Online: McKinsey (2012): Changing patient behavior: the next frontier [31.07.2016] ing_Patient_Behavior_the_Next_ http://healthcare.mckinsey.com/sites/default/files/791750_Chang 141 Frontier_in_Healthcare_Value.pdf [31.07.2016] Steinberg, Gregory B.; Bruce W. Church, Carol J. McCall, Adam B. Scott, Brian P. Kalis (2014): 136 http://www.gnshealthcare.com/about [31.07.2016] Novel Predictive Models for Metabolic Syndrome Risk: A “Big Dat a” Analytic Approach. The 137 althcare-Secures- http://www.businesswire.com/news/home/20151208005172/en/GNS-He line: American Journal of managed care, Vol. 20, No. 6, June 2014. On 10M-Series-Financing-Accelerate [31.07.2016] dictive-models-for- http://www.ajmc.com/journals/issue/2014/2014-vol20-n6/novel-pre 138 metabolic-syndrome-risk-a-bi g-data-analytic-approach http://www.gnshealthcare.com/tec 1.07.2016] hnology-overview/technology [3 36 37 36

37 methods to predict health risks such as diabetes, high blood pr essure or depression with Aviva , the the results obtained from predictions based on consumer data. A ccording to 132 th those of purely traditional underwriting decisions”. results were “closely aligned wi A presentation by a Deloitte representative explains that third-party data was acquired Diabetes, , a consumer data broker. It included “ from over 3,400 fields of data Equifax ” about depression occupation, education, income le g this consumer data the vel and sports activities. Usin or cancer? company had built models to “pre ed with any of 17 diseases dict if individuals are afflict 133 acco related cancer, cardiova (e.g. diabetes, female cancer, tob scular, depression, etc.)”. In another report by Deloitte they state that they “do not propose predictive models as replacements for underwriters”, medical tests would still be im portant. But these models could be used to “identify the higher risk applicants early”. N evertheless, they conclude 134 and legal questions”. that predictive analytics in life insurance “may raise ethical Similarly, the consulting firm confirmed in 2012 that it helped to predict the McKinsey Social isolation hospital costs of patients from c yor”. They used information onsumer data of a “large US pa about demographics, family structure, purchases, car ownership and other data to for hospital costs were 24% higher “construct a social isolation index” and found that an for socially connected indi viduals”. McKinsey concluded “socially isolated individuals th efore high-cost episodes dentify key patient subgroups b that such insights could help “i 135 occur”. website, screenshot Figure 2: Data sets and models to predict heal th. Source: GNS Healthcare 31.07.2016 Another U.S. company goes beyond this. GNS Healthcare sees itself as a “big data analytics Predicting 136 th that “applies causal machine learning technology to match heal company” health risks GNS Healthcare’s MAX in ow interventions drive changes product promises to quantify “h interventions to individual patients”. It promises to “unlock v alue from increasingly rich ing adverse events, sub- behavior” and to predict the “risk of negative outcomes, includ records, mobile health streams of patient data, including data from electronic medical optimal outcomes and progression to disease states”. Their identifies “people IEScore 137 139 GNS devices, medical and pharmacy claims, genomics, consumer behavi or, and more”. likely to participate in interventions”. offers to predict individual he alth risks, progression of illn esses, medication Healthcare 140 with the large insurer Aetna to predict the “future In 2014, GNS Healthcare partnered Individual 138 adherence or intervention outcomes from a wide range of data: dividual level” for 36,944 th a population level and an in risk of metabolic syndrome on bo risk profiles policyholders, based on a wide range of data – from insurance e ligibility, medical and pharmacy claims records, scr demographic variables such as eenings and lab results to 141 The results were published age, body mass index, ethnicity, cigarette usage and sleep. r models was “good to the predictive ability of thei as a study, which concludes that for example, they mention a excellent”. The researchers created “individual risk profiles”, “46-year-old male”, who had “92% predicted probability of devel oping metabolic syndrome within 12 months, and a 73% probability of developing abnormal blood glucose”. ive analytics within only They emphasize that they achieved good results based on predict Exclude three months, as “opposed to the longitudinal studies take”. years that clinical trial and hopeless cases? nd “targeted Their methodology would allow “personalized risk predictions” a interventions for individuals with or at risk of metabolic synd rome” or, as they state, 132 “individualized targeting based on personalized data”. This cou ld help to improve Scism, Leslie and Mark Maremont (2010): Insurers Test Data Pro files to Identify Risky Clients. Wall Street Journal. Updated Nov. 19, 2010. Online: “intervention program design, im pact, and returns” and also “re duce costs”. According to a http://www.wsj.com/articles/SB100014240527487046486045756207509 98072986 [31.07.2016] 133 Kroll, Alice and Ernest A. Testa (2010): Predictive Modeling f or Life Insurance Seminar. Society of 010-tampa-pred-mod-4.pdf Actuaries, May 19, 2010. Online: https://www.soa.org/files/pd/2 [31.07.2016] 134 139 Deloitte (2010): Predictive Modeling for Life Insurance. April 2010. Online: Ibid. 140 https://www.soa.org/files/pdf/re [31.07.2016] search-pred-mod-life-batty.pdf Steinberg, Greg (2014): Using “Big Data” to Predict – and Impr ove – Your Health. Aetna Website, 135 predict-and-improve-health June 2014. Online: https://news.aetna.com/2014/06/big-data-can- in healthcare value. Online: McKinsey (2012): Changing patient behavior: the next frontier [31.07.2016] ing_Patient_Behavior_the_Next_ http://healthcare.mckinsey.com/sites/default/files/791750_Chang 141 Frontier_in_Healthcare_Value.pdf [31.07.2016] Steinberg, Gregory B.; Bruce W. Church, Carol J. McCall, Adam B. Scott, Brian P. Kalis (2014): 136 http://www.gnshealthcare.com/about [31.07.2016] Novel Predictive Models for Metabolic Syndrome Risk: A “Big Dat a” Analytic Approach. The 137 althcare-Secures- http://www.businesswire.com/news/home/20151208005172/en/GNS-He line: American Journal of managed care, Vol. 20, No. 6, June 2014. On 10M-Series-Financing-Accelerate [31.07.2016] dictive-models-for- http://www.ajmc.com/journals/issue/2014/2014-vol20-n6/novel-pre 138 metabolic-syndrome-risk-a-bi g-data-analytic-approach http://www.gnshealthcare.com/tec 1.07.2016] hnology-overview/technology [3 37 37 36

38 148 142 report ranked patients “by how much return on GNS Healthcare , and promises to has also by Stat , states that it “fuses identity time“ Trustev data with digita l data in real 149 They offer customers tools that can investment the insurer can expec “examine all data, in context, for every transaction”. t if it targets them with parti cular interventions” for be used to analyze “how visitors move through [their] site, cli ck, and interact” and to Stat , GNS Healthcare ’s CEO stated that the other customers. As indirectly cited by to “make a realtime device, IP, phone, and email” employ “1000s of data points like trying to get certain “algorithm” could “tell the insu rer not to waste time and money patients to take their pills”, who won’t. decision on whether it is fraudulent or not”, powered by “behav ioral analysis” and 150 machine learning. ricing seems to be on the While the use of large-scale analytics in risk assessment and p Analyzing Trustev ir fraud detection d data they employ to feed the lists a wide range of methods an . Many big fraud detection and claims investigation rise, it has already arrived in claims Blacklisting dresses, browser and algorithms, including phone numb ers, email addresses, postal ad product offers SAS ample, the software vendors offer analytics products in this field. For ex and analyzing device fingerprints, credit and ID checks, “cross-merchant” tra nsaction history, IP analysis, ced analytics models”, to app to process “all data through advan ly “risk- and value-based friends 151 This n “friend list analysis”. carrier details and cell location, “smart blacklisting” and eve dentify “linkages among scoring models to prioritize output for investigators” and to i 152 ” on their website: is how they advertise their “full-spectrum transaction analysis nships”. It promises to over previously unknown relatio seemingly unrelated data and unc and sophisticated data “prevent substantial losses early using social network diagrams scores for claims in “near-rea mining techniques” and to create l time with an online scoring engine that combines bus iness rules, anomaly detection and advanced analytic 143 ntelligence Often, the same software platforms, which were developed for i techniques”. services or military, are also being used for fraud detection i n insurance companies. (see chapter 3.5). Sentinel Visualizer ’s “i2” products and IBM Examples include 144 , offers isk” Social Intelligence , which sees itself as a “social analytics platform built for r Social media insurers a means to “leverage social media and online data” for claims and fraud and online investigation. Its “real-time predictive fraud scores” promise to “assess risk during claims data filing, determining the likelihood of a fraudulent claim based on a claimant’s online 145 presence”. Fraud prevention and risk management 3.5 It is certainly important to protect individuals and businesses from fraud, especially in online environments where not only individual fraud is a threat but also technology- based, automated fraud. At the same time, companies in fraud pr evention are often closely of data on individuals. monitoring everyday online behavior and processing vast amounts They connect to other realms of personal data collection such a s marketing, credit scoring, law enforcement, intelligence services and military. Fraud prev ention companies increasingly use predictive analytics based on rich data source s to classify persons or behaviors as “suspicious”. For individuals, it is usually not t ransparent why certain specific purchase method get interactions or options such as registering for a service or a denied. online fraud prevention. Source: Trustev website, Figure 3: "Full-spectrum transaction analysis" for screenshot from 29.07.2016. Trustev , for example, is an online fraud prevention company headquarte red in Ireland, Thousands of 146 They offer to evaluate “online transactions in TransUnion which was sold to in 2015. data points An earlier version of the Trustev website explained in 2015 that their “ Social real time” for customers in financial services, government, hea lthcare and insurance, technology analyzes the informa tion behind transactions via pa ttern Fingerprinting 147 rifying online identities”. based on “profiling devices, analyzing digital behaviors and ve analysis of social network information” and offers features suc h as “Validate personal and “Pattern identification fo details”, “Friend list analysis” r types of content, content 142 Robbins, Rebecca (2015): Insurers want to nudge you to better health. So they’re data mining your shopping lists. Stat, 15. news.com/2015/12/15/insurance- 12.2015. Online: https://www.stat big-data [31.07.2016] 143 http://www.sas.com/en_sg/industry /insurance/fraud-framework.ht ml [01.08.2016] 144 http://socialintel.com [01.08.2016] 145 http://socialintel.com/claims [01.08.2016] 148 146 ement Solutions with TransUnion (2015): TransUnion Expands Fraud and Identity Manag http://www.trustev.com [29.07.2016] 149 e: Acquisition of Trustev. Press release, December 10, 2015. Onlin http://www.trustev.com/how-it-works [29.07.2016] 150 Ibid. ntity-management-solutions- http://newsroom.transunion.com/transunion-expands-fraud-and-ide 151 with-acquisition-of-trustev [29.07.2016] Ibid. 147 152 Ibid. Screenshot from http://www.trus tev.com/how-it-works [29.07.201 6] 38 38 39

39 148 142 l data in real states that it “fuses identity Trustev time“ data with digita ranked patients , and promises to GNS Healthcare has also by Stat “by how much return on , report 149 They offer customers tools that can investment the insurer can expec t if it targets them with parti “examine all data, in context, for every transaction”. cular interventions” for be used to analyze “how visitors move through [their] site, cli ck, and interact” and to GNS Healthcare Stat other customers. As indirectly cited by ’s CEO stated that the , to “make a realtime device, IP, phone, and email” employ “1000s of data points like trying to get certain “algorithm” could “tell the insu rer not to waste time and money patients to take their pills”, who won’t. decision on whether it is fraudulent or not”, powered by “behav ioral analysis” and 150 machine learning. ricing seems to be on the While the use of large-scale analytics in risk assessment and p Analyzing Trustev ir fraud detection d data they employ to feed the lists a wide range of methods an . Many big fraud detection and claims investigation rise, it has already arrived in claims Blacklisting dresses, browser and algorithms, including phone numb ers, email addresses, postal ad product offers SAS ample, the software vendors offer analytics products in this field. For ex and analyzing device fingerprints, credit and ID checks, “cross-merchant” tra nsaction history, IP analysis, ced analytics models”, to app to process “all data through advan ly “risk- and value-based friends 151 This n “friend list analysis”. carrier details and cell location, “smart blacklisting” and eve dentify “linkages among scoring models to prioritize output for investigators” and to i 152 ” on their website: is how they advertise their “full-spectrum transaction analysis nships”. It promises to over previously unknown relatio seemingly unrelated data and unc and sophisticated data “prevent substantial losses early using social network diagrams scores for claims in “near-rea mining techniques” and to create l time with an online scoring engine that combines bus iness rules, anomaly detection and advanced analytic 143 ntelligence Often, the same software platforms, which were developed for i techniques”. services or military, are also being used for fraud detection i n insurance companies. (see chapter 3.5). Sentinel Visualizer ’s “i2” products and IBM Examples include 144 , offers isk” Social Intelligence , which sees itself as a “social analytics platform built for r Social media insurers a means to “leverage social media and online data” for claims and fraud and online investigation. Its “real-time predictive fraud scores” promise to “assess risk during claims data filing, determining the likelihood of a fraudulent claim based on a claimant’s online 145 presence”. Fraud prevention and risk management 3.5 It is certainly important to protect individuals and businesses from fraud, especially in online environments where not only individual fraud is a threat but also technology- based, automated fraud. At the same time, companies in fraud pr evention are often closely of data on individuals. monitoring everyday online behavior and processing vast amounts They connect to other realms of personal data collection such a s marketing, credit scoring, law enforcement, intelligence services and military. Fraud prev ention companies increasingly use predictive analytics based on rich data source s to classify persons or behaviors as “suspicious”. For individuals, it is usually not t ransparent why certain specific purchase method get interactions or options such as registering for a service or a denied. online fraud prevention. Source: Trustev website, Figure 3: "Full-spectrum transaction analysis" for screenshot from 29.07.2016. Trustev , for example, is an online fraud prevention company headquarte red in Ireland, Thousands of 146 They offer to evaluate “online transactions in TransUnion which was sold to in 2015. data points An earlier version of the Trustev website explained in 2015 that their “ Social real time” for customers in financial services, government, hea lthcare and insurance, technology analyzes the informa tion behind transactions via pa ttern Fingerprinting 147 rifying online identities”. based on “profiling devices, analyzing digital behaviors and ve analysis of social network information” and offers features suc h as “Validate personal and “Pattern identification fo details”, “Friend list analysis” r types of content, content 142 Robbins, Rebecca (2015): Insurers want to nudge you to better health. So they’re data mining your shopping lists. Stat, 15. news.com/2015/12/15/insurance- 12.2015. Online: https://www.stat big-data [31.07.2016] 143 http://www.sas.com/en_sg/industry /insurance/fraud-framework.ht ml [01.08.2016] 144 http://socialintel.com [01.08.2016] 145 http://socialintel.com/claims [01.08.2016] 148 146 ement Solutions with TransUnion (2015): TransUnion Expands Fraud and Identity Manag http://www.trustev.com [29.07.2016] 149 e: Acquisition of Trustev. Press release, December 10, 2015. Onlin http://www.trustev.com/how-it-works [29.07.2016] 150 Ibid. ntity-management-solutions- http://newsroom.transunion.com/transunion-expands-fraud-and-ide 151 with-acquisition-of-trustev [29.07.2016] Ibid. 147 152 Ibid. Screenshot from http://www.trus tev.com/how-it-works [29.07.201 6] 39 38 39

40 162 153 s and patterns of interest hidd Trustev also offers services for fferentials, interactivity”. en within telephone data”. “[u]ncover and visualize cluster repetition, time stamps and di 154 IBM’s i2 products were originally developed by a company called i2 Inc. “RETAIL/INSTORE” fraud detection. , which was acquired 164 163 and by IBM in 2011. According to a presentation of IBM, their i2 ChoicePoint by in 2005 T its ID Manager ransUnion states that it has “already int egrated Trustev technology into Risk services de” and “25 of the 28 NATO products are used by “80% of National Security agencies worldwi 155 , a suite of services for identi ty verification, fraud detection and authentication, product” and marketing 165 member countries”, but also by “ 8 of the top 10 largest compani es, 12 of top 20 banks”. 156 umers and the devices they use which combines “insights on cons in digital channels”. social program prevent “ nalytics, such as software to IBM offers many other products for a er” and claims to have TransUnion sees itself as a “global risk and information solutions provid Fraudulent ”, which is supposed to help gove yments rnments to “reduce improper pa waste and abuse one billion consumers data on globally, obtained from 90,000 data sources. Besides risk unemployment through better matching of eligibility information, gain insigh t into familial relationships, businesses to “cross-sell to services the company also provid es marketing solutions to help claims enhance in-take and eligibility determination, and reduce fraud ulent claims through identity portfolios” and “display existing customers”, “monitor and manage risk in their existing 166 167 157 resolution”. According to an article by Natasha Singer in the New York Times on Big Data personalized messages”, including “offline-to-online matching”. and benefits fraud “ s that ’s software is used by U.S. state agencies to “identify pattern IBM ”, 41st Parameter , has been acquired by the major data A similar fraud prevention company, could indicate benefit abuse”. O SAS and ther business intelligence comp LexisNexis anies like in 2013. Their fraud detection technology allows to link profiles Experian broker Experian also provide analytics or data about U.S. citizens to “mitigate fraud, waste and abuse”, for 158 Experian and other companies in the fi elds of fraud prevention, risk in marketing. also offers several IBM example, to reveal “fraudulent un employment claims”. Of course, PAY.ON management and payment such as , ID Analytics , , LexisNexis and MasterCard Adyen mer insights with predictive products for marketing and customer analytics to “uncover consu 168 are covered in chapter 5.7. analytics”. to analyze fraud and risk, whic Another example of a technology h is used by intelligence Data from also offers features such as link and Sentinel Visualizer Similarly to IBM’s software products, CIA technology ’s “i2” platform. IBM offers a wide range of services as well as by insurance companies, is IBM governments social network analysis to “discover hidden relationships, connections, and patterns among for banks and 159 169 For example, i2 many of them under the label “ i2”. Big Data and analytics products, people, places, and events” in all kinds of data. Its analysis software for telephone call and businesses insurers Analyst’s Notebook is a “visual intelligence analysis environment” to “help ident ify, predict, n insight into the massive numb records allows customers to “gai er of phone calls” by 170 es”, based on “massive amounts prevent and disrupt criminal, te rrorist and fraudulent activiti discovering relationships betwee ugh multiple levels. n phone numbers and people thro of information collected by gove rnment agencies and businesses” . A wide range of “structured enture capital arm” has According to the company’s own statement “In-Q-Tel, the CIA's v 171 and unstructured data from a var iety of sources” can be importe d, including “telephone call . It is “in use by several agencies within the U.S. Federal invested in this technologies 172 computer IP logs and mobile fo records, financial transactions, rensics data”. This data can then Intelligence, Defense and Law Enforcement”. But it is also used for fraud detection or be used to “Identify key people , events, connections and patter ns” and to “highlight key customer relationship mining by banks, insurance companies and healthcare 173 ts”, based on “integrated social individuals and relationships an d their connections to key even – for example, they list Capital One and CIGNA Insurance as customers. organizations network analysis capabilities”. The software is used by intelli gence agencies, police 160 For example, a “ major departments, prisons and military, and also by insurance compan ies. Personalized price discrimination in e-commerce 3.6 US insurance company vent and detect auto and medical ” uses IBM’s i2 software to “pre Dynamic pricing has been a commo om traveling (e.g. flights, n practice for a long time – fr ing policy, claims and medical insurance fraud”, to “ingest data from multiple sources, includ . food). Prices vary depending on the hotels), entertainment (e.g. tickets for events) to retail (e.g 161 ht into customers before granti billing data” and to gain “insig ng them insurance”. time of a purchase or booking, inventory, available seats, popu larity of a product, or prices of competitors. It is also usual to customize pricing depending on the number of units bought – i2 Pattern Tracer can be extended by other products such as the Analyst’s Notebook , which is Analyzing and based on a specific attribut e of consumers, for example discounts for children, families or a tool for the “analysis of telephone call data”, which can be used to “rapidly analyze[s] large phone call data possible to personalize pricing t is new today is that it is no w elders (see Borgesius 2015). Wha participants” to cover key volumes of call detail records to identify call clusters and un ecords containing attributes or in real-time, based on digital r behaviors of consumers. 153 Trustev website from January 2015 on archive.org: 162 g/web/20150111133910/ https://web.archive.or om/how-it-works http://www.trustev.c 07.2016] http://www-03.ibm.com/software/products/en/pattern-tracer [29. 163 [29.07.2016] http://web.archive.org/web/20080703182253/http://www.i2inc.com /company/factsheet.php 154 [29.07.2016] http://www.trustev.com/ pricing [22.08.2016] 164 155 http://www-03.ibm.com/press/us/en/pressrelease/35255.wss [29.0 TransUnion (2015): TransUnion Expands Fraud and Identity Manag ement Solutions with 7.2016] 165 Acquisition of Trustev. Press release, December 10, 2015. Onlin e: IBM (2014): IBM – Analytics Solutions. Online: https://www- http://newsroom.transunion.com/transunion-expands-fraud-and-ide ntity-management-solutions- 356.ibm.com/partnerworld/wps/servlet/download/DownloadServlet?i d=6Pgu3HVIdfKiPCA$cnt&a with-acquisition-of-trustev [29.07.2016] r_Cyber_Crime_Threat_and_Eur ttachmentName=Introducing_IBM_i2_Enterprise_Insight_Analysis_fo 156 opean_Legislation_Webinar.pdf [29.07.2016] https://www.transunion.com/product/id-manager [22.08.2016] 166 157 programs [29.07.2016] http://www.ibm.com/analytics/us/en/industry/government/social- TransUnion (2016): 2015 Annual Report. Online: 167 http://s21.q4cdn.com/588148537/files/doc_financials/2015/YE/TRU -2015-Annual-Report- Singer, Natasha (2015): Bringing Big Data to the Fight Against Benefits Fraud. New York Times, FINAL.PDF [22.08.2016] Feb 20, 2015. Online: http://www.nytimes.com/2015/02/22/technol ogy/bringing-big-data-to-the- 158 fight-against-benefits-fraud.html [29.07.2016] See chapter 5.7.3 168 159 /en/business/customer-analytics http://www.ibm.com/software/industry/i2software [29.07.2016] [29.07.2016] http://www.ibm.com/analytics/us 160 169 http://www-03.ibm.com/software/products/en/analysts-notebook [ 29.07.2016] http://www.fmsasg.com/ 170 161 IBM (2013): A major US insurance company improves online insur sis/telephone_logs/call_data_re http://www.fmsasg.com/LinkAnaly ance fraud detection. IBM Case cords.htm 171 sis/Partners/Solutions.asp http://www.fmsasg.com/LinkAnaly Study. Online: 172 https://public.dhe.ibm.com/common/ssi/ecm/bi/en/bic03034usen/BI C03034USEN.PDF http://www.fmsasg.com/AboutUs/ 173 [29.07.2016] sis/Commercial/Solutions.asp http://www.fmsasg.com/LinkAnaly 40 40 41

41 162 153 s and patterns of interest hidd Trustev also offers services for fferentials, interactivity”. en within telephone data”. “[u]ncover and visualize cluster repetition, time stamps and di 154 IBM’s i2 products were originally developed by a company called i2 Inc. “RETAIL/INSTORE” fraud detection. , which was acquired 164 163 and by IBM in 2011. According to a presentation of IBM, their i2 ChoicePoint by in 2005 T its ID Manager ransUnion states that it has “already int egrated Trustev technology into Risk services de” and “25 of the 28 NATO products are used by “80% of National Security agencies worldwi 155 , a suite of services for identi ty verification, fraud detection and authentication, product” and marketing 165 member countries”, but also by “ 8 of the top 10 largest compani es, 12 of top 20 banks”. 156 umers and the devices they use which combines “insights on cons in digital channels”. social program prevent “ nalytics, such as software to IBM offers many other products for a er” and claims to have TransUnion sees itself as a “global risk and information solutions provid Fraudulent ”, which is supposed to help gove yments rnments to “reduce improper pa waste and abuse one billion consumers data on globally, obtained from 90,000 data sources. Besides risk unemployment through better matching of eligibility information, gain insigh t into familial relationships, businesses to “cross-sell to services the company also provid es marketing solutions to help claims enhance in-take and eligibility determination, and reduce fraud ulent claims through identity portfolios” and “display existing customers”, “monitor and manage risk in their existing 166 167 157 resolution”. According to an article by Natasha Singer in the New York Times on Big Data personalized messages”, including “offline-to-online matching”. and benefits fraud “ s that ’s software is used by U.S. state agencies to “identify pattern IBM ”, 41st Parameter , has been acquired by the major data A similar fraud prevention company, could indicate benefit abuse”. O SAS and ther business intelligence comp LexisNexis anies like in 2013. Their fraud detection technology allows to link profiles Experian broker Experian also provide analytics or data about U.S. citizens to “mitigate fraud, waste and abuse”, for 158 Experian and other companies in the fi elds of fraud prevention, risk in marketing. also offers several IBM example, to reveal “fraudulent un employment claims”. Of course, PAY.ON management and payment such as , ID Analytics , , LexisNexis and MasterCard Adyen mer insights with predictive products for marketing and customer analytics to “uncover consu 168 are covered in chapter 5.7. analytics”. to analyze fraud and risk, whic Another example of a technology h is used by intelligence Data from also offers features such as link and Sentinel Visualizer Similarly to IBM’s software products, CIA technology ’s “i2” platform. IBM offers a wide range of services as well as by insurance companies, is IBM governments social network analysis to “discover hidden relationships, connections, and patterns among for banks and 159 169 For example, i2 many of them under the label “ i2”. Big Data and analytics products, people, places, and events” in all kinds of data. Its analysis software for telephone call and businesses insurers Analyst’s Notebook is a “visual intelligence analysis environment” to “help ident ify, predict, n insight into the massive numb records allows customers to “gai er of phone calls” by 170 es”, based on “massive amounts prevent and disrupt criminal, te rrorist and fraudulent activiti discovering relationships betwee ugh multiple levels. n phone numbers and people thro of information collected by gove rnment agencies and businesses” . A wide range of “structured enture capital arm” has According to the company’s own statement “In-Q-Tel, the CIA's v 171 and unstructured data from a var iety of sources” can be importe d, including “telephone call . It is “in use by several agencies within the U.S. Federal invested in this technologies 172 computer IP logs and mobile fo records, financial transactions, rensics data”. This data can then Intelligence, Defense and Law Enforcement”. But it is also used for fraud detection or be used to “Identify key people , events, connections and patter ns” and to “highlight key customer relationship mining by banks, insurance companies and healthcare 173 ts”, based on “integrated social individuals and relationships an d their connections to key even – for example, they list Capital One and CIGNA Insurance as customers. organizations network analysis capabilities”. The software is used by intelli gence agencies, police 160 For example, a “ major departments, prisons and military, and also by insurance compan ies. Personalized price discrimination in e-commerce 3.6 US insurance company vent and detect auto and medical ” uses IBM’s i2 software to “pre Dynamic pricing has been a commo om traveling (e.g. flights, n practice for a long time – fr ing policy, claims and medical insurance fraud”, to “ingest data from multiple sources, includ . food). Prices vary depending on the hotels), entertainment (e.g. tickets for events) to retail (e.g 161 ht into customers before granti billing data” and to gain “insig ng them insurance”. time of a purchase or booking, inventory, available seats, popu larity of a product, or prices of competitors. It is also usual to customize pricing depending on the number of units bought – i2 Pattern Tracer can be extended by other products such as the Analyst’s Notebook , which is Analyzing and based on a specific attribut e of consumers, for example discounts for children, families or a tool for the “analysis of telephone call data”, which can be used to “rapidly analyze[s] large phone call data possible to personalize pricing t is new today is that it is no w elders (see Borgesius 2015). Wha participants” to cover key volumes of call detail records to identify call clusters and un ecords containing attributes or in real-time, based on digital r behaviors of consumers. 153 Trustev website from January 2015 on archive.org: 162 g/web/20150111133910/ https://web.archive.or om/how-it-works http://www.trustev.c 07.2016] http://www-03.ibm.com/software/products/en/pattern-tracer [29. 163 [29.07.2016] http://web.archive.org/web/20080703182253/http://www.i2inc.com /company/factsheet.php 154 [29.07.2016] http://www.trustev.com/ pricing [22.08.2016] 164 155 http://www-03.ibm.com/press/us/en/pressrelease/35255.wss [29.0 TransUnion (2015): TransUnion Expands Fraud and Identity Manag ement Solutions with 7.2016] 165 Acquisition of Trustev. Press release, December 10, 2015. Onlin e: IBM (2014): IBM – Analytics Solutions. Online: https://www- http://newsroom.transunion.com/transunion-expands-fraud-and-ide ntity-management-solutions- 356.ibm.com/partnerworld/wps/servlet/download/DownloadServlet?i d=6Pgu3HVIdfKiPCA$cnt&a with-acquisition-of-trustev [29.07.2016] r_Cyber_Crime_Threat_and_Eur ttachmentName=Introducing_IBM_i2_Enterprise_Insight_Analysis_fo 156 opean_Legislation_Webinar.pdf [29.07.2016] https://www.transunion.com/product/id-manager [22.08.2016] 166 157 programs [29.07.2016] http://www.ibm.com/analytics/us/en/industry/government/social- TransUnion (2016): 2015 Annual Report. Online: 167 http://s21.q4cdn.com/588148537/files/doc_financials/2015/YE/TRU -2015-Annual-Report- Singer, Natasha (2015): Bringing Big Data to the Fight Against Benefits Fraud. New York Times, FINAL.PDF [22.08.2016] Feb 20, 2015. Online: http://www.nytimes.com/2015/02/22/technol ogy/bringing-big-data-to-the- 158 fight-against-benefits-fraud.html [29.07.2016] See chapter 5.7.3 168 159 /en/business/customer-analytics http://www.ibm.com/software/industry/i2software [29.07.2016] [29.07.2016] http://www.ibm.com/analytics/us 160 169 http://www-03.ibm.com/software/products/en/analysts-notebook [ 29.07.2016] http://www.fmsasg.com/ 170 161 IBM (2013): A major US insurance company improves online insur sis/telephone_logs/call_data_re http://www.fmsasg.com/LinkAnaly ance fraud detection. IBM Case cords.htm 171 sis/Partners/Solutions.asp http://www.fmsasg.com/LinkAnaly Study. Online: 172 https://public.dhe.ibm.com/common/ssi/ecm/bi/en/bic03034usen/BI C03034USEN.PDF http://www.fmsasg.com/AboutUs/ 173 [29.07.2016] sis/Commercial/Solutions.asp http://www.fmsasg.com/LinkAnaly 41 40 41

42 and search discrimination: Jakub Mikians et al (2012) differentiate between price aggregator site”. not visited directly, but was instead accessed via a “discount Different prices ion depending on Furthermore, Mikians et al found evidence of search discriminat or products x Price discrimination is defined as the “practice of pricing the same product differ ently . Prices of whether a customer was simulated as “affluent” or as “budget conscious” to different buyers”, depending on an assumed maximum price, wh ich a particular uent than for budget products shown to customers were “up to 4 times higher for affl customer possibly would pay. It is clearly distinguished from d ifferent pricing across nical framework for conscious customers”. The researchers created an elaborate tech different stores, which may want to reduce their stock or have better deals with lyze whether a user’s financial measurement. For example, to ana status had an influence manufacturers than other stores. revious visits of on pricing, the measurement framework automatically simulated p x In the case of different users see different products, when search discrimination, ing luxury products. hundreds of specific websites from discount sites to shops sell browsing an online shop or certa ple, some users may in product categories. For exam see more expensive hotels than others on the top of the list. A s most users do not view ncluding 10 general A similar study from 2014 examined 16 major e-commerce sites, i Different prices more than the first page of a se arch result or category listing, they are steered towards gate price steering and price e Hannak et al 2014) to investi retailers and 6 travel sites (se on mobile price steering (see Borgesius specific offers. Consequently, this practice is also called k and 300 real-world discrimination. They used both a technical measurement framewor 2015). etailers and five travel users, and found “evidence of personalization on four general r ”. Through sites altered prices by hundreds of dollars sites, including cases where According to the Wall Street Journal, the travel and booking pl atform Orbitz was found in Mac vs. PC technical measurement they discovered differences in the products shown to users based Mac ’s 2012 to “steer” users of computers to pricier hotels, because they “spend $20 Apple 174 on the history of clicked or purchased products, and their oper ating system or browser – During their tests, the hotels to $30 more a night on hotels” than PC users on average. 177 that for example, when using a mobile device. Two travel sites condu cted A/B tests when using a Mac than 13% more expensive listed on the first page of results were up to “steer users towards more expensive hotel reservations”. In som e cases different prices Orbitz when using a PC. According to the article, conformed that they were “experimenting where shown depending on whether the site was browsed while logged in or not. The d also that other factors with showing different hotel offers to Mac and PC visitors”, an authors emphasize that they were “only able to identify positiv e instances of price such as the location of the user and their previous behavior on the website could have an discrimination and steering” and “ ”. They cannot claim the absence of personalization influence on the offers shown. But they were not “showing the s ame room to different received several responses from investigated companies, which are documented on an users at different prices”. In 2014, Orbitz emphasized that the ir “experiment lasted 178 175 additional website. approximately one month” and “was discontinued”. f not impossible – to As the studies described above show, it is very challenging – i Hard to reveal Another investigation, also conducted by the Wall Street Journal later in 2012, found that Based on price or search discrimination accurately investigate and prove based on individual Staples the large U.S. office supply company offered “different prices to people after location and 176 attributes or user behavior. Even when differences in pricing a re obvious, it is still Testing suggested that the company could have inferred the estimating their locations”. web browsing unknown, whether these differences depend on individual characteristics or on other . When they simulated visits IP addresses ZIP codes of online shoppers by analyzing their remains unknown how user criteria – prices may vary for other reasons. It also ZIP codes in the U.S. and test ed 1,000 randomly to ’s website from 29,000 different Staple attributes or behaviors were ide s used, whether additional ntified, which personal data wa e. In addition, it price differences of 8% on averag selected products offered, they found data was purchased and which algorithms were used. Under these circumstances and Discover Financial Services, Rosetta Stone was discovered that other companies like consumers have no chance to understand what their individual offers and prices are fers based on a were also “adjusting prices and displaying different product of Home Depot her they receive individual based on. It is even very difficult for them to recognize, whet uld be discovered about the use r”. The office supplier Office range of characteristics that co offers and prices at all or not. The situation could aggravate when more information about browsing history and geolocation” to show different confirmed using “customers' Depot users and better analytics are a dded. Apart from transparency i ssues companies could, for confirmed using IP addresses of users in Home Depot offers and products to shoppers. that the buyer is example, “overcharge [people] when the data collected indicates ces”. sest store and align online pri order to “match users to the clo 179 ”. indifferent, uninformed or in a hurry A Spanish study used sophisticated methods of measurement to automatically monitor the Refering site prices of 600 products in 35 cate gories of 200 large online sho ps (see Mikians et al 2012). and financial lise prices” today Some scholars note that it “seems that companies rarely persona Really It was found that depending on the geographical location of prices differed up to 166% status rding to a price (Borgesius 2015). However, dynamic pricing is on the rise. Acco personal ing URL. For example, users. In some cases prices varied also depending on the referr on an average day. varies its prices 2.5 million times Amazon monitoring company, offers 180 ne shop’s website was prices in some product categories were 23% lower, when the onli While times a day. Sometimes prices of specific products are changed more than 10 istics for pricing, it still doesn’t seem to use information about personal character Amazon could be difficult to prove, when they would someday decide to introduce it. Personalized 174 z, Mac Users Steered to Pricier Mattioli, Dana (2012): On Orbit Hotels. Wall Street Journal, 23.08.2012. Online: 177 7488822667325882 http://online.wsj.com/news/articles/SB1000142405270230445860457 t groups of users see different A/B tests are experiments by website providers, where differen [29.07.2016] versions of a website’s functionality. 178 175 id Lazer, Alan Mislove, and Ch Hannak, Aniko; Gary Soeller, Dav risto Wilson (2014): Paper Letter to Christo Wilson, Assist uter and Information Science, ant Professor, College of Comp ugust 13, 2014. Online: Northeastern University. A Overview. Online: http://personalization.ccs.neu.edu/PriceDiscrimination/Press [29.07.2016] 179 s/Orbitz/OWW to Christo http://personalization.ccs.neu.edu/PriceDiscrimination/Response Zarsky T (2004): Desperately Seeking Solutions: Using Implemen tation-Based Solutions for the Wilson.pdf [29.07.2016] he Internet Society. 56(1) Maine Law Troubles of Information Privacy in the Age of Data Mining and t 176 Review 13, p. 52. See also p. 30-31. Quoted from: Borgesius (20 15) kan (2012): Websites Vary Prices, Valentino-Devries, Jennifer; Singer-Vine, Jeremy; Soltani, Ash 180 Callard, Abby (2014): The right price, not the lowest price. i nternet RETAILER, December 30, Deals Based on Users' Information. Wall Street Journal. Online: 2014. Online: https://www.internetretailer.com/2014/12/30/right -price-not-lowest-price http://online.wsj.com/news/articles/SB1000142412788732377720457 8189391813881534 [29.07.2016] [29.07.2016] 42 43 42

43 aggregator site”. not visited directly, but was instead accessed via a “discount differentiate between price and search discrimination: Jakub Mikians et al (2012) Different prices Furthermore, Mikians et al found evidence of search discriminat ion depending on or products x ently Price discrimination is defined as the “practice of pricing the same product differ . Prices of whether a customer was simulated as “affluent” or as “budget conscious” ich a particular to different buyers”, depending on an assumed maximum price, wh uent than for budget “up to 4 times higher for affl products shown to customers were ifferent pricing across customer possibly would pay. It is clearly distinguished from d conscious customers”. The researchers created an elaborate tech nical framework for different stores, which may want to reduce their stock or have better deals with measurement. For example, to ana lyze whether a user’s financial status had an influence manufacturers than other stores. on pricing, the measurement framework automatically simulated p revious visits of In the case of x search discrimination, different users see different products, when ing luxury products. hundreds of specific websites from discount sites to shops sell in product categories. For exam ple, some users may browsing an online shop or certa see more expensive hotels than others on the top of the list. A s most users do not view ncluding 10 general A similar study from 2014 examined 16 major e-commerce sites, i Different prices more than the first page of a se arch result or category listing, they are steered towards gate price steering and price e Hannak et al 2014) to investi retailers and 6 travel sites (se on mobile this practice is also called price steering specific offers. Consequently, (see Borgesius k and 300 real-world discrimination. They used both a technical measurement framewor 2015). etailers and five travel users, and found “evidence of personalization on four general r ”. Through sites altered prices by hundreds of dollars sites, including cases where atform Orbitz was found in According to the Wall Street Journal, the travel and booking pl Mac vs. PC technical measurement they discovered differences in the products shown to users based computers to pricier hotels, because they “spend $20 Apple ’s Mac 2012 to “steer” users of 174 on the history of clicked or purchased products, and their oper ating system or browser – During their tests, the hotels to $30 more a night on hotels” than PC users on average. 177 that for example, when using a mobile device. Two travel sites condu cted A/B tests listed on the first page of results were up to 13% more expensive when using a Mac than e cases different prices “steer users towards more expensive hotel reservations”. In som conformed that they were “experimenting Orbitz when using a PC. According to the article, where shown depending on whether the site was browsed while logged in or not. The with showing different hotel offers to Mac and PC visitors”, an d also that other factors authors emphasize that they were “only able to identify positiv e instances of price such as the location of the user and their previous behavior on the website could have an cannot claim the absence of personalization ”. They discrimination and steering” and “ ame room to different influence on the offers shown. But they were not “showing the s received several responses from investigated companies, which a re documented on an ir “experiment lasted users at different prices”. In 2014, Orbitz emphasized that the 178 175 additional website. approximately one month” and “was discontinued”. As the studies described above show, it is very challenging – i f not impossible – to Hard to reveal Wall Street Journal later in 2012, found that Another investigation, also conducted by the Based on price or search discrimination accurately investigate and prove based on individual the large U.S. office supply company Staples offered “different prices to people after location and 176 re obvious, it is still attributes or user behavior. Even when differences in pricing a Testing suggested that the company could have inferred the estimating their locations”. web browsing unknown, whether these differences depend on individual characteristics or on other . When they simulated visits IP addresses ZIP codes of online shoppers by analyzing their remains unknown how user criteria – prices may vary for other reasons. It also ’s website from 29,000 different ZIP codes in the U.S. and test to ed 1,000 randomly Staple s used, whether additional ntified, which personal data wa attributes or behaviors were ide e. In addition, it price differences of 8% on averag selected products offered, they found data was purchased and which algorithms were used. Under these circumstances and Discover Financial Services, Rosetta Stone was discovered that other companies like consumers have no chance to understand what their individual offers and prices are fers based on a were also “adjusting prices and displaying different product of Home Depot her they receive individual based on. It is even very difficult for them to recognize, whet uld be discovered about the use r”. The office supplier Office range of characteristics that co offers and prices at all or not. The situation could aggravate when more information about browsing history and geolocation” to show different confirmed using “customers' Depot users and better analytics are a dded. Apart from transparency i ssues companies could, for confirmed using IP addresses of users in Home Depot offers and products to shoppers. that the buyer is example, “overcharge [people] when the data collected indicates ces”. sest store and align online pri order to “match users to the clo 179 ”. indifferent, uninformed or in a hurry A Spanish study used sophisticated methods of measurement to automatically monitor the Refering site prices of 600 products in 35 cate gories of 200 large online sho ps (see Mikians et al 2012). and financial lise prices” today Some scholars note that it “seems that companies rarely persona Really It was found that depending on the geographical location of prices differed up to 166% status rding to a price (Borgesius 2015). However, dynamic pricing is on the rise. Acco personal ing URL. For example, users. In some cases prices varied also depending on the referr on an average day. varies its prices 2.5 million times Amazon monitoring company, offers 180 ne shop’s website was prices in some product categories were 23% lower, when the onli While times a day. Sometimes prices of specific products are changed more than 10 istics for pricing, it still doesn’t seem to use information about personal character Amazon could be difficult to prove, when they would someday decide to introduce it. Personalized 174 z, Mac Users Steered to Pricier Mattioli, Dana (2012): On Orbit Hotels. Wall Street Journal, 23.08.2012. Online: 177 7488822667325882 http://online.wsj.com/news/articles/SB1000142405270230445860457 t groups of users see different A/B tests are experiments by website providers, where differen [29.07.2016] versions of a website’s functionality. 178 175 id Lazer, Alan Mislove, and Ch Hannak, Aniko; Gary Soeller, Dav risto Wilson (2014): Paper Letter to Christo Wilson, Assist uter and Information Science, ant Professor, College of Comp ugust 13, 2014. Online: Northeastern University. A Overview. Online: http://personalization.ccs.neu.edu/PriceDiscrimination/Press [29.07.2016] 179 s/Orbitz/OWW to Christo http://personalization.ccs.neu.edu/PriceDiscrimination/Response Zarsky T (2004): Desperately Seeking Solutions: Using Implemen tation-Based Solutions for the Wilson.pdf [29.07.2016] he Internet Society. 56(1) Maine Law Troubles of Information Privacy in the Age of Data Mining and t 176 Review 13, p. 52. See also p. 30-31. Quoted from: Borgesius (20 15) kan (2012): Websites Vary Prices, Valentino-Devries, Jennifer; Singer-Vine, Jeremy; Soltani, Ash 180 Callard, Abby (2014): The right price, not the lowest price. i nternet RETAILER, December 30, Deals Based on Users' Information. Wall Street Journal. Online: 2014. Online: https://www.internetretailer.com/2014/12/30/right -price-not-lowest-price http://online.wsj.com/news/articles/SB1000142412788732377720457 8189391813881534 [29.07.2016] [29.07.2016] 43 43 42

44 pricing can also present itself g an everyday visit of a in other ways than simply durin Recording Personal Data – Devices and Platforms 4. . For example, via web and mobile centralized shopping or travel website advertisements, email and other channels, Internet users increa singly often directly "He had won the victory over himself. He loved Big Brother" ng. receive individual offers and discounts based on digital tracki 188 Last sentence of George Orwell’s novel „1984“ TellApart send , a “predictive marketing platform” provides companies ways to Based on a channels and devices”, ges that are consistent across personalized “unique-to-one messa “customer 181 According to their website, for “each based on analytics and a wide range of data. ore” value sc users across multiple In the early days of digital tracking the only way to recognize shopper and product combination” a “Customer Value Score” is cr eated – a “compilation of nticate or to pass unique website visits was to either require them to register and authe 182 Companies can d order size, and lifetime value ”. likelihood to purchase, predicte identifiers from one to another page while users are interactin g. When HTTP cookies ls and devices”, for then deliver personalized messages to consumers “through channe became available in 1994 they “fundamentally altered the nature of surfing the Web”, email and even dynamic on- example “through advertising in display, social sites, mobile, from “being a relatively anonymous activity, like wandering the streets of a large city, to 183 By using “Dynamic Promotions” such as personalized “discounts site promotions”. the kind of environment where records of one's transactions, mo vements and even 184 189 e right time”. and offers” , companies can send the “right offer to the right person at th orted, mined and sold”. desires could be stored, s ”, which is constantly updated TellApart creates a “ customer data profile In order to do so Online and ”, which are “placed in a brow Cookies are “small pieces of data ser storage by the web Cookies esents a merging of 100s of online and in-store signals “via feeds and tags”, and “repr data offline server” (Bujlow et al 2015, p. 5). When a website is visited th e first time, a unique about a particular anonymous cus tomer across the channels and d evices they use”. r’s computer. Subsequently, identification code can be stored in the cookie file on the use Because “[p]ersonalization begins with a person” their “Identit y Network” service y accessing this identifier the website can recognize the user across further page visits b rces – to create an ID “incorporates anonymous data – from both online and offline sou expire when the web browser is closed, session cookies again and again. While 185 often emphases that it uses “anonymous data” and creates TellApart for shoppers ”. . Both persistent cookies or years (see Bujlow et al 2015) can be stored for hours, days s customers”, but “anonymous profiles” about “anonymous identities” and “anonymou types can be used for authentication purposes or to remember in formation entered by the 186 TellApart has been acquired by In 2015, nonetheless still creates an “ID for shoppers”. ck which pages were visited shopping cart, but also to tra user, such as items in an online 187 for $479 million. Twitter and how a user interacted with the website in the past. While are first-party cookies to data brokers are working on technologies and Many companies from advertising Personalized are stored by other third-party cookies directly set by the domain the user visited, valuable discounts to products with the objective of sending personalized offers and terms and domains embedded in the website initially visited (see Roesner et al 2012, p. 2). This way, consumers , and excluding others. Not leas t, personalized pricing based o n digital tracking conditions third parties can track users of multiple websites. is already present on an even more problematic level. Since a f insurance ew years Today, most websites contain sma rty companies, which ll code fragments from third-pa Tracking nd car driving companies offer programs, for which pricing depends on steps, activity a formation to those record every click, track users across websites and transmit in website visits , whose conditions are linked to loans behavior (see chapter 4.3.4). Other companies offer 190 . They web beacons or web bugs companies. These code fragments are referred to as extensive digital records on individuals (see chapter 3.2). Not only “prices, but also terms 191 . After installation, can be visualized with browser extensions such as Lightbeam and conditions can be personalised” (Helberger 2016). formation is transferred when shows all third parties, which in Lightbeam a website is to recognize users visited. Many services still use persistent third-party cookies throughout different website vis its. But also other sophisticated technologies are used, from other storage-based and cache-based mechanisms to browser fingerprinting, which use specific attributes of computers and web browsers to recogn ize users again at their evercookies try to rebuild themselves after they have been next website visit. So-called deleted by users (see Bujlow et al 2015, p. 4). all Street Journal noted In an elaborate study of 50 of the most popular websites, the W Every click Wikipedia already in 2010, that nearly all of them, except , transferred user data to third being tion about every click to parties. 37 of the 50 most popular websites transferred informa transferred to over 30 third parties, 22 of them even to more than 60 third pa rties. The website third 234 ternal services (see Wall dictionary.com transmitted data on every page request to 234 ex parties t website visits was Street Journal 2010). The third parties, which information abou transferred to, were often largely unknown ad networks and web analytics services, but 181 https://www.tellapa rt.com/solutions [29.07.2016] 182 https://www.tellapa rt.com/platform [29.07.2016] 183 Ibid. 188 184 https://www.tellapa Orwell, George (1949): 1984. Secker and Warburg, London. rt.com/solutions [29.07.2016] 189 185 acy. New York Times, Schwartz, John (2001): Giving Web a Memory Cost Its Users Priv rt.com/platform [29.07.2016] https://www.tellapa 186 giving-web-a-memory-cost- 04.07.2001. Online: http://www.nytimes.com/2001/09/04/business/ Ibid. 187 h Startup TellApart, 10-K Lunden, Ingrid (2016): Twitter Ended Up Paying $479M For Adtec its-users-privacy.html?pagewanted=all [18.07.2016] 190 om/2016/02/29/twitter-479m- Reveals. TechCrunch, Feb 29, 2016. Online: https://techcrunch.c https://w2.eff.org/Privacy/Marketing/web_bug.html [25.01.2016] 191 tellapart/ [29.07.2016] https://www.mozilla.org/en-US/lightbeam/ [25.01.2016] 44 45 44

45 pricing can also present itself in other ways than simply durin g an everyday visit of a 4. Recording Personal Data – Devices and Platforms . For example, via web and mobile centralized shopping or travel website advertisements, email and other channels, Internet users increa singly often directly "He had won the victory over himself. He loved Big Brother" receive individual offers and discounts based on digital tracki ng. 188 Last sentence of George Orwell’s novel „1984“ , a “predictive marketing platform” provides companies ways to TellApart send Based on a channels and devices”, ges that are consistent across personalized “unique-to-one messa “customer 181 According to their website, for “each based on analytics and a wide range of data. value sc ore” users across multiple In the early days of digital tracking the only way to recognize shopper and product combination” a “Customer Value Score” is cr eated – a “compilation of nticate or to pass unique website visits was to either require them to register and authe 182 Companies can d order size, and lifetime value ”. likelihood to purchase, predicte g. When HTTP cookies identifiers from one to another page while users are interactin then deliver personalized messages to consumers “through channe ls and devices”, for of surfing the Web”, became available in 1994 they “fundamentally altered the nature email and even dynamic on- example “through advertising in display, social sites, mobile, from “being a relatively anonymous activity, like wandering the streets of a large city, to 183 By using “Dynamic Promotions” such as personalized “discounts site promotions”. vements and even the kind of environment where records of one's transactions, mo 184 189 , companies can send the “right offer to the right person at th e right time”. and offers” orted, mined and sold”. desires could be stored, s customer data profile TellApart In order to do so ”, which is constantly updated creates a “ Online and ”, which are “placed in a brow Cookies are “small pieces of data ser storage by the web Cookies “via feeds and tags”, and “repr esents a merging of 100s of online and in-store signals data offline e first time, a unique server” (Bujlow et al 2015, p. 5). When a website is visited th evices they use”. about a particular anonymous cus tomer across the channels and d identification code can be stored in the cookie file on the use r’s computer. Subsequently, y Network” service Because “[p]ersonalization begins with a person” their “Identit y accessing this identifier the website can recognize the user across further page visits b create an ID rces – to “incorporates anonymous data – from both online and offline sou again and again. While expire when the web browser is closed, session cookies 185 often emphases that it uses “anonymous data” and creates TellApart for shoppers ”. or years (see Bujlow et al 2015) can be stored for hours, days persistent cookies . Both “anonymous profiles” about “anonymous identities” and “anonymou s customers”, but types can be used for authentication purposes or to remember in formation entered by the 186 has been acquired by In 2015, TellApart nonetheless still creates an “ID for shoppers”. ck which pages were visited shopping cart, but also to tra user, such as items in an online 187 Twitter for $479 million. are and how a user interacted with the website in the past. While first-party cookies technologies and to data brokers are working on Many companies from advertising Personalized third-party cookies are stored by other directly set by the domain the user visited, valuable products with the objective of sending personalized offers and discounts to terms and domains embedded in the website initially visited (see Roesner et al 2012, p. 2). This way, t, personalized pricing based o consumers , and excluding others. Not leas n digital tracking conditions third parties can track users of multiple websites. ew years insurance is already present on an even more problematic level. Since a f ll code fragments from third-pa rty companies, which Today, most websites contain sma Tracking companies offer programs, for which pricing depends on steps, activity a nd car driving record every click, track users across websites and transmit in formation to those website visits , whose conditions are linked to loans behavior (see chapter 4.3.4). Other companies offer 190 web bugs web beacons or . They companies. These code fragments are referred to as extensive digital records on individuals (see chapter 3.2). Not only “prices, but also terms 191 . After installation, can be visualized with browser extensions such as Lightbeam and conditions can be personalised” (Helberger 2016). formation is transferred when shows all third parties, which in Lightbeam a website is to recognize users visited. Many services still use persistent third-party cookies throughout different website vis its. But also other sophisticated technologies are used, from other storage-based and cache-based mechanisms to browser fingerprinting, which use specific attributes of computers and web browsers to recogn ize users again at their evercookies try to rebuild themselves after they have been next website visit. So-called deleted by users (see Bujlow et al 2015, p. 4). all Street Journal noted In an elaborate study of 50 of the most popular websites, the W Every click Wikipedia already in 2010, that nearly all of them, except , transferred user data to third being tion about every click to parties. 37 of the 50 most popular websites transferred informa transferred to over 30 third parties, 22 of them even to more than 60 third pa rties. The website third 234 ternal services (see Wall dictionary.com transmitted data on every page request to 234 ex parties t website visits was Street Journal 2010). The third parties, which information abou transferred to, were often largely unknown ad networks and web analytics services, but 181 https://www.tellapa rt.com/solutions [29.07.2016] 182 https://www.tellapa rt.com/platform [29.07.2016] 183 Ibid. 188 184 https://www.tellapa Orwell, George (1949): 1984. Secker and Warburg, London. rt.com/solutions [29.07.2016] 189 185 acy. New York Times, Schwartz, John (2001): Giving Web a Memory Cost Its Users Priv rt.com/platform [29.07.2016] https://www.tellapa 186 giving-web-a-memory-cost- 04.07.2001. Online: http://www.nytimes.com/2001/09/04/business/ Ibid. 187 h Startup TellApart, 10-K Lunden, Ingrid (2016): Twitter Ended Up Paying $479M For Adtec its-users-privacy.html?pagewanted=all [18.07.2016] 190 om/2016/02/29/twitter-479m- Reveals. TechCrunch, Feb 29, 2016. Online: https://techcrunch.c https://w2.eff.org/Privacy/Marketing/web_bug.html [25.01.2016] 191 tellapart/ [29.07.2016] https://www.mozilla.org/en-US/lightbeam/ [25.01.2016] 45 45 44

46 or Twitter . Google ’s countless services also prominent companies like Google, Facebook , is able to serve as an operating system and software platform on devices of by Google several manufacturers. are embedded in almost every website. such as Google Analytics, DoubleClick and AdMob is embedded at least in every website which contains a Facebook Like button. Facebook basic software installation, r Devices of both worlds provide a esponsible for fundamental App ches to the sites that they Tracking the behavior of users surfing the web, from their sear features such as phone calls, co ntact management, texting, phot ography and video. In permissions formation about their visited, is still one of the most common ways to obtain rich in elopers, referred to as apps . In addition, it is possible to inst all software by third-party dev 199 A preferences, interests, problems ing and the companies who , likes and dislikes. Web track June 2016, 2.2 million apps were available for Android, and 2 m illion for iOS. permission system defines which sensors and stored data can be accessed by an app. which focuses on the are receiving the information are further examined in chapter 5 business of personal data. d by an app before it is Android for example presents a list of all permissions requeste . Without permitting access to s or to the current location) installed (e.g. access to contact In recent years, other devices and platforms besides web tracki ng have evolved into rich ery installed app has certain all these functions the app cannot be installed. Within iOS, ev sources of digital information about individuals. Smartphones and the apps installed on s permissions (e.g. location, standard permissions (e.g. accessing the internet), other acces them transmit extensive information about everyday life to a wi de range of companies. microphone or motion sensors) are requested by iOS at runtime w hen an app is trying to health data. Insurance programs based Fitness trackers are recording in-depth body and also introduced Android access the resource (see Kulyk et al 2016). Since version 6, could become prototypes for other fields of life, and in car driving behavior on recording t all permissions at once, “runtime permissions”, overcoming the need for an app to reques surveillance becomes ubiquito the us. The following chapter will Internet of Things 200 when users install an app. explore those four areas of personal data collection. Typically, a smartphone is used by a single person, and carried on the body more or less Spy in n as very personal and private device, which one would permanently. It is therefore see ? your pocket not want to hand to someone unknown (see Urban et al 2012). The information stored on 4.1 Smartphones, mobile devices and apps – spies in your pocket? xt messages, contact lists, ca such devices, including calls, te lendar, photos, videos, visited “Location data, created all day long just by having a phone in your pocket, websites, the phone’s location and motion behavior, provides detailed insights into the is probably the richest source of information in the world today” . It is not only information about friends and family user’s personality and everyday life 192 Greg Skibiski, co-founder of Sense Networks, 2009 but also work, finance and hea that is stored on such a device, lth contacts. Most of the time, mobile devices are connect ed to the Internet. Potentially , the integrated sensors can always be activated. Many users also store passwords on their smartphone, which provide Due to the rapid evolution of mobile technology and the introdu ction of Apple’s iPhone in access to personal user accounts such as email, social networks and e-commerce. 2007, smartphones and installed ap plications became one of the most important gateways acy: Smartphones entail several specific risks regarding users’ priv for companies to collect data on consumers. Smartphones offer v arious wireless Wireless connections for data transfer, i ncluding WLAN, GSM, UMTS, HSPA/ 3G, LTE/4G, Bluetooth connections Privacy risks Data security ) and : Unauthorized access to the device (e.g. through loss or theft x addition, smartphones are equipped with a variety of and NFC (Rothmann et al 2012). In and sensors y computer viruses, security flaws within the OS and apps, which can be exploited b print sensors the sensors. Besides microphones, cameras, GPS receivers and finger acks (see Lopes et al 2013). malware and for targeted att 193 : Android developer guide lists three categories of sensors : Storage, processing or transfer of personal data x Data transfer to app provider through apps of third-party developers, which can access differ ent types of information motion sensors measuring “acceleration forces and rotational forces along thr ee x companies (see chapter stored on the phone as well as sensor data and send it to other axes” – accelerometers, gravity sensors, gyroscopes, rotational vector sensors 4.2.1). x – barometers, photometers, thermometers environmental sensors Android x users are linking : Most Data transfer to platforms or app store providers x position sensors – orientation sensors magnetometers their device with a Android worldwide 1.4 billion Google Google account. According to 201 . Most likely this describes the devices were “active” at least once in a month in 2015 han 1.4 billion devices According to Gartner, worldwide smartphone sales reached more t 1.4 billion new Account. Also, most iOS users number of monthly active Android users with a Google 194 195 196 , after 1 billion in 2013 , and 472 million devices in 2011. The market a yea r in 2015 devices a year, connect their devices to an account (“Apple ID”), as the device cannot be used Apple and iOS (according to IDC their market Android for operating systems is dominated by 82.8% Android Apple didn’t publish clear numbers about monthly active appropriately without this. 197 Other platforms such as shares in Q2 2015 were 82.8% and 13.9% respectively). iOS users. are representing niche existences. While iOS is being used Windows Phone or Blackberry : Information about the users’ communication behavior is also s tored x Mobile networks 198 led , which was developed by the Apple devices, Android only on Open Handset Alliance by wireless communication service providers. 192 ur-mobile-phone-log http://www.wired.co.uk/article/the-hidden-persuaders-mining-yo [18.07.2016] 193 https://developer.android.com/guide/topics/sensors/sensors_ove rview.html [18.07.2016] 199 194 http://www.statista.com/statistic http://www.gartner.com/newsroom/id/3215217 [18.07.2016] s/276623/number-of-Apps-available-in-leading-App-stores/ 195 [18.07.2016] http://www.gartner.com/newsroom/id/2996817 [18.07.2016] 196 200 html [18.07.2016] http://www.gartner.com/newsroom/id/1924314 [18.07.2016] https://developer.android.com/training/permissions/requesting. 197 201 http://www.idc.com/prodserv/smart .07.2016] share.jsp [18 Alphabet (2016): Google Annual Report 2015. Online: phone-os-market- 198 http://www.openhand setalliance.com 015_google_annual_report.pdf [18. 07.2016] https://abc.xyz/investor/pdf/2 46 47 46

47 , is able to serve as an operating system and software platform by on devices of Google . ’s countless services also prominent companies like Google, Google or Facebook Twitter several manufacturers. are embedded in almost every website. AdMob such as and Google Analytics, DoubleClick is embedded at least in every website which contains a Facebook Like Facebook button. Devices of both worlds provide a basic software installation, r esponsible for fundamental App ntact management, texting, phot features such as phone calls, co ography and video. In ches to the sites that they Tracking the behavior of users surfing the web, from their sear permissions addition, it is possible to inst elopers, referred to as apps . In all software by third-party dev visited, is still one of the most common ways to obtain rich in formation about their 199 A June 2016, 2.2 million apps were available for Android, and 2 m illion for iOS. preferences, interests, problems , likes and dislikes. Web track ing and the companies who permission system defines which sensors and stored data can be accessed by an app. are receiving the information are further examined in chapter 5 which focuses on the business of personal data. Android for example presents a list of all permissions requeste d by an app before it is . Without permitting access to installed (e.g. access to contact s or to the current location) ng have evolved into rich In recent years, other devices and platforms besides web tracki ery installed app has certain all these functions the app cannot be installed. Within iOS, ev installed on sources of digital information about individuals. Smartphones and the apps standard permissions (e.g. accessing the internet), other acces s permissions (e.g. location, them transmit extensive information about everyday life to a wi de range of companies. hen an app is trying to microphone or motion sensors) are requested by iOS at runtime w are recording in-depth body and Fitness trackers health data. Insurance programs based access the resource (see Kulyk et al 2016). Since version 6, also introduced Android car driving behavior could become prototypes for other fields of life, and in on recording “runtime permissions”, overcoming the need for an app to reques t all permissions at once, surveillance becomes ubiquito us. The following chapter will the Internet of Things 200 when users install an app. explore those four areas of personal data collection. on the body more or less Typically, a smartphone is used by a single person, and carried Spy in permanently. It is therefore see n as very personal and private device, which one would ? your pocket not want to hand to someone unknown (see Urban et al 2012). The information stored on 4.1 Smartphones, mobile devices and apps – spies in your pocket? xt messages, contact lists, ca such devices, including calls, te lendar, photos, videos, visited “Location data, created all day long just by having a phone in your pocket, detailed insights into the websites, the phone’s location and motion behavior, provides information in the world today” is probably the richest source of . It is not only information about friends and family user’s personality and everyday life 192 Greg Skibiski, co-founder of Sense Networks, 2009 lth contacts. Most of the but also work, finance and hea that is stored on such a device, , the integrated sensors can time, mobile devices are connect ed to the Internet. Potentially always be activated. Many users also store passwords on their smartphone, which provide Due to the rapid evolution of mobile technology and the introdu ction of Apple’s iPhone in access to personal user accounts such as email, social networks and e-commerce. 2007, smartphones and installed ap plications became one of the most important gateways acy: Smartphones entail several specific risks regarding users’ priv arious wireless for companies to collect data on consumers. Smartphones offer v Wireless connections for data transfer, i ncluding WLAN, GSM, UMTS, HSPA/ 3G, LTE/4G, Bluetooth connections Privacy risks : Unauthorized access to the device (e.g. through loss or theft Data security ) and x and NFC (Rothmann et al 2012). In addition, smartphones are equipped with a variety of and sensors security flaws within the OS and apps, which can be exploited b y computer viruses, sensors. Besides microphones, cameras, GPS receivers and finger print sensors the acks (see Lopes et al 2013). malware and for targeted att 193 : Android developer guide lists three categories of sensors : Storage, processing or transfer of personal data x Data transfer to app provider through apps of third-party developers, which can access differ ent types of information motion sensors measuring “acceleration forces and rotational forces along thr ee x stored on the phone as well as sensor data and send it to other companies (see chapter sensors, gyroscopes, rotational vector sensors axes” – accelerometers, gravity 4.2.1). environmental sensors – barometers, photometers, thermometers x : Most x Android Data transfer to platforms or app store providers users are linking x – orientation sensors magnetometers position sensors Google worldwide 1.4 billion their device with a Google Android account. According to 201 . Most likely this describes the devices were “active” at least once in a month in 2015 han 1.4 billion devices According to Gartner, worldwide smartphone sales reached more t 1.4 billion new Account. Also, most iOS users number of monthly active Android users with a Google 194 195 196 , after 1 billion in 2013 , and 472 million devices in 2011. The market a yea r in 2015 devices a year, connect their devices to an account (“Apple ID”), as the device cannot be used Apple and iOS (according to IDC their market Android for operating systems is dominated by 82.8% Android Apple didn’t publish clear numbers about monthly active appropriately without this. 197 Other platforms such as shares in Q2 2015 were 82.8% and 13.9% respectively). iOS users. are representing niche existences. While iOS is being used or Windows Phone Blackberry Mobile networks tored : Information about the users’ communication behavior is also s x 198 led , which was developed by the Apple devices, Android only on Open Handset Alliance by wireless communication service providers. 192 ur-mobile-phone-log http://www.wired.co.uk/article/the-hidden-persuaders-mining-yo [18.07.2016] 193 https://developer.android.com/guide/topics/sensors/sensors_ove rview.html [18.07.2016] 199 194 s/276623/number-of-Apps-available-in-leading-App-stores/ http://www.gartner.com/newsroom/id/3215217 [18.07.2016] http://www.statista.com/statistic 195 http://www.gartner.com/newsroom/id/2996817 [18.07.2016] [18.07.2016] 196 200 https://developer.android.com/training/permissions/requesting. http://www.gartner.com/newsroom/id/1924314 [18.07.2016] html [18.07.2016] 197 201 http://www.idc.com/prodserv/smart .07.2016] phone-os-market- share.jsp [18 Alphabet (2016): Google Annual Report 2015. Online: 198 http://www.openhand setalliance.com https://abc.xyz/investor/pdf/2 015_google_annual_report.pdf [18. 07.2016] 47 47 46

48 206 4.2.1 Data abuse by apps After scandalizing reports in t he media and an inquiry from th e U.S. addresses. rmed about data sharing, Congress, these apps were updated to ensure that users are info Mobile apps cover many areas of l cess to certain ife and often depend on the ac 207 contact data. and Apple introduced an explicit permission for apps to access information in order to fulfill their purpose. For example, a c amera app has to be able to often debated in the media, the Although data abuse by apps was situation seems to have Study on risky access the built-in camera, a navigation app needs location dat a to function and an address Appthority examines the reputation of apps for corporate use on a become even worse. apps from book app needs to access the address book. But many apps require access to sensors and and regular basis. In 2014, the 200 most popular apps of iOS were analyzed for Android 2014 data, which isn’t required for their functionality . Required or not, there is a risk that risky behavior patterns (see Appthority 2014): third parties apps transfer data to without the users’ knowledge. Wall Street Journal In 2010, a famous investigation of Android and apps by the showed iOS Wall Street mobile app behaviors 2014 Risky Top 100 apps / Android Top 100 apps / iOS 47 of the 100 most popular apps that transferred the phone’s location not only to the Journal app paid free paid free of the assessed apps ties (see Thurm et al 2010). 56 developer, but also to third par survey 2010 82% 49% 50% user’s location Track 24% ut the users’ awareness transmitted the unique device ID to third party companies witho Track users with device ID 88% 28% 57% 65% or consent, mostly to advertising networks. Developers of free apps were especially guilty address book 14% 26% 8% Access 30% of integrating tracking modules that exploit data for targeted advertising and other uses. 16% Shar e data with ad networks 38% 32% 71% At the time of the Wall Street Journal’s Pandora transferred investigation the music app Share data with social networks 43% 61% 53% 73% ID to several advertising netw orks. The popular gaming age, gender, location and device Share data with analytics & SDKs 41% 38% 20% 31% app party. The Angry Birds sent the users’ address book, location and device ID to a third ors (Source: Appthority, 2014) Table 13: Risky mobile app behavi dating app g d device ID to three advertisin transferred gender, location an Grindr networks. The gaming app PaperToss sent location and device ID to five advertising location data , while 82% of free Android apps and 50% of free iOS apps were accessin g Sharing with 202 sent the device ID to eight of these. networks, the texting app TextPlus address book . Behind the nearly a third of the free apps on both platforms access the data brokers , who in turn scenes, many apps transfer data to advertising networks and data brokers apps Android 15 of 30 examined According to another a U.S. study from 2010, Locating users sometimes share the data collected with even more companies. Those apps didn’t show e transferred location data to advertising networks, again without notifying the users (se every 30 ads to the user in every case. In some cases the app developers get paid according to the Enck et al, 2010). In some cases, sferred every 30 seconds. In the phone’s location was tran seconds amount of information collected about the user. Surprisingly, p aid apps are also arting the app even once. A one case it was sent directly after the installation, before st embedded frameworks, transferring data to third parties. Many developers of apps use analyzed 84% of the apps further examination on 94 iOS apps from 2011 revealed that libraries or Software Developer Kits (SDK), which frequently collect detailed data about 203 and 74% transferred the device ID. connected to external domains users and submit this data to analytics providers like Google Analytics or Flurry (see c’t 60 apps from 2012, many of the According to an analysis by the German magazine c’t magazine Appthority 2014). 204 For instance, the popular app examined transmitted data to advertising networks . survey 2012 According to another study conducted in 2014 by 26 privacy enfo rcement authorities in 59% of apps Onavo sent data to five of them. The magazine also reported on the c ompany Flashlight 19 countries, access data that is not necessary for the app’s 31% of 1,200 popular apps raising which operates an online service that promises to reduce the co st of expensive mobile ioner of Canada Privacy Commiss 2014). 59% of the apps functionality (see Office of the concerns data transfer through a proxy server and data compression. At t he same time, Onavo’s raised privacy concerns even before they were downloaded becaus e they do not apps transferred information abo ut the phone’s location, the fr equency of the usage of adequately inform the user about which data is used and shared. maker. In 2013 was Onavo specific apps and the websites visited by the user, to the app 205 acquired by Facebook . Free Android and iOS apps in 2015 In 2012, it was also revealed tha t several iOS apps from social networks such as , Path Accessing iOS In a recent study, 110 popular Android and apps where tested to discover which of Apps sharing Twitter , Foursquare were uploading the user’s address book without explicit LinkedIn and address books parties (see Zang et al them shared personal, behavioura l and location data with third data with third ers and postal consent, sometimes including names, email addresses, phone numb without 2015). Android apps sent sensitiv on average, iOS apps to e data to 3.1 external domains ies part consent 94 distinct third-party 2.6 third parties. Overall, sensitive data was shared with with third parties, 40% email addresses . 45 % of the 110 tested apps shared domains location data , and 34% the user’s name . More in detail: 202 treet Journal. Online: r Apps Are Watching You, Wall S Thurm, S.; Kane, Y. (2010): You http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html [18.07.2016] 206 203 Cortesi, Aldo (2011): How UDIDs are used: a survey, 19.05.2011.Online: , and how they're getting it. The Bohn, Dieter: iOS apps and the address book: who has your data https://corte.si/posts/security/ Verge, 24.02.2012, http://www.th everge.com/2012/2/14/2798008/io s-apps-and-the-address- apple-udid-survey/index.html [1 8.07.2016] 204 book-what-you-need-to-know [19.07.2016] 012): Self service shop rg, Ronald; Schmidt, Jürgen (2 Venne, Patrick Kollaten; Eikenbe 207 smartphone. c’t, book 7/2012, S. 114. Paczkowski, John: Apple: App Access to Contact Data Will Requi re Explicit User Permission. All 205 Goel, Vindu (2013): Facebook Buys Israeli Maker of Data Compre ssion Software for Mobile Web Things Digital, 15.02.2012, Effort, 14.10.2013, http://bits.blogs.nytimes.com/2013/10/14/fa cebook-acquires-onavo-and-a- -will-require-explicit-user- http://allthingsd.com/20120215/apple-app-access-to-contact-data foothold-in-israel [18.07.2016] permission [13.08.2014] 48 49 48

49 206 addresses. e U.S. he media and an inquiry from th After scandalizing reports in t 4.2.1 Data abuse by apps Congress, these apps were updated to ensure that users are info rmed about data sharing, Mobile apps cover many areas of l ife and often depend on the ac cess to certain 207 and Apple introduced an explicit permission for apps to access contact data. information in order to fulfill their purpose. For example, a c amera app has to be able to often debated in the media, the situation seems to have Although data abuse by apps was Study on risky access the built-in camera, a navigation app needs location dat a to function and an address become even worse. Appthority examines the reputation of apps for corporate use on a apps from book app needs to access the address book. But many apps require access to sensors and regular basis. In 2014, the 200 most popular apps of Android and iOS were analyzed for 2014 data, which . Required or not, there is a risk that isn’t required for their functionality risky behavior patterns (see Appthority 2014): without the users’ knowledge. third parties apps transfer data to Wall Street Journal apps by the showed and Android In 2010, a famous investigation of iOS Wall Street Top 100 apps / Android Top 100 apps / iOS Risky mobile app behaviors 2014 that transferred the phone’s location not only to the 47 of the 100 most popular apps Journal app paid free paid free developer, but also to third par ties (see Thurm et al 2010). 56 of the assessed apps survey 2010 Track user’s location 24% 49% 82% 50% transmitted the unique device ID to third party companies witho ut the users’ awareness Track users with device ID 57% 65% 28% 88% or consent, mostly to advertising networks. Developers of free apps were especially guilty 8% 26% 14% 30% Access address book of integrating tracking modules that exploit data for targeted advertising and other uses. 16% 32% Shar e data with ad networks 71% 38% At the time of the investigation the music app transferred Pandora Wall Street Journal’s Share data with social networks 61% 53% 43% 73% orks. The popular gaming age, gender, location and device ID to several advertising netw Share data with analytics & SDKs 41% 31% 38% 20% Angry Birds app party. The sent the users’ address book, location and device ID to a third ors (Source: Appthority, 2014) Table 13: Risky mobile app behavi g dating app Grindr transferred gender, location an d device ID to three advertisin sent location and device ID to five advertising PaperToss networks. The gaming app g location data 82% of free Android apps and 50% of free iOS apps were accessin , while Sharing with 202 networks, the texting app TextPlus sent the device ID to eight of these. nearly a third of the free apps on both platforms access the address book . Behind the data brokers scenes, many apps transfer data to advertising networks and data brokers , who in turn 15 of 30 examined Android apps According to another a U.S. study from 2010, Locating users sometimes share the data collected with even more companies. Those apps didn’t show to advertising networks, again without notifying the users (se e location data transferred every 30 get paid according to the ads to the user in every case. In some cases the app developers sferred every 30 seconds. In the phone’s location was tran Enck et al, 2010). In some cases, seconds aid apps are also amount of information collected about the user. Surprisingly, p one case it was sent directly after the installation, before st arting the app even once. A embedded frameworks, transferring data to third parties. Many developers of apps use further examination on 94 iOS apps from 2011 revealed that 84% of the apps analyzed which frequently collect detailed data about Software Developer Kits (SDK), libraries or 203 connected to external domains and 74% transferred the device ID. Flurry or Google Analytics users and submit this data to analytics providers like (see According to an analysis by the German magazine from 2012, many of the c’t 60 apps c’t magazine Appthority 2014). 204 For instance, the popular app examined transmitted data to advertising networks . survey 2012 rcement authorities in According to another study conducted in 2014 by 26 privacy enfo 59% of apps ompany sent data to five of them. The magazine also reported on the c Flashlight Onavo 31% of 1,200 popular apps 19 countries, access data that is not necessary for the app’s raising st of expensive mobile which operates an online service that promises to reduce the co Privacy Commiss ioner of Canada 2014). 59% of the apps functionality (see Office of the concerns Onavo’s he same time, data transfer through a proxy server and data compression. At t raised privacy concerns even before they were downloaded becaus e they do not apps transferred information abo ut the phone’s location, the fr equency of the usage of adequately inform the user about which data is used and shared. was maker. In 2013 specific apps and the websites visited by the user, to the app Onavo 205 acquired by Facebook . Free Android and iOS apps in 2015 t several iOS apps from social networks such as In 2012, it was also revealed tha , Path Accessing apps where tested to discover which of and In a recent study, 110 popular iOS Android Apps sharing , Foursquare were uploading the user’s address book without explicit LinkedIn and Twitter address books parties (see Zang et al l and location data with third them shared personal, behavioura data with third consent, sometimes including names, email addresses, phone numb ers and postal without e data to 3.1 external domains 2015). Android apps sent sensitiv on average, iOS apps to ies part consent 94 distinct third-party 2.6 third parties. Overall, sensitive data was shared with domains with third parties, 40% email addresses . 45 % of the 110 tested apps shared location data . More in detail: name , and 34% the user’s 202 treet Journal. Online: r Apps Are Watching You, Wall S Thurm, S.; Kane, Y. (2010): You http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html [18.07.2016] 206 203 Bohn, Dieter: iOS apps and the address book: who has your data , and how they're getting it. The Cortesi, Aldo (2011): How UDIDs are used: a survey, 19.05.2011.Online: Verge, 24.02.2012, http://www.th everge.com/2012/2/14/2798008/io s-apps-and-the-address- 8.07.2016] https://corte.si/posts/security/ apple-udid-survey/index.html [1 204 book-what-you-need-to-know [19.07.2016] Venne, Patrick Kollaten; Eikenbe 012): Self service shop rg, Ronald; Schmidt, Jürgen (2 207 re Explicit User Permission. All Paczkowski, John: Apple: App Access to Contact Data Will Requi smartphone. c’t, book 7/2012, S. 114. 205 Goel, Vindu (2013): Facebook Buys Israeli Maker of Data Compre ssion Software for Mobile Web Things Digital, 15.02.2012, cebook-acquires-onavo-and-a- Effort, 14.10.2013, http://bits.blogs.nytimes.com/2013/10/14/fa http://allthingsd.com/20120215/apple-app-access-to-contact-data -will-require-explicit-user- foothold-in-israel [18.07.2016] permission [13.08.2014] 49 49 48

50 Amazon Insights, Localytics, Kontagent, Apsalar ). ) and “utilities” (e.g. Crashlytics, Bugsense All apps tested iOS apps Data sent to third parties Android apps 208 Australia, Brazil, in 509 unique apps in d 124 different trackers Overall they identifie Germany and the United States. Many of these trackers were pres ent in a high percentage Email address 73% 16% 45% of users’ devices: Location data 40% 33% 47% 49% 18% Name 34% Tracker Users affected Google Ads Username 20% 25% 15% 96% 20% Gender 15% 9% Flurry 91% 10% Search terms 9% 11% 87% Google Analytics Information on friends 11% 16% 5% Millennial Media 86% Job -related information 4% 4% 4% Crashlytics 85% 4% 2% 3% rmation Medical info 81% Mopub 79% Inmobi ile apps send to third parties (Source: Zang et al 2015) Table 14: Sensitive data free mob Hockeyapp 71% dentifying information such as email addresses with 73% of free Android apps shared i Up to 17 third 70% Comscore The tested apps sent third parties, and 46% of iOS apps shared the phone’s location. per app parties Crittercism 68% ioral and location data, to up sensitive information, including personally identifiable, behav to 17 third-party domains. The s tudy also shows that a signific ant proportion of apps e exposed to (Source: Seneviratne et al 2015) Table 15: Trackers users of smartphone apps ar share data from user inputs with third parties – from search terms and information on Taken together, the study shows that “tracking behaviors of pai d apps are almost the same lth related information. pp usage to employment and hea friends entered by users during a 209 , a “framework to as those of free apps”. The r Privmetrics esearchers started to build Some examples: 210 secure user privacy in smartphones”. Health and sent sensitive data to 11 third-party domains, with 9 domains Text Free The app x Users often have little knowledge and awareness about what info rmation is accessible by How do users related job- ’s location. e data and 6 receiving the user receiving personally identifiabl on apps. A study from 2012 showed the difference between expectations and reality think about data The app sent location data to 17 third-party domains. x Local Scope 211 95% of 179 participants were the basis of the 100 most popular Android apps. and apps x ” with 5 third parties medical info input by the user app shared “ The Drugs.com surprised that the app Brightest Flashlight is accessing location data. 90% were surprised privacy? (e.g. words such as “herpes” or “interferon”). that the app Background HD Wallpaper is accessing their address book. On the other hand, x The app Period Tracker Lite shared the “ input into a symptom field ” with one is accessing information about the phone’s Google Maps nobody was surprised that third-party domain. location. Overall, participants were startled about which apps are accessing the device ID, x The Android apps Job Search and Snagajob shared “ employment-related search location data or the address book. Consequently, the authors of this study interpreted a ty domains. terms ” such as “driver,” “cashier,” an d “burger” with four third-par small level of surprise as a form of “informed consent”. ” and Indeed.com The iOS apps x shared “ employment-related inputs Snagajob such as “nurse” and “car mechanic” with 4 third parties. Based on the study mentioned above and further research about m obile app privacy and 1,173,265 apps usability (see Lin et al 2014), a team of researchers from Carnegie Mellon University In general, apps listed in the c ategories "Health & Fitness" an x d “Communication" analyzed 212 an online platform about mobi le apps and privacy, which created PrivacyGrade , her app sent sensitive data to more third-party domains than apps in ot avior and the app's measures “the gap between people's expectations of an app's beh categories. 213 e apps, . By July 2016, the site offered information on 1,173,265 mobil actual behavior” The study design has some limitations . For example, Zang et al didn’t look at non-TCP Encrypted data whose privacy-related behaviors are summarized in the form of g rades, using a scale of A+ traffic and they just tested for data leakages in clear text. It was not tested whether apps sharing not to D. Additionally, detailed information is available for each app, including the permissions share simply encrypted versions of sensitive data, e.g. by usin g common hashes like included MD5 . It is very likely that many cases where apps share sensitive data with third parties tages are in fact were not discovered. Therefore, the observed numbers and percen probably . higher than found A study on free and pa id apps from 2015 208 http://www.privmetrics.org/wp-c ontent/uploads/2016/04/Tracker_ List-11.xlsx [19.07.2016] 209 http://www.privmetrics.org/ A study from 2015 on the top 100 free and paid apps in Australi a, Brazil, Germany and the 210 Seneviratne, Suranga; Aruna Seneviratne, Johan Kestenare (2014 ): PrivMetrics: A Framework for U.S. showed that tracking is less invasive in paid apps, but st ill very common (see y and User Centric Controls, Quantifying User Privacy in Smartphones. W3C Workshop on Privac Berlin, Germany, November 2014. Online: ps were “connected to Seneviratne et al, 2015). They f ound that around 60% of paid ap https://www.w3.org/2014/privacyws/pp/Seneviratne.pdf nformation”, compared to 85-95% of free apps. About 20% trackers that collect personal i 211 Lin, Jialiu; Sadeh, Norman M.; Amini, Shahriyar; Lindqvist, Ja nne; Hong, Jason I.; Zhang, Joy of paid apps were connected to more than 3 trackers. (2012): Expectation and purpose: understanding users' mental mo dels of mobile app privacy through crowdsourcing. In: UbiComp, 2012. Online: one users with their apps from 338 different smartph By combining lists of installed App usage is omp12-final.pdf [07.07.2014] http://www.winlab.rutgers.edu/~ja nne/privacyasexpectations-ubic research they found that 50% of these users were exposed to mor e than 25 trackers and tracked by 212 http://privacygrade.org 213 “advertising” (e.g. Trackers were categorized as: Google 20% of them to over 40 trackers. many http://privacygrade.org/faq Ads, Millennial Media, Inmobi, Mopub ), “analytics” (e.g. Flurry, Google Analytics, Comscore, companies 50 51 50

51 ). Amazon Insights, Localytics, Kontagent, Apsalar ) and “utilities” (e.g. Crashlytics, Bugsense Android apps iOS apps Data sent to third parties All apps tested 208 Australia, Brazil, in 509 unique apps in d 124 different trackers Overall they identifie ent in a high percentage Germany and the United States. Many of these trackers were pres Email address 16% 45% 73% of users’ devices: 40% Location data 47% 33% 18% 49% Name 34% Tracker Users affected Google Ads 25% 15% 20% Username 96% 15% Gender 9% 20% Flurry 91% Search terms 10% 9% 11% Google Analytics 87% Information on friends 11% 16% 5% 86% Millennial Media -related information 4% 4% 4% Job 85% Crashlytics 4% rmation 3% 2% Medical info 81% Mopub Inmobi 79% Table 14: Sensitive data free mob ile apps send to third parties (Source: Zang et al 2015) Hockeyapp 71% dentifying information such as email addresses with 73% of free Android apps shared i Up to 17 third Comscore 70% The tested apps sent third parties, and 46% of iOS apps shared the phone’s location. per app parties 68% Crittercism sensitive information, including personally identifiable, behav ioral and location data, to up tudy also shows that a signific ant proportion of apps to 17 third-party domains. The s Table 15: Trackers users of smartphone apps ar e exposed to (Source: Seneviratne et al 2015) with third parties – from search terms and information on share data from user inputs d apps are almost the same Taken together, the study shows that “tracking behaviors of pai lth related information. friends entered by users during a pp usage to employment and hea 209 , a “framework to esearchers started to build Privmetrics as those of free apps”. The r Some examples: 210 secure user privacy in smartphones”. Health and x The app sent sensitive data to 11 third-party domains, with 9 domains Text Free Users often have little knowledge and awareness about what info rmation is accessible by How do users related job- ’s location. e data and 6 receiving the user receiving personally identifiabl difference between expectations and reality on apps. A study from 2012 showed the think about data x Local Scope sent location data to 17 third-party domains. The app 211 95% of 179 participants were the basis of the 100 most popular Android apps. and apps app shared “ x ” with 5 third parties Drugs.com medical info input by the user The is accessing location data. 90% were surprised Brightest Flashlight surprised that the app privacy? (e.g. words such as “herpes” or “interferon”). is accessing their address book. On the other hand, Background HD Wallpaper that the app x ” with one input into a symptom field shared the “ Period Tracker Lite The app nobody was surprised that is accessing information about the phone’s Google Maps third-party domain. are accessing the device ID, location. Overall, participants were startled about which apps The Android apps Job Search and Snagajob shared “ employment-related search x location data or the address book. Consequently, the authors of this study interpreted a ty domains. terms ” such as “driver,” “cashier,” an d “burger” with four third-par small level of surprise as a form of “informed consent”. ” Indeed.com and Snagajob shared “ employment-related inputs x The iOS apps such as “nurse” and “car mechanic” with 4 third parties. obile app privacy and Based on the study mentioned above and further research about m 1,173,265 apps Carnegie Mellon University a team of researchers from usability (see Lin et al 2014), In general, apps listed in the c x d “Communication" ategories "Health & Fitness" an analyzed 212 le apps and privacy, which an online platform about mobi , PrivacyGrade created her app sent sensitive data to more third-party domains than apps in ot avior and the app's measures “the gap between people's expectations of an app's beh categories. 213 e apps, . By July 2016, the site offered information on 1,173,265 mobil actual behavior” . For example, Zang et al didn’t look at non-TCP The study design has some limitations Encrypted data whose privacy-related behaviors are summarized in the form of g rades, using a scale of A+ traffic and they just tested for data leakages in clear text. It was not tested whether apps sharing not app, including the permissions to D. Additionally, detailed information is available for each share simply encrypted versions of sensitive data, e.g. by usin g common hashes like included data with third parties . It is very likely that many cases where apps share sensitive MD5 were not discovered. Therefore, the observed numbers and percen tages are in fact . higher than found probably A study on free and pa id apps from 2015 208 http://www.privmetrics.org/wp-c List-11.xlsx [19.07.2016] ontent/uploads/2016/04/Tracker_ 209 http://www.privmetrics.org/ a, Brazil, Germany and the A study from 2015 on the top 100 free and paid apps in Australi 210 ): PrivMetrics: A Framework for Seneviratne, Suranga; Aruna Seneviratne, Johan Kestenare (2014 ill very common (see U.S. showed that tracking is less invasive in paid apps, but st y and User Centric Controls, Quantifying User Privacy in Smartphones. W3C Workshop on Privac Berlin, Germany, November 2014. Online: Seneviratne et al, 2015). They f ound that around 60% of paid ap ps were “connected to https://www.w3.org/2014/privacyws/pp/Seneviratne.pdf trackers that collect personal i nformation”, compared to 85-95% of free apps. About 20% 211 Lin, Jialiu; Sadeh, Norman M.; Amini, Shahriyar; Lindqvist, Ja nne; Hong, Jason I.; Zhang, Joy of paid apps were connected to more than 3 trackers. (2012): Expectation and purpose: understanding users' mental mo dels of mobile app privacy through crowdsourcing. In: UbiComp, 2012. Online: apps from 338 different smartph By combining lists of installed one users with their App usage is nne/privacyasexpectations-ubic http://www.winlab.rutgers.edu/~ja omp12-final.pdf [07.07.2014] e than 25 trackers and research they found that 50% of these users were exposed to mor tracked by 212 http://privacygrade.org 213 20% of them to over 40 trackers. Google Trackers were categorized as: “advertising” (e.g. many http://privacygrade.org/faq ), “analytics” (e.g. Ads, Millennial Media, Inmobi, Mopub Flurry, Google Analytics, Comscore, companies 51 51 50

52 used by the app, a short description about why an app may need access to specific data, (NAIC) National Association of Insurance Commissioners According to a report by the U.S. Plugging into and the third-party libraries contacted by the app. most devices which record data about consumers’ driving behavio r are plugged into the car port. They record special interfaces such as the “on-board diagnostics” (OBD-II) Flashlight - Torch LED Light For example, the app profile page for shows that it “appears Flashlight app information about dates, times, locations and distances driven , more sophisticated this app uses” data on the phone r analysis” and recorded ’s location for “market/custome accessing . There are speed, cornering, acceleration and braking ones also report data about 214 According to the last audio via microphone for “delivering targeted advertisement”. location data different technologies available to track the driving behavior (see Karapiperis et al 2015): analysis from April 2015, the th ird parties to whom data may be transferred include Millenial Media and Mopup . An extra page , Twitter , Chartboost , , Facebook Flurry Inmobi , are x Dongles devices provided by the insurer for a certain time. They are se lf-installed 215 For with overall statistics on third-party libraries used by all apps analyzed is available. uld soon be by the driver, record data on location and driving style and co example, in 65,515 different apps. Admob ’s was found in 407,181 apps, Flurry Google technologically obsolete. tion. When x provide more detailed informa are professionally installed and Black boxes deeply invading the is Taken together, the use of today’s smartphones and mobile apps Summary ng or harsh cornering – accelerometers are integrated, they can also track speed, braki privacy rld’s population, consumers are often not aware of of a substantial part of the wo ic control unit (ECU). and they can use the cars sensors by plugging into its electron how many companies receive information about their everyday liv es, and our knowledge Embedded x a also directly connects to the vehicle’s systems and can record telematics limited, incomplete, and about how apps collect data and transfer it to third parties is wide range of data on both the car and on driving behavior. often outdated. also increasingly used for car t are Smartphones and apps x elematics, either standalone or plugged into the car’s system. They provide a range of relev ant sensors from accelerometers and gyroscopes to GPS and a network connection. insurance and the Connected Car Car telematics, tracking-based 4.2 Usage-based insurance (UBI) , which takes the recorded data into consideration for 12 million “You know the way that advertising turned out to be the native business pricing purposes, is on the rise. According to an extensive ind ustry report by consulting customers model for the internet? I think that insurance is going to be the native are 200 insurance programs based on telematics Ptolemus firm (2016), more than worldwide business model for the Internet of Things” available in 34 countries on five continents, covering 12 million customers. The number of 216 Tim O’Reilly, 2014 mber customers in Europe increased from 2.1 million in July 2013 to 4.4 million in Nove . Generali has 2.8 million UBI customers Progressive 2015. The U.S.-based insurer has and claims that 33% of new policies in Italy include 800,000 UBI customers in Italy w, we know when you’re doing it. “We know everyone who breaks the la we know what you’re doing.” We have GPS in your car, so telematics. But also several telematics programs are available in countries like the UK, 217 Jim Farley, Head of Marketing and Sales at Ford, 2014 Canada, France, German y, Spain, Ireland, Russia and South Afric a, and currently launched in many more countries from Columbia to China. Ptolemus predict s that “nearly 100 million vehicles will be insured w ith telematics policies” by 2 020. However, according to Driving cars is a kind of everyday life behavior, which has bee n digitally tracked for many another industry report, today’s “market penetration is lower t han predicted” and still years. What initially started as a technology used in freight a nd fleet management to make 219 <5% in the U.S. 218 also became common in consumer logistics more efficient (and to control employees) space. , where insurance Ptolemus (2016) diffe rentiates between Pay-As-You-Drive (PAYD) Risk ratings Pay-How- ion data, and ometimes also on time and locat premiums are based on mileage, s about drivers , which monitor the vehicle around the clock and transmit black boxes Today, so-called Insurance You-Drive (PHYD) lculate , where insurance companies receive "driving style data" and ca eleration values to several information about its position, time, velocity, braking and acc rates based on le insurance policies use "risk ratings" about drivers. In general, most of today’s vehic ars. Terms like the service providers, are increasin gly being built into consumer c driving information such as age, gender, vehicle age, place of residenc e, occupation and the connected car and the smart car are somehow tied to these developments. Customized behavior 220 Policies based on telematics add rofile to calculate pricing. customer’s historical claims p insurance rates based on actual driving behavior are around sin ce the mid-2000s (see motion sensors “new, dynamic parameters”, which are recorded by GPS like accelerators, racking and employing data abo Ptolemus 2016). As this kind of t ut everyday life behavior devices or the car’s sensors, and are automatically transmitted to the insurance company may be a role model for other fi elds of life, it is worth takin g a closer look. or telematics providers. The information recorded and analyzed ranges from the , the average length of the distance travelled, the day of the week and the time of the day trips, the type of the road to the driving behavior, including acceleration, braking, speed and cornering. 214 http://privacygrade.org/apps/com.rvappstudios.flashlight.html [20.07.2016] Progressive’s telematics-based insurance offer in the U.S. 215 http://privacygrade.org/third_party_libraries/ 216 Myslewski, Rik (2014): The Inte rnet of Things helps insurance firms reward, punish. The Register, 24.05.2014. cited on 19.09.2014 from helps_insurance_firms_reward_ 4/05/23/the_internet_of_things_ http://www.theregister.co.uk/201 punish 217 s Show in Las Vegas in January Jim Farley told this to an audience at the Consumer Electronic 219 2014. A week later he said that his statement was “hypothetical Novarica (2016): Telematics in Insurance: Current State of UBI ”, see: and Market Challenges. July 2016. nts-tracking-drivers-gps-2014-1 http://www.businessinsider.com/for Summary online: http://novarica.com/telematics-2016/ [24.07.201 6] racts-stateme d-jim-farley-ret 220 [24.07.2016] tain regions, e.g. gender in the EU: Insurances may not be allowed to use certain parameters in cer 218 See: Kanngieser, 2013 http://ec.europa.eu/justice/news room/gender-equality/news/12122 0_en.htm [24.07.2016] 52 53 52

53 (NAIC) National Association of Insurance Commissioners According to a report by the U.S. used by the app, a short description about why an app may need access to specific data, Plugging into and the third-party libraries contacted by the app. most devices which record data about consumers’ driving behavio r are plugged into the car port. They record special interfaces such as the “on-board diagnostics” (OBD-II) Flashlight - Torch LED Light For example, the app profile page for shows that it “appears Flashlight app information about dates, times, locations and distances driven , more sophisticated this app uses” data on the phone r analysis” and recorded ’s location for “market/custome accessing . There are speed, cornering, acceleration and braking ones also report data about 214 According to the last audio via microphone for “delivering targeted advertisement”. location data different technologies available to track the driving behavior (see Karapiperis et al 2015): analysis from April 2015, the th ird parties to whom data may be transferred include Millenial Media and Mopup . An extra page , Twitter , Chartboost , , Facebook Flurry Inmobi , are x Dongles devices provided by the insurer for a certain time. They are se lf-installed 215 For with overall statistics on third-party libraries used by all apps analyzed is available. uld soon be by the driver, record data on location and driving style and co example, in 65,515 different apps. Admob ’s was found in 407,181 apps, Flurry Google technologically obsolete. tion. When x provide more detailed informa are professionally installed and Black boxes deeply invading the is Taken together, the use of today’s smartphones and mobile apps Summary ng or harsh cornering – accelerometers are integrated, they can also track speed, braki privacy rld’s population, consumers are often not aware of of a substantial part of the wo ic control unit (ECU). and they can use the cars sensors by plugging into its electron how many companies receive information about their everyday liv es, and our knowledge Embedded x a also directly connects to the vehicle’s systems and can record telematics limited, incomplete, and about how apps collect data and transfer it to third parties is wide range of data on both the car and on driving behavior. often outdated. also increasingly used for car t are Smartphones and apps x elematics, either standalone or plugged into the car’s system. They provide a range of relev ant sensors from accelerometers and gyroscopes to GPS and a network connection. insurance and the Connected Car Car telematics, tracking-based 4.2 Usage-based insurance (UBI) , which takes the recorded data into consideration for 12 million “You know the way that advertising turned out to be the native business pricing purposes, is on the rise. According to an extensive ind ustry report by consulting customers model for the internet? I think that insurance is going to be the native are 200 insurance programs based on telematics Ptolemus firm (2016), more than worldwide business model for the Internet of Things” available in 34 countries on five continents, covering 12 million customers. The number of 216 Tim O’Reilly, 2014 mber customers in Europe increased from 2.1 million in July 2013 to 4.4 million in Nove . Generali has 2.8 million UBI customers Progressive 2015. The U.S.-based insurer has and claims that 33% of new policies in Italy include 800,000 UBI customers in Italy w, we know when you’re doing it. “We know everyone who breaks the la we know what you’re doing.” We have GPS in your car, so telematics. But also several telematics programs are available in countries like the UK, 217 Jim Farley, Head of Marketing and Sales at Ford, 2014 Canada, France, German y, Spain, Ireland, Russia and South Afric a, and currently launched in many more countries from Columbia to China. Ptolemus predict s that “nearly 100 million vehicles will be insured w ith telematics policies” by 2 020. However, according to Driving cars is a kind of everyday life behavior, which has bee n digitally tracked for many another industry report, today’s “market penetration is lower t han predicted” and still years. What initially started as a technology used in freight a nd fleet management to make 219 <5% in the U.S. 218 also became common in consumer logistics more efficient (and to control employees) space. , where insurance Ptolemus (2016) diffe rentiates between Pay-As-You-Drive (PAYD) Risk ratings Pay-How- ion data, and ometimes also on time and locat premiums are based on mileage, s about drivers , which monitor the vehicle around the clock and transmit black boxes Today, so-called Insurance You-Drive (PHYD) lculate , where insurance companies receive "driving style data" and ca eleration values to several information about its position, time, velocity, braking and acc rates based on le insurance policies use "risk ratings" about drivers. In general, most of today’s vehic ars. Terms like the service providers, are increasin gly being built into consumer c driving information such as age, gender, vehicle age, place of residenc e, occupation and the connected car and the smart car are somehow tied to these developments. Customized behavior 220 Policies based on telematics add rofile to calculate pricing. customer’s historical claims p insurance rates based on actual driving behavior are around sin ce the mid-2000s (see motion sensors “new, dynamic parameters”, which are recorded by GPS like accelerators, racking and employing data abo Ptolemus 2016). As this kind of t ut everyday life behavior devices or the car’s sensors, and are automatically transmitted to the insurance company may be a role model for other fi elds of life, it is worth takin g a closer look. or telematics providers. The information recorded and analyzed ranges from the , the average length of the distance travelled, the day of the week and the time of the day trips, the type of the road to the driving behavior, including acceleration, braking, speed and cornering. 214 http://privacygrade.org/apps/com.rvappstudios.flashlight.html [20.07.2016] Progressive’s telematics-based insurance offer in the U.S. 215 http://privacygrade.org/third_party_libraries/ 216 Myslewski, Rik (2014): The Inte rnet of Things helps insurance firms reward, punish. The Register, 24.05.2014. cited on 19.09.2014 from helps_insurance_firms_reward_ 4/05/23/the_internet_of_things_ http://www.theregister.co.uk/201 punish 217 s Show in Las Vegas in January Jim Farley told this to an audience at the Consumer Electronic 219 2014. A week later he said that his statement was “hypothetical Novarica (2016): Telematics in Insurance: Current State of UBI ”, see: and Market Challenges. July 2016. nts-tracking-drivers-gps-2014-1 http://www.businessinsider.com/for Summary online: http://novarica.com/telematics-2016/ [24.07.201 6] racts-stateme d-jim-farley-ret 220 [24.07.2016] tain regions, e.g. gender in the EU: Insurances may not be allowed to use certain parameters in cer 218 See: Kanngieser, 2013 http://ec.europa.eu/justice/news room/gender-equality/news/12122 0_en.htm [24.07.2016] 53 53 52

54 According to a report by the U.S. National Association of Insurance Commissioners (NAIC) Plugging into most devices which record data about consumers’ driving behavio r are plugged into the car special interfaces such as the “on-board diagnostics” (OBD-II) port. They record information about dates, times, locations and distances driven , more sophisticated . There are ones also report data about speed, cornering, acceleration and braking different technologies available to track the driving behavior (see Karapiperis et al 2015): are x devices provided by the insurer for a certain time. They are se lf-installed Dongles by the driver, record data on location and driving style and co uld soon be technologically obsolete. x Black boxes are professionally installed and provide more detailed informa tion. When accelerometers are integrated, they can also track speed, braki ng or harsh cornering – and they can use the cars sensors by plugging into its electron ic control unit (ECU). a also directly connects to the vehicle’s systems and can record telematics Embedded x wide range of data on both the car and on driving behavior. also increasingly used for car t x Smartphones and apps are elematics, either standalone or plugged into the car’s system. They provide a range of relev ant sensors from accelerometers and gyroscopes to GPS and a network connection. Usage-based insurance (UBI) , which takes the recorded data into consideration for 12 million pricing purposes, is on the rise. According to an extensive ind ustry report by consulting customers (2016), more than 200 insurance programs based on telematics are Ptolemus firm worldwide available in 34 countries on five continents, covering 12 million customers. The number of increased from 2.1 million in July 2013 to 4.4 million in Nove mber Europe customers in has 2.8 million UBI customers . Generali has 2015. The U.S.-based insurer Progressive 800,000 UBI customers in Italy and claims that 33% of new policies in Italy include telematics. But also several telematics programs are available in countries like the UK, y, Spain, Ireland, Russia and South Afric a, and currently launched Canada, France, German s that “nearly 100 in many more countries from Columbia to China. Ptolemus predict ith telematics policies” by 2 million vehicles will be insured w 020. However, according to “market penetration is lower t another industry report, today’s han predicted” and still 219 <5% in the U.S. , where insurance Ptolemus (2016) diffe rentiates between Pay-As-You-Drive (PAYD) Risk ratings premiums are based on mileage, s Pay-How- ion data, and ometimes also on time and locat about drivers You-Drive (PHYD) lculate , where insurance companies receive "driving style data" and ca le insurance policies use "risk ratings" about drivers. In general, most of today’s vehic information such as age, gender, vehicle age, place of residenc e, occupation and the 220 Policies based on telematics add customer’s historical claims p rofile to calculate pricing. “new, dynamic parameters”, which are recorded by GPS like accelerators, motion sensors or the car’s sensors, and are automatically transmitted to the devices insurance company ranges from the or telematics providers. The information recorded and analyzed , the average length of the distance travelled, the day of the week and the time of the day acceleration, braking, speed trips, the type of the road to the driving behavior, including and cornering. 229 In that to earn “more” points. customers can also opt in to a smartphone-enabled plan Progressive program in the U.S. Snapshot ’s popular Customers who decide to participate in 20% discount Progressive’s telematics-based insurance offer in the U.S. Discovery ’s mobile app additionally “uses case, accelerometer, gyroscope and G PS data” to rt. It records the vehicle’s receive a small device, which they plug into their car’s OBD po for safe Snapshot Customers who decide to participate in ’s popular program in the U.S. Progressive 20% discount 221 measure driving behavior. Information about driving speed, time information, and “in some devices” also “G force”. drivers, 10% rt. It records the vehicle’s receive a small device, which they plug into their car’s OBD po for safe y “to and from Progressive”, i ncluding the Vehicle behavior is transmitted wirelessl increase for 230 221 The following graphic shows VitalityDrive can earn points: how drivers participating in Information about driving speed, time information, and “in some devices” also “G force”. drivers, 10% , who can a score for each driver then calculates Progressive Identification Number . risk drivers ncluding the Vehicle behavior is transmitted wirelessl y “to and from Progressive”, i increase for receive a personalized discount on their insurance premium base d on their driving 219 Progressive . Identification Number then calculates a score for each driver , who can risk drivers and Market Challenges. July 2016. Novarica (2016): Telematics in Insurance: Current State of UBI 222 223 The details vary by state. In addition to discounts they started penalizing habits. Summary online: http://novarica.com/telematics-2016/ [24.07.201 6] receive a personalized discount on their insurance premium base d on their driving 224 In Ohio, drivers can get a maximum in some states in 2015. “bad” driving behavior 220 tain regions, e.g. gender in the EU: Insurances may not be allowed to use certain parameters in cer 222 223 In addition to discounts they started The details vary by state. penalizing habits. 20% “discount for safer driving habits”, and a maximum 10% “inc rease for risker 0_en.htm [24.07.2016] http://ec.europa.eu/justice/news room/gender-equality/news/12122 224 In Ohio, drivers can get a maximum in some states in 2015. “bad” driving behavior 225 habits”. rease for risker 20% “discount for safer driving habits”, and a maximum 10% “inc 225 n the following Calculating scores on safe or risky driving behavior is based o habits”. 53 226 parameters: n the following Calculating scores on safe or risky driving behavior is based o 226 parameters: Description (according to Progressive) Behavior Hard braking eases in speed of seven mph per second or greater. Your Hard brakes are decr Description (according to Progressive) Behavior Snapshot device will “beep ” when you brake hard. Minimize hard braking to work Hard braking eases in speed of seven mph per second or greater. Your Hard brakes are decr toward a discount. Avoid hard ” when you brake hard. Minimize hard braking to work Snapshot device will “beep The number of minutes that your engine is running during a trip. To earn a discount, Amount of braking and toward a discount. time driven try to minimize your time behind the whee l by combining trips, carpooling or using Avoid hard -night late Amount of The number of minutes that your engine is running during a trip. To earn a discount, public transportation. braking and drives time driven l by combining trips, carpooling or using try to minimize your time behind the whee Discovery's usage-based insurance offer. Source: Figure 4: Earning points for desired behavior at — Time and day the highest risks The number of minutes you spend driving during higher risk hours -night late Discovery. public transportation. . are between midnight and 4 a.m. on the weekends drives Time and day The number of minutes you spend driving during higher risk hours —the highest risks receive less than e score” is calculated. Drivers Each month, a “driver performanc Driver Fast starts are increases in speed of nine mph per second or greater. Also known as Fast starts . are between midnight and 4 a.m. on the weekends o often, when the maximum when they either drive “10km/h over the speed limit” to performance just “putting the pedal to the metal.” Use a lighter foot on the “jackrabbit starts” or Fast starts are increases in speed of nine mph per second or greater. Also known as Fast starts gas pedal to work toward a discount. distance travelled is too far, when the “number of harsh accele rations, harsh brakes and score “jackrabbit starts” or just “putting the pedal to the metal.” Use a lighter foot on the 231 Additionally, too often. harsh corners” is too high, or when they drive during nighttime Trip regularity The frequency w ith which you drive at the same time of day and same duration. gas pedal to work toward a discount. ” for each driver. When reaching these goals, regularly appoints “ Discovery personal goals car driving behavior in Ohio. Source: Progressive Table 16: How Progressive is scoring safe or risky Trip regularity ith which you drive at the same time of day and same duration. The frequency w m, young adults aged up to s. As part of a special progra drivers can earn additional point (2016) a more sophisticated regime . They get a 25% refund on their insurance 26 can choose Table 16: How Progressive is scoring safe or risky car driving behavior in Ohio. Source: Progressive d Originally, Progressive ation and GPS data, but later they remove had also included loc (2016) premium, payable “in cash” every six months. However, after six months, they may have a 227 them. In 2016, was thinking about including location data again. Progressive “ premium increase ” of 10% when they drive more than 50 kilometers during the night, had also included loc d ation and GPS data, but later they remove Originally, Progressive erage night-time have more than 200 “monthly av and an increase of 25% when they 227 Discovery’s telematics-based insurance in South Africa was thinking about including location data again. Progressive them. In 2016, 232 kilometers”. The South African company offers another usage-based insurance product Discovery The leader in Discovery’s telematics-based insurance in South Africa ing device “in the states that it “will not use” the data recorded by their track Discovery Scoring for 228 Drivers who participate can earn points based on the monitorin g of called VitalityDrive . health plans The South African company offers another usage-based insurance product Discovery The leader in event of a claim , other than to confirm the time and place of an incident”. But , according to rating and the system’s their driving behavior and other parameters. When they behave according to involving 228 Drivers who participate can earn points based on the monitorin g of called VitalityDrive . health plans their privacy policy, customers consent to the use of “scoring information for rating and underwriting algorithmic rules, they can get discounts and rewards such as a refund of up to 50% of fitness trackers 233 the system’s their driving behavior and other parameters. When they behave according to involving The company is operating similar programs in the field of underwriting purposes”. matics device, but their “BP fuel and Gautrain spend”. Data are recorded by a tele algorithmic rules, they can get refund of up to 50% of discounts and rewards such as a fitness trackers Vitality program is a global leader in health insurance and corporate w health . Its ellness their “BP fuel and Gautrain spend”. Data are recorded by a tele matics device, but reward systems and programs that integrate data from on-body trackers, point-based provide discounts on premiums (see chapter 4.3.4). 221 https://www.progressive.com/auto/ .07.2016] snapshot-terms-conditions [24 222 https://www.progressive.com/auto/ snapshot-terms-conditions [24 .07.2016] 221 223 snapshot-terms-conditions [24 https://www.progressive.com/auto/ .07.2016] snapshot-details [24.07.2016] https://www.progressive.com/auto/ 222 224 .07.2016] snapshot-terms-conditions [24 https://www.progressive.com/auto/ Passikoff, Robert (2015): Progressive Adds 'Bad Driver' Survei llance To Snapshot Telematics. 223 229 https://www.progressive.com/auto/ snapshot-details [24.07.2016] Forbes, 31.03.2015. Online: 07.2016] https://www.discovery.co.za/portal/individual/insure-faqs [24. 224 230 Passikoff, Robert (2015): Progressive Adds 'Bad Driver' Survei llance To Snapshot Telematics. ive-adds-bad-driver- http://www.forbes.com/sites/robertpassikoff/2015/03/31/progress Discovery (2016): Vitalitydrive terms and conditions. Online: Forbes, 31.03.2015. Online: surveillance-to-snapshot-telematics/ [24.07.2016] https://www.discovery.co.za/discovery_coza/web/linked_content/p dfs/insure/vitalitydrive.pdf 225 http://www.forbes.com/sites/robertpassikoff/2015/03/31/progress ive-adds-bad-driver- [24.07.2016] . Ohio. February 20, 2016 to Progressive (2016): Everything you want to know about Snapshot 231 surveillance-to-snapshot-telematics/ [24.07.2016] Present. Online: https://www.prog ils/ [24.07.2016] ressive.com/auto/snapshot-deta https://www.discovery.co.za/port al/individual/insurance-news-m ar15-driver-performance- 225 226 . Ohio. February 20, 2016 to Progressive (2016): Everything you want to know about Snapshot score [24.07.2016] Ibid. 232 227 ils/ [24.07.2016] Present. Online: https://www.prog ressive.com/auto/snapshot-deta Tough Sell. The Wall Street Scism, Leslie (2016): Car Insurers Find Tracking Devices Are a Discovery (2016): Vitalitydrive terms and conditions. 226 233 Ibid. Discovery Insure Limited driving/mobile application privacy po licy and terms of use. Online: surers-find-tracking-devices-are-a- Journal, 10.01.2016. Online: http://www.wsj.com/articles/car-in 227 Tough Sell. The Wall Street Scism, Leslie (2016): Car Insurers Find Tracking Devices Are a dfs/insure/discovery_insure_d https://www.discovery.co.za/discovery_coza/web/linked_content/p tough-sell-1452476714 [24.07.2016] 228 Journal, 10.01.2016. Online: http://www.wsj.com/articles/car-in surers-find-tracking-devices-are-a- riving_terms_and_conditions.pdf [24.07.2016] drive [24.07.2016] https://www.discovery.co.za/portal/individual/insure-vitality- tough-sell-1452476714 [24.07.2016] 228 https://www.discovery.co.za/portal/individual/insure-vitality- drive [24.07.2016] 54 54 55 54

55 According to a report by the U.S. National Association of Insurance Commissioners (NAIC) Plugging into most devices which record data about consumers’ driving behavio r are plugged into the car special interfaces such as the “on-board diagnostics” (OBD-II) port. They record information about dates, times, locations and distances driven , more sophisticated . There are ones also report data about speed, cornering, acceleration and braking different technologies available to track the driving behavior (see Karapiperis et al 2015): are x devices provided by the insurer for a certain time. They are se lf-installed Dongles by the driver, record data on location and driving style and co uld soon be technologically obsolete. x Black boxes are professionally installed and provide more detailed informa tion. When accelerometers are integrated, they can also track speed, braki ng or harsh cornering – and they can use the cars sensors by plugging into its electron ic control unit (ECU). a also directly connects to the vehicle’s systems and can record telematics Embedded x wide range of data on both the car and on driving behavior. also increasingly used for car t x Smartphones and apps are elematics, either standalone or plugged into the car’s system. They provide a range of relev ant sensors from accelerometers and gyroscopes to GPS and a network connection. Usage-based insurance (UBI) , which takes the recorded data into consideration for 12 million pricing purposes, is on the rise. According to an extensive ind ustry report by consulting customers (2016), more than 200 insurance programs based on telematics are Ptolemus firm worldwide available in 34 countries on five continents, covering 12 million customers. The number of increased from 2.1 million in July 2013 to 4.4 million in Nove mber Europe customers in has 2.8 million UBI customers . Generali has 2015. The U.S.-based insurer Progressive 800,000 UBI customers in Italy and claims that 33% of new policies in Italy include telematics. But also several telematics programs are available in countries like the UK, y, Spain, Ireland, Russia and South Afric a, and currently launched Canada, France, German s that “nearly 100 in many more countries from Columbia to China. Ptolemus predict ith telematics policies” by 2 million vehicles will be insured w 020. However, according to “market penetration is lower t another industry report, today’s han predicted” and still 219 <5% in the U.S. , where insurance Ptolemus (2016) diffe rentiates between Pay-As-You-Drive (PAYD) Risk ratings premiums are based on mileage, s Pay-How- ion data, and ometimes also on time and locat about drivers You-Drive (PHYD) , where insurance companies receive "driving style data" and ca lculate le insurance policies use "risk ratings" about drivers. In general, most of today’s vehic information such as age, gender, vehicle age, place of residenc e, occupation and the 220 Policies based on telematics add customer’s historical claims p rofile to calculate pricing. GPS “new, dynamic parameters”, which are recorded by motion sensors like accelerators, devices or the car’s sensors, and are automatically transmitted to the insurance company or telematics providers. The information recorded and analyzed ranges from the distance travelled, the day of the week and the time of the day , the average length of the trips, the type of the road to the driving behavior, including acceleration, braking, speed and cornering. 229 customers can also opt in to a In that smartphone-enabled plan to earn “more” points. Progressive Snapshot ’s popular program in the U.S. Customers who decide to participate in 20% discount Progressive’s telematics-based insurance offer in the U.S. ’s mobile app additionally “uses accelerometer, gyroscope and G case, Discovery PS data” to rt. It records the vehicle’s receive a small device, which they plug into their car’s OBD po for safe ’s popular program in the U.S. Progressive Customers who decide to participate in Snapshot 20% discount 221 measure driving behavior. Information about driving speed, time information, and “in some devices” also “G force”. drivers, 10% receive a small device, which they plug into their car’s OBD po rt. It records the vehicle’s for safe ncluding the Vehicle behavior is transmitted wirelessl y “to and from Progressive”, i increase for 230 221 how drivers participating in The following graphic shows VitalityDrive can earn points: Information about driving speed, time information, and “in some devices” also “G force”. drivers, 10% . a score for each driver , who can then calculates Progressive Identification Number risk drivers ncluding the Vehicle behavior is transmitted wirelessl y “to and from Progressive”, i increase for d on their driving receive a personalized discount on their insurance premium base 219 Progressive . Identification Number then calculates a score for each driver , who can risk drivers and Market Challenges. July 2016. Novarica (2016): Telematics in Insurance: Current State of UBI 222 223 The details vary by state. In addition to discounts they started penalizing habits. Summary online: http://novarica.com/telematics-2016/ [24.07.201 6] receive a personalized discount on their insurance premium base d on their driving 224 In Ohio, drivers can get a maximum “bad” driving behavior in some states in 2015. 220 Insurances may not be allowed to use certain parameters in cer tain regions, e.g. gender in the EU: 222 223 penalizing The details vary by state. In addition to discounts they started habits. 20% “discount for safer driving habits”, and a maximum 10% “inc rease for risker 0_en.htm [24.07.2016] room/gender-equality/news/12122 http://ec.europa.eu/justice/news 224 In Ohio, drivers can get a maximum in some states in 2015. “bad” driving behavior 225 habits”. 20% “discount for safer driving habits”, and a maximum 10% “inc rease for risker 225 n the following Calculating scores on safe or risky driving behavior is based o habits”. 53 226 parameters: n the following Calculating scores on safe or risky driving behavior is based o 226 parameters: Description (according to Progressive) Behavior Hard braking eases in speed of seven mph per second or greater. Your Hard brakes are decr Behavior Description (according to Progressive) Snapshot device will “beep ” when you brake hard. Minimize hard braking to work Hard braking Hard brakes are decr eases in speed of seven mph per second or greater. Your toward a discount. Avoid hard ” when you brake hard. Minimize hard braking to work Snapshot device will “beep Amount of The number of minutes that your engine is running during a trip. To earn a discount, braking and toward a discount. time driven l by combining trips, carpooling or using try to minimize your time behind the whee Avoid hard -night late The number of minutes that your engine is running during a trip. To earn a discount, Amount of public transportation. braking and drives time driven try to minimize your time behind the whee l by combining trips, carpooling or using Discovery's usage-based insurance offer. Source: Figure 4: Earning points for desired behavior at — the highest risks Time and day The number of minutes you spend driving during higher risk hours -night late Discovery. public transportation. . are between midnight and 4 a.m. on the weekends drives the highest risks — The number of minutes you spend driving during higher risk hours Time and day Each month, a “driver performanc receive less than e score” is calculated. Drivers Driver Fast starts are increases in speed of nine mph per second or greater. Also known as Fast starts . are between midnight and 4 a.m. on the weekends o often, when the maximum when they either drive “10km/h over the speed limit” to performance just “putting the pedal to the metal.” Use a lighter foot on the “jackrabbit starts” or Fast starts Fast starts are increases in speed of nine mph per second or greater. Also known as gas pedal to work toward a discount. distance travelled is too far, when the “number of harsh accele rations, harsh brakes and score just “putting the pedal to the metal.” Use a lighter foot on the “jackrabbit starts” or 231 too often. Additionally, harsh corners” is too high, or when they drive during nighttime The frequency w ith which you drive at the same time of day and same duration. Trip regularity gas pedal to work toward a discount. Discovery regularly appoints “ personal goals ” for each driver. When reaching these goals, car driving behavior in Ohio. Source: Progressive Table 16: How Progressive is scoring safe or risky Trip regularity ith which you drive at the same time of day and same duration. The frequency w drivers can earn additional point m, young adults aged up to s. As part of a special progra (2016) a more sophisticated regime . They get a 25% refund on their insurance 26 can choose Table 16: How Progressive is scoring safe or risky car driving behavior in Ohio. Source: Progressive d Originally, Progressive ation and GPS data, but later they remove had also included loc (2016) months, they may have a premium, payable “in cash” every six months. However, after six 227 them. In 2016, was thinking about including location data again. Progressive “ premium increase ” of 10% when they drive more than 50 kilometers during the night, ation and GPS data, but later they remove d Originally, Progressive had also included loc erage night-time have more than 200 “monthly av and an increase of 25% when they 227 Discovery’s telematics-based insurance in South Africa Progressive was thinking about including location data again. them. In 2016, 232 kilometers”. The South African company offers another usage-based insurance product Discovery The leader in Discovery’s telematics-based insurance in South Africa ing device “in the states that it “will not use” the data recorded by their track Discovery Scoring for 228 Drivers who participate can earn points based on the monitorin g of called VitalityDrive . health plans The South African company offers another usage-based insurance product Discovery The leader in , according to , other than to confirm the time and place of an incident”. But claim event of a rating and their driving behavior and other parameters. When they behave according to the system’s involving 228 g of Drivers who participate can earn points based on the monitorin VitalityDrive called . health plans information for rating and their privacy policy, customers consent to the use of “scoring underwriting algorithmic rules, they can get discounts and rewards such as a refund of up to 50% of fitness trackers 233 their driving behavior and other parameters. When they behave according to the system’s involving similar programs in the field of The company is operating underwriting purposes”. matics device, but their “BP fuel and Gautrain spend”. Data are recorded by a tele refund of up to 50% of discounts and rewards such as a algorithmic rules, they can get fitness trackers program is a global leader in health insurance and corporate w Vitality . Its health ellness their “BP fuel and Gautrain spend”. Data are recorded by a tele matics device, but reward systems and programs that integrate data from on-body trackers, point-based provide discounts on premiums (see chapter 4.3.4). 221 .07.2016] https://www.progressive.com/auto/ snapshot-terms-conditions [24 222 snapshot-terms-conditions [24 .07.2016] https://www.progressive.com/auto/ 221 223 https://www.progressive.com/auto/ snapshot-terms-conditions [24 .07.2016] snapshot-details [24.07.2016] https://www.progressive.com/auto/ 222 224 .07.2016] https://www.progressive.com/auto/ snapshot-terms-conditions [24 llance To Snapshot Telematics. Passikoff, Robert (2015): Progressive Adds 'Bad Driver' Survei 223 229 https://www.progressive.com/auto/ snapshot-details [24.07.2016] Forbes, 31.03.2015. Online: 07.2016] https://www.discovery.co.za/portal/individual/insure-faqs [24. 224 230 llance To Snapshot Telematics. Passikoff, Robert (2015): Progressive Adds 'Bad Driver' Survei ive-adds-bad-driver- http://www.forbes.com/sites/robertpassikoff/2015/03/31/progress Discovery (2016): Vitalitydrive terms and conditions. Online: Forbes, 31.03.2015. Online: surveillance-to-snapshot-telematics/ [24.07.2016] https://www.discovery.co.za/discovery_coza/web/linked_content/p dfs/insure/vitalitydrive.pdf 225 http://www.forbes.com/sites/robertpassikoff/2015/03/31/progress ive-adds-bad-driver- [24.07.2016] . Ohio. February 20, 2016 to Progressive (2016): Everything you want to know about Snapshot 231 surveillance-to-snapshot-telematics/ [24.07.2016] Present. Online: https://www.prog ils/ [24.07.2016] ressive.com/auto/snapshot-deta https://www.discovery.co.za/port al/individual/insurance-news-m ar15-driver-performance- 225 226 . Ohio. February 20, 2016 to Progressive (2016): Everything you want to know about Snapshot score [24.07.2016] Ibid. 232 227 ils/ [24.07.2016] Present. Online: https://www.prog ressive.com/auto/snapshot-deta Tough Sell. The Wall Street Scism, Leslie (2016): Car Insurers Find Tracking Devices Are a Discovery (2016): Vitalitydrive terms and conditions. 226 233 Ibid. Discovery Insure Limited driving/mobile application privacy po licy and terms of use. Online: surers-find-tracking-devices-are-a- Journal, 10.01.2016. Online: http://www.wsj.com/articles/car-in 227 Tough Sell. The Wall Street Scism, Leslie (2016): Car Insurers Find Tracking Devices Are a dfs/insure/discovery_insure_d https://www.discovery.co.za/discovery_coza/web/linked_content/p tough-sell-1452476714 [24.07.2016] 228 Journal, 10.01.2016. Online: http://www.wsj.com/articles/car-in surers-find-tracking-devices-are-a- riving_terms_and_conditions.pdf [24.07.2016] drive [24.07.2016] https://www.discovery.co.za/portal/individual/insure-vitality- tough-sell-1452476714 [24.07.2016] 228 https://www.discovery.co.za/portal/individual/insure-vitality- drive [24.07.2016] 55 54 55 54

56 Allianz’s telematics-based insurance in Germany or because offers not based on telematics become non- offers not based on telematics, affordable. A publication by the consulting giant Ernst & Young asked whether usage- 234 German insurer also introduced a telemat Data is Allianz ics-based program in 2016. Discounts 237 Regarding Pay-As-You-Drive based insurance could already be the “new normal”. one app. Customers can Bluetooth beacon and a smartph recorded with a combination of a up to 40% (PAYD) models, the author asks: “Why stop there?”, and suggests to introduce “ Pay-As- cording to the system’s eir premium when they drive ac get a discount of up to 40% on th You-Live illance and urance solutions based on surve (PAYL)” for life and health ins (30%), hard braking desired behavior. Scores are calculated based on the components personalized pricing. (10%) as well as (20%), exceeding speed limits (20%), harsh cornering fast starts (20%). day, time and type of street from Allianz le “driving in the states that for examp Today’s insurers, who are offering products based on tracking a nd scoring driving Scores are iving on the highway on city during the rush hour” would involve a higher risk than “dr behavior, are emphasizing that the raw data recorded is stored by separate service relevant data 235 Sunday morning”. providers ted scores about which they don’t have access to. They only receive the calcula how safe or risky people drive. Ho wever, one could argue that t hose scores are actually Concerns about privacy, transparency and discrimination e raw data recorded. Why should n’t companies in other the relevant information, not th business fields ask people to “voluntarily” consent to provide this information to them It is undisputed that strengthen ing careful driving and reducin g risky driving behaviour is Major concerns elematics providers are through incentives such as rewards or discounts? In addition, t ional opportunities, for very desirable for society. Vehicle telematics offer many addit he personal data ecosystem te players, who are active in t sometimes part of larger corpora ncy response and stolen example better “remote diagnostics, roadside assistance, emerge , a large provider of solutions in risk management in several ways. For example, LexisNexis vehicle location services” (Karap iperis et al 2015). However, i U.S. n a report from the and scoring based on data about 500 million consumers, owns , a large telematics Wunelli major concerns are raised: National Association of Insurance Commissioners (NAIC) service provider (see chapter 5.7.5). NAIC states that “insurers hav e turned telematics into just another black box x much more aspects are relevant. Today’s connected car, When it comes to the Privacy risks , like credit scoring but withou rating factor t even the limited protections automobiles are full of information technology – from sensors a nd cameras to network on several tion”. afforded consumers for insurers’ use of consumer credit informa connections. Many existing or upcoming features depend on data, such as brake levels Credit scoring Insurers may use and distribute the recorded data “for x purposes other than loss ed obstacle and pedestrian assistance, traction control, co llision avoidance and video-bas for car drivers mitigation and pricing , including, for example, insurers using information from detection to systems that monitor the drivers’ attentiveness. L ast but not least, the telematics in claim settlements when helpful to insurers but no t making the data autonomous car is on the rise, but this is beyond the scope of this report. n helpful to consumers”. available to consumers whe x Usage-based insurance may lead to a “[d]isproportionate impact of offer and sale” The Canadian B.C. Freedom of Information and Privacy Association carried out an extensive against “ ”. low- and moderate-income and minority communities study on “privacy and onboard ve hicle telematics technology” (see FIPA 2015): x Insurers may use telematics data exercise as “merely another data mining They state that the “connected car” is becoming a “ major new source of data about x following on insurer use of credit information – including penalizing consumers ce individual drivers ”. The customer data generated is “now seen as a major new sour hey drive as a not because of driving behavior but because of where and when t privacy risks are “amplified in an industry ecosystem of revenue” for many parties. The function of work and housing segregation”. ce of the data pie”. At the characterized by multiple player s” who are all “vying for a pie The criteria of how specific driving behavior is rewarded or pe nalized are arbitrary in A prototype highly same time, data provided by telematics and vehicle infotainment systems is “ general and nontransparent in detail for drivers . The algorithms used to calculate the for other areas ”, especially when “tracked, revealing of personal lifestyles, habits and preferences Many parties arsh braking could even be resulting scores are mostly secret. Penalizing behaviors like h of life combined or linked with other available data”. are interested iffer between , because it is very unlikely that these systems can reliably d dangerous include not only automakers and their parties interested in telematics data The x required and willful harsh braki ng. When driving during the nig ht or in the city is partners, but also car dealers, insurance companies, lenders, t elematics service penalized in general, the individual’s freedom of action gets restricted. In the long run, providers, call center operators, third-party app developers, v ehicle infotainment , where citizens concepts like this may result in corporate governance of everyday life k operators, and mobile device system providers such content providers, mobile networ are controlled by private companies, especially when similar pr actices are adopted in Apple are and outside the telematics industry as Google . Also, many third parties other fields of life such as healthcare. interested, including local reta ilers and merchants, online adv ertising agencies, data ed insurance surveillance”, as it has been called by Robert Participation in this “usage-bas The „new tigators, litigants and brokers, law enforcement agencies, debt collectors, fraud inves 236 today. But one of the main concerns is that it , is clearly voluntary Forbes Passikoff in ? normal“ many more. could become , either because insurance companies could completely drop mandatory sinesses and others x In addition, telematics has become a “standard tool by which bu manage their automotive fleets” rental cars or company from delivery trucks to taxis, ies are also used “for detailed monitoring of employees cars. Thus, these technolog using company vehicles”. 234 erung [24.07.2016] https://www.allianz.de/auto/kfz-versicheru ng/telematik-versich 235 Translation by the authors, original: „Eine Fahrt während der Rushhour in der Stadt birgt zum Beispiel größere Gefahren als eine Sonntagsausfahrt vormittags auf der Autobahn.“, https://www.allianz.de ng/telematik-versiche rung [24.07.2016] /auto/kfz-versicheru 236 Passikoff, Robert (2015): Progressive Adds 'Bad Driver' Survei llance To Snapshot Telematics. 237 Walter Poetscher (2015). Usage Based Insurance. The New Normal ? EY, July 2015. Online: Forbes, 31.03.2015. Online: http://www.ey.com/Publication/vwL UAssets/EY-usage-based-insuran ce-the-new- http://www.forbes.com/sites/robertpassikoff/2015/03/31/progress ive-adds-bad-driver- normal/$File/EY-usage-based-insu rance-the-new-normal.pdf [24.07 .2016] surveillance-to-snapshot-telematics/ [24.07.2016] 56 57 56

57 Allianz’s telematics-based insurance in Germany or because offers not based on telematics become non- offers not based on telematics, affordable. A publication by the consulting giant Ernst & Young asked whether usage- 234 Data is also introduced a telemat Allianz German insurer ics-based program in 2016. Discounts 237 Regarding Pay-As-You-Drive based insurance could already be the “new normal”. one app. Customers can Bluetooth beacon and a smartph recorded with a combination of a up to 40% (PAYD) models, the author asks: “Why stop there?”, and suggests to introduce “ Pay-As- cording to the system’s eir premium when they drive ac get a discount of up to 40% on th You-Live illance and urance solutions based on surve (PAYL)” for life and health ins (30%), desired behavior. Scores are calculated based on the components hard braking personalized pricing. fast starts (10%) as well as harsh cornering (20%), exceeding speed limits (20%), nd scoring driving Today’s insurers, who are offering products based on tracking a from Allianz le “driving in the (20%). day, time and type of street states that for examp Scores are behavior, are emphasizing that the raw data recorded is stored by separate service iving on the highway on city during the rush hour” would involve a higher risk than “dr relevant data 235 Sunday morning”. providers ted scores about which they don’t have access to. They only receive the calcula how safe or risky people drive. Ho wever, one could argue that t hose scores are actually Concerns about privacy, transparency and discrimination e raw data recorded. Why should n’t companies in other the relevant information, not th business fields ask people to “voluntarily” consent to provide this information to them It is undisputed that strengthen ing careful driving and reducin g risky driving behaviour is Major concerns elematics providers are through incentives such as rewards or discounts? In addition, t ional opportunities, for very desirable for society. Vehicle telematics offer many addit he personal data ecosystem te players, who are active in t sometimes part of larger corpora ncy response and stolen example better “remote diagnostics, roadside assistance, emerge , a large provider of solutions in risk management in several ways. For example, LexisNexis vehicle location services” (Karap iperis et al 2015). However, i U.S. n a report from the and scoring based on data about 500 million consumers, owns , a large telematics Wunelli major concerns are raised: National Association of Insurance Commissioners (NAIC) service provider (see chapter 5.7.5). NAIC states that “insurers hav e turned telematics into just another black box x much more aspects are relevant. Today’s connected car, When it comes to the Privacy risks , like credit scoring but withou rating factor t even the limited protections automobiles are full of information technology – from sensors a nd cameras to network on several tion”. afforded consumers for insurers’ use of consumer credit informa connections. Many existing or upcoming features depend on data, such as brake levels Credit scoring Insurers may use and distribute the recorded data “for x purposes other than loss ed obstacle and pedestrian assistance, traction control, co llision avoidance and video-bas for car drivers mitigation and pricing , including, for example, insurers using information from detection to systems that monitor the drivers’ attentiveness. L ast but not least, the telematics in claim settlements when helpful to insurers but no t making the data autonomous car is on the rise, but this is beyond the scope of this report. n helpful to consumers”. available to consumers whe x Usage-based insurance may lead to a “[d]isproportionate impact of offer and sale” The Canadian B.C. Freedom of Information and Privacy Association carried out an extensive against “ ”. low- and moderate-income and minority communities study on “privacy and onboard ve hicle telematics technology” (see FIPA 2015): x Insurers may use telematics data exercise as “merely another data mining They state that the “connected car” is becoming a “ major new source of data about x following on insurer use of credit information – including penalizing consumers ce individual drivers ”. The customer data generated is “now seen as a major new sour hey drive as a not because of driving behavior but because of where and when t privacy risks are “amplified in an industry ecosystem of revenue” for many parties. The function of work and housing segregation”. ce of the data pie”. At the characterized by multiple player s” who are all “vying for a pie The criteria of how specific driving behavior is rewarded or pe nalized are arbitrary in A prototype highly same time, data provided by telematics and vehicle infotainment systems is “ general and nontransparent in detail for drivers . The algorithms used to calculate the for other areas ”, especially when “tracked, revealing of personal lifestyles, habits and preferences Many parties arsh braking could even be resulting scores are mostly secret. Penalizing behaviors like h of life combined or linked with other available data”. are interested iffer between , because it is very unlikely that these systems can reliably d dangerous include not only automakers and their parties interested in telematics data The x required and willful harsh braki ng. When driving during the nig ht or in the city is partners, but also car dealers, insurance companies, lenders, t elematics service penalized in general, the individual’s freedom of action gets restricted. In the long run, providers, call center operators, third-party app developers, v ehicle infotainment , where citizens concepts like this may result in corporate governance of everyday life k operators, and mobile device system providers such content providers, mobile networ are controlled by private companies, especially when similar pr actices are adopted in Apple are and outside the telematics industry as Google . Also, many third parties other fields of life such as healthcare. interested, including local reta ilers and merchants, online adv ertising agencies, data ed insurance surveillance”, as it has been called by Robert Participation in this “usage-bas The „new tigators, litigants and brokers, law enforcement agencies, debt collectors, fraud inves 236 today. But one of the main concerns is that it , is clearly voluntary Forbes Passikoff in ? normal“ many more. could become , either because insurance companies could completely drop mandatory sinesses and others x In addition, telematics has become a “standard tool by which bu manage their automotive fleets” rental cars or company from delivery trucks to taxis, ies are also used “for detailed monitoring of employees cars. Thus, these technolog using company vehicles”. 234 erung [24.07.2016] https://www.allianz.de/auto/kfz-versicheru ng/telematik-versich 235 Translation by the authors, original: „Eine Fahrt während der Rushhour in der Stadt birgt zum Beispiel größere Gefahren als eine Sonntagsausfahrt vormittags auf der Autobahn.“, https://www.allianz.de ng/telematik-versiche rung [24.07.2016] /auto/kfz-versicheru 236 Passikoff, Robert (2015): Progressive Adds 'Bad Driver' Survei llance To Snapshot Telematics. 237 Walter Poetscher (2015). Usage Based Insurance. The New Normal ? EY, July 2015. Online: Forbes, 31.03.2015. Online: http://www.ey.com/Publication/vwL UAssets/EY-usage-based-insuran ce-the-new- http://www.forbes.com/sites/robertpassikoff/2015/03/31/progress ive-adds-bad-driver- normal/$File/EY-usage-based-insu rance-the-new-normal.pdf [24.07 .2016] surveillance-to-snapshot-telematics/ [24.07.2016] 57 57 56

58 243 generated by telematics? Which of the Finally, FIPA asks: Who will own the data The raw values measured by the devices are, more or less stretch and pressure sensors. Who will 244 ilable to third parties? o what extent will data be ava companies will have access, and t , converted into steps, distances walked, calories burned or sl eeping quality accurately have access? software algorithms sers by . Results, including statistics and graphs, are accessible by u ured can typically be via the provider’s web platforms and mobile apps. The data meas by the user (see Crawford et al 2015), for information manually entered extended with 4.3 Wearables, fitness trackers and health apps – measuring the self weight, blood pressure or example details about eating habits, gender, age, body height, “Smart devices are constantly collecting information, tracking blood sugar. user habits, trying to anticipate and shape their owners’ behaviors 245 lists a database of more than 500 self-tracking tools The website quantifiedself.com Tracking many and reporting back to the corporate mother ship” 238 which are not restricted to fitness, exercise and physical heal th. Many areas of life are areas of life Javob Silverman, 2016 personal growth , psychological covered, from apps for tracking and improving athletes a few years ago, What had been common just for chronically ill patients and top wellness, meditation, relationships, sexual activity, cognitive performance, work increasingly became a daily routine for broad sections of the p opulation: the optimization to the detailed analysis of one’s own online or social productivity and personal finance of the self through to the continuous measuring of activity, vi tality and body functions – lly storing and analyzing as media behavior. All this is mostly done with the goal of digita smart” scales. Terms like with different tools from mobile apps and portable devices to “ much information about daily life as possible. In a broader sen se, social media and blog 239 self-tracking (see Almalki et al 2015, Crawford et al , life-logging or the Quantified Self Twitter , Facebook platforms such as are sometimes also used Tumblr and Instagram , 2015, Lupton 2016) describe a variety of approaches and product s for the collection, under paradigms of life-log ging and self-tracking. analysis and evaluation of bo dy and health information. acking apps and platforms is th One important element of self-tr at they make the raw data 24/7 taken while walking or record the number of steps fitness trackers Most activity and Body and collected accessible for users via personalized reports, t ables, charts, diagrams and monitoring he duration and quality of running, GPS location data and pulse rate. Often, tracking of t health data otivate users to utilize the interactive infographics. Usually these platforms also try to m of sports is added. Most products offer the measurement and improvement sleep devices as much as possible in order to achieve significant results, for example in 240 , menstrual cycle activities, weight loss or eating habits – some of them also of the s. Munson and Consolvo optimizing one’s body in terms of beauty norms or health aspect 241 242 . Portable mood or mental well-being or even consumption alcohol and nicotine as four main strategies (2012) summarized goal-setting, rewards, reminders and sharing “wearable” devices such as wristbands and smartwatches are typi cally carried on the used to motivate physical activity. y, for example together body, but also standard smartphones can be used in a similar wa , for example a goals and target values Most self-tracking apps offe r possibilities to define Set goals, with armbands or other holding mechanisms. All these devices me asure the body activity certain running distance per week or a certain number of steps to achieve. Achievements wards get re with several sensors, most importantly with sensors that recognize the directions and . The road to success is rewarded with activity points, trophies and virtual badges are and share (see Su et al 2014), for example: intensity of movements and successes visualized as a progress bar. Often, users are encouraged to share results Sensor Type Measuring with others. Many apps allow users to share their successes on social media platforms or Accelerometer acceleration force applied to the device to publish it on a public profile site. In some cases this is e ven the default setting. force of t he gravity applied to the device, in three axes (x; y; z) Gravity sensor In 2007, only a small community of people exchanged information about self- From a small Gyroscope orientation of a device in pitch, roll and yaw measurement and the tools needed on platforms like quantifiedse lf.com. Its co-founder community to Magnetometer ambient geomagnetic field in three axes (x; y; z) 246 in 2010, and is considered to Gary Wolf published his manifest “The Data-Driven Life” stream main ambient air pressure Barometer be a thought leader of the movement. In 2015, according to IDC, a total of 79 million dominated by wearables have been shipped. The global market for wearables is Fitbit ty recognition (Source: Su et al, 2014) Table 17: A set of sensors used for activi (14.9%), (4%). While Apple (15.4%), Garmin (4.2%) and Xiaomi (26.9%), Samsung (e.g. optical heart rate optical sensors Other sensors used to track activity and fitness are Sensors, offers “inexpensive fitness trackers” with “prices Xiaomi focuses on its smartwatch, Apple monitoring, cameras), temperature sensors , wearable electrodes, chemical sensors, and algorithms and charts 238 ou-want-your-blender- http://www.nytimes.com/2016/06/1 9/magazine/just-how-smart-do-y to-be.html [22.08.2016] 239 http://quantifiedself.com 240 Weigel, Moira (2016): ‘Fitbit for your period’: the rise of fe rtility tracking. The Guardian, 243 23.03.2016. Online: https://www.theguardian.com/technology/2016 /mar/23/fitbit-for-your- Hayward, James and Guillaume Ch ansin (2016): Wearable Sensors 2016-2026: Market Forecasts, period-the-rise-of-fertility-tracking [20.07.2016] Technologies, Players. Online: h ttp://www.idtechex.com/research /reports/wearable-sensors- 241 2016-2026-market-forecasts-technologies-players-000470.asp [20. 07.2016] Schumacher, Florian (2014): Wearables that help cope with addi ction. Wearable Technologies, 244 19.08.2014. Online: ical activity monitors. Med Sci Lee JM; Kim Y, Welk GJ (2014): Validity of consumer-based phys s.com/2014/08/wearables-that-he lp-to-cope-with-addiction/ https://www.wearable-technologie 00000287. Sports Exerc. 2016 Aug;48(8):1619-28, DOI: 10.1249/MSS.00000000 245 [20.07.2016] http://quantifiedself.com/guide [20.07.2016] 242 246 Wolf, Gary (2010): The Data-Driven Life. New York Times, 02.05 and promotes emotional self- Medical Xpress (2016): New mental health app helps track moods .2010. Online: http://www.nytimes.com/2010/05/02/ .html?pagewanted=all magazine/02self-measurement-t awareness. 20.04.2016. Online: http://medicalxpress.com/news/201 [20.07.2016] 6-04-mental-health-app-track-m oods.html [20.07.2016] 58 59 58

59 243 stretch and pressure sensors. The raw values measured by the devices are, more or less generated by telematics? Which of the Finally, FIPA asks: Who will own the data Who will 244 ilable to third parties? o what extent will data be ava companies will have access, and t , converted into steps, distances walked, calories burned or sl eeping quality accurately have access? software algorithms sers by . Results, including statistics and graphs, are accessible by u ured can typically be via the provider’s web platforms and mobile apps. The data meas by the user (see Crawford et al 2015), for information manually entered extended with 4.3 Wearables, fitness trackers and health apps – measuring the self weight, blood pressure or example details about eating habits, gender, age, body height, “Smart devices are constantly collecting information, tracking blood sugar. user habits, trying to anticipate and shape their owners’ behaviors 245 lists a database of more than 500 self-tracking tools The website quantifiedself.com Tracking many and reporting back to the corporate mother ship” 238 which are not restricted to fitness, exercise and physical heal th. Many areas of life are areas of life Javob Silverman, 2016 personal growth , psychological covered, from apps for tracking and improving athletes a few years ago, What had been common just for chronically ill patients and top wellness, meditation, relationships, sexual activity, cognitive performance, work increasingly became a daily routine for broad sections of the p opulation: the optimization to the detailed analysis of one’s own online or social productivity and personal finance of the self through to the continuous measuring of activity, vi tality and body functions – lly storing and analyzing as media behavior. All this is mostly done with the goal of digita smart” scales. Terms like with different tools from mobile apps and portable devices to “ much information about daily life as possible. In a broader sen se, social media and blog 239 self-tracking (see Almalki et al 2015, Crawford et al , life-logging or the Quantified Self Twitter , Facebook platforms such as are sometimes also used Tumblr and Instagram , 2015, Lupton 2016) describe a variety of approaches and product s for the collection, under paradigms of life-log ging and self-tracking. analysis and evaluation of bo dy and health information. acking apps and platforms is th One important element of self-tr at they make the raw data 24/7 taken while walking or record the number of steps fitness trackers Most activity and Body and collected accessible for users via personalized reports, t ables, charts, diagrams and monitoring he duration and quality of running, GPS location data and pulse rate. Often, tracking of t health data otivate users to utilize the interactive infographics. Usually these platforms also try to m of sports is added. Most products offer the measurement and improvement sleep devices as much as possible in order to achieve significant results, for example in 240 , the menstrual cycle activities, weight loss or eating habits – some of them also of optimizing one’s body in terms of beauty norms or health aspect s. Munson and Consolvo 242 241 mood or mental well-being or even . Portable consumption alcohol and nicotine (2012) summarized goal-setting, rewards, reminders and sharing as four main strategies cally carried on the “wearable” devices such as wristbands and smartwatches are typi used to motivate physical activity. y, for example together body, but also standard smartphones can be used in a similar wa Most self-tracking apps offe , for example a goals and target values r possibilities to define Set goals, asure the body activity with armbands or other holding mechanisms. All these devices me certain running distance per week or a certain number of steps to achieve. Achievements wards get re with several sensors, most importantly with sensors that recognize the directions and rewarded with activity points, trophies and virtual badges are . The road to success is and share (see Su et al 2014), for example: intensity of movements and successes visualized as a progress bar. Often, users are encouraged to share results Sensor Type Measuring with others. Many apps allow users to share their successes on social media platforms or Accelerometer acceleration force applied to the device to publish it on a public profile site. In some cases this is e ven the default setting. force of t he gravity applied to the device, in three axes (x; y; z) Gravity sensor In 2007, only a small community of people exchanged information about self- From a small Gyroscope orientation of a device in pitch, roll and yaw measurement and the tools needed on platforms like quantifiedse lf.com. Its co-founder community to Magnetometer ambient geomagnetic field in three axes (x; y; z) 246 in 2010, and is considered to Gary Wolf published his manifest “The Data-Driven Life” stream main ambient air pressure Barometer be a thought leader of the movement. In 2015, according to IDC, a total of 79 million dominated by wearables have been shipped. The global market for wearables is Fitbit ty recognition (Source: Su et al, 2014) Table 17: A set of sensors used for activi (14.9%), (4%). While Apple (15.4%), Garmin (4.2%) and Xiaomi (26.9%), Samsung (e.g. optical heart rate optical sensors Other sensors used to track activity and fitness are Sensors, offers “inexpensive fitness trackers” with “prices Xiaomi focuses on its smartwatch, Apple monitoring, cameras), temperature sensors , wearable electrodes, chemical sensors, and algorithms and charts 238 ou-want-your-blender- http://www.nytimes.com/2016/06/1 9/magazine/just-how-smart-do-y to-be.html [22.08.2016] 239 http://quantifiedself.com 240 Weigel, Moira (2016): ‘Fitbit for your period’: the rise of fe rtility tracking. The Guardian, 243 23.03.2016. Online: https://www.theguardian.com/technology/2016 /mar/23/fitbit-for-your- Hayward, James and Guillaume Ch ansin (2016): Wearable Sensors 2016-2026: Market Forecasts, period-the-rise-of-fertility-tracking [20.07.2016] Technologies, Players. Online: h ttp://www.idtechex.com/research /reports/wearable-sensors- 241 2016-2026-market-forecasts-technologies-players-000470.asp [20. 07.2016] Schumacher, Florian (2014): Wearables that help cope with addi ction. Wearable Technologies, 244 19.08.2014. Online: ical activity monitors. Med Sci Lee JM; Kim Y, Welk GJ (2014): Validity of consumer-based phys s.com/2014/08/wearables-that-he lp-to-cope-with-addiction/ https://www.wearable-technologie 00000287. Sports Exerc. 2016 Aug;48(8):1619-28, DOI: 10.1249/MSS.00000000 245 [20.07.2016] http://quantifiedself.com/guide [20.07.2016] 242 246 Wolf, Gary (2010): The Data-Driven Life. New York Times, 02.05 and promotes emotional self- Medical Xpress (2016): New mental health app helps track moods .2010. Online: http://www.nytimes.com/2010/05/02/ .html?pagewanted=all magazine/02self-measurement-t awareness. 20.04.2016. Online: http://medicalxpress.com/news/201 [20.07.2016] 6-04-mental-health-app-track-m oods.html [20.07.2016] 59 59 58

60 247 254 far below the competition”. IDC predicts wearables to reach 111 million units by 2020, . Therefore, more or less complex rule to increase participation and engagement and 248 t a third of it wristband track ers. half of it smartwatches and abou sets are implemented, which are complemented by mechanisms that incentivize and ehavior. An industry reward desired behavior, or more rarely, penalize non-desired b are available which either thousands of smartphone apps Apart from wearable devices, Health and ons to “design and guide formulated by Oracle in order to help business organizati connect to the software platforms of hardware vendors via APIs or use the sensors of fitness apps 255 suggests four main categories of game implement a successful gamification project” 249 by a market research company from 2014 estimates the today’s smartphones. A report 256 : mechanics fitness parameter” is “number of monthly active users who track at least one health & approximately 100 million people. According to Nielsen, 46 mill ion U.S. consumers Rewarding Feedback mechanisms: x “accessed apps in the fitness and health category in January 20 14”. That is around one- desired These mechanisms reward users for their performance, for exampl e through points 250 third of U.S. smartphone owners. rs behavio (“awarded for an action or a combination of actions”), levels (“reward those ontinuing to show the accumulating points” and “reflect that a user is improving or c By July 2016, health and fitness apps with more than 10 million downloads listed in Health and (a “highly visible, desired behavior” to “motivate users” or “unlock content”), badges MyFitnessPal, ’s app store include apps from companies and brands such as Google fitness apps haviors” and make them social aspect of gamification” to “reward users for specific be Azumio – and Endomondo , some of them offering Runkeeper, Nike+, Runtastic, Pedometer (“extra rewards for completing a set of bonuses “show their statuses to others”), multiple apps. Other apps with more than 10 million downloads i nclude for example actions” which “serve a similar function to bonuses awarded at work”) and “My Diet Coach - Weight Loss”, “ Period Tracker, My “ Calorie Counter by FatSecret”, notifications (to “alert users of changes in their statuses”, including “whe n they have d health apps have Calendar” and “Pregnancy & Baby Today”. Many popular fitness an earned points, badges, and bonuses”). been acquired by larger companies during the last few years. was bought by Runkeeper by were acquired . Runtastic and Asics Endomondo, MyFitnessPal and MapMyFitness Adidas x Indicator mechanisms: 252 251 was bought by . Facebook Moves by . Under Armour These mechanisms define a “user’s relative position” in time or in relation to other (“give users some sense of urgency” to “increase users, for example countdowns Google have also Samsung and Apple The large players in today’s digital economy like , activity” or to “trigger an act ion for a user who hasn’t commit ted to an action”), 253 started to offer apps and platfo . rms for health and fitness data hey are in the system and how (“help users understand where t progress indicators much farther they have to go“ to “get users to continue interactions within the system”) A step aside – gamification, surveillance and influence on behavior 4.3.1 ser’s (“list top performers and in particular areas”; better “show the u leaderboards Most fitness apps in recent years are based on functionality, w hich has been frequently e different groups” instead position relative to those closest to them in scores” or “creat discussed under the term of “Gam ification”, i.e. the “use of ga me design elements in non- of displaying the overall “top 5-10”). game contexts” (Deterding et al 2011) to influence user’s behaviors (see Whitson 2013) Game design mechanisms: x oal and reward states” Oracle suggests the use of game design mechanisms for “larger g quests, missions and and “longer-term engagements”. These mechanisms include f actions that follow a particu (“involve completion of a set o lar order or challenges ies”), competitions path” to “motivate users to complete particular sets of activit tage” to “motivate users (“events that encourage rivalry for some prize, honor, or advan 247 Fourth Quarter and 171.6% IDC (2016): The Worldwide Wearables Market Leaps 126.9% in the or objective”) and by having them compete against e ach other to achieve some goal in 2015, According to IDC. Press Release, 23.02.2016. Online: (“enable users to trade on their successes”, to trade “somethi ng virtual economies http://www.idc.com/getd oc.jsp?containerId=prUS41037416 [20.07.2 016] gained in the system” (e.g. points) for “goods or services”). 248 IDC (2016): IDC Forecasts Wearables Shipments to Reach 213.6 M illion Units Worldwide in 2020 with Watches and Wristbands Driving Volume While Clothing and E yewear Gain Traction. Press x Psychological mechanisms: ainerId=prUS41530816 ://www.idc.com/getdoc.jsp?cont Release, 15.06.2016. Online: http These mechanisms “take advantage of the ways that people think about situations they [20.07.2016] 249 loss aversion encounter”, for example (“refers to people’s psychological tendency to . The State of the Art of research2guidance (2014): mHealth App Developer Economics 2014 mHealth App Publishing. Fourth annual study on mHealth app publ ishing. May 6, 2014. Online: evaluate potential losses as larger and more significant than e quivalent gains” to http://research2guidance.com/r2g /research2guidance-mHealth-App- Developer-Economics- to “get users to act by “encourage participation among infrequent or inactive users” or 2014.pdf , e.g. “only three airline suggesting that something is available for only a limited time” 250 AND WEARABLE Nielsen (2014): HACKING HEALTH: HOW CONSUMERS USE SMARTPHONES TECH TO TRACK THEIR HEALTH. 04-16-2014. Online: -how-consumers-use- m/us/en/insights/new http://www.nielsen.co s/2014/hacking-health smartphones-and-wearable-tech-to-track-their-health.html [21.07 .2016] 251 Goode, Lauren (2016): The age of indie fitness apps is over. T he Verge. Feb 12, 2016. Online: 254 10978234/fitness-app-brand-ta keover-runkeeper-under- http://www.theverge.com/2016/2/12/ Fitz-Walter, Zachary; Tjondronegoro, Dian (2011): Exploring the Opportunities and Challenges of armour-adidas-fitbit [21.07.2016] ngs of the 2011 ACM Conference on Using Mobile Sensing for Gamification. In: UbiComp 11: Proceedi 252 ://eprints.qut.edu.au/48632 Ubiquitous Computing, ACM Press, Beijing, pp. 1-5. Online: http Dredge, Stuart; and Alex Hern (2014): Facebook buys fitness-tr acking app Moves. The Guardian, 255 24.04.2014. Online: Oracle Gamification Guidelines. Online: https://www.theguardian.com/technology/2014/apr/24/facebook-bu ys-moves-fitness- http://www.oracle.com/webfolder s/gamification/index.html /ux/Applications/uxd/assets/site tracking-health-data [21.07.2016] [20.07.2016] 253 256 Phase 3: Select Gamification Elements. In: Oracle Gamification Guidelines. Online: ’s Heath and Samsung’s S Health. Gibbs, Samuel (2014): Google launches Fit app to take on Apple Guardian, 29.12.2014. Online: https://www.theguardian.com/techn ology/2014/oct/29/google- http://www.oracle.com/webfolder /ux/Applications/uxd/assets/site s/gamification/phase_3.html amsungs-s-health [01.08.2016] launches-fit-app-apple-heath-s [20.07.2016] 60 61 60

61 247 254 to increase participation and engagement and IDC predicts wearables to reach 111 million units by 2020, . Therefore, more or less complex rule far below the competition”. 248 t a third of it wristband track ers. half of it smartwatches and abou sets are implemented, which are complemented by mechanisms that incentivize and ehavior. An industry reward desired behavior, or more rarely, penalize non-desired b Apart from wearable devices, thousands of smartphone apps are available which either Health and ons to “design and guide formulated by Oracle in order to help business organizati connect to the software platforms of hardware vendors via APIs or use the sensors of fitness apps 255 suggests four main categories of game implement a successful gamification project” 249 by a market research company from 2014 estimates the today’s smartphones. A report 256 : mechanics fitness parameter” is “number of monthly active users who track at least one health & approximately 100 million people. According to Nielsen, 46 mill ion U.S. consumers Rewarding Feedback mechanisms: x “accessed apps in the fitness and health category in January 20 14”. That is around one- desired These mechanisms reward users for their performance, for exampl e through points 250 third of U.S. smartphone owners. rs behavio (“awarded for an action or a combination of actions”), levels (“reward those ontinuing to show the accumulating points” and “reflect that a user is improving or c By July 2016, health and fitness apps with more than 10 million downloads listed in Health and (a “highly visible, desired behavior” to “motivate users” or “unlock content”), badges MyFitnessPal, ’s app store include apps from companies and brands such as Google fitness apps haviors” and make them social aspect of gamification” to “reward users for specific be Azumio – and Endomondo , some of them offering Runkeeper, Nike+, Runtastic, Pedometer (“extra rewards for completing a set of bonuses “show their statuses to others”), multiple apps. Other apps with more than 10 million downloads i nclude for example actions” which “serve a similar function to bonuses awarded at work”) and “My Diet Coach - Weight Loss”, “ Period Tracker, My “ Calorie Counter by FatSecret”, notifications (to “alert users of changes in their statuses”, including “whe n they have d health apps have Calendar” and “Pregnancy & Baby Today”. Many popular fitness an earned points, badges, and bonuses”). been acquired by larger companies during the last few years. was bought by Runkeeper by were acquired . Runtastic and Asics Endomondo, MyFitnessPal and MapMyFitness Adidas x Indicator mechanisms: 252 251 was bought by . Facebook Moves by . Under Armour These mechanisms define a “user’s relative position” in time or in relation to other (“give users some sense of urgency” to “increase users, for example countdowns Google have also Samsung and Apple The large players in today’s digital economy like , activity” or to “trigger an act ion for a user who hasn’t commit ted to an action”), 253 started to offer apps and platfo . rms for health and fitness data hey are in the system and how (“help users understand where t progress indicators much farther they have to go“ to “get users to continue interactions within the system”) A step aside – gamification, surveillance and influence on behavior 4.3.1 ser’s (“list top performers and in particular areas”; better “show the u leaderboards Most fitness apps in recent years are based on functionality, w hich has been frequently e different groups” instead position relative to those closest to them in scores” or “creat discussed under the term of “Gam ification”, i.e. the “use of ga me design elements in non- of displaying the overall “top 5-10”). game contexts” (Deterding et al 2011) to influence user’s behaviors (see Whitson 2013) Game design mechanisms: x oal and reward states” Oracle suggests the use of game design mechanisms for “larger g quests, missions and and “longer-term engagements”. These mechanisms include f actions that follow a particu (“involve completion of a set o lar order or challenges ies”), competitions path” to “motivate users to complete particular sets of activit tage” to “motivate users (“events that encourage rivalry for some prize, honor, or advan 247 Fourth Quarter and 171.6% IDC (2016): The Worldwide Wearables Market Leaps 126.9% in the or objective”) and by having them compete against e ach other to achieve some goal in 2015, According to IDC. Press Release, 23.02.2016. Online: (“enable users to trade on their successes”, to trade “somethi ng virtual economies http://www.idc.com/getd oc.jsp?containerId=prUS41037416 [20.07.2 016] gained in the system” (e.g. points) for “goods or services”). 248 IDC (2016): IDC Forecasts Wearables Shipments to Reach 213.6 M illion Units Worldwide in 2020 with Watches and Wristbands Driving Volume While Clothing and E yewear Gain Traction. Press x Psychological mechanisms: ainerId=prUS41530816 ://www.idc.com/getdoc.jsp?cont Release, 15.06.2016. Online: http These mechanisms “take advantage of the ways that people think about situations they [20.07.2016] 249 loss aversion encounter”, for example (“refers to people’s psychological tendency to . The State of the Art of research2guidance (2014): mHealth App Developer Economics 2014 mHealth App Publishing. Fourth annual study on mHealth app publ ishing. May 6, 2014. Online: evaluate potential losses as larger and more significant than e quivalent gains” to http://research2guidance.com/r2g /research2guidance-mHealth-App- Developer-Economics- to “get users to act by “encourage participation among infrequent or inactive users” or 2014.pdf , e.g. “only three airline suggesting that something is available for only a limited time” 250 AND WEARABLE Nielsen (2014): HACKING HEALTH: HOW CONSUMERS USE SMARTPHONES TECH TO TRACK THEIR HEALTH. 04-16-2014. Online: -how-consumers-use- m/us/en/insights/new http://www.nielsen.co s/2014/hacking-health smartphones-and-wearable-tech-to-track-their-health.html [21.07 .2016] 251 Goode, Lauren (2016): The age of indie fitness apps is over. T he Verge. Feb 12, 2016. Online: 254 10978234/fitness-app-brand-ta keover-runkeeper-under- http://www.theverge.com/2016/2/12/ Fitz-Walter, Zachary; Tjondronegoro, Dian (2011): Exploring the Opportunities and Challenges of armour-adidas-fitbit [21.07.2016] ngs of the 2011 ACM Conference on Using Mobile Sensing for Gamification. In: UbiComp 11: Proceedi 252 ://eprints.qut.edu.au/48632 Ubiquitous Computing, ACM Press, Beijing, pp. 1-5. Online: http Dredge, Stuart; and Alex Hern (2014): Facebook buys fitness-tr acking app Moves. The Guardian, 255 24.04.2014. Online: Oracle Gamification Guidelines. Online: https://www.theguardian.com/technology/2014/apr/24/facebook-bu ys-moves-fitness- http://www.oracle.com/webfolder s/gamification/index.html /ux/Applications/uxd/assets/site tracking-health-data [21.07.2016] [20.07.2016] 253 256 Phase 3: Select Gamification Elements. In: Oracle Gamification Guidelines. Online: ’s Heath and Samsung’s S Health. Gibbs, Samuel (2014): Google launches Fit app to take on Apple Guardian, 29.12.2014. Online: https://www.theguardian.com/techn ology/2014/oct/29/google- http://www.oracle.com/webfolder /ux/Applications/uxd/assets/site s/gamification/phase_3.html amsungs-s-health [01.08.2016] launches-fit-app-apple-heath-s [20.07.2016] 61 61 60

62 seats left”) and (“require users to access the system or flow or appointment dynamics is synchronized with online dash boards and mobile apps, it is t ransferred to Fitbit ’s 261 servers that are located in the United States. take some action at a particular time or place for either a positive effect or to avoid a ng to the game regularly negative effect”, e.g. “when a game rewards players for returni ’s devices track “daily steps, c ed, and active Most of Fitbit alories burned, distance travel Track yourself and punishes users who don’t return at specific intervals”). ”, some of them also gather minutes” as well as “floors climbed, sleep duration and quality reach and 262 is not new. Using such elements of game design in other contexts than games Well-known “ heart rate and GPS-based information such as speed, distance, and exercise routes”. goals Game 263 , users can also enter body size and weight, According to their Product Manual examples include classroom grades, Boy Sc out badges, happy hour drink s pecials or mechanics from mood, allergies, blood pressure, birthdate and gender as well as manually track . Oracle’s list is by far not loyalty points (see Whitson 2013) complete, but many of these marketing to Every single meal can be entered. Users can also add “custom t rackers” glucose and food. , especially in fitness apps. mobile and web apps mechanisms can be found in today’s & work health 264 Based on all ups, beers”. for example “cigarettes, push- to track “anything” they “want”, seem to be written for all kin ds of use cases in business, Oracle’s gamification guidelines and diagrams are recorded and manually entered dat a, different reports, graphics e management. Indeed, from online sales and customer retention to employee performanc , e.g. or earn generated. Users can set goals (e.g. weight loss), set up fitness plans badges marketing and sales to such game mechanisms are increas ingly used in many fields from for 10,000 daily steps or a “lifetime distance” of 250 miles. P rogress bars are used to . Major social media platforms also use elements of education, health and work 265 visualize how much activity is still needed in order to reach t he defined goals. , the number of followers and Facebook gamification: The number of friends and Likes on and many more. Foursquare , badges on Twitter tweets on social networking are integrated into the software. Users In addition, many functions for Competing , including a picture and information about their activities su profile page get a ch as , it is “essential to analyze how Oracle According to the gamification system is doing”, to Gamification... with friends badges, steps, distances, calories burned or sleeping duration. Depending on the user’s , aggregate, and report the “use analytics and to track performance” and to “measure, track others and . Several features are privacy settings, this profile page may also be publicly available ecific game mechanics are gamification system data” in order to “determine whether the sp 257 altering user behavior to the degree that you hope”. Facebook motivating users to compete with “friends”, who can be invited via and email, 266 Activities can be shared via Facebook , users in forums and groups. Fitbit and with other actices of gamification Jennifer Whitson (2013) argues that today’s technology-based pr ...and 267 Microsoft of other apps, for example with ’s health data and with “thousands” Twitter edback about users’ actions are “rooted in surveillance” because they provide “real-time fe surveillance 268 or with the popular fitness Weight Watchers , with an account at platform HealthVault cation is “reliant on by amassing large quantities of data”. According to her, gamifi 269 . MyFitnessPal app e and quantify their quantification”, on “monitoring users’ everyday lives to measur 270 , they “may share or sell aggregated, de-identified According to privacy policy ’s Fitbit Gamification practices based on data collection and quantification are activities”. Fitbit sells data”, personally identifiable information may be disclosed or transferred in “connection “leveraging surveillance to evoke behavior change”, having as o bjectives for example “de-identified” tion of our company”. It is with the sale, merger, bankruptcy, sale of assets or reorganiza consumer loyalty”. While “weight loss, workplace productivity, educational advancement, data not clear, how data is de-identified, and whether unique identi fiers such as “hashed” email promises to “make daily practices more fulfilling and fun” by adopting self-quantification addresses are seen as de-identified (see Chapter 5.6). “incentivization and pleasure rather than risk and fear to shap e desired behaviours”, it also became “a new driving logic in the technological expansion and public acceptance of 271 mentions a list of third-party companies, whose Fitbit cookie policy In its additional >10 third-party surveillance ”. services are integrated with and who certainly somehow receive data based on the Fitbit companies , AppNexus interactions of users: ( Google DoubleClick DoubleClick Floodlight DataXu , ), 4.3.2 Example: Fitbit’s devices and apps receive data Twitter Advertising ( Google ), Acxiom ( LiveRamp , ), , AdRoll , Google Adwords Conversion was founded in 2007 and is now, according to IDC, the Fitbit global market leader in Yahoo ( Genome , Facebook Custom Audiences , Bidswitch ), AOL ( Advertising.com ), 258 The wearables with a market share of 26.9% a nd 21 million units shipped in 2 015. Fitbit , SearchForce MixPanel , Google Analytics, New Relic, KissInsights and Optimizely. ckers from wristbands and U.S.-based company offers a vari ety of fitness and activity tra 259 nue was about $ 1.8 billion in watches to a “smart” scale. Reve 2015. ’s activity trackers use sensors such as an accelerometer to record the “frequency, Fitbit Recording 261 duration, intensity, and patterns of movement” of users to dete rmine “ steps taken, activity Online: Fitbit (2014): Privacy Policy. Last updated December 9, 2014. 260 http://www.fitbit.com/legal/privacy-policy [21.07.2016] When data from the devices distance traveled, calories burned, and sleep quality ”. 262 Fitbit (2016): Annual report 2015 263 Online: https://www.fitbit.com/ Fitbit Tracker Product Manual. manual [21.07.2016] 264 s, according to a post in Fitbit’s Despite prominently featured in Fitbit’s “Product Manual” it i stom Trackers, Body ible to log “Blood Pressure, Cu community forums, no longer poss Measurements, Heart Rate, Journal, Glucose” since August 2015: https://community.fitbit.com/t5/Fitbit-com-Dashboard/Old-manual -logging-pages-will-be-retired- on-8-31/m-p/894230#U894230 [21.07.2016] 257 265 Fitbit Tracker Product Manual Phase 5: Tracking and Analyzing the Progress of a Gamification System In: Oracle Gamification 266 Guidelines. Online: Fitbit Tracker Product Manual 267 s/gamification/phase_5.html /ux/Applications/uxd/assets/site http://www.oracle.com/webfolder Fitbit (2016): Annual report 2015 268 [20.07.2016] 016] https://www.fitbit.com/user/prof ile/share/healthvault [21.07.2 269 258 http://www.fitbit.com/apps [21.07.2016] IDC (2016): The Worldwide Wearables Market Leaps 126.9% in the Fourth Quarter and 171.6% 270 Fitbit (2014): Privacy Policy. Last updated December 9, 2014. in 2015, According to IDC. Press Release, 23.02.2016. Online: Online: http://www.idc.com/getdoc.jsp?con http://www.fitbit.com/legal/privacy-policy [21.07.2016] tainerId=prUS41037416 [20.07.2 016] 271 259 Fitbit (2014): Cookie Policy. Last updated December 9, 2014. O nline: See Fitbit (2016): Annual report 2015 260 7.2016] https://help.fitbit.com/articles/en_US/Help_article/1143 [21.0 http://www.fitbit.com/legal/cookie-policy [21.07.2016] 62 63 62

63 Fitbit is synchronized with online dash boards and mobile apps, it is t ransferred to ’s seats left”) and appointment dynamics (“require users to access the system or flow or 261 servers that are located in the United States. take some action at a particular time or place for either a positive effect or to avoid a negative effect”, e.g. “when a game rewards players for returni ng to the game regularly Fitbit ’s devices track “daily steps, c alories burned, distance travel ed, and active Most of Track yourself and punishes users who don’t return at specific intervals”). ”, some of them also gather minutes” as well as “floors climbed, sleep duration and quality reach and 262 such as speed, distance, and exercise routes”. heart rate and GPS-based information “ is not new. Using such elements of game design in other contexts than games Well-known goals Game 263 , users can also enter body size and weight, According to their Product Manual pecials or include classroom grades, Boy Sc out badges, happy hour drink s examples mechanics from as well as manually track birthdate and gender mood, allergies, blood pressure, loyalty points (see Whitson 2013) complete, but many of these . Oracle’s list is by far not marketing to glucose and food. Every single meal can be entered. Users can also add “custom t rackers” mobile and web apps , especially in fitness apps. mechanisms can be found in today’s & work health 264 Based on all to track “anything” they “want”, ups, beers”. for example “cigarettes, push- seem to be written for all kin Oracle’s gamification guidelines ds of use cases in business, and diagrams are recorded and manually entered dat a, different reports, graphics e management. Indeed, from online sales and customer retention to employee performanc or earn generated. Users can set goals fitness plans (e.g. weight loss), set up badges , e.g. marketing and sales to ingly used in many fields from such game mechanisms are increas for 10,000 daily steps or a “lifetime distance” of 250 miles. P rogress bars are used to education, health and work . Major social media platforms also use elements of 265 he defined goals. visualize how much activity is still needed in order to reach t , the number of followers and Facebook gamification: The number of friends and Likes on Foursquare , badges on and many more. tweets on Twitter In addition, many functions for are integrated into the software. Users social networking Competing ch as get a profile page , including a picture and information about their activities su According to , it is “essential to analyze how Oracle the gamification system is doing”, to Gamification... with friends Depending on the user’s badges, steps, distances, calories burned or sleeping duration. , aggregate, and report the “use analytics and to track performance” and to “measure, track others and . Several features are privacy settings, this profile page may also be publicly available ecific game mechanics are gamification system data” in order to “determine whether the sp 257 altering user behavior to the degree that you hope”. via motivating users to compete with “friends”, who can be invited Facebook and email, 266 Activities can be shared via Facebook , users in forums and groups. Fitbit and with other actices of gamification Jennifer Whitson (2013) argues that today’s technology-based pr ...and 267 Microsoft of other apps, for example with ’s health data and with “thousands” Twitter edback about users’ actions are “rooted in surveillance” because they provide “real-time fe surveillance 268 or with the popular fitness , with an account at Weight Watchers platform HealthVault cation is “reliant on by amassing large quantities of data”. According to her, gamifi 269 app . MyFitnessPal e and quantify their quantification”, on “monitoring users’ everyday lives to measur 270 , they “may share or sell aggregated, de-identified privacy policy ’s Fitbit According to are Gamification practices based on data collection and quantification activities”. Fitbit sells data”, personally identifiable information may be disclosed or transferred in “connection “leveraging surveillance to evoke behavior change”, having as o bjectives for example “de-identified” tion of our company”. It is with the sale, merger, bankruptcy, sale of assets or reorganiza “weight loss, workplace productivity, educational advancement, consumer loyalty”. While data fiers such as “hashed” email not clear, how data is de-identified, and whether unique identi adopting self-quantification promises to “make daily practices more fulfilling and fun” by addresses are seen as de-identified (see Chapter 5.6). “incentivization and pleasure rather than risk and fear to shap e desired behaviours”, it and also became “a new driving logic in the technological expansion public acceptance of 271 Fitbit mentions a list of third-party companies, whose cookie policy In its additional >10 third-party ”. surveillance services are integrated with Fitbit and who certainly somehow receive data based on the companies AppNexus interactions of users: , Google DoubleClick Floodlight ( DoubleClick , DataXu ), 4.3.2 Example: Fitbit’s devices and apps receive data Twitter Advertising ( Google ), Acxiom ( LiveRamp , ), , AdRoll , Google Adwords Conversion was founded in 2007 and is now, according to IDC, the Fitbit global market leader in Yahoo ( Genome , Facebook Custom Audiences , Bidswitch ), AOL ( Advertising.com ), 258 The wearables with a market share of 26.9% a nd 21 million units shipped in 2 015. Fitbit , SearchForce MixPanel , Google Analytics, New Relic, KissInsights and Optimizely. ckers from wristbands and U.S.-based company offers a vari ety of fitness and activity tra 259 nue was about $ 1.8 billion in watches to a “smart” scale. Reve 2015. ’s activity trackers use sensors such as an accelerometer to record the “frequency, Fitbit Recording 261 duration, intensity, and patterns of movement” of users to dete rmine “ steps taken, activity Online: Fitbit (2014): Privacy Policy. Last updated December 9, 2014. 260 http://www.fitbit.com/legal/privacy-policy [21.07.2016] When data from the devices distance traveled, calories burned, and sleep quality ”. 262 Fitbit (2016): Annual report 2015 263 Online: https://www.fitbit.com/ Fitbit Tracker Product Manual. manual [21.07.2016] 264 s, according to a post in Fitbit’s Despite prominently featured in Fitbit’s “Product Manual” it i stom Trackers, Body ible to log “Blood Pressure, Cu community forums, no longer poss Measurements, Heart Rate, Journal, Glucose” since August 2015: https://community.fitbit.com/t5/Fitbit-com-Dashboard/Old-manual -logging-pages-will-be-retired- on-8-31/m-p/894230#U894230 [21.07.2016] 257 265 Fitbit Tracker Product Manual Phase 5: Tracking and Analyzing the Progress of a Gamification System In: Oracle Gamification 266 Guidelines. Online: Fitbit Tracker Product Manual 267 s/gamification/phase_5.html /ux/Applications/uxd/assets/site http://www.oracle.com/webfolder Fitbit (2016): Annual report 2015 268 [20.07.2016] 016] https://www.fitbit.com/user/prof ile/share/healthvault [21.07.2 269 258 http://www.fitbit.com/apps [21.07.2016] IDC (2016): The Worldwide Wearables Market Leaps 126.9% in the Fourth Quarter and 171.6% 270 Fitbit (2014): Privacy Policy. Last updated December 9, 2014. in 2015, According to IDC. Press Release, 23.02.2016. Online: Online: http://www.idc.com/getdoc.jsp?con http://www.fitbit.com/legal/privacy-policy [21.07.2016] tainerId=prUS41037416 [20.07.2 016] 271 259 Fitbit (2014): Cookie Policy. Last updated December 9, 2014. O nline: See Fitbit (2016): Annual report 2015 260 7.2016] https://help.fitbit.com/articles/en_US/Help_article/1143 [21.0 http://www.fitbit.com/legal/cookie-policy [21.07.2016] 63 63 62

64 provides links to several other privacy policies, makes recomme ndations such as “we 4.3.4 Health data for insurances and corporate wellness hat interactions with encourage you to read the Google Privacy Policy” and mentions t y companies, which users mitting user data to third-part Apart from the practice of trans y the privacy policy of the “social media tools, like widgets and plug-ins” are “governed b singly cooperating with are often not aware of, fitness and health platforms are increa company providing them, not by Fitbit’s Privacy Policy”. employers and insurance companies. 4.3.3 Transmitting data to third parties Market leader offers its devices and services to employers and helps them to Fitbit “plan, „Increase 272 274 Activity trackers are one of the main concerns h data security on many levels Apart from manifold issues wit track, manage and execute” their corporate wellness programs . employee 275 These can either give the devices to their t, the recorded health data ss trackers is that at some poin since the introduction of fitne sold to companies at quantity discounts. productivity“ g to Group Health ’s Fitbit employees for free or offer them for a very low price. Accordin could be accessed and analyzed by data brokers or even by insur ance companies and 276 the company takes care of “orde ng” to rs, payment collection & shippi website, may transmit data to more Fitbit employers. As summarized in the precedent chapter, ny-specific During device setup, employees are invited to sign into a compa employees. , a subsidiary of the data broker than 10 third-party companies including LiveRamp Acxiom . version of Fitbit ’s software platform to “create immediate employee engagement”, where employees can “track their progr ess” and compete in “corporate challenges”. Fitbit A study from 2013 analyzed 43 popular Android and iOS health and fitness apps. They Ad networks ogans like “increase advertises its corporate wellness products to companies with sl 39% of free apps and 30% of paid apps sent data to third parties not found that and marketing ally reduce healthcare employee productivity”, “get employees more active, and potenti and 5% of paid apps mentioned in the app or in any privacy policy. 43% of free apps data brokers Fitbit Group Health lets you monitor individual, team, and comp costs” and any-wide “ e Ackerman 2013). In shared personally identifiable information with advertisers (se progress”. found that popular self-tracking devices and fitness Symantec 2014, the IT security firm , corporate wellness customers include the Time Warner Bank of America and IBM . Fitbit , a “significant number” of them contacted five unique domains on average apps Less insurance In April 2016, Target announced that it would offer 335,000 devices to its employees , “contacted 10 or more different domains” – from service provide rs to ad networks and costs by 277 claims that more than 50 of the Fitbit offered 75,000 to its employees. Barclays while Tapjoy, Doubleclick, Apsalar, Localytics, Apptentive, marketing data companies such as tracking 278 and Admob . Flurry Some companies already Fortune 500 companies belong to their customers. successfully adopted corporate wellness programs not just to in crease employee’s health, Latanya Sweeney (2014), chief technologist of the U.S. Federal Trade Commission, quotes Data on .-based company but also to reduce insurance costs. In 2014, the CEO of the U.S told Appiro a study from Evidon , which found in 2013 that 20 popular health and fitness apps workouts, diets Bloomberg that he negotiated off his company’s roughly $5 million in annual “$300,000 d-party companies. When Sweeney disclosed information to 70 thir herself conducted a and medical insurance costs”, when about 400 of his employees participated in a “voluntary fitness that information was similar analysis on 12 apps and two wearable devices, she found searches “sharing the data with the program that includes uploading their activity with Fitbit” and transmitted to . One of the tested apps disclosed 76 different third-party companies 279 company’s health care provider”. information from consumer specif ic identifiers to diet and work out information, to 18 Fitbit Equally, 14,000 employees of the oil corporation BP decided to let free tracker , common identifiers ived third parties. Reversely, one of the third-party companies rece $ 1,200 those who achieve record their steps in 2013. All eps “gained points that d a million st gender and workout information from four of the analyzed apps. 18 third parties received discount on 280 Bloomberg reported that one BP could go towards a lower insurance premium”. device-specific identi email addresses. 22 of fiers and 14 received names, usernames or insurance on his annual health insurance bi is saved $1,200 employee ll due to participating in th exercises, meal and diet information, them received additional information on premium 281 . geolocation and medical/symptom searches BP is self-insured, pays directly for health- program and reaching . steps 1 million related expenses of its employees, and thus has a strong intere st to keep them as low as both activity trackers and Taken together, it is largely unclear which kinds of user data Health and possible. On the other hand, $1,200 is a considerable amount of money, which could es. U.S. companies can iding or selling to third parti fitness and health apps are prov fitness apps nd let it monitor their lives. practically force certain employees to wear a fitness tracker a ly, because this type of data analyze and share data collected by fitness trackers quite free share user 2016). A report by the is not classified as “health” data in the U.S. (see Hilts et al data Norwegian Consumer Council (2016) found that “health and fitnes s apps share user data with partners and advertisers” and revealed that both Runkeeper and Endomondo retrieve 273 . After the study was published, the user’s location even when apps are not in use 274 e: http://content.fitbit.com/rs/493- Fitbit (2015): Fitbit for Corporate Wellness. Infosheet. Onlin several apps changed their terms and practices (see also chapte r 4.2.1). CEF-482/images/FitbitWellness_InfoSheet.pdf [21.07.2016] 275 See Fitbit (2016): Annual report 2015 276 https://www.fitbit.com/group-health [22.07.2016] 277 n Corporate Wellness. Fast Farr, Christina (2016): How Fitbit Became The Next Big Thing I Company, 18.04.2016. Online: http://www.fastcompany.com/3058462 /how-fitbit-became-the- next-big-thing-in-corporate-wellness [22.07.2016] 278 -details/2015/Fitbit-Wellness- https://investor.fitbit.com/press/press-releases/press-release Adds-Over-20-New-Enterprise-Customers-Including-Barclays-PLC/de fault.aspx [22.07.2016] 272 279 From on-device and transmission to cloud storage risks, see e. g. Barcena, Mario Ballano; Candid Satariano, Adam (2014): Wear This Device So the Boss Knows You ’re Losing Weight. Bloomberg. ce-so-the-boss-knows-you- Wueest, and Hon Lau (2014): How safe is your quantified self? S ymantec, August 11, 2014. Online: Online: http://www.bloomberg.com/ news/2014-08-21/wear-this-devi am/symantec/docs/white-papers /how-safe-is-your- https://www.symantec.com/content/d re-losing-weight.html [22.07.2016] 280 quantified-self-en.pdf surance. Forbes, 19.06.2014. Olson, Parmy (2014b): Wearable Tech Is Plugging Into Health In 273 Norwegian Consumer Council (2016): Health and fitness apps vio late users privacy. Press ble-tech-health-insurance Online: http://www.forbes.com/sites/parmyolson/2014/06/19/weara Release, 25.02.2016. Online: [22.07.2016] 281 te-users-privacy [21.07.2016] http://www.forbrukerradet.no/side/ ss-apps-viola health-and-fitne Satariano, Adam (2014) 64 64 65

65 4.3.4 Health data for insurances and corporate wellness provides links to several other privacy policies, makes recomme ndations such as “we encourage you to read the Google Privacy Policy” and mentions t hat interactions with Apart from the practice of trans y companies, which users mitting user data to third-part y the privacy policy of the “social media tools, like widgets and plug-ins” are “governed b singly cooperating with are often not aware of, fitness and health platforms are increa company providing them, not by Fitbit’s Privacy Policy”. employers and insurance companies. Transmitting data to third parties 4.3.3 “plan, Market leader Fitbit offers its devices and services to employers and helps them to „Increase 274 272 one of the main concerns Activity trackers are track, manage and execute” their corporate wellness programs . Apart from manifold issues wit h data security on many levels employee 275 These can either give the devices to their ss trackers is that at some poin t, the recorded health data sold to companies at quantity discounts. since the introduction of fitne productivity“ employees for free or offer them for a very low price. Accordin ’s Fitbit Group Health g to could be accessed and analyzed by data brokers or even by insur ance companies and 276 rs, payment collection & shippi the company takes care of “orde ng” to website, employers. As summarized in the precedent chapter, Fitbit may transmit data to more ny-specific During device setup, employees are invited to sign into a compa employees. LiveRamp than 10 third-party companies including , a subsidiary of the data broker . Acxiom version of where ’s software platform to “create immediate employee engagement”, Fitbit employees can “track their progr ess” and compete in “corporate challenges”. Fitbit and iOS health and fitness apps. They A study from 2013 analyzed 43 popular Android Ad networks ogans like “increase advertises its corporate wellness products to companies with sl found that 39% of free apps and 30% of paid apps sent data to third parties not and marketing ally reduce healthcare employee productivity”, “get employees more active, and potenti mentioned in the app or in any privacy policy. 43% of free apps and 5% of paid apps data brokers “ costs” and any-wide Fitbit Group Health lets you monitor individual, team, and comp shared personally identifiable information with advertisers (se e Ackerman 2013). In progress”. 2014, the IT security firm Symantec found that popular self-tracking devices and fitness corporate wellness customers include the Fitbit , IBM and Time Warner . Bank of America apps contacted five unique domains on average , a “significant number” of them Less insurance In April 2016, Target announced that it would offer 335,000 devices to its employees , “contacted 10 or more different domains” – from service provide rs to ad networks and costs by 277 claims that more than 50 of the Fitbit offered 75,000 to its employees. Barclays while Tapjoy, Doubleclick, Apsalar, Localytics, Apptentive, marketing data companies such as tracking 278 and Admob . Flurry Some companies already Fortune 500 companies belong to their customers. successfully adopted corporate wellness programs not just to in crease employee’s health, Latanya Sweeney (2014), chief technologist of the U.S. Federal Trade Commission, quotes Data on .-based company but also to reduce insurance costs. In 2014, the CEO of the U.S told Appiro a study from Evidon , which found in 2013 that 20 popular health and fitness apps workouts, diets Bloomberg that he negotiated off his company’s roughly $5 million in annual “$300,000 d-party companies. When Sweeney disclosed information to 70 thir herself conducted a and medical insurance costs”, when about 400 of his employees participated in a “voluntary fitness that information was similar analysis on 12 apps and two wearable devices, she found searches “sharing the data with the program that includes uploading their activity with Fitbit” and transmitted to . One of the tested apps disclosed 76 different third-party companies 279 company’s health care provider”. information from consumer specif ic identifiers to diet and work out information, to 18 Fitbit Equally, 14,000 employees of the oil corporation BP decided to let free tracker , common identifiers ived third parties. Reversely, one of the third-party companies rece $ 1,200 those who achieve record their steps in 2013. All eps “gained points that d a million st gender and workout information from four of the analyzed apps. 18 third parties received discount on 280 Bloomberg reported that one BP could go towards a lower insurance premium”. device-specific identi email addresses. 22 of fiers and 14 received names, usernames or insurance on his annual health insurance bi is saved $1,200 employee ll due to participating in th exercises, meal and diet information, them received additional information on premium 281 . geolocation and medical/symptom searches BP is self-insured, pays directly for health- program and reaching . steps 1 million related expenses of its employees, and thus has a strong intere st to keep them as low as both activity trackers and Taken together, it is largely unclear which kinds of user data Health and possible. On the other hand, $1,200 is a considerable amount of money, which could es. U.S. companies can iding or selling to third parti fitness and health apps are prov fitness apps nd let it monitor their lives. practically force certain employees to wear a fitness tracker a ly, because this type of data analyze and share data collected by fitness trackers quite free share user 2016). A report by the is not classified as “health” data in the U.S. (see Hilts et al data Norwegian Consumer Council (2016) found that “health and fitnes s apps share user data with partners and advertisers” and revealed that both Runkeeper and Endomondo retrieve 273 . After the study was published, the user’s location even when apps are not in use 274 e: http://content.fitbit.com/rs/493- Fitbit (2015): Fitbit for Corporate Wellness. Infosheet. Onlin several apps changed their terms and practices (see also chapte r 4.2.1). CEF-482/images/FitbitWellness_InfoSheet.pdf [21.07.2016] 275 See Fitbit (2016): Annual report 2015 276 https://www.fitbit.com/group-health [22.07.2016] 277 n Corporate Wellness. Fast Farr, Christina (2016): How Fitbit Became The Next Big Thing I Company, 18.04.2016. Online: http://www.fastcompany.com/3058462 /how-fitbit-became-the- next-big-thing-in-corporate-wellness [22.07.2016] 278 -details/2015/Fitbit-Wellness- https://investor.fitbit.com/press/press-releases/press-release Adds-Over-20-New-Enterprise-Customers-Including-Barclays-PLC/de fault.aspx [22.07.2016] 272 279 From on-device and transmission to cloud storage risks, see e. g. Barcena, Mario Ballano; Candid Satariano, Adam (2014): Wear This Device So the Boss Knows You ’re Losing Weight. Bloomberg. ce-so-the-boss-knows-you- Wueest, and Hon Lau (2014): How safe is your quantified self? S ymantec, August 11, 2014. Online: Online: http://www.bloomberg.com/ news/2014-08-21/wear-this-devi am/symantec/docs/white-papers /how-safe-is-your- https://www.symantec.com/content/d re-losing-weight.html [22.07.2016] 280 quantified-self-en.pdf surance. Forbes, 19.06.2014. Olson, Parmy (2014b): Wearable Tech Is Plugging Into Health In 273 Norwegian Consumer Council (2016): Health and fitness apps vio late users privacy. Press ble-tech-health-insurance Online: http://www.forbes.com/sites/parmyolson/2014/06/19/weara Release, 25.02.2016. Online: [22.07.2016] 281 te-users-privacy [21.07.2016] http://www.forbrukerradet.no/side/ ss-apps-viola health-and-fitne Satariano, Adam (2014) 65 64 65

66 In 2016, still offers its corporate we llness program including free Fitbit devices. When BP discount of up to 15% on their life tools”. By gaining “Vitality Points” they can get a Corporate ints”, and 250 points for employees complete one million steps they earn 500 “wellness po . Other rewards like gift cards, discounted hotel stays and fli ghts are insurance policy wellness at BP 292 According to John Hancock , a “45 year old couple (of average health)” BP ’s wellness program also rewards other health-related every additional million steps. available as well. lly save more than $25,000 buying a life insurance policy of $500,000 each “could potentia activities from participating in “telephonic lifestyle manageme nt” or a “comprehensive 282 on their premiums by the time they reach 85”, as long as they e arn enough points in all ng” (125 points). ints) to a “biometric screeni health questionnaire” (both 250 po 293 iPhones and Apple Steps and activity recorded by the Watch can also be used to ich include the chance to Employees who want to participate in specific health options wh years. 294 gain points, because the program also integrates with Apple ’s HealthKit platform. to their “Health Savings Account” have to reach 1,000 $1,000 contribution receive a 283 three million steps This would correspond to . points to “remain eligible”. Manulife announced a similar program John Hancock ’s Canadian parent company In 2016, Discovery’s 295 South Africa -based Their partner Vitality , which is part of the ’s partner , according to StayWell Fitbit ’s corporate wellness program is managed by BP for Canadian consumers. Data Vitality Discovery insurance company , additionally lists supported health devices and apps such Forbes, a “population-management firm” who manages the collecte d health data as a program managed by 285 284 296 , is also offered in StayWell describes itself as a “health engagement company” Vitality ’s Withings , Jawbone and Samsung S-Health . as , Garmin , Polar “neutral third party”. neutral parties 297 In addition, Vitality has built the deep , branded as “VitalityHealth” and “VitalityLife”. experience and whose “population-specific programs” are “backed by decades of UK 286 It is at least questionable whether a roduce similar programs, partnerships with insurance comp anies all over the world to int expertise in the science of behavior change ”. company, which specializes in the “science on behavior change”, can really be considered Generali Asia in AIA for example with in , and, lately, with Ping An Health in China and 298 Europe. as a “neutral party” regarding health data of employees. Fitbit claims to partner with corporate wellness vendors with h ealth plans “who cover more th 50% of the US an , the Discovery According to Vitality Generali Group has now “exclusive rights” to the Vitality in 287 . In 2015, Fitbit compliance “to HIPAA announced that it now supports ” population 299 program in Europe. In Germany it is available to policyholders since July 2016. Europe ng corporate wellness more effectively integrate with HIPAA-covered entities, includi John Hancock According to their German website, it works similar to ’s program. Members 288 The U.S. Health Insurance Portability self-insured employers”. partners, health plans and nnection with a life or have to pay a monthly fee of €5, but it is only available in co and Accountability Act (HIPAA) protects the privacy of certain health-related informa tion, occupational disability insuranc e policy. Points are collected by participating in health by organizations and companies that fall under the when this information is managed questionnaires and by recording their activity with a fitness t racker. Besides rewards such remit of HIPAA (see FTC 2014, p. 14). se a as discounts on sport shoes and refunds for travels, they promi discount up to 16% 300 Insurance programs incorporating wearables ’s Giovanni Liverani, Generali According to an interview with on insurance premiums . , ns to inform ss centers and supermarket chai members could also “allow” fitne Generali United Health Large U.S. insurance companies like , and Highmark Cigna Humana , 301 After how often they are attending and , respectively. which products they are buying nsumers wear tracking started voluntary programs that involve wearables years ago. Co 302 Germany, launches in France and Austria are planned. 289 in which they gain points. devices and their activity data is submitted to online systems, Initially, such points could be traded for small rewards like c oupons or cinema tickets. 290 , one of the largest life insurers in the U.S., went one step f urther. In 2015, John Hancock 15% discount 291 a corporate wellness provider Vitality, , to offer policy holders a They teamed up with on life 292 -- if you let it track your Fitbit. Mearian, Lucas (2015): Insurance company now offers discounts device track their activities. Consumers receive Fitbit discount when they let a free insurance Computerworld, Apr 17, 2015. Online: using online and automated “personalized health goals and can easily log their activities http://www.computerworld.com/arti cle/2911594/insurance-company-now-offers-discounts-if- you-let-it-track-your-fitbit.html [22.07.2016] 293 John Hancock (2015) 294 John Hancock (2015): John Hancock Vitality Life Insurance Solu tions Launches HealthKit-enabled App for iPhone and iPod touch; allows policyholders to get rewa rded for recording healthy activities 282 on iPhone and the Apple Watch. Apr 28, 2015. Online: http://www .prnewswire.com/news- s/BP-Wellness-Programs/2016- http://hr.bpglobal.com/LifeBenefits/Sites/Core/BP-Life-benefit releases/john-hancock-vitality-li fe-insurance-solutions-launche s-healthkit-enabled-app-for-iphone- BP-wellness-program.aspx [22.07.2016] 283 ng-healthy-activities-on-iphone- and-ipod-touch-allows-policyholders-to-get-rewarded-for-recordi http://hr.bpglobal.com/LifeBenefits/Sites/Core/BP-Life-benefit s/BP-Wellness-Programs/How- and-the-apple-watch-300073300.html [22.07.2016] the-BP-wellness-program-w orks.aspx [22.07.2016] 295 284 offer Canadians discounts for Evans, Pete (2016): Manulife to healthy activities. CBC News. Feb Olson, Parmy (2014): The Quantified Other: Nest And Fitbit Cha se A Lucrative Side Business. Forbes, 05.05.2014. http://www.forbes.com/sites/parmyolson/2014 ess-insurance-1.3439904 /04/17/the-quantified-other- 09, 2016. Online: http://www.cbc. ca/news/business/manulife-fitn [22.07.2016] nest-and-fitbit-chase-a-lucrative-side-business [22.07.2016] 296 285 dfs/vitality/vitality_news/vi https://www.discovery.co.za/discovery_coza/web/linked_content/p http://staywell.com/about-staywell [22.07.2016] 286 tality_fitness_points.pdf [22.07.2016] http://staywell.com/employer-solutions [22.07.2016] 297 287 https://www.vitality.co.uk/o ur-journey [01.08.2016] https://www.fitbit.com/group-health/partners [22.07.2016] 298 288 h Generali. 23 June 2016. Online: Discovery (2016): Discovery Vitality launches in Europe throug Fitbit (2015): Fitbit Extends Corporate Wellness Offering with HIPAA Compliant Capabilities. press/press-releases/press-release- Press Release, 09/16/2015. Online: https://investor.fitbit.com/ europe-through-generali https://discovery.co.za/portal/individual/vitality-launches-in- details/2015/Fitbit-Extends-Corporate-Wellness-Offering-with-HI PAA-Compliant- [22.07.2016] 299 Capabilities/default.aspx [22.07.2016] Ibid. 300 289 Satariano, Adam (2014) https://www.generali-vitalityerleben.de [22.07.2016] 290 301 Honsel, Gregor (2016): Tracking durch die Versicherung: "Wir w John Hancock (2015): John Hancock Introduces a Whole New Approach to Life Insurance in the erden Sie nicht bestrafen". Technology Review, 27.08.2015. Online: http://www.heise.de/tr/a Online: U.S. That Rewards Customers for Healthy Living. April 8, 2015. rtikel/Tracking-durch-die- news_details.php?fn=apr0815-te http://www.johnhancock.com/about/ Versicherung-Wir-werden-Sie-nicht-bestrafen-2791079.html [01.08 .2016] xt&yr=2015 [22.07.2016] 291 302 Ralph, Oliver (2016): Insurer to sell data-driven product in p rivacy-conscious Germany. Financial http://www.thevitalitygroup.com /john-hancock-enters-exclusive-partnership-with-vitality Times, 23.06.2016. Online: [22.07.2016] 66 67 66

67 tools”. By gaining “Vitality Points” they can get a discount of up to 15% on their life still offers its corporate we llness program including free Fitbit devices. When In 2016, BP Corporate discounted hotel stays and fli ghts are . Other rewards like gift cards, insurance policy employees complete one million steps they earn 500 “wellness po ints”, and 250 points for wellness at BP 292 , a “45 year old couple (of average health)” John Hancock According to available as well. ’s wellness program also rewards other health-related BP every additional million steps. lly save more than $25,000 buying a life insurance policy of $500,000 each “could potentia activities from participating in “telephonic lifestyle manageme nt” or a “comprehensive 282 on their premiums by the time they reach 85”, as long as they e arn enough points in all ng” (125 points). ints) to a “biometric screeni health questionnaire” (both 250 po 293 iPhones and Apple Steps and activity recorded by the Watch can also be used to ich include the chance to Employees who want to participate in specific health options wh years. 294 gain points, because the program also integrates with Apple ’s HealthKit platform. to their “Health Savings Account” have to reach 1,000 $1,000 contribution receive a 283 three million steps This would correspond to . points to “remain eligible”. Manulife announced a similar program John Hancock ’s Canadian parent company In 2016, Discovery’s 295 South Africa -based Their partner Vitality , which is part of the ’s partner , according to StayWell Fitbit ’s corporate wellness program is managed by BP for Canadian consumers. Data Vitality Discovery insurance company , additionally lists supported health devices and apps such Forbes, a “population-management firm” who manages the collecte d health data as a program managed by 285 284 296 , is also offered in StayWell describes itself as a “health engagement company” Vitality ’s Withings , Jawbone and Samsung S-Health . as , Garmin , Polar “neutral third party”. neutral parties 297 In addition, Vitality has built the deep , branded as “VitalityHealth” and “VitalityLife”. experience and whose “population-specific programs” are “backed by decades of UK 286 It is at least questionable whether a roduce similar programs, partnerships with insurance comp anies all over the world to int expertise in the science of behavior change ”. company, which specializes in the “science on behavior change”, can really be considered Generali Asia in AIA for example with in , and, lately, with Ping An Health in China and 298 Europe. as a “neutral party” regarding health data of employees. Fitbit claims to partner with corporate wellness vendors with h ealth plans “who cover more th 50% of the US an , the Discovery According to Vitality Generali Group has now “exclusive rights” to the Vitality in 287 . In 2015, Fitbit compliance “to HIPAA announced that it now supports ” population 299 program in Europe. In Germany it is available to policyholders since July 2016. Europe ng corporate wellness more effectively integrate with HIPAA-covered entities, includi John Hancock According to their German website, it works similar to ’s program. Members 288 The U.S. Health Insurance Portability self-insured employers”. partners, health plans and nnection with a life or have to pay a monthly fee of €5, but it is only available in co and Accountability Act (HIPAA) protects the privacy of certain health-related informa tion, occupational disability insuranc e policy. Points are collected by participating in health by organizations and companies that fall under the when this information is managed questionnaires and by recording their activity with a fitness t racker. Besides rewards such remit of HIPAA (see FTC 2014, p. 14). se a as discounts on sport shoes and refunds for travels, they promi discount up to 16% 300 Insurance programs incorporating wearables ’s Giovanni Liverani, Generali According to an interview with on insurance premiums . , ns to inform ss centers and supermarket chai members could also “allow” fitne Generali United Health Large U.S. insurance companies like , and Highmark Cigna Humana , 301 After how often they are attending and , respectively. which products they are buying nsumers wear tracking started voluntary programs that involve wearables years ago. Co 302 Germany, launches in France and Austria are planned. 289 in which they gain points. devices and their activity data is submitted to online systems, Initially, such points could be traded for small rewards like c oupons or cinema tickets. 290 , one of the largest life insurers in the U.S., went one step f urther. In 2015, John Hancock 15% discount 291 a corporate wellness provider Vitality, , to offer policy holders a They teamed up with on life 292 -- if you let it track your Fitbit. Mearian, Lucas (2015): Insurance company now offers discounts device track their activities. Consumers receive Fitbit discount when they let a free insurance Computerworld, Apr 17, 2015. Online: using online and automated “personalized health goals and can easily log their activities http://www.computerworld.com/arti cle/2911594/insurance-company-now-offers-discounts-if- you-let-it-track-your-fitbit.html [22.07.2016] 293 John Hancock (2015) 294 John Hancock (2015): John Hancock Vitality Life Insurance Solu tions Launches HealthKit-enabled App for iPhone and iPod touch; allows policyholders to get rewa rded for recording healthy activities 282 on iPhone and the Apple Watch. Apr 28, 2015. Online: http://www .prnewswire.com/news- s/BP-Wellness-Programs/2016- http://hr.bpglobal.com/LifeBenefits/Sites/Core/BP-Life-benefit releases/john-hancock-vitality-li fe-insurance-solutions-launche s-healthkit-enabled-app-for-iphone- BP-wellness-program.aspx [22.07.2016] 283 ng-healthy-activities-on-iphone- and-ipod-touch-allows-policyholders-to-get-rewarded-for-recordi http://hr.bpglobal.com/LifeBenefits/Sites/Core/BP-Life-benefit s/BP-Wellness-Programs/How- and-the-apple-watch-300073300.html [22.07.2016] the-BP-wellness-program-w orks.aspx [22.07.2016] 295 284 offer Canadians discounts for Evans, Pete (2016): Manulife to healthy activities. CBC News. Feb Olson, Parmy (2014): The Quantified Other: Nest And Fitbit Cha se A Lucrative Side Business. Forbes, 05.05.2014. http://www.forbes.com/sites/parmyolson/2014 ess-insurance-1.3439904 /04/17/the-quantified-other- 09, 2016. Online: http://www.cbc. ca/news/business/manulife-fitn [22.07.2016] nest-and-fitbit-chase-a-lucrative-side-business [22.07.2016] 296 285 dfs/vitality/vitality_news/vi https://www.discovery.co.za/discovery_coza/web/linked_content/p http://staywell.com/about-staywell [22.07.2016] 286 tality_fitness_points.pdf [22.07.2016] http://staywell.com/employer-solutions [22.07.2016] 297 287 https://www.vitality.co.uk/o ur-journey [01.08.2016] https://www.fitbit.com/group-health/partners [22.07.2016] 298 288 h Generali. 23 June 2016. Online: Discovery (2016): Discovery Vitality launches in Europe throug Fitbit (2015): Fitbit Extends Corporate Wellness Offering with HIPAA Compliant Capabilities. press/press-releases/press-release- Press Release, 09/16/2015. Online: https://investor.fitbit.com/ europe-through-generali https://discovery.co.za/portal/individual/vitality-launches-in- details/2015/Fitbit-Extends-Corporate-Wellness-Offering-with-HI PAA-Compliant- [22.07.2016] 299 Capabilities/default.aspx [22.07.2016] Ibid. 300 289 Satariano, Adam (2014) https://www.generali-vitalityerleben.de [22.07.2016] 290 301 Honsel, Gregor (2016): Tracking durch die Versicherung: "Wir w John Hancock (2015): John Hancock Introduces a Whole New Approach to Life Insurance in the erden Sie nicht bestrafen". Technology Review, 27.08.2015. Online: http://www.heise.de/tr/a Online: U.S. That Rewards Customers for Healthy Living. April 8, 2015. rtikel/Tracking-durch-die- news_details.php?fn=apr0815-te http://www.johnhancock.com/about/ Versicherung-Wir-werden-Sie-nicht-bestrafen-2791079.html [01.08 .2016] xt&yr=2015 [22.07.2016] 291 302 Ralph, Oliver (2016): Insurer to sell data-driven product in p rivacy-conscious Germany. Financial http://www.thevitalitygroup.com /john-hancock-enters-exclusive-partnership-with-vitality Times, 23.06.2016. Online: [22.07.2016] 67 67 66

68 announced a corporate wellness program which is not United Health Also in 2016, announced a corporate wellness program which is not United Health Also in 2016, affiliated with The program provides free fitness trackers to employees of Vitality. become less voluntary When the incentives offered are considerably valuable, it could x to $1,460 per year by customer companies and offers them the opportunity to “earn up affiliated with Vitality. The program provides free fitness trackers to employees of it becomes a necessity and “n to participate (see Lupton 2014), ormal”, in particular for 303 meeting certain goals for the number of daily steps”. customer companies and offers them the opportunity to “earn up to $1,460 per year by those that are financially less well off. 303 meeting certain goals for the number of daily steps”. ad of rewards. The g with punishment schemes inste Other companies are experimentin Punish, not oduct. A student app goes one step further than any other available pr Reclamate is a From self 304 ad of offers an app that incorporates data from wearables, but inste U.S. startup StickK g with punishment schemes inste ad of rewards. The Other companies are experimentin reward Punish, not e to traditional prisons” and smartphone app that sees itself as a “safer, cheaper alternativ tracking to the 304 offers an app that incorporates data from wearables, but inste ad of StickK U.S. startup collecting “wellness points”, points are deducted if users do n ot achieve their activity reward wants to give “offenders access to a variety of services while monitoring their actions and virtual prison 312 goals. offer to consumers is based on a kind of “contract”, in which users commit StickK’s ot achieve their activity collecting “wellness points”, points are deducted if users do n It “nudges nonviolent offenders to keep up on their encouraging pro-social behaviors”. to donate a certain amount of money to specific charities when they are not achieving goals. StickK’s offer to consumers is based on a kind of “contract”, in which users commit post-release job training, drug testing, parole visits”. Good-b ehavior leads to rewards such 313 StickK their goals. g rewards” far more effective than offerin argues that their approach is “ to donate a certain amount of money to specific charities when they are not achieving has already Deloitte University Press A report by as an “extended curfew on weekends". and already had 13 corporate cu Fortune 500 stomers in 2014, including three g rewards” far more effective than offerin argues that their approach is “ StickK their goals. taken up a similar idea and suggests “pairing smartphone techno logy with existing 305 314 companies. and already had 13 corporate cu stomers in 2014, including three Fortune 500 electronic monitoring practices“, to create a “new model of vir tual incarceration”. 305 companies. ng data from fitness and Corporate wellness programs, health plans or insurances accessi Mandatory advocates and scholars. activity trackers, have often been criticized by media, privacy Corporate wellness programs, health plans or insurances accessi ng data from fitness and Mandatory discrimination Ubiquitous surveillance in an Internet of Things? 4.4 include: Possible risks for both individuals and society advocates and scholars. activity trackers, have often been criticized by media, privacy ? discrimination include: risks for both individuals and society Possible ? 306 “The Internet will disappear ... There will be so many IP addresses...so many x Data security issues devices, sensors, things that you are wearing, things that you are interacting with that 306 307 x Data security issues x Activity data or inferred health scores could be disclosed or s old to third parties. you won’t even sense it. It will be part of your presence all the time." 307 x Activity data or inferred health scores could be disclosed or s old to third parties. x ers are recording about Companies might use the detailed information that fitness track 315 Eric Schmidt, 2015 308 their employee’s work and privat e lives, for purposes other tha n corporate wellness. ers are recording about Companies might use the detailed information that fitness track x 308 their employee’s work and privat n corporate wellness. e lives, for purposes other tha ums (see Lupton 2014) People who fail to achieve goals might have to pay higher premi x was coined by Kevin It is generally believed that the term Internet of Things (IoT) 309 316 ums (see Lupton 2014) x People who fail to achieve goals might have to pay higher premi . This could lead to discrimination against or could even be placed on blacklists International Telecommunications Union (ITU) Six years later, the . in 1999 Ashton 310 309 people who are not young and healthy. . This could lead to discrimination against or could even be placed on blacklists predicted that the “creation of ail the connection of everyday the Internet of Things will ent 310 317 people who are not young and healthy. rewarded, people who ticipate in these programs are While people who voluntarily par x objects and devices to a ll kinds of networks”. 311 rewarded, people who ticipate in these programs are While people who voluntarily par x don’t want to participate could be penalized. definition of this term (see Minerva et al 2015). According to There is still no common Anytime 311 don’t want to participate could be penalized. objects of the real world some prominent organizations, the Internet of Things “links the connectivity ivity for anything and not bling anytime, anyplace connect with the virtual world, thus ena for anything et al 2010). The term describes an “interconnected only for anyone” (Sundmaeker environment where all manner of objects have a digital presence and the ability to http://www.ft.com/cms/s/0/b539ec08-3897-11e6-9a05-82a9b15a8ee7 .html [23.07.2016] 303 UnitedHealth Group (2016): UnitedHealthcare and Qualcomm Colla borate to Launch New communicate with other objects and people” (FTC 2015). It refer s to a “world-wide http://www.ft.com/cms/s/0/b539ec08-3897-11e6-9a05-82a9b15a8ee7 .html [23.07.2016] f Wearable Devices. Mar. 01, 2016. Wellness Program That Links Financial Incentives with the Use o 303 borate to Launch New UnitedHealth Group (2016): UnitedHealthcare and Qualcomm Colla n standard network of interconnected objects uniquely addressable, based o Online: Wellness Program That Links Financial Incentives with the Use o f Wearable Devices. Mar. 01, 2016. communication protocols” (Botterman 2009). healthcare/2016/0301 s/feed/united newsroom/article http://www.unitedhealthgroup.com/ Online: qualcommunitedhealthcaremotion.aspx [22.07.2016] http://www.unitedhealthgroup.com/ newsroom/article s/feed/united healthcare/2016/0301 More and more physical objects and spaces are connected to the Internet, from printers, 304 http://www.stickk.com qualcommunitedhealthcaremotion.aspx [22.07.2016] fridges, cars and doors to objec ts located in offices, industri al plants or in public space. All 305 Olson, Parmy (2014) 304 http://www.stickk.com 306 ork connections and these objects are equipped with sensors, processing power, netw m, a large health insurer, see: e.g. 80 million people were affected by a data breach at Anthe 305 Olson, Parmy (2014) http://www.npr.org/sections/alltechconsidered/2015/02/05/384099 135/anthem-hack-renews- 306 to act in certain ways. They a actuators, which may enable them re able to process e.g. 80 million people were affected by a data breach at Anthe m, a large health insurer, see: calls-for-laws-to-better-prevent-breaches [22.07.2016] 135/anthem-hack-renews- http://www.npr.org/sections/alltechconsidered/2015/02/05/384099 with their environment information and to communicate with other objects and networks, 307 See also chapter 5.3 calls-for-laws-to-better-prevent-breaches [22.07.2016] things” have been in use in and with people. Gartner estimates that 4.9 billion “connected 308 Data From Employees’ See e.g. Haggin, Patience (2016): How Should Companies Handle 307 See also chapter 5.3 : Wearable Devices? The Wall Street Journal, May 22, 2016. Online 308 Data From Employees’ See e.g. Haggin, Patience (2016): How Should Companies Handle http://www.wsj.com/articles/how-s hould-companies-handle-data-fr om-employees-wearable- : Wearable Devices? The Wall Street Journal, May 22, 2016. Online devices-1463968803 [01.08.2016] om-employees-wearable- hould-companies-handle-data-fr http://www.wsj.com/articles/how-s 309 ittle to stop a life insurance company E.g. “In other words, privacy experts fear that there's very l devices-1463968803 [01.08.2016] rts, which is akin to the experience of from putting those who fail to stay active on a blacklist of so 309 312 http://www.appitupchallenge.c E.g. “In other words, privacy experts fear that there's very l ittle to stop a life insurance company om/stats.html [22.08.2016] having a low credit score”, see: 313 rts, which is akin to the experience of from putting those who fail to stay active on a blacklist of so http://articles.philly.com/2016-04-23/business/72540075_1_mobi le-phone-app-ben-franklin- 513/weighing-privacy-vs- echconsidered/2015/04/09/398416 http://www.npr.org/sections/allt having a low credit score”, see: technology-partners-uber [22.08.2016] rewards-of-letting-insurers-track-your-fitness [22.07.2016] 314 http://www.npr.org/sections/allt 513/weighing-privacy-vs- echconsidered/2015/04/09/398416 http://dupress.com/wp-content/uploads/2013/03/DU220_Beyond-the-Bars_vFINAL-3.5.pdf 310 E.g. “cutting insurance costs for lower risk customers, raisin g them for higher risk ones“, see: rewards-of-letting-insurers-track-your-fitness [22.07.2016] [22.08.2016] ur-health-data http://www.zdnet.com/article/yes-insurers-want-yo -but-not-for-the-reason-you- 315 310 g them for higher risk ones“, see: midt-internet-765989 http://www.hollywoodreporter.com/news/google-chairman-eric-sch E.g. “cutting insurance costs for lower risk customers, raisin think [22.07.2016] http://www.zdnet.com/article/yes-insurers-want-yo ur-health-data -but-not-for-the-reason-you- [01.08.2016] 311 E.g. “Companies have increasingly used a combination of carrot s (free vacation days!) and sticks 316 think [22.07.2016] Ashton, Kevin (2009): That 'Internet of Things' Thing. In the real world, things matter more than (higher premiums) to coerce empl lth screenings and wellness oyees into participating in hea 311 ideas. In: RFID Journal, 22.06.2009. Cited am 21.12.2016 von E.g. “Companies have increasingly used a combination of carrot s (free vacation days!) and sticks programs—a practice that the Equal Employment Opportunity Commi ssion has fought with varying http://www.rfidjournal.com/articles/view?4986 (higher premiums) to coerce empl oyees into participating in hea lth screenings and wellness success”, see: http://www.fastcomp came-the-next-big-thing-in- any.com/3058462/how-fitbit-be 317 ITU (2005): ITU Internet Reports. The Internet of Things. Inte rnational Telecommunications programs—a practice that the Equal Employment Opportunity Commi ssion has fought with varying corporate-wellness [22.07.2016] Union, November 2005. Online: https://www.itu.int/net/wsis/tunis/newsroom/stats/The- success”, see: http://www.fastcomp came-the-next-big-thing-in- any.com/3058462/how-fitbit-be Internet-of-Things-2005.pdf corporate-wellness [22.07.2016] 68 68 68 69

69 announced a corporate wellness program which is not Also in 2016, United Health x When the incentives offered are considerably valuable, it could become less voluntary Vitality. The program provides free fitness trackers to employees of affiliated with it becomes a necessity and “n to participate (see Lupton 2014), ormal”, in particular for customer companies and offers them the opportunity to “earn up to $1,460 per year by those that are financially less well off. 303 meeting certain goals for the number of daily steps”. Reclamate A student app goes one step further than any other available pr is a oduct. From self g with punishment schemes inste Other companies are experimentin ad of rewards. The Punish, not smartphone app that sees itself as a “safer, cheaper alternativ e to traditional prisons” and tracking to the 304 ad of offers an app that incorporates data from wearables, but inste StickK U.S. startup reward to a variety of services while wants to give “offenders access monitoring their actions and virtual prison 312 collecting “wellness points”, points are deducted if users do n ot achieve their activity It “nudges nonviolent offenders to keep up on their encouraging pro-social behaviors”. users commit goals. StickK’s offer to consumers is based on a kind of “contract”, in which post-release job training, drug testing, parole visits”. Good-b ehavior leads to rewards such 313 to donate a certain amount of money to specific charities when they are not achieving Deloitte University Press has already A report by as an “extended curfew on weekends". their goals. argues that their approach is “ far more effective than offerin g rewards” StickK logy with existing taken up a similar idea and suggests “pairing smartphone techno 314 stomers in 2014, including three and already had 13 corporate cu Fortune 500 electronic monitoring practices“, to create a “new model of vir tual incarceration”. 305 companies. ng data from fitness and Corporate wellness programs, health plans or insurances accessi Mandatory Ubiquitous surveillance in an Internet of Things? 4.4 activity trackers, have often been criticized by media, privacy advocates and scholars. discrimination Possible include: risks for both individuals and society ? will be so many IP addresses...so many “The Internet will disappear ... There devices, sensors, things that you are wearing, things that you are interacting with that 306 x Data security issues you won’t even sense it. It will be part of your presence all the time." 307 x old to third parties. Activity data or inferred health scores could be disclosed or s 315 Eric Schmidt, 2015 ers are recording about x Companies might use the detailed information that fitness track 308 their employee’s work and privat e lives, for purposes other tha n corporate wellness. It is generally believed that the term Internet of Things (IoT) was coined by Kevin 316 x People who fail to achieve goals might have to pay higher premi ums (see Lupton 2014) International Telecommunications Union (ITU) Six years later, the in 1999 Ashton . 309 . This could lead to discrimination against or could even be placed on blacklists ail the connection of everyday the Internet of Things will ent predicted that the “creation of 310 317 people who are not young and healthy. objects and devices to a ll kinds of networks”. ticipate in these programs are While people who voluntarily par x rewarded, people who definition There is still no common of this term (see Minerva et al 2015). According to Anytime 311 don’t want to participate could be penalized. some prominent organizations, the Internet of Things “links the objects of the real world connectivity bling anytime, anyplace connect with the virtual world, thus ena ivity for anything and not for anything et al 2010). The term describes an “interconnected only for anyone” (Sundmaeker environment where all manner of objects have a digital presence and the ability to communicate with other objects and people” (FTC 2015). It refer s to a “world-wide .html [23.07.2016] http://www.ft.com/cms/s/0/b539ec08-3897-11e6-9a05-82a9b15a8ee7 303 borate to Launch New UnitedHealth Group (2016): UnitedHealthcare and Qualcomm Colla network of interconnected objects uniquely addressable, based o n standard f Wearable Devices. Mar. 01, 2016. Wellness Program That Links Financial Incentives with the Use o communication protocols” (Botterman 2009). Online: newsroom/article s/feed/united healthcare/2016/0301 http://www.unitedhealthgroup.com/ Internet, from printers, More and more physical objects and spaces are connected to the qualcommunitedhealthcaremotion.aspx [22.07.2016] fridges, cars and doors to objec ts located in offices, industri al plants or in public space. All 304 http://www.stickk.com these objects are equipped with sensors, processing power, netw ork connections and 305 Olson, Parmy (2014) 306 to act in certain ways. They a actuators, which may enable them re able to process m, a large health insurer, see: e.g. 80 million people were affected by a data breach at Anthe http://www.npr.org/sections/alltechconsidered/2015/02/05/384099 135/anthem-hack-renews- with their environment information and to communicate with other objects and networks, calls-for-laws-to-better-prevent-breaches [22.07.2016] and with people. Gartner estimates that 4.9 billion “connected things” have been in use in 307 See also chapter 5.3 308 See e.g. Haggin, Patience (2016): How Should Companies Handle Data From Employees’ Wearable Devices? The Wall Street Journal, May 22, 2016. Online : http://www.wsj.com/articles/how-s hould-companies-handle-data-fr om-employees-wearable- devices-1463968803 [01.08.2016] 309 312 http://www.appitupchallenge.c E.g. “In other words, privacy experts fear that there's very l ittle to stop a life insurance company om/stats.html [22.08.2016] 313 from putting those who fail to stay active on a blacklist of so rts, which is akin to the experience of http://articles.philly.com/2016-04-23/business/72540075_1_mobi le-phone-app-ben-franklin- having a low credit score”, see: technology-partners-uber [22.08.2016] 314 513/weighing-privacy-vs- echconsidered/2015/04/09/398416 http://www.npr.org/sections/allt http://dupress.com/wp-content/uploads/2013/03/DU220_Beyond-the-Bars_vFINAL-3.5.pdf rewards-of-letting-insurers-track-your-fitness [22.07.2016] [22.08.2016] 315 310 E.g. “cutting insurance costs for lower risk customers, raisin g them for higher risk ones“, see: midt-internet-765989 http://www.hollywoodreporter.com/news/google-chairman-eric-sch [01.08.2016] http://www.zdnet.com/article/yes-insurers-want-yo ur-health-data -but-not-for-the-reason-you- 316 think [22.07.2016] Ashton, Kevin (2009): That 'Internet of Things' Thing. In the real world, things matter more than 311 ideas. In: RFID Journal, 22.06.2009. Cited am 21.12.2016 von s (free vacation days!) and sticks E.g. “Companies have increasingly used a combination of carrot http://www.rfidjournal.com/articles/view?4986 oyees into participating in hea lth screenings and wellness (higher premiums) to coerce empl 317 ITU (2005): ITU Internet Reports. The Internet of Things. Inte rnational Telecommunications ssion has fought with varying programs—a practice that the Equal Employment Opportunity Commi Union, November 2005. Online: https://www.itu.int/net/wsis/tunis/newsroom/stats/The- any.com/3058462/how-fitbit-be came-the-next-big-thing-in- success”, see: http://www.fastcomp Internet-of-Things-2005.pdf corporate-wellness [22.07.2016] 69 69 68

70 increase to 20.8 billion 2015, thereof 3 billion in the co nsumer space, and predicts an Homes, offices and other buildings : Many devices and facilities in buildings will soon x 318 connected objects by 2020. ed to the Internet such as frid be equipped with sensors connect ges, ovens and coffee machines, door locks, heating, ai r condition, lighting, water p ipes and fire alarms (Pew radio-frequency used on For many years, the debate about the Internet of Things was foc RFID tags 2014). This is not only true for homes, but also for offices, i ndustrial plants or leisure “radio waves to automatically identify and identification (RFID) , a technology that uses leading the environments. In addition, electrical devices could automatical ly switch on and off transponders or tags located on objects can track individual items” (ITU 2005). RFID way based on energy prices, which are dynamically changed by the en ergy providers (Atzori readers carry information which RFID can access remotely. RFID technology partly 2014). et al 2010) – as a result of “self regulating power grids” (Pew replaced barcodes in many fields. Tags are attached to differen t objects from shopping items and passports to containers. RFID transponders do not sol ely store codes that can City, infrastructure and transportation: Not only “cars, trains, buses as well as x rmation such as fingerprints uniquely identify an object, but can also store additional info network connec ensors, tags and bicycles” become equipped with s tions (Atzori et al has clothes to medicine and ID cards or photos. The use of tags within goods from 2010), but also streets, building ould capture data on their s and bridges. These objects c cerns were raised that already caused many debates regarding privacy. For example, con condition or on pollution levels. The sensor data may be used f or public safety or traffic accessed without the data on RFID tags attached to goods or ID cards could be control, and might even be synchronized with data about people’s “eating and al istance (see Sterbik-Lamina et , through materials and from a d consumers’ knowledge s mentioned include -day calendars”. Other example commuting habits and their day-to 319 2009). In 2015, an estimated numbe re sold. r of 9.1 billion RFID tags we municipal trashcans that “signal when they need to be emptied” and paper towel dispensers in restrooms which “signal when they need to be refi lled” (Pew 2014). However, RFID is just one of a variety of technologies used tod ay to connect the physical Invisible like wireless technologies such as world with digital networks. Apart from a wide range of the wires in : In factories, both machines and production parts are Manufacturing and commerce x GSM, UMTS, LTE, Wi-Fi, Bluetooth, NFC and localization technologies such as GPS the walls equipped with RFID tags, sensors and other elements of informat ion technology. help to record data Sensors tracking, the development of sensors plays an important role. is designed to track every si ngle event from the Similarly, the whole supply chain from the physical world and to m ake it usable for digital proce ssing, often in real-time. manufacturing of goods to logistics and retail. Managers can no t only oversee the entire Due to integration of small computers with network connections and a variety of sensors get a “global view on all the production process, but can also elements and the possible in everyday objects, these computers become ubiquitous. Consequ ently, this gives rise to side effects of a production line delay due to shop-floor devic e malfunctions” (Atzori et 320 (see and Ubiquitous Computing the use of terms such as Pervasive Computing ie 4.0”. al 2010). In Germany, this is discussed under the term “Industr er (1991) stated, all Spiekermann and Pallas 2005). As Mark Weis these computers will ers” by a consulting firm A report about “The Internet of Things: Opportunities for Insur Societal become more and more invisible – “like the wires in the walls”. explains that insurers could “use IoT-enriched relationships to connect more holistically implications 321 bates concerning the Smartphones and laptop computers are sometimes excluded from de Fields of Similarly, many of the 1,606 experts to customers and influence their behaviors”. ny other devices often Internet of Things. Since today’s smartphones, wearables and ma application interviewed by Pew Research (2014) expect that “incentives to t ry to get people to change share a very similar set of sens ftware, the lines between ors, network connections and so their behavior” will become a “major driver” of the Internet of Things, for example to them become more and more blurred. But within the Internet of T hings, many other or safe manner or to motivate people to purchase a product, to act in a more healthy devices and domains are discussed. The following list describes several fields and future es of this data-drenched improve their performance at work. They state that the “realiti gs by Atzori et al (2010) and areas of application, based on a survey on the Internet of Thin about privacy and people’s abi lities to control their own world raise substantial concerns a report by the Pew Research Center (2014): lives”. If “everyday activities are monitored and people are ge nerating informational outputs, the level of profiling and targeting will grow and amp lify social, economic, and Personal life, body and healthcare: x Many people will not only wear devices that “give political struggles“. y will also “monitor them feedback on their activities, health and fitness”, but the others” – for example, their “c also wearing sensors, or hildren or employees”, who are “ Some of the experts interviewed expressed their concerns that t he automated feedback Algorithms moving in and out of places that ospitals, applications have sensors” (Pew 2014). In h and stimulation loops used, as w cisions on humans could ell as the algorithms making de and control aff, patients and medical inven tory, identifying and could include the tracking of st have negative social consequences. Sensors and wearables are us ually introduced because authenticating people, the monit oring of health indicators and medication, and the dvance a collective good“. of “some company’s business strategy” and not “necessarily to a remote monitoring of patients at home. In personal life, sensor -equipped places, goods or controlling populations”. The Internet of Things could be “an incredible, powerful tool f rking. Also the location ated with apps and social netwo or other objects could be integr Therefore, it is important to di trol of it. In addition, the scuss who is going to be in con of personal belongings could be tracked in order to prevent los s and theft (Atzori et al ch a large network” could be “t oo difficult to maintain and “kind of complexity caused by su 2010). ces”. evolve well” and may lead to “complicated, unintended consequen In 2013, the U.S. Federal Trade Commission hosted a workshop tit led “The Internet of Security risks o the resulting report Things: Privacy and Security in a Connected World”. According t 318 Gartner (2015): Gartner Says 6.4 Billion Connected "Things" Wi ll Be in Use in 2016, Up 30 320 Percent From 2015. Press Release, 10.11.2015. Online: rojekt-industrie-4-0-848.html [26.07.2016] https://www.bmbf.de/de/zukunftsp 321 http://www.gartner.com/newsroom/id/3165317 [24.07.2016] ATKearney (2014): The Internet of Things: Opportunity for Insu rers. December 2014. Online: 319 10bn milestone in 2015. IDTechEx (2015): IDTechEx Research finds RFID market exceeds $ https://www.atkearney.com/digita red-article/- l-business/ideas- insights/featu 19.10.2015. Online: http://www.idtechex.com/research/articles/i dtechex-research-finds-rfid- /asset_publisher/Su8nWSQlHtbB/content/internet-of-things-opport unity-for-insurers/10192 market-exceeds-10bn-milestone-in-2015-00008567.asp [25.07.2016] [01.08.2016] 70 71 70

71 increase to 20.8 billion 2015, thereof 3 billion in the co nsumer space, and predicts an Homes, offices and other buildings : Many devices and facilities in buildings will soon x 318 connected objects by 2020. ed to the Internet such as frid be equipped with sensors connect ges, ovens and coffee machines, door locks, heating, ai r condition, lighting, water p ipes and fire alarms (Pew radio-frequency used on For many years, the debate about the Internet of Things was foc RFID tags 2014). This is not only true for homes, but also for offices, i ndustrial plants or leisure “radio waves to automatically identify and identification (RFID) , a technology that uses leading the environments. In addition, electrical devices could automatical ly switch on and off transponders or tags located on objects can track individual items” (ITU 2005). RFID way based on energy prices, which are dynamically changed by the en ergy providers (Atzori readers carry information which RFID can access remotely. RFID technology partly 2014). et al 2010) – as a result of “self regulating power grids” (Pew replaced barcodes in many fields. Tags are attached to differen t objects from shopping items and passports to containers. RFID transponders do not sol ely store codes that can City, infrastructure and transportation: Not only “cars, trains, buses as well as x rmation such as fingerprints uniquely identify an object, but can also store additional info network connec ensors, tags and bicycles” become equipped with s tions (Atzori et al has clothes to medicine and ID cards or photos. The use of tags within goods from 2010), but also streets, building ould capture data on their s and bridges. These objects c cerns were raised that already caused many debates regarding privacy. For example, con condition or on pollution levels. The sensor data may be used f or public safety or traffic accessed without the data on RFID tags attached to goods or ID cards could be control, and might even be synchronized with data about people’s “eating and al istance (see Sterbik-Lamina et , through materials and from a d consumers’ knowledge s mentioned include -day calendars”. Other example commuting habits and their day-to 319 2009). In 2015, an estimated numbe re sold. r of 9.1 billion RFID tags we municipal trashcans that “signal when they need to be emptied” and paper towel dispensers in restrooms which “signal when they need to be refi lled” (Pew 2014). However, RFID is just one of a variety of technologies used tod ay to connect the physical Invisible like wireless technologies such as world with digital networks. Apart from a wide range of the wires in : In factories, both machines and production parts are Manufacturing and commerce x GSM, UMTS, LTE, Wi-Fi, Bluetooth, NFC and localization technologies such as GPS the walls equipped with RFID tags, sensors and other elements of informat ion technology. help to record data Sensors tracking, the development of sensors plays an important role. is designed to track every si ngle event from the Similarly, the whole supply chain from the physical world and to m ake it usable for digital proce ssing, often in real-time. manufacturing of goods to logistics and retail. Managers can no t only oversee the entire Due to integration of small computers with network connections and a variety of sensors get a “global view on all the production process, but can also elements and the possible in everyday objects, these computers become ubiquitous. Consequ ently, this gives rise to side effects of a production line delay due to shop-floor devic e malfunctions” (Atzori et 320 (see and Ubiquitous Computing the use of terms such as Pervasive Computing ie 4.0”. al 2010). In Germany, this is discussed under the term “Industr er (1991) stated, all Spiekermann and Pallas 2005). As Mark Weis these computers will ers” by a consulting firm A report about “The Internet of Things: Opportunities for Insur Societal become more and more invisible – “like the wires in the walls”. explains that insurers could “use IoT-enriched relationships to connect more holistically implications 321 bates concerning the Smartphones and laptop computers are sometimes excluded from de Fields of Similarly, many of the 1,606 experts to customers and influence their behaviors”. ny other devices often Internet of Things. Since today’s smartphones, wearables and ma application interviewed by Pew Research (2014) expect that “incentives to t ry to get people to change share a very similar set of sens ftware, the lines between ors, network connections and so their behavior” will become a “major driver” of the Internet of Things, for example to them become more and more blurred. But within the Internet of T hings, many other or safe manner or to motivate people to purchase a product, to act in a more healthy devices and domains are discussed. The following list describes several fields and future es of this data-drenched improve their performance at work. They state that the “realiti gs by Atzori et al (2010) and areas of application, based on a survey on the Internet of Thin about privacy and people’s abi lities to control their own world raise substantial concerns a report by the Pew Research Center (2014): lives”. If “everyday activities are monitored and people are ge nerating informational outputs, the level of profiling and targeting will grow and amp lify social, economic, and Personal life, body and healthcare: x Many people will not only wear devices that “give political struggles“. y will also “monitor them feedback on their activities, health and fitness”, but the others” – for example, their “c also wearing sensors, or hildren or employees”, who are “ Some of the experts interviewed expressed their concerns that t he automated feedback Algorithms moving in and out of places that ospitals, applications have sensors” (Pew 2014). In h and stimulation loops used, as w cisions on humans could ell as the algorithms making de and control aff, patients and medical inven tory, identifying and could include the tracking of st have negative social consequences. Sensors and wearables are us ually introduced because authenticating people, the monit oring of health indicators and medication, and the dvance a collective good“. of “some company’s business strategy” and not “necessarily to a remote monitoring of patients at home. In personal life, sensor -equipped places, goods or controlling populations”. The Internet of Things could be “an incredible, powerful tool f rking. Also the location ated with apps and social netwo or other objects could be integr Therefore, it is important to di trol of it. In addition, the scuss who is going to be in con of personal belongings could be tracked in order to prevent los s and theft (Atzori et al ch a large network” could be “t oo difficult to maintain and “kind of complexity caused by su 2010). ces”. evolve well” and may lead to “complicated, unintended consequen In 2013, the U.S. Federal Trade Commission hosted a workshop tit led “The Internet of Security risks o the resulting report Things: Privacy and Security in a Connected World”. According t 318 Gartner (2015): Gartner Says 6.4 Billion Connected "Things" Wi ll Be in Use in 2016, Up 30 320 Percent From 2015. Press Release, 10.11.2015. Online: rojekt-industrie-4-0-848.html [26.07.2016] https://www.bmbf.de/de/zukunftsp 321 http://www.gartner.com/newsroom/id/3165317 [24.07.2016] ATKearney (2014): The Internet of Things: Opportunity for Insu rers. December 2014. Online: 319 10bn milestone in 2015. IDTechEx (2015): IDTechEx Research finds RFID market exceeds $ https://www.atkearney.com/digita red-article/- l-business/ideas- insights/featu 19.10.2015. Online: http://www.idtechex.com/research/articles/i dtechex-research-finds-rfid- /asset_publisher/Su8nWSQlHtbB/content/internet-of-things-opport unity-for-insurers/10192 market-exceeds-10bn-milestone-in-2015-00008567.asp [25.07.2016] [01.08.2016] 71 71 70

72 328 which was released in 2015, part et Of Things presents “a icipants warned that the Intern ty The European Union plans to “replace at least 80% of electrici household members”. 329 to do so”. meters with smart meters by 2020 wherever it is cost-effective variety of potential security risks that could be exploited to harm consumers” – ranging from “unauthorized access and misu o companies which se of personal information” t Smart TVs : According to an investigation by a UK-based organization in 2 014 Smart TVs Telescreens loyment decisions”. might use the recorded data to “make credit, insurance, and emp from LG , Samsung , , Panasonic Sony and Toshiba were tracking the viewing habits of Consequently, the main discussion focused on long-standing prin ciples such as “security, consumers “to some degree”. Some of them also transferred infor mation about websites data minimization, notice, and choice” (see FTC 2015). 330 In visited, files watched from USB sticks, location and postcode d ata to manufacturers. Natasha Lomas from the tech industry blog wrote in 2015: “Imagine what TechCrunch Everywhere, Samsung 2015, the voice recognition features of ’s devices caused a large public debate. le’ Internet — which is both kind of surveillance opportunities are opened up by an ‘invisib but nowhere “spoken words warned users in its privacy policy to "be aware” that if their Samsung everywhere but also perceptually submit to its data- nowhere, encouraging users to on will be among the data her sensitive information, that informati include personal or ot mining embrace without objection”. Subsequently, she concludes: “ In the offline world oice Recognition". hird party through your use of V captured and transmitted to a t The key we have cars and roads. We also have speed limits — for a reason. Presumably, this feature was perceived as especially invasive, because TVs which are imperative for regulators now, as we are propelled towards a mo re densely-packed listening to what is spoken bring the “telescreens” in George O rwell’s famous novel “1984” 322 331 332 s speed limits. And fast”. universe of connected devices, is coming up with the sensornet’ Samsung Currently, allows users to deactivate voice recognition. Still, into mind. he lives of consumers. or detailed information about t Smart TVs can be a rich source f 4.4.1 Examples – from body and home to work and public space E-readers ng behavior to : Many devices transfer detailed information about users’ readi Analyzing In the context of the Internet of ysical objects include sensors Things already billions of ph companies, for example, which books they read, how far readers get, how long they spend readers and network connections. Devices that monitor activities, bodie s and health of human 333 That not reading, which passages were read and what was highlighted or a nnotated. sk. Smartphones and apps, beings are the most relevant but also may put individuals at ri ce how books are written in eaders, but could also influen only allows deep insights about r he “connected car” have been e xamined in previous health and fitness trackers and t popular and what isn’t. the future, due to the detailed methods of analysis of what is chapters. With a focus on privacy aspects, the following sectio n lists additional examples for devices, platforms and applications in several fields of li fe: BioSport , a headphone model developed by in Biometric headphones : SMS Audio Small 334 s wearable cooperation with Intel or. , measures the heart rate of users with a built-in optical sens 323 Google at home was acquired by In 2014, Nest Labs Connected thermostats and smoke alarms: 335 , which is The German company Bragi offers a small wireless headphone model 324 They offer a “learning” thermostat including Wi-Fi and for 3.2 billion dollars. Google 336 equipped with “27 sensors” to measure steps, distances, breaths and heart rate. s for temperature, humidity, am bient light, near-field Bluetooth connections and sensor 325 cking-based dental insurance plan : Today, several Toothbrushes that include a tra Connected It records data about the everyday behavior of residents and and far-field activity. e market, for example by toothbrushes that can transfer d ata to apps are available on th insurance plan Nest also offers ind oor cameras and temperature accordingly. offers to manage the room 337 Beam The U.S.-based company goes one step further. They . Oral-B major brands such as “smoke + CO” alarms, which are also equipped with network connections and various 326 offer dental insurance plans inc ch “measures progress and luding a toothbrush device, whi According to the Wallstreet sensors, including a microphone and an occupancy sensor. their website members can rewards users for improving their dental health”. According to a few months after the Google Journal, Nest Labs started to share user data with 327 ch is calculated on the get up to 25% discount depending on their “brushing score”, whi t home or not”. acquisition, including information about “when Nest users are a energy “networked metering devices” for the measurement of electrical are Smart meters Behavioral orded data back to the r and gas, which report the rec consumption, sometimes also wate patterns from conds”. There has been a utility provider, sometimes “with an interval of as low as 2 se energy usage years. Data from smart debate on the privacy implications of these devices for several 328 l patterns for individual meters “could be used to very accurately identify the behaviora Jobst, Martin Erich (2013): Security and Privacy in the Smart Energy Grid. Seminars FI / IITM / ACN SS2013, Network Architectures and Services, August 2013. DO I: 10.2313/NET-2013-08-1_21. Online: https://www.net.in.tum.d e/fileadmin/TUM/NET/NET-2013-08 -1/NET-2013-08-1_21.pdf 329 art-grids-and-meters https://ec.europa.eu/energy/en/topics/markets-and-consumers/sm [25.07.2016] 330 Laughlin, Andrew (2014): Smart TV spying – are you watching TV , or is it watching you? Which? Magazine, 20.08.2014. Online: http://blogs.which.co.uk/technolo gy/tvs/smart-tv-spying-weve- investigated [25.07.2016] 331 Orwell, George (1949): 1984. Secker and Warburg, London. 332 322 Lomas, Natasha (2015): What Happens To Privacy When The Intern et Is In Everything? 6] http://www.samsung.com/uk/info/ privacy-SmartTV.html [25.07.201 333 TechCrunch, Jan 25, 2015. Online: https://techcrunch.com/2015/0 1/25/what-happens-to-privacy- Street Journal, 19.07.2012. -Book Is Reading You. The Wall Alter, Alexandra (2012): Your E when-the-internet-is-in-everything [02.08.2016] Online: 323 http://online.wsj.com/news/articles/SB1000142405270230487030457 7490950051438304 https://nest.com [24.07.2016] 324 [25.07.2016] Wohlsen, Marcus (2014): What Google Really Gets Out of Buying Nest for $3.2 Billion. Wired, 334 ion-nest-buy-finally-make- 14.01.2014. Online: http://www.wired.com/2014/01/googles-3-bill Ultra-marathoners, Aspirational nes Will Optimize Workouts for Intel (2014): Biometric Headpho internet-things-real-us [24.07.2016] Exercisers and Everyone in Between. Pressemeldung, 14.08.2014. Cited 21.02.2016 325 http://newsroom.intel.com/community/intel_newsroom/blog/2014/08 /14/intel-and-sms-audio- https://store.nest.com/product/thermostat/ 326 to-supercharge-fitness-wearables https://store.nest.com/product/smoke-co-alarm/ 327 335 Winkler, Rolfe; Alistair Barr ( http://www.bragi.com 2014): Nest to Share User Infor mation With Google for the First 336 Time. WSJ Digits, 24.06.2014. Online: http://blogs.wsj.com/digi ts/2014/06/24/nest-to-share-user- http://cdn.bragi.com/www/2016/07/12141138/2.0PR-1207-LATEST.pd f [25.07.2016] 337 information-with-google-for-first-time [24.07.2016] http://connectedtoothbrush.com 72 73 72

73 328 household members”. ty The European Union plans to “replace at least 80% of electrici et Of Things presents “a icipants warned that the Intern which was released in 2015, part 329 meters with smart meters by 2020 wherever it is cost-effective to do so”. harm consumers” – ranging variety of potential security risks that could be exploited to se of personal information” t from “unauthorized access and misu o companies which Smart TVs : According to an investigation by a UK-based organization in 2 014 Smart TVs Telescreens might use the recorded data to “make credit, insurance, and emp loyment decisions”. from LG , Samsung , , Panasonic Sony and Toshiba were tracking the viewing habits of Consequently, the main discussion focused on long-standing prin ciples such as “security, consumers “to some degree”. Some of them also transferred infor mation about websites data minimization, notice, and choice” (see FTC 2015). 330 In visited, files watched from USB sticks, location and postcode d ata to manufacturers. Natasha Lomas from the tech industry blog wrote in 2015: “Imagine what TechCrunch Everywhere, Samsung 2015, the voice recognition features of ’s devices caused a large public debate. le’ Internet — which is both kind of surveillance opportunities are opened up by an ‘invisib but nowhere “spoken words warned users in its privacy policy to "be aware” that if their Samsung everywhere but also perceptually submit to its data- nowhere, encouraging users to on will be among the data her sensitive information, that informati include personal or ot mining embrace without objection”. Subsequently, she concludes: “ In the offline world oice Recognition". hird party through your use of V captured and transmitted to a t The key we have cars and roads. We also have speed limits — for a reason. Presumably, this feature was perceived as especially invasive, because TVs which are imperative for regulators now, as we are propelled towards a mo re densely-packed listening to what is spoken bring the “telescreens” in George O rwell’s famous novel “1984” 322 331 332 s speed limits. And fast”. universe of connected devices, is coming up with the sensornet’ Samsung Currently, allows users to deactivate voice recognition. Still, into mind. he lives of consumers. or detailed information about t Smart TVs can be a rich source f 4.4.1 Examples – from body and home to work and public space E-readers ng behavior to : Many devices transfer detailed information about users’ readi Analyzing In the context of the Internet of ysical objects include sensors Things already billions of ph companies, for example, which books they read, how far readers get, how long they spend readers and network connections. Devices that monitor activities, bodie s and health of human 333 reading, which passages were read and what was highlighted or a nnotated. That not sk. Smartphones and apps, beings are the most relevant but also may put individuals at ri ce how books are written in eaders, but could also influen only allows deep insights about r he “connected car” have been e xamined in previous health and fitness trackers and t popular and what isn’t. the future, due to the detailed methods of analysis of what is chapters. With a focus on privacy aspects, the following sectio n lists additional examples for devices, platforms and applications in several fields of li fe: BioSport , a headphone model developed by in Biometric headphones : SMS Audio Small 334 s cooperation with Intel , measures the heart rate of users with a built-in optical sens or. wearable 323 was acquired by Google at home In 2014, Nest Labs Connected thermostats and smoke alarms: 335 , which is The German company Bragi offers a small wireless headphone model 324 They offer a “learning” thermostat including Wi-Fi and for 3.2 billion dollars. Google 336 equipped with “27 sensors” to measure steps, distances, breaths and heart rate. s for temperature, humidity, am bient light, near-field Bluetooth connections and sensor 325 cking-based dental insurance plan : Today, several Toothbrushes that include a tra Connected It records data about the everyday behavior of residents and and far-field activity. e market, for example by toothbrushes that can transfer d ata to apps are available on th insurance plan Nest also offers ind oor cameras and temperature accordingly. offers to manage the room 337 Beam The U.S.-based company goes one step further. They . Oral-B major brands such as “smoke + CO” alarms, which are also equipped with network connections and various 326 offer dental insurance plans inc ch “measures progress and luding a toothbrush device, whi According to the Wallstreet sensors, including a microphone and an occupancy sensor. their website members can rewards users for improving their dental health”. According to a few months after the Google Journal, Nest Labs started to share user data with 327 ch is calculated on the get up to 25% discount depending on their “brushing score”, whi t home or not”. acquisition, including information about “when Nest users are a energy “networked metering devices” for the measurement of electrical are Smart meters Behavioral orded data back to the r and gas, which report the rec consumption, sometimes also wate patterns from conds”. There has been a utility provider, sometimes “with an interval of as low as 2 se energy usage years. Data from smart debate on the privacy implications of these devices for several 328 l patterns for individual meters “could be used to very accurately identify the behaviora Jobst, Martin Erich (2013): Security and Privacy in the Smart Energy Grid. Seminars FI / IITM / ACN SS2013, Network Architectures and Services, August 2013. DO I: 10.2313/NET-2013-08-1_21. Online: https://www.net.in.tum.d e/fileadmin/TUM/NET/NET-2013-08 -1/NET-2013-08-1_21.pdf 329 art-grids-and-meters https://ec.europa.eu/energy/en/topics/markets-and-consumers/sm [25.07.2016] 330 Laughlin, Andrew (2014): Smart TV spying – are you watching TV , or is it watching you? Which? Magazine, 20.08.2014. Online: http://blogs.which.co.uk/technolo gy/tvs/smart-tv-spying-weve- investigated [25.07.2016] 331 Orwell, George (1949): 1984. Secker and Warburg, London. 332 322 Lomas, Natasha (2015): What Happens To Privacy When The Intern et Is In Everything? 6] http://www.samsung.com/uk/info/ privacy-SmartTV.html [25.07.201 333 TechCrunch, Jan 25, 2015. Online: https://techcrunch.com/2015/0 1/25/what-happens-to-privacy- Street Journal, 19.07.2012. -Book Is Reading You. The Wall Alter, Alexandra (2012): Your E when-the-internet-is-in-everything [02.08.2016] Online: 323 http://online.wsj.com/news/articles/SB1000142405270230487030457 7490950051438304 https://nest.com [24.07.2016] 324 [25.07.2016] Wohlsen, Marcus (2014): What Google Really Gets Out of Buying Nest for $3.2 Billion. Wired, 334 ion-nest-buy-finally-make- 14.01.2014. Online: http://www.wired.com/2014/01/googles-3-bill Ultra-marathoners, Aspirational nes Will Optimize Workouts for Intel (2014): Biometric Headpho internet-things-real-us [24.07.2016] Exercisers and Everyone in Between. Pressemeldung, 14.08.2014. Cited 21.02.2016 325 http://newsroom.intel.com/community/intel_newsroom/blog/2014/08 /14/intel-and-sms-audio- https://store.nest.com/product/thermostat/ 326 to-supercharge-fitness-wearables https://store.nest.com/product/smoke-co-alarm/ 327 335 Winkler, Rolfe; Alistair Barr ( http://www.bragi.com 2014): Nest to Share User Infor mation With Google for the First 336 Time. WSJ Digits, 24.06.2014. Online: http://blogs.wsj.com/digi ts/2014/06/24/nest-to-share-user- http://cdn.bragi.com/www/2016/07/12141138/2.0PR-1207-LATEST.pd f [25.07.2016] 337 information-with-google-for-first-time [24.07.2016] http://connectedtoothbrush.com 73 73 72

74 338 basis of the recorded data. The company’s CEO explained in 2013 that they were communicate with the digital platform to identify his sweat typ e—which will determine 339 349 “actually not interested in toothbrushes at all”, but in “healt h data”. sodium, electrolyte, and additional fluid-intake needs.” 340 is a small wearable device, which monitors breathing Locating and monitoring retail and sales staff : Theatro Spire : Respiratory Monitoring markets itself as a system for Breathing and Monitoring n-dense data stream”, respiration as an “informatio patterns and steps. They describe “in-store communication and hourl n a wearable for y worker productivity” based o customers and state of mind 350 In addition to voice communication which has “many components to it such as rate, depth, inhalatio n-to-exhalation ratio employees in retail, hospitality, and manufacturing. workers romises to measure “social int eraction data to understand and indoor location tracking it p (IER), durations of inhalation, retention, exhalation, and hold , consistency, smoothness, d who the top performers are” a nd to give managers what’s impacting productivity an Spire pp transition, and so on”. In combination with the corresponding a promises not only 351 “unprecedented insights into what [their] employees do”. nd their “daily activity and rs “sit, stand, and lay down” a give insights into how often use state of mind”, but also insights into how to maintain “balance and focus, preventing In-store tracking in retail: Brickstream offers devices that combine video, Wi-Fi and 341 burnout”. iBeacon technology for “traffic counting, labor optimization, a nd in-store analytics”. It had triggered a lot of attention and Smart Glasses: The introduction of Google Glass provides “detailed data on wifi enabled devices in or near the store site” that can be used Google Glass ia Wi-Fi and Bluetooth and debate. It contained a built-in computer, network connections v to analyze customer behavior, for example, to feed “loyalty pro gram and incentive at Work 352 342 data”. stopped offering its headset Google several sensors, including microphone and camera. 343 But still, similar head-worn displays are relevant in several to consumers in 2015. 353 provides street lighting PennSMART Street lighting, including video monitoring : Smart city r main purpose is to contexts from entertainment to manufacturing and medicine. Thei devices, which “discreetly monitor, detect and analyze activity that takes place in the surveillance “provide users with information and services relevant for their contexts and useful for the vulnerable areas under the trees” including “360-degree motion sensor video cameras”, 344 Therefore, these devices have to be capable of recognizing users to perform their tasks”. 354 breaking sensors. facial recognition, license plate readers and gunshot and glass behavior and also possess the other persons, objects and their ability to draw conclusions. 345 Glass at Work Currently, Google for business customers. is offering IBM’s IoT for Insurance : IBM has announced a service, w hich offers insurers a “full 3 60- Sensor degree context of their policyhol trieved from the Internet of ders” including information re equipped Owlet Baby Care Sensor-equipped clothes for babies offers a “smart sock”, which : Electronic Things. Insurers can “utilize the data derived from all types o f devices as well as external insurance risk orded information to an measures the heart rate and oxygen levels and transmits the rec ankle bracelets sments”. They mention sources, such as weather data” to perform “real time risk asses assessment 346 Baby Monitor The Rest Devices is built into a bodysuit, tr of acks a baby’s “breathing, app. for babies “intelligent wellness/workers”, “intelligent home & buildings”, “intelligent cars/fleet” and sleeping temperature, body position, activity level, and whether they are awake and “intelligent assets & equipment” as examples of sensor-equipped environments, which asleep” and transmits this infor mation to the parents smartphon e, along with “live audio”. insurers could base their programs on. Parents can “share the information with as many caregivers as t hey like” and connect it to 347 the thermostats and indoor cams from Google ’s Nest . In cooperation with the design and innovation consultancy Controlling body functions: Sensors control , the PepsiCo Smart Design subsidiary Gatorade developed a range of products that drinking and a. The company also works on bi measure and track individual dat osensors that are used eating 348 “[T]he brand has develo ped a suite of products to measure athletes' nutrition levels. behavior and technologies that work together to measure and track indivi duals’ data. [...] A patch, like a near-field communication chip-enabled Band-Aid, will ana lyze a player’s sweat and 338 https://www.beam.dental [25.07.2016] 339 Kaye, Kate (2015): Your Toothbrush Data Will Get You a Deal at the Dentist (Depending). AdvertisingAge, 18.05.2015. Online: http://adage.com/article/da tadriven-marketing/toothbrush- data-a-deal-dentist/298655 [25.07.2016] 340 https://spire.io 341 https://www.spire.io/faq.html [26.07.2016] 342 016] https://support.google.com/glass/answer/3064128?hl=en [26.07.2 343 Eadicicco, Lisa (2015): See the New Version of Google’s Wildes t Product. Time, 29.12.2015. Online: http://time.com/4163067/google-glass-2-photos-2015 [26. 07.2016] 344 and social implications. Ubiquitous Bertarini, Marica (2014): Smart glasses: Interaction, privacy 349 Computing Seminar, FS2014, Student report, ETH Zurich. Online: -in-the-game [11.08.2016] 9/tech-forecast/gatorade-gets http://www.fastcompany.com/305491 350 ni_SmartGlasses_report.pdf 014/UCS/reports/MaricaBertari https://www.vs.inf.ethz.ch/edu/FS2 evolution [25.07.2016] http://theatro.com/leading-heads-hands-free-mobile-workforce-r 345 351 https://developers.google.com/gl http://theatro.com/what-we-provide [25.07.2016] ass/distribute/glass-at-work [ 26.07.2016] 346 352 http://brickstream.com/home-3DPlus.html [02.08.2016] http://www.owletcare.com [25.07.2016] 347 353 http://mimobaby.com/product/ [25.07.2016] http://www.pennsmartlighting.com 354 348 l-fitness-1457640150 ade-sets-its-sights-on-digita http://www.sensorsmag.com/news/tech-product/news/smart-iot-lig http://www.wsj.com/articles/gator hting-brings-surveillance- and-safety-21662 [26.07.2016] [11.08.2016] 74 75 74

75 338 communicate with the digital platform to identify his sweat typ e—which will determine The company’s CEO explained in 2013 that they were basis of the recorded data. 339 349 sodium, electrolyte, and additional fluid-intake needs.” “actually not interested in toothbrushes at all”, but in “healt h data”. 340 is a small wearable device, which monitors breathing Locating and monitoring retail and sales staff Respiratory Monitoring Theatro markets itself as a system for Spire : : Breathing and Monitoring n-dense data stream”, respiration as an “informatio patterns and steps. They describe “in-store communication and hourl n a wearable for y worker productivity” based o customers and state of mind 350 In addition to voice communication which has “many components to it such as rate, depth, inhalatio n-to-exhalation ratio employees in retail, hospitality, and manufacturing. workers romises to measure “social int eraction data to understand and indoor location tracking it p (IER), durations of inhalation, retention, exhalation, and hold , consistency, smoothness, d who the top performers are” a nd to give managers what’s impacting productivity an Spire pp transition, and so on”. In combination with the corresponding a promises not only 351 “unprecedented insights into what [their] employees do”. nd their “daily activity and rs “sit, stand, and lay down” a give insights into how often use state of mind”, but also insights into how to maintain “balance and focus, preventing In-store tracking in retail: Brickstream offers devices that combine video, Wi-Fi and 341 burnout”. iBeacon technology for “traffic counting, labor optimization, a nd in-store analytics”. It had triggered a lot of attention and Smart Glasses: The introduction of Google Glass provides “detailed data on wifi enabled devices in or near the store site” that can be used Google Glass ia Wi-Fi and Bluetooth and debate. It contained a built-in computer, network connections v to analyze customer behavior, for example, to feed “loyalty pro gram and incentive at Work 352 342 data”. stopped offering its headset Google several sensors, including microphone and camera. 343 But still, similar head-worn displays are relevant in several to consumers in 2015. 353 provides street lighting PennSMART Street lighting, including video monitoring : Smart city r main purpose is to contexts from entertainment to manufacturing and medicine. Thei devices, which “discreetly monitor, detect and analyze activity that takes place in the surveillance “provide users with information and services relevant for their contexts and useful for the vulnerable areas under the trees” including “360-degree motion sensor video cameras”, 344 Therefore, these devices have to be capable of recognizing users to perform their tasks”. 354 breaking sensors. facial recognition, license plate readers and gunshot and glass behavior and also possess the other persons, objects and their ability to draw conclusions. 345 Glass at Work Currently, Google for business customers. is offering IBM’s IoT for Insurance : IBM has announced a service, w hich offers insurers a “full 3 60- Sensor degree context of their policyhol trieved from the Internet of ders” including information re equipped Owlet Baby Care Sensor-equipped clothes for babies offers a “smart sock”, which : Electronic Things. Insurers can “utilize the data derived from all types o f devices as well as external insurance risk orded information to an measures the heart rate and oxygen levels and transmits the rec ankle bracelets sments”. They mention sources, such as weather data” to perform “real time risk asses assessment 346 Baby Monitor The Rest Devices is built into a bodysuit, tr of acks a baby’s “breathing, app. for babies “intelligent wellness/workers”, “intelligent home & buildings”, “intelligent cars/fleet” and sleeping temperature, body position, activity level, and whether they are awake and “intelligent assets & equipment” as examples of sensor-equipped environments, which asleep” and transmits this infor mation to the parents smartphon e, along with “live audio”. insurers could base their programs on. Parents can “share the information with as many caregivers as t hey like” and connect it to 347 the thermostats and indoor cams from Google ’s Nest . In cooperation with the design and innovation consultancy Controlling body functions: Sensors control , the PepsiCo Smart Design subsidiary Gatorade developed a range of products that drinking and a. The company also works on bi measure and track individual dat osensors that are used eating 348 “[T]he brand has develo ped a suite of products to measure athletes' nutrition levels. behavior and technologies that work together to measure and track indivi duals’ data. [...] A patch, like a near-field communication chip-enabled Band-Aid, will ana lyze a player’s sweat and 338 https://www.beam.dental [25.07.2016] 339 Kaye, Kate (2015): Your Toothbrush Data Will Get You a Deal at the Dentist (Depending). AdvertisingAge, 18.05.2015. Online: http://adage.com/article/da tadriven-marketing/toothbrush- data-a-deal-dentist/298655 [25.07.2016] 340 https://spire.io 341 https://www.spire.io/faq.html [26.07.2016] 342 016] https://support.google.com/glass/answer/3064128?hl=en [26.07.2 343 Eadicicco, Lisa (2015): See the New Version of Google’s Wildes t Product. Time, 29.12.2015. Online: http://time.com/4163067/google-glass-2-photos-2015 [26. 07.2016] 344 and social implications. Ubiquitous Bertarini, Marica (2014): Smart glasses: Interaction, privacy 349 Computing Seminar, FS2014, Student report, ETH Zurich. Online: -in-the-game [11.08.2016] 9/tech-forecast/gatorade-gets http://www.fastcompany.com/305491 350 ni_SmartGlasses_report.pdf 014/UCS/reports/MaricaBertari https://www.vs.inf.ethz.ch/edu/FS2 evolution [25.07.2016] http://theatro.com/leading-heads-hands-free-mobile-workforce-r 345 351 https://developers.google.com/gl http://theatro.com/what-we-provide [25.07.2016] ass/distribute/glass-at-work [ 26.07.2016] 346 352 http://brickstream.com/home-3DPlus.html [02.08.2016] http://www.owletcare.com [25.07.2016] 347 353 http://mimobaby.com/product/ [25.07.2016] http://www.pennsmartlighting.com 354 348 l-fitness-1457640150 ade-sets-its-sights-on-digita http://www.sensorsmag.com/news/tech-product/news/smart-iot-lig http://www.wsj.com/articles/gator hting-brings-surveillance- and-safety-21662 [26.07.2016] [11.08.2016] 75 75 74

76 thousands of less known business es which collect, analyze and s ell personal profiles 5. Data Brokers and the Business of Personal Data containing hundreds of attributes about consumers. 359 found in 2013 that data-driven marketing A study by John Deighton and Peter Johnson Consumer data "It’s your data. You have the right to control it, share it and use it how you see fit." st $156 billion in value- sumer data” accounts for at lea relying on “individual-level con worth $156 is addressing its Lotame How the data broker added revenue in the U.S. alone, 71% of it through “services di rectly or indirectly billion? 355 corporate clients on its website, 2016 dependent on data exchanged or rented among firms”. Only 29% of value-added revenues "the power of personal information lies at the heart of surveillance" 2013, p. 7). The study, are based on data services within single firms (Deighton et al Neil M. Richards (2013), Harvard Law Review ’s “Data-Driven Marketing Institute”, Direct Marketing Association commissioned by the ing any “benefits that ata and data services”, exclud is “summing what firms spent on d firms received in exchange for spending on data and data servic es, which commonly As we have seen in the previous chapters, more and more devices , apps, platforms and exceed data costs by 20% to 60%”. our everyday life. Big services are collecting enormous amounts of personal data about Data analytics makes it possible to infer personal details and even predict future behavior sed on “individual-level The following table summarizes the segment-specific revenues ba ioral data about individuals, which seem to be rather based on transactional or behav categorization of consumer data” as estimated in the Deighton study, and offers a insignificant and meaningless. During the last few years, the quantity of data collected by businesses in the marketing data economy – from a marketing per spective: luable economic asset. A companies rapidly increased. Consequently this data became a va ion of personal data. whole new economy emerged around the monetization and exploitat This chapter focuses on today’s personal data ecosystem, on com panies selling access to personal data or to information derived from it to other companies, and on the s. implications and risks these practices bring along for consumer 5.1 the value of personal data The marketing data economy and system, the main corporate This section focuses on the structure of this personal data eco y to draw an accurate and t, buy and sell. It is “not eas actors, and the data they collec reliable picture of the scope, structure and connections” of th is industry, “not least because of its secrecy” (Bria et al 2015, p. 36). The history of the commercial us e of digital personal data rang es back to the 1970s, when Loyalty started to apply direct marketing grew rapidly, and to the 1980s, when companies programs and database marketing concepts. During the 1980s busin r esses did not just learn “thei database ailed personal and customer’s names and addresses”, but also “began to collect det marketing ’ American Airlines trison et al 1993). Beginning with purchasing information” (see Pe 356 companies started to introd uce loyalty programs. These program in 1981, AAdvantage were “intended to help retailers build a more loyal customer ba se, but also provided them with detailed data on their cust omers and their purchasing pref erences” (CMA 2015, p. 22). “continue to be an important source of customer data for busin esses”. Loyalty programs Billions from However, the rise of digital co mmunication technology “has led to a substantial shift in the targeted ads on actual and potential custome ability of firms to gather data rs” (ibid.). Today’s Internet or Facebook generate large parts of their turnovers with targeted giants such as Google e was $59.6 billion in advertising based on personal data. Google’s advertising revenu 357 358 These prominent Facebook ’s advertising revenue w as $11.5 billion in 2014. . 2014 ic. But there are companies are very visible to consumers and to the general publ 355 https://www.lotame.com/resource/its-your-data-you-should-be-ab le-to-do-what-you-want- 359 with-it [01.08.2016] DDMI (2013): The Value of Data: Consequences for Insight, Inno vation, and Efficiency in the U.S. 356 tory.jsp [25.01.2016] https://www.aa.com/i18n/aboutUs/corporateInformation/facts/his arketing Institute (DDMI), Economy. Summary of a study commissioned by DMA’s Data-Driven M 357 October 14, 2013. Online: https://thedma.org/wp-content/uploads /DDMI-Summary-Analysis- https://investor.google.com/financial/tables.html [25.01.2016] 358 Value-of-Data-Study.pdf [25.01.2016] http://investor.fb.com/releasedetail.cfm?ReleaseID=893395 [25. 01.2016] 76 77 76

77 thousands of less known business es which collect, analyze and s ell personal profiles Data Brokers and the Business of Personal Data 5. containing hundreds of attributes about consumers. 359 found in 2013 that data-driven marketing A study by John Deighton and Peter Johnson Consumer data "It’s your data. You have the right to control it, share it and use it how you see fit." st $156 billion in value- sumer data” accounts for at lea relying on “individual-level con worth $156 is addressing its Lotame How the data broker added revenue in the U.S. alone, 71% of it through “services di rectly or indirectly billion? 355 corporate clients on its website, 2016 value-added revenues dependent on data exchanged or rented among firms”. Only 29% of "the power of personal information lies at the heart of surveillance" are based on data services within 2013, p. 7). The study, single firms (Deighton et al Neil M. Richards (2013), Harvard Law Review Direct Marketing Association ’s “Data-Driven Marketing Institute”, commissioned by the ing any “benefits that ata and data services”, exclud is “summing what firms spent on d firms received in exchange for spending on data and data servic es, which commonly , apps, platforms and As we have seen in the previous chapters, more and more devices exceed data costs by 20% to 60%”. services are collecting enormous amounts of personal data about our everyday life. Big Data analytics makes it possible to infer personal details and even predict future behavior The following table summarizes the segment-specific revenues based on “individual-level ioral data about individuals, which seem to be rather based on transactional or behav consumer data” as estimated in the Deighton study, and offers a categorization of insignificant and meaningless. During the last few years, the quantity of data collected by businesses in the marketing data economy – from a marketing per spective: luable economic asset. A companies rapidly increased. Consequently this data became a va ion of personal data. whole new economy emerged around the monetization and exploitat This chapter focuses on today’s personal data ecosystem, on com panies selling access to personal data or to information derived from it to other companies, and on the s. implications and risks these practices bring along for consumer the value of personal data The marketing data economy and 5.1 This section focuses on the structure of this personal data eco system, the main corporate actors, and the data they collec t, buy and sell. It is “not eas y to draw an accurate and is industry, “not least reliable picture of the scope, structure and connections” of th because of its secrecy” (Bria et al 2015, p. 36). e of digital personal data rang es back to the 1970s, when The history of the commercial us Loyalty direct marketing grew rapidly, started to apply and to the 1980s, when companies programs and database marketing concepts. During the 1980s busin esses did not just learn “thei r database customer’s names and addresses”, but also “began to collect det ailed personal and marketing ’ purchasing information” (see Pe trison et al 1993). Beginning with American Airlines 356 companies started to introd uce loyalty programs. These program in 1981, AAdvantage build a more loyal customer ba se, but also provided them were “intended to help retailers omers and their purchasing pref erences” (CMA 2015, p. with detailed data on their cust 22). “continue to be an important source of customer data for busin esses”. Loyalty programs Billions from However, the rise of digital co mmunication technology “has led to a substantial shift in the targeted ads on actual and potential custome ability of firms to gather data rs” (ibid.). Today’s Internet or Facebook generate large parts of their turnovers with targeted giants such as Google e was $59.6 billion in advertising based on personal data. Google’s advertising revenu 357 358 These prominent Facebook ’s advertising revenue w as $11.5 billion in 2014. . 2014 ic. But there are companies are very visible to consumers and to the general publ 355 https://www.lotame.com/resource/its-your-data-you-should-be-ab le-to-do-what-you-want- 359 with-it [01.08.2016] DDMI (2013): The Value of Data: Consequences for Insight, Inno vation, and Efficiency in the U.S. 356 tory.jsp [25.01.2016] https://www.aa.com/i18n/aboutUs/corporateInformation/facts/his arketing Institute (DDMI), Economy. Summary of a study commissioned by DMA’s Data-Driven M 357 October 14, 2013. Online: https://thedma.org/wp-content/uploads /DDMI-Summary-Analysis- https://investor.google.com/financial/tables.html [25.01.2016] 358 Value-of-Data-Study.pdf [25.01.2016] http://investor.fb.com/releasedetail.cfm?ReleaseID=893395 [25. 01.2016] 77 77 76

78 ays $200 a year more for In an interview, Deighton estimated that an average household p What is the Value -added revenues (in billi on $) d Business Description Segment products when “declining to join rograms”. Participating supermarket frequent shopper p e of valu Indirectly Directly Total dependent contri- dependent on “airline frequent flyer and hotel frequent guest programs” w ould “amount to discounts personal data? 361 data on on data bution Another study suggests that of 1 to 5 percent over the pri ces paid by non-subscribers”. exchanged exchanged Deighton “may understate the individual value of customer’s dat a to companies and to the or rented or rented er”, when the customer p. 57). It could be “much high economy” (McConville et al 2014, Agency Holding 7 4 1 Large firms spanning a broad range of services including lifetime value (CLV) is “taken into account”. McConville et al set out that there are “good” creative/media agencies, direct marketing agencies, market Companies who “generate substantial lifetime value, are loyal, and ‘prom ote’ the customers database managemen t, analytics research suppliers, company” – and a disproportionate amount , who are “disloyal, consume “bad” customers Agencies Other independent general agencies 6 1 4 of company resources, and ‘detract’ from the company” (ibid., p . 58). In the financial Strategic Digital Agencies Digital agencies, born in the middle 1990s. 2 0 1 ated “about 6.7x the services and banking industry, loyal “promoter” customers gener Marketing 1 1 2 Direct Agencies “advise their clients on how to aggregate Direct/CRM lifetime value” of a “standard, neutral customer”. Based on Dei ghton and other research, Services Agencies markets of specific individuals”. ggest that a “top-of-the-line loyal, affluent customer’s McConville et al (2014, p. 64) su analyze data for marketing and “collect data Measurement, 1 3 Firms, which 0 data” could be worth $126K to companies in the US” – assuming t hat the company is “in a from public sources, private ‘panels’, purchased third party lytics Ana sector where customer loyalty matters most”. By simply dividing up this value based on ‘owned’ data” sources, and from marketers’ the “individual-level consumer data” of $156 billion and the nu mber of consumer units, 14 4 7 Digital Audience Targeted advertising by online publishers, which "relies they suggest that even a “low- value, disloyal customer, has data worth approximately substantially on individual among firms", -level data traded Assembly $880 per year ” in the U.S. e.g. display, mobile & social advertising publishers like Audience Google, Facebook, Yahoo, MSN, AOL and Twitter. which consumers may be exposed to when “lifetime risk” What they did not discuss is a Consumer Assembly Targeted advertising based on web search results, still 2 2 19 Search Audience ot receiving certain offers sharing personal data. Negative implications could range from n ? lifetime risk and exchanged data”, but less. Assembly depending on “traded or hers, to rejected loan, or discounts, getting worse conditions or higher prices than ot Targeting Audience “Demand Side Platforms (DSPs), Supply Side Platforms 0 4 4 apartment and job applications. What could be the long-term costs for someone , who (SSPs), Data Management Systems (DMSs), Behavioral Data Targeting d rated in a certain way s based on being categorized an experiences negative implication Providers, and Ad Exchanges” by firms? 4 Direct/CRM List brokers and database marketing service providers 7 3 As opposed to the concept of a customer lifetime value, we intr oduce the term “Customer (“data brokers”) including anal ytics, segmenting, scoring, Customer ze the different risks a Lifetime Risk” in an attempt to further concretize and categori matching, appending and database management s ervices. Targeting Prospect / mpanies. customer might bear when exchang ing his (personal) data with co The “individually addressed, direct response advertising 32 1 Posta l Media 24 Customer mail and catalog production and delivery subsystem” and Direct Mail There is limited academic research about the value of personal data, not just from a Relationshi Email marketing service providers (ESPs) Email Marketing 0 1 1 362 . Possible hidden costs company’s perspective but also from a consumer’s perspective p Marketing Telephone Sales 10 2 6 bound call center activity, “Outbound telemarketing” and “in data have rarely been investig and long-term risks when sharing ated in detail. -selling efforts”. which involves upselling or cross 2 0 0 Mobile Targeting “Mobile SMS and app -based CRM services” eCommerce 22 Estimated data -driven revenues of online retailing, e.g. 4 34 Amazon, Staples, Apple iTunes, Wal- Mart and many "small niche retailers" (excluding online advertising payments). -driven Data Loyalty Estimated data -driven revenues of “brick and mortar 5 2 1 Commerce retailing”, particularly ba sed on data collection a nd & exchange through lo yalty programs Fulfillment 4 Fulfillment "Delivery of offline goods into the hands of purchasers", 9 0 only indirectly dependent on data exchanged by other players. 156 78 32 Total Table 18: Revenues of companies in the marketin g data economy that rely on “individual-level consumer data”, adapted from Deighton et al (2013, p. 8) The estimates that the European Federation of Direct Marketing Associations (FEDMA) direct marketing sector “represents an annual expenditure of over 60 billion euros” within 360 the EU. 361 gital Privacy? Harvard Business Salls, M. and Silverthorne, S. (2003): Should You Sell Your Di School. Online: http://hbswk.hbs .edu/item/should-you-sell-your- digital-privacy [25.01.2016] 362 360 For example see Roosendaal (2014) php?id=34 [25.01.2016] http://www.fedma.org/index. 78 79 78

79 ays $200 a year more for In an interview, Deighton estimated that an average household p What is the Value Business Description -added revenues (in billi on $) d Segment supermarket frequent shopper p products when “declining to join rograms”. Participating e of valu Directly Indirectly Total dependent dependent contri- on “airline frequent flyer and hotel frequent guest programs” w ould “amount to discounts personal data? 361 on data data on bution Another study suggests that of 1 to 5 percent over the pri ces paid by non-subscribers”. exchanged exchanged Deighton “may understate the individual value of customer’s dat a to companies and to the or rented or rented er”, when the customer p. 57). It could be “much high economy” (McConville et al 2014, 7 Large firms spanning a broad range of services including 1 4 Agency Holding set out that there are lifetime value (CLV) is “taken into account”. McConville et al “good” creative/media agencies, direct marketing agencies, market Companies customers who “generate substantial lifetime value, are loyal, and ‘prom ote’ the t, analytics research suppliers, database managemen a disproportionate amount , who are “disloyal, consume “bad” customers company” – and A Other independent general agencies 6 1 gencies 4 . 58). In the financial of company resources, and ‘detract’ from the company” (ibid., p Strategic 0 Digital Agencies 1 2 Digital agencies, born in the middle 1990s. ated “about 6.7x the services and banking industry, loyal “promoter” customers gener Marketing 1 Direct Agencies “advise their clients on how to aggregate 2 1 Direct/CRM lifetime value” of a “standard, neutral customer”. Based on Dei ghton and other research, Services Agencies markets of specific individuals”. McConville et al (2014, p. 64) su ggest that a “top-of-the-line loyal, affluent customer’s 3 0 analyze data for marketing and “collect data 1 Measurement, Firms, which data” could be worth $126K to companies in the US” – assuming t hat the company is “in a from public sources, private ‘panels’, purchased third party lytics Ana up this value based on sector where customer loyalty matters most”. By simply dividing sources, and from marketers’ ‘owned’ data” the “individual-level consumer data” of $156 billion and the nu mber of consumer units, 14 7 by online publishers, which "relies 4 Digital Audience Targeted advertising data worth approximately value, disloyal customer, has they suggest that even a “low- level data traded substantially on individual - among firms", Assembly $880 per year ” in the U.S. e.g. display, mobile & social advertising publishers like Audience Google, Facebook, Yahoo, MSN, AOL and Twitter. which consumers may be exposed to when “lifetime risk” What they did not discuss is a Consumer Assembly 2 based on web search results, still Targeted advertising 19 2 Search Audience ot receiving certain offers sharing personal data. Negative implications could range from n ? lifetime risk and depending on “traded or exchanged data”, but less. Assembly or discounts, getting worse conditions or higher prices than ot hers, to rejected loan, Targeting 0 Audience “Demand Side Platforms (DSPs), Supply Side Platforms 4 4 apartment and job applications. What could be the long-term costs for someone , who (SSPs), Data Management Systems (DMSs), Behavioral Data Targeting d rated in a certain way experiences negative implication s based on being categorized an and Ad Exchanges” Providers, by firms? Direct/CRM 3 4 List brokers and database marketing service providers 7 As opposed to the concept of a customer lifetime value, we intr oduce the term “Customer Customer ytics, segmenting, scoring, (“data brokers”) including anal Lifetime Risk” in an attempt to further concretize and categori ze the different risks a ervices. Targeting matching, appending and database management s Prospect / ing his (personal) data with co customer might bear when exchang mpanies. 1 32 24 The “individually addressed, direct response advertising l Media Posta Customer mail and catalog production and delivery subsystem” and Direct Mail There is limited academic research about the value of personal data, not just from a Relationshi 0 1 1 Email marketing service providers (ESPs) Email Marketing 362 . Possible hidden costs company’s perspective but also from a consumer’s perspective p Marketing 2 10 6 Telephone Sales “Outbound telemarketing” and “in bound call center activity, data have rarely been investig ated in detail. and long-term risks when sharing -selling efforts”. which involves upselling or cross 0 0 Mobile Targeting 2 -based CRM services” “Mobile SMS and app 22 Estimated data -driven revenues of online retailing, e.g. 4 34 eCommerce Mart and many "small mazon, Staples, Apple iTunes, Wal- A niche retailers" (excluding online advertising payments). Data - driven Estimated data -driven revenues of “brick and mortar Loyalty 5 1 2 Commerce sed on data collection a nd retailing”, particularly ba & yalty programs exchange through lo Fulfillment Fulfillment "Delivery of offline goods into the hands of purchasers", 9 0 4 only indirectly dependent on data exchanged by other players. 32 78 156 Total g data economy that rely on “individual-level Table 18: Revenues of companies in the marketin consumer data”, adapted from Deighton et al (2013, p. 8) The estimates that the European Federation of Direct Marketing Associations (FEDMA) direct marketing sector “represents an annual expenditure of over 60 billion euros” within 360 the EU. 361 Salls, M. and Silverthorne, S. (2003): Should You Sell Your Di gital Privacy? Harvard Business School. Online: http://hbswk.hbs .edu/item/should-you-sell-your- digital-privacy [25.01.2016] 362 360 For example see Roosendaal (2014) http://www.fedma.org/index. php?id=34 [25.01.2016] 79 79 78

80 ers relevant in Customers’ Non exhaustive list of driv Thoughts on a ‘Customers’ Lifetime Risk’ – an excursus 5.2 ƒ Price discrimination Offer discrimination ƒ Seen modern data analyses and th elds, it becomes reasonable to ask in which e growing number application fi ƒ Limited access to insurance ways the described data collection, processing and disseminatio n might impose risks for individual customers ƒ Limited access to credit Discrimination ƒ Limited access to employment as well as society at large. The draft for a concept we call “C ustomers’ Lifetime Risk” is by no means exhaustive ƒ Disconnection of data from its context, leading to but is rather a first attempt to sketch a concept, which could be further researched. ‚ Misinterpretation and false conclusions ‚ Unfair judgements based on false or outdated data What is Customers’ Lifetime tential risks a customer faces compiles and categorizes the po Customers’ Lifetime Risk (CLR) during and Being targeted when vulnerable ƒ after the exchange of (personal) data with a company as well so cietal risks that arise from the aggregation of Behavioral control (with rewards / punishments) ƒ Manipulation such individual risks. interests ƒ Personalized information campaigns with political or commercial Risks may be based on licit or illicit use of the customer data x Identity theft ƒ x Risks may result from the customer’s own or from the company’s handling of personal data Illicit use of personal data (i.e. stolen credit card data) ƒ Security Risks may relate to various dimensions of negative consequences x ƒ Cyber attacks Threats Information loss and Information leaks ƒ enkatesan and V), a well-established marketing instrument (see V Similar to the Customer Lifetime Value (CL Breaches of confidentiality ƒ to describe the integrity of risks that may occur over the entire time of a Kumar 2004), we developed the CLR ƒ Altering of the behavior ntly differs from that of CLV. business -to-consumer relationship. However, the nature of CLR significa Self-censorship ‚ ‚ Inhibition Conformism ƒ CLR as opposed to CLV Inhibiting impacts on ƒ ilar attempt would be aims to generate a single, monetary value for one person. A sim The calculation of CLV Creativity ‚ Societal neither insightful nor practical for the CLR. The risks of data sharing personal data go beyond financial ‚ Free speech changes opment and self-determination Individual autonomy : Self-devel ‚ losses and go beyond one person’s wellbeing. Impacts on human d ignity or the inhibition of free speech ƒ Digital wildfires Moreover, the perceived impact of a risk cannot be measured in monetary terms or at an individual level. Valuation of self & others based on data ƒ depending on the context as well as over time and can change . For category is relatively subjective ƒ tion methods Ability to speak and act anonymously is inhibited by Identifica posure to some individuals while it is example, the disclosure of one’s gender can be a humiliating ex 363 : systemic and structural harms, causing the enhancement of ƒ “Architectural problems” completely unimportant to others. tutional power risk probabilities or a shift in the balance of social or insti Although CLR cannot be measured in monetary values, like the CL V, it shares some similarity in that it is Public disclosure of private facts and secrets ƒ additive in nature and builds up over the course of a customer -company relationship. It is amplified by a long r ƒ Revelation of information far beyond the expectation of the use lasting, in tensive relationship including many transactions. Misuse and dissemination of data without user’s (informed) cons ƒ ent ƒ Stalking, harassment, Cyber mobbing Individual ƒ Spread of false or misleading information and rumours privacy Which factors influence ƒ Exposure, condemnation ƒ Damage of reputation increase the risk probability, including: antecedent conditions Several ƒ Blackmailing x Duration of the data exchange Invasive advertising (spam, pop ups or telemarketing) ƒ ) x Number of companies the data is shared with (resp. devices used Industrial espionage ƒ Intimacy of the information shared x Creation of monopolies ƒ Security measures taken by user x Less market diversity ƒ x Privacy rights and regulation followed by the data collector ƒ Intransparency Market x Technical options provided to access and analyze personal data ƒ Advantages for national economies where servers are harboured imbalances ƒ Unfair information practices for customers: ‚ Limited knowledge about existence of data records ow it is used ‚ Limited ability to reveal what information is in a record and h Daniel Solove (2006, p.490) provides a c lassification of privacy harms from a legal perspective, which serves formation end a record of identifiable in Limited ability to correct or am ‚ Taxonomy of Privacy CLR. Transferring the insights from Solove’s as a basis for the development of a into our given context, harms that focus on the relationship between ind ividuals and their governments are deliberately waived here. The remaining harms for individuals a nd society at large have been regrouped. They ly expectable against the background of have then been complemented by harms, which seem to be reasonab this report. 363 Solove, D. J. 2004, p.97 80 80 81

81 ers relevant in Customers’ Non exhaustive list of driv Thoughts on a ‘Customers’ Lifetime Risk’ – an excursus 5.2 Price discrimination ƒ ƒ Offer discrimination elds, it becomes reasonable to ask in which e growing number application fi Seen modern data analyses and th ƒ Limited access to insurance ways the described data collection, processing and disseminatio n might impose risks for individual customers ƒ Limited access to credit Discrimination ƒ Limited access to employment ustomers’ Lifetime Risk” is by no means exhaustive as well as society at large. The draft for a concept we call “C ƒ Disconnection of data from its context, leading to be further researched. but is rather a first attempt to sketch a concept, which could ‚ Misinterpretation and false conclusions ‚ Unfair judgements based on false or outdated data What is Customers’ Lifetime during and tential risks a customer faces compiles and categorizes the po Customers’ Lifetime Risk (CLR) ƒ Being targeted when vulnerable after the exchange of (personal) data with a company as well so cietal risks that arise from the aggregation of Behavioral control (with rewards / punishments) ƒ Manipulation such individual risks. interests Personalized information campaigns with political or commercial ƒ Risks may be based on licit or illicit use of the customer data x ƒ Identity theft Risks may result from the customer’s own or from the company’s handling of personal data x Illicit use of personal data (i.e. stolen credit card data) ƒ Security Risks may relate to various dimensions of negative consequences x Cyber attacks ƒ Threats ƒ Information loss and Information leaks Similar to the Customer Lifetime Value (CL enkatesan and V), a well-established marketing instrument (see V ƒ Breaches of confidentiality risks that may occur over the entire time of a Kumar 2004), we developed the CLR to describe the integrity of Altering of the behavior ƒ business -to-consumer relationship. However, the nature of CLR significa ntly differs from that of CLV. Self-censorship ‚ Inhibition ‚ Conformism ƒ CLR as opposed to CLV ƒ Inhibiting impacts on aims to generate a single, monetary value for one person. A sim The calculation of CLV ilar attempt would be ‚ Creativity Societal sharing personal data go beyond financial neither insightful nor practical for the CLR. The risks of data Free speech ‚ changes opment and self-determination Individual autonomy : Self-devel ‚ ignity or the inhibition of free speech losses and go beyond one person’s wellbeing. Impacts on human d Digital wildfires ƒ Moreover, the perceived impact of a risk cannot be measured in monetary terms or at an individual level. Valuation of self & others based on data ƒ . For depending on the context as well as over time relatively subjective and can change category is ƒ tion methods Ability to speak and act anonymously is inhibited by Identifica posure to some individuals while it is example, the disclosure of one’s gender can be a humiliating ex 363 ƒ “Architectural problems” : systemic and structural harms, causing the enhancement of completely unimportant to others. tutional power risk probabilities or a shift in the balance of social or insti Although CLR cannot be measured in monetary values, like the CL V, it shares some similarity in that it is Public disclosure of private facts and secrets ƒ additive in nature and builds up over the course of a customer company relationship. It is amplified by a long - ƒ Revelation of information far beyond the expectation of the use r lasting, in tensive relationship including many transactions. ent Misuse and dissemination of data without user’s (informed) cons ƒ ƒ Stalking, harassment, Cyber mobbing Individual ƒ Spread of false or misleading information and rumours privacy Which factors influence Exposure, condemnation ƒ ƒ Damage of reputation increase the risk probability, including: antecedent conditions Several ƒ Blackmailing Duration of the data exchange x Invasive advertising (spam, pop ups or telemarketing) ƒ Number of companies the data is shared with (resp. devices used ) x Industrial espionage ƒ x Intimacy of the information shared ƒ Creation of monopolies Security measures taken by user x Less market diversity ƒ Privacy rights and regulation followed by the data collector x ƒ Intransparency Market Technical options provided to access and analyze personal data x ƒ Advantages for national economies where servers are harboured imbalances ƒ Unfair information practices for customers: ‚ Limited knowledge about existence of data records ‚ Limited ability to reveal what information is in a record and h ow it is used Daniel Solove (2006, p.490) provides a c from a legal perspective, which serves lassification of privacy harms formation end a record of identifiable in Limited ability to correct or am ‚ as a basis for the development of a CLR. Transferring the insights from Solove’s Taxonomy of Privacy into our ividuals and their governments are given context, harms that focus on the relationship between ind nd society at large have been regrouped. They deliberately waived here. The remaining harms for individuals a ly expectable against the background of have then been complemented by harms, which seem to be reasonab this report. 363 Solove, D. J. 2004, p.97 81 80 81

82 Category Description ompanies to manage risk, including fraud prevention, identity Identity and fraud services, These services help c Category Description scoring and fraud detection 5.3 From marketing data to credit including credit scoring theft products , credit reports, credit scores and credit models. Sometimes also pre- Identity and fraud services, ompanies to manage risk, including fraud prevention, identity These services help c employment drug screening solutions, creden tial verification services, and background theft products including credit scoring , credit reports, credit scores and credit models. Sometimes also pre- A broad range of companies from very different business segments are active in the data checks are provided. tial verification services, and background employment drug screening solutions, creden s that rely on “individual- marketing ecosystem, generating billions of revenue for service Ex amples: Experian, ID Analytics and Equifax. are provided. checks level consumer data”. Yet, the r eport of Deighton et al (2013), which was published on Ex amples: Experian, ID Analytics and Equifax. Beside Customer relations and s loyalty programs which are “one of the main systems to gather consumer behalf of a marketing industry group, misses some important parts of the personal data help information” and “part of the core b usiness” of many data brokers, these services care, including customer Customer relations and Beside s loyalty programs which are “one of the main systems to gather consumer ecosystem. loyalty programs others to “get and retain customers”. Th ey provide list marketing data, strategy, help usiness” of many data care, including information” and “part of the core b brokers, these services customer on of online, marketing technology, creative servic es, media reach, and personalizati loyalty programs others to “get and retain customers”. Th ey provide list marketing data, strategy, The typology developed by the FTC (2014) in its report on data broker covers marketing Risk offline and mobile marketing campaigns. on of online, marketing technology, creative servic es, media reach, and personalizati n’s summary about “data- data, too. On the one hand it has a narrower scope than Deighto management Examples: Epsilon, Bluekai. offline and mobile marketing campaigns. ker industry. For this driven marketing”, because it focuses primarily on the data bro and fraud Examples: Epsilon, Bluekai. Linked to customer care, these companies offer marketing, lead generation, digital Marketing and advertising reason, business sectors such as customer relationship manageme nt (CRM) and e- detection advertising, and targeting: Linked to customer care, these companies offer marketing, lead generation, digital Marketing and advertising overview additionally typology. However, the FTC’s commerce are missing in the FTC’s Example: Criteo. advertising, and targeting: ement services such as includes “people search” companies and the sector of risk manag Example: Criteo. These services provide, for example, “consumer, financial and property information, Predictive analytics identity verification and fraud detection: analytics and services” and develop “predictiv e decision analytics by combining public, services provide, for example, “consumer, financial and property information, These Predictive analytics contributory and proprietary data”. analytics and services” and develop “predictiv e decision analytics by combining public, Offers of Data Brokers Subtype Type Examples: Corelogic, eBureau. contributory and proprietary data”. Marketing Direct marketing Marketing lists: Data brokers provide lists of consumers with specific attributes Examples: Corelogic, eBureau. Other companies specialize in very different services, ranging from online/offline Many (“list broking”). matchi ng, e-mail intelligence and people search to threat intelligence based on the companies specialize in very different services, ranging from online/offline Other Many Data append: Data brokers offer clients the ability to add attributes and profile indexing of web content . ng, e-mail intelligence and people search to threat intelligence based on the matchi information to their existing customer data. Rapleaf, Recorded Future. Examples: Intelius, PeekYou, indexing of web content . -called “registration websit Online marketing es” that “allow consumers Registration targeting: So Rapleaf, Recorded Future. Examples: Intelius, PeekYou, Table 20: Typology of data brokers, adapted from Bria et al (2015) to register or log in to obtain services, such as retail, news, and travel sites” Table 20: Typology of data brokers, adapted from Bria et al (2015) – either to receive send a list of registered users/customers to data brokers According to Bruce Schneier (2015), four basic surveillance str eams existed before the on them or to offer targeted advertising space. additional information Internet: companies keeping records of customers, direct market ing, credit bureaus and According to Bruce Schneier (2015), four basic surveillance str eams existed before the Collaborative targeting: The data broker serves two clients. On the one hand public records from government. T hese four streams. But oday’s data brokers combined t Internet: companies keeping records of customers, direct market ing, credit bureaus and sends a list of users to a potential advertiser, and on the registration website there are many types of companies offering several types of ser vices in the personal data public records from government. T hese four streams. But oday’s data brokers combined t the other hand an advertiser looking for targeted advertising on the economy – from large generalists to small specialists. vices in the personal data there are many types of companies offering several types of ser er and prospect list. registration website sends its custom economy – from large generalists to small specialists. Onboarding: A client sends data about consumer’s offline activities to a data That is why the categories offered by the previous typologies o verlap with each other in Nontransparen broker who adds offline data to profiles tied to cookies and enables clients to it scoring and fraud parts. There are companies that have emerged from payment, cred t verlap with each other in That is why the categories offered by the previous typologies o Nontransparen either “find” and tar where on the Internet” or get existing customers “any detection but then entered the marketing data sphere . Others originated from market networks of parts. There are companies that have emerged from payment, cred it scoring and fraud t ng typically includes target consumers with similar characteristics. Onboardi three steps – segmentation, matching and targeting. vidual level, and ended research but started to aggregate more and more data on an indi data brokers marketing data sphere . Others originated from market detection but then entered the networks of Marketing the ability to analyze thei r customer data in order Data brokers offer clients to predictive analytics and scoring products up developing – including financial scores on research but started to aggregate more and more data on an indi vidual level, and ended data brokers – sometimes based on “hundreds analytics titudes and preferences gain insights about at individuals. Major database and software vendors like Oracle became data brokers (see up developing predictive analytics and scoring products – including financial scores on or thousands of data elements”. Several kinds of marketing “scores” rank the Facebook doesn’t just market its user data, but chapter 5.7). The social networking giant became data brokers (see Oracle individuals. Major database and software vendors like client’s customers and predict future behavior. 364 Although they are not . has also, for example, registere d a patent about credit scoring doesn’t just market its user data, but chapter 5.7). The social networking giant Facebook Some data brokers “assist clients in conf Risk irming the identity of an individual”, Identity 364 , package and sell” their s, mobile carriers also “manage mentioned in the above typologie Although they are not . has also, for example, registere d a patent about credit scoring mitigation often in the form of “scores” indicating the risk associated with a transaction. verification telco data as a service is potentially worth $24.1 customer data – the “global market for mentioned in the above typologie s, mobile carriers also “manage , package and sell” their Some also offer employment verification products, e.g. “that X consumer works 365 But it is not only large corporations that are active in this market. billion this year”. telco data as a service is potentially worth $24.1 customer data – the “global market for for Y employer”. 365 uploading their customer There are mil data to nontransparent lions of small companies But it is not only large corporations that are active in this market. billion this year”. Some data brokers help their client s to “identify or reduce fraud” erify and to v Fraud detection contact information and transaction histories by “detecting pa tterns associated networks of data brokers and mer ne in real-time, often ging it with data gathered onli uploading their customer lions of small companies There are mil data to nontransparent “verifying the reliability or truthfulness with attempted fraud” and in general by without the knowledge of consumers. ging it with data gathered onli ne in real-time, often networks of data brokers and mer of information” submitted by co nsumers – for example, “if a public benefit is without the knowledge of consumers. contingen t on a consumer’s level of income”. on about consumer People search Some data brokers offer “informati s obtained from government and other publicly available sources, such as social media sites” used by mainly intended “for use by individuals, although they can be organizations as well”. Table 19: Typology of data brokers, adapted from FTC (2014) The FTC’s typology still misses a very relevant field. Credit b ureaus, credit reporting 364 Credit bureaus cebook Friends? The Atlantic. Meyer, R. (2015): Could a Bank Deny Your Loan Based on Your Fa m/technology/archive/2015/09/f Online: http://www.theatlantic.co acebooks-new-patent-and- agencies and credit scoring companies are not covered at all. In their comprehensive and credit 364 cebook Friends? The Atlantic. Meyer, R. (2015): Could a Bank Deny Your Loan Based on Your Fa digital-redlining/407287/ [25.01.2016] report on the “Identity Ecosystem” Bria et al (2015, p. 38 et s eq.) have created the m/technology/archive/2015/09/f Online: http://www.theatlantic.co acebooks-new-patent-and- scoring? 365 http://adage.com/article/datadriven-marketing/24-billion-data- business-telcos- digital-redlining/407287/ [25.01.2016] following typology of data brokers: discuss/301058/ [25.01.2016] 365 business-telcos- http://adage.com/article/datadriven-marketing/24-billion-data- discuss/301058/ [25.01.2016] 83 82 82 83

83 Description Category Description Category These services help c ompanies to manage risk, including fraud prevention, identity Identity and fraud services, Identity and fraud services, ompanies to manage risk, including fraud prevention, identity These services help c Description Category From marketing data to credit scoring and fraud detection 5.3 , credit reports, credit scores and credit models. Sometimes also pre- including credit scoring theft products , credit reports, credit scores and credit models. Sometimes also pre- theft products including credit scoring These services help c Identity and fraud services, ompanies to manage risk, including fraud prevention, identity tial verification services, and background employment drug screening solutions, creden tial verification services, and background employment drug screening solutions, creden , credit reports, credit scores and credit models. Sometimes also pre- theft products including credit scoring A broad range of companies from very different business segments are active in the data checks are provided. are provided. checks tial verification services, and background employment drug screening solutions, creden marketing ecosystem, generating billions of revenue for service s that rely on “individual- amples: Experian, ID Analytics and Equifax. Ex Ex amples: Experian, ID Analytics and Equifax. checks are provided. eport of Deighton et al (2013), which was published on level consumer data”. Yet, the r Examples: Experian, ID Analytics and Equifax. s loyalty programs which are “one of the main systems to gather consumer Customer relations and Beside Customer relations and Beside s loyalty programs which are “one of the main systems to gather consumer misses some important parts of the personal data behalf of a marketing industry group, brokers, these services information” and “part of the core b care, including usiness” of many data help customer care, including help brokers, these services usiness” of many data information” and “part of the core b customer Customer relations and Beside s loyalty programs which are “one of the main systems to gather consumer ecosystem. loyalty programs others to “get and retain customers”. Th ey provide list marketing data, strategy, loyalty programs others to “get and retain customers”. Th ey provide list marketing data, strategy, care, including customer information” and “part of the core b usiness” of many data brokers, these services help on of online, marketing technology, creative servic es, media reach, and personalizati on of online, marketing technology, creative servic es, media reach, and personalizati loyalty programs ey provide list marketing data, strategy, others to “get and retain customers”. Th broker covers marketing The typology developed by the FTC (2014) in its report on data Risk offline and mobile marketing campaigns. offline and mobile marketing campaigns. marketing technology, creative servic on of online, es, media reach, and personalizati n’s summary about “data- data, too. On the one hand it has a narrower scope than Deighto management Examples: Epsilon, Bluekai. Examples: Epsilon, Bluekai. offline and mobile marketing campaigns. ker industry. For this driven marketing”, because it focuses primarily on the data bro and fraud Examples: Epsilon, Bluekai. Linked to customer care, these companies offer marketing, lead generation, digital Marketing and advertising Linked to customer care, these companies offer marketing, lead generation, digital Marketing and advertising reason, business sectors such as nt (CRM) and e- customer relationship manageme detection advertising, and targeting: advertising, and targeting: Marketing and advertising Linked to customer care, these companies offer marketing, lead generation, digital commerce are missing in the FTC’s typology. However, the FTC’s overview additionally Example: Criteo. Example: Criteo. advertising, and targeting: ement services such as includes “people search” companies and the sector of risk manag Example: Criteo. services provide, for example, “consumer, financial and property information, Predictive analytics These services provide, for example, “consumer, financial and property information, Predictive analytics These identity verification and fraud detection: e decision analytics by combining public, analytics and services” and develop “predictiv analytics and services” and develop “predictiv e decision analytics by combining public, services provide, for example, “consumer, financial and property information, These Predictive analytics contributory and proprietary data”. contributory and proprietary data”. analytics and services” and develop “predictiv e decision analytics by combining public, Subtype Offers of Data Brokers Type Examples: Corelogic, eBureau. Examples: Corelogic, eBureau. contributory and proprietary data”. of consumers with specific attributes Marketing lists: Data brokers provide lists Direct marketing Marketing Examples: Corelogic, eBureau. Other Many companies specialize in very different services, ranging from online/offline Other Many companies specialize in very different services, ranging from online/offline (“list broking”). ng, e-mail intelligence and people search to threat intelligence based on the matchi matchi ng, e-mail intelligence and people search to threat intelligence based on the Other Many companies specialize in very different services, ranging from online/offline Data brokers offer clients the ability to add attributes Data append: and profile . indexing of web content indexing of web content . matchi ng, e-mail intelligence and people search to threat intelligence based on the information to their existing customer data. Examples: Intelius, PeekYou, Rapleaf, Recorded Future. Examples: Intelius, PeekYou, Rapleaf, Recorded Future. indexing of web content . Registration targeting: So es” that “allow consumers called “registration websit - Online marketing Examples: Intelius, PeekYou, Rapleaf, Recorded Future. Table 20: Typology of data brokers, adapted from Bria et al (2015) Table 20: Typology of data brokers, adapted from Bria et al (2015) such as retail, news, and travel sites” to register or log in to obtain services, Table 20: Typology of data brokers, adapted from Bria et al (2015) send a list of registered users/customers to data brokers – either to receive According to Bruce Schneier (2015), four basic surveillance str eams existed before the According to Bruce Schneier (2015), four basic surveillance str eams existed before the additional information on them or to offer targeted advertising space. ing, credit bureaus and Internet: companies keeping records of customers, direct market According to Bruce Schneier (2015), four basic surveillance str eams existed before the Internet: companies keeping records of customers, direct market ing, credit bureaus and Collaborative targeting: The data broker serves two clients. On the one hand hese four streams. But oday’s data brokers combined t public records from government. T Internet: companies keeping records of customers, direct market ing, credit bureaus and hese four streams. But oday’s data brokers combined t public records from government. T the registration website sends a list of users to a potential advertiser, and on vices in the personal data there are many types of companies offering several types of ser public records from government. T oday’s data brokers combined t hese four streams. But vices in the personal data there are many types of companies offering several types of ser the other hand an advertiser looking for targeted advertising on the economy – from large generalists to small specialists. there are many types of companies offering several types of ser vices in the personal data economy – from large generalists to small specialists. er and prospect list. registration website sends its custom economy – from large generalists to small specialists. about consumer’s offline activities to a data Onboarding: A client sends data That is why the categories offered by the previous typologies o verlap with each other in Nontransparen verlap with each other in That is why the categories offered by the previous typologies o Nontransparen who adds offline data to profiles tied to cookies and enables clients to broker it scoring and fraud parts. There are companies that have emerged from payment, cred t That is why the categories offered by the previous typologies o verlap with each other in it scoring and fraud parts. There are companies that have emerged from payment, cred Nontransparen t get existing customers “any where on the Internet” or either “find” and tar . Others originated from market detection but then entered the marketing data sphere networks of parts. There are companies that have emerged from payment, cred it scoring and fraud detection but then entered the marketing data sphere . Others originated from market t networks of target consumers with similar characteristics. Onboardi ng typically includes – segmentation, matching and targeting. three steps vidual level, and ended research but started to aggregate more and more data on an indi data brokers marketing data sphere . Others originated from market detection but then entered the vidual level, and ended research but started to aggregate more and more data on an indi networks of data brokers Marketing Data brokers offer clients the ability to analyze thei r customer data in order to – including financial scores on up developing predictive analytics and scoring products research but started to aggregate more and more data on an indi vidual level, and ended data brokers up developing – including financial scores on predictive analytics and scoring products – sometimes based on “hundreds gain insights about at analytics titudes and preferences Oracle became data brokers (see individuals. Major database and software vendors like up developing predictive analytics and scoring products – including financial scores on became data brokers (see Oracle individuals. Major database and software vendors like r thousands of data elements”. Several kinds of marketing “scores” rank the o doesn’t just market its user data, but Facebook chapter 5.7). The social networking giant became data brokers (see individuals. Major database and software vendors like Oracle doesn’t just market its user data, but Facebook chapter 5.7). The social networking giant client’s customers and predict future behavior. 364 364 Although they are not . d a patent about credit scoring has also, for example, registere chapter 5.7). The social networking giant doesn’t just market its user data, but Facebook Although they are not . d a patent about credit scoring has also, for example, registere Identity Risk irming the identity of an individual”, Some data brokers “assist clients in conf 364 , package and sell” their s, mobile carriers also “manage mentioned in the above typologie Although they are not d a patent about credit scoring has also, for example, registere . mentioned in the above typologie , package and sell” their s, mobile carriers also “manage mitigation often in the form of “scores” indicating the risk associated with a transaction. verification customer data – the “global market for as a service is potentially worth $24.1 telco data mentioned in the above typologie , package and sell” their s, mobile carriers also “manage customer data – the “global market for telco data as a service is potentially worth $24.1 Some also offer employment verification products, e.g. “that X consumer works 365 365 But it is not only large corporations that are active in this market. billion this year”. customer data – the “global market for telco data as a service is potentially worth $24.1 for Y employer”. But it is not only large corporations that are active in this market. billion this year”. 365 There are mil lions of small companies uploading their customer data to nontransparent But it is not only large corporations that are active in this market. billion this year”. data to nontransparent uploading their customer lions of small companies There are mil Fraud detection Some data brokers help their client erify and to v s to “identify or reduce fraud” contact information and transaction histories by “detecting pa tterns associated networks of data brokers and mer ging it with data gathered onli ne in real-time, often lions of small companies uploading their customer data to nontransparent There are mil ne in real-time, often ging it with data gathered onli networks of data brokers and mer with attempted fraud” and in general by “verifying the reliability or truthfulness without the knowledge of consumers. ging it with data gathered onli networks of data brokers and mer ne in real-time, often without the knowledge of consumers. nsumers – for example, “if a public benefit is of information” submitted by co without the knowledge of consumers. t on a consumer’s level of income”. contingen Some data brokers offer “informati on about consumer People search s obtained from government and other publicly available sources, such as social media sites” mainly intended “for use by individuals, although they can be used by organizations as well”. Table 19: Typology of data brokers, adapted from FTC (2014) The FTC’s typology still misses a very relevant field. Credit b ureaus, credit reporting 364 Credit bureaus 364 cebook Friends? The Atlantic. Meyer, R. (2015): Could a Bank Deny Your Loan Based on Your Fa Meyer, R. (2015): Could a Bank Deny Your Loan Based on Your Fa cebook Friends? The Atlantic. Online: http://www.theatlantic.co m/technology/archive/2015/09/f acebooks-new-patent-and- agencies and credit scoring companies are not covered at all. In their comprehensive acebooks-new-patent-and- Online: http://www.theatlantic.co m/technology/archive/2015/09/f and credit 364 Meyer, R. (2015): Could a Bank Deny Your Loan Based on Your Fa cebook Friends? The Atlantic. digital-redlining/407287/ [25.01.2016] digital-redlining/407287/ [25.01.2016] eq.) have created the report on the “Identity Ecosystem” Bria et al (2015, p. 38 et s Online: http://www.theatlantic.co m/technology/archive/2015/09/f acebooks-new-patent-and- scoring? 365 365 http://adage.com/article/datadriven-marketing/24-billion-data- business-telcos- http://adage.com/article/datadriven-marketing/24-billion-data- business-telcos- digital-redlining/407287/ [25.01.2016] following typology of data brokers: discuss/301058/ [25.01.2016] discuss/301058/ [25.01.2016] 365 business-telcos- http://adage.com/article/datadriven-marketing/24-billion-data- discuss/301058/ [25.01.2016] 83 83 83 82 83

84 ed by retailers in Examples include: electronic Point of Sale (ePOS) data, collect 5.4 Observing, inferring, modeling and scoring people combination loyalty card data Personal information processed by companies can be grouped in d ifferent ways, for Types of is acquired either “from a first party or another third party Third-party data x through example based on how it is obtained: personal data purchase, licensing or exchange”, or it is collected “by gather ing publicly available data collected opt-in data (also: data , declared data ) is “created and explicitly shared x Volunteered s, however, sometimes from public records or by analyzing social media”. Third partie by individuals, e.g., social network profiles” (WEF 2011, p. 37 ). Users provide it “when hen they visit a first- use “their own cookies which are installed on a user's device w they sign up for service”. It is the data type “which users are most aware” of. Users half of other party’s website”. Companies that process and analyze data on be provide it, for example “when transacting, or registering for a service” (CMA 2015, p. companies are also considered as “third parties”. Companies tha t “acquire data from ddress, but also an or example, simply an e-mail-a 21). Volunteered data could be, f first parties are sometimes called ‘second parties’”. “array of demographic infor mation” (Busby et al 2012). “routinely urvey which sources they are asked about 600 businesses in a s Accenture Where do firms Observed data is “captured by recording the actions of individuals, e.g., lo cation data x ata “directly from t was that 79% are collecting d collecting data” from. The resul collect data and supply it , p. 37). Consumers “generate when using cell phones” (WEF 2011 m other organizations (e.g. individuals themselves” and 42% are collecting it “directly fro ? from passively” (CMA 2015, p. 21). In the online context, first-party observed data are ng data “from connected through commercial or data-sharing agreement”. 33% are collecti third-party observed data “gathered as users surf the Web” while are “purchased oper et al 2016, p. 8). third-party data suppliers” (Co devices” or “purchase” it “from 2012). from other websites that have done the collecting” (Busby et al U.S. Senate Committee on Commerce, Science, and The data broker report of the Analyzing Inferred data x are “data about individuals bas ed on analysis of volunteered o r observed , including (2013, p. 20) additionally differentiates between Transportation actual data consumers information, e.g., credit scores” (WEF 2011, p. 38). They are “ assumptions that third- irth, contact information, and iduals, such as their date of b “factual information about indiv bined with ake” based on observed data com party ad networks and agencies m modeled data, which “results from drawing presence of children in a household”, and notoriously unreliable” (Busby volunteered data, and they are “ et al 2012). based on actual data”. inferences about consumer charac teristics or predicted behavior Many companies offer , which are “groupings of consumers defined by shared segments es of personal The CMA (2015, pp. 24-25) compiled a non-exhaustive list of typ The content onsumers dates back to the characteristics and likely behav iors”. The idea of segmenting c ies: information that are directly or indirectly collected by compan of the data 1970s, when market research and geodemographic segmenting produ cts like PRIZM came ased on large-scale up. While in its early ages, consumer segmentation was mainly b x come and credit ratings; financial – such as information on in information such as census data, use detailed individual- today’s segmenting systems can contact – such as an individual’s home or work address, their email ad dress, and phone x level data about billions of con sumers and apply advanced analy sis technologies. number; social class; r, occupation and – such as age, ethnicity, gende socio-demographic x Another type of data product offered by data brokers and analytics companies is . scoring Predicting mpleted x – such as purchases made with loyalty cards or transactions co transactional ilize data “to make According to the Senate Committee’s report, scoring products ut future online and the prices paid; predictions about likely consumer behavior” (ibid., p. 23). The y are “designed to provide behavior x contractual ppliers; – such as service details and history maintained by utility su ssigning a number or marketers insight about existing and prospective customers by a y mobile devices, vehicle tele – such as location data shared b locational x matics, GPS range that signifies each cons umer’s likelihood to exhibit cert ain characteristics or data, planned journeys entered into satnavs, and sensor data co llected from radio- perform certain actions”. The idea of assigning a number to ind ividuals to predict future frequency identification (RFID) tags; , which has been around for decades. credit scoring behavior is well known from behavioral x sumers’ use of adverts clicked on, data on con – such as websites visited and ring products and still one of The the most , one of the earliest credit sco FICO score Problems of games apps, and telematics data panies; captured by motor insurance com important ones in the U.S., is today based on the consumer’s pa yment history, the amounts credit scoring – such as Internet Protocol (IP ) addresses and device data suc h as the IMEI technical x etail accounts, installment owed, the length of credit history, the “mix of credit cards, r (International Mobile Equipment Identity); the type and frequency loans, finance company accounts and mortgage loans” in use, and communications – such as entries in social media and in email exchanges; x 366 Citron and Pasquale (2014, of opening “new accounts” or applying for “new credit”. social relationships x – such as the links between family members and friends their opacity, arbitrary p.10) summarized the problems of credit scores for consumers: “ In the ’s paper “The evolution of on line-user data” they listed Boston Consulting Group Online results, and disparate impact” on different population groups, often systematizing demographic behavioral or data including attributes such as age, gender and income, user data discriminatory practices. data including user’s interests and attitudes, purchase intention data contextual Most credit scores are based on information collected by credit report agencies. In 2012, social data, and user location measuring “a person’s plans to make a specific purchase”, f credit report accuracy the FTC reported that 26% of survey participants in its study o e” – in marketing it is often data describing “the relationship a person has with other peopl “identified at least one potentially material error on at least one of their three credit assumed that “people who are connected” have similar attributes (see Busby et al 2012). reports” (FTC 2012, p. i ). According to a German study published by both the Federal of relationship that the Personal data can also be categorized on the basis of the type Ministry of Justice and Consumer Protection and the Federal Min istry of the Interior, collecting company has with the consumer (CMA 2015, p. 34): is collected by businesses, which have a direct relationship with x First-party data consumers. It is collected “directly and exclusively from consu mers through or service in a shop”. ing a transaction for a product interactions”, for instance “dur 366 tion/WhatsInYourScore.aspx [2 5.01.2016] http://www.myfico.com/CreditEduca 84 85 84

85 ed by retailers in Examples include: electronic Point of Sale (ePOS) data, collect 5.4 Observing, inferring, modeling and scoring people combination loyalty card data Personal information processed by companies can be grouped in d ifferent ways, for Types of is acquired either “from a first party or another third party Third-party data x through example based on how it is obtained: personal data purchase, licensing or exchange”, or it is collected “by gather ing publicly available data collected opt-in data (also: data , declared data ) is “created and explicitly shared x Volunteered s, however, sometimes from public records or by analyzing social media”. Third partie by individuals, e.g., social network profiles” (WEF 2011, p. 37 ). Users provide it “when hen they visit a first- use “their own cookies which are installed on a user's device w they sign up for service”. It is the data type “which users are most aware” of. Users half of other party’s website”. Companies that process and analyze data on be provide it, for example “when transacting, or registering for a service” (CMA 2015, p. companies are also considered as “third parties”. Companies tha t “acquire data from ddress, but also an or example, simply an e-mail-a 21). Volunteered data could be, f first parties are sometimes called ‘second parties’”. “array of demographic infor mation” (Busby et al 2012). “routinely urvey which sources they are asked about 600 businesses in a s Accenture Where do firms Observed data is “captured by recording the actions of individuals, e.g., lo cation data x ata “directly from t was that 79% are collecting d collecting data” from. The resul collect data and supply it , p. 37). Consumers “generate when using cell phones” (WEF 2011 m other organizations (e.g. individuals themselves” and 42% are collecting it “directly fro ? from passively” (CMA 2015, p. 21). In the online context, first-party observed data are ng data “from connected through commercial or data-sharing agreement”. 33% are collecti third-party observed data “gathered as users surf the Web” while are “purchased oper et al 2016, p. 8). third-party data suppliers” (Co devices” or “purchase” it “from 2012). from other websites that have done the collecting” (Busby et al U.S. Senate Committee on Commerce, Science, and The data broker report of the Analyzing Inferred data x are “data about individuals bas ed on analysis of volunteered o r observed , including (2013, p. 20) additionally differentiates between Transportation actual data consumers “factual information about indiv iduals, such as their date of b irth, contact information, and assumptions that third- information, e.g., credit scores” (WEF 2011, p. 38). They are “ which “results from drawing modeled data, presence of children in a household”, and bined with ake” based on observed data com party ad networks and agencies m notoriously unreliable” (Busby volunteered data, and they are “ et al 2012). based on actual data”. inferences about consumer charac teristics or predicted behavior Many companies offer , which are “groupings of consumers defined by shared segments es of personal The CMA (2015, pp. 24-25) compiled a non-exhaustive list of typ The content onsumers dates back to the characteristics and likely behav iors”. The idea of segmenting c ies: information that are directly or indirectly collected by compan of the data 1970s, when market research and geodemographic segmenting produ cts like PRIZM came ased on large-scale up. While in its early ages, consumer segmentation was mainly b x come and credit ratings; financial – such as information on in information such as census data, use detailed individual- today’s segmenting systems can contact – such as an individual’s home or work address, their email ad dress, and phone x level data about billions of con sumers and apply advanced analy sis technologies. number; social class; r, occupation and – such as age, ethnicity, gende socio-demographic x Another type of data product offered by data brokers and analytics companies is . scoring Predicting mpleted x – such as purchases made with loyalty cards or transactions co transactional ilize data “to make According to the Senate Committee’s report, scoring products ut future online and the prices paid; predictions about likely consumer behavior” (ibid., p. 23). The y are “designed to provide behavior x contractual ppliers; – such as service details and history maintained by utility su ssigning a number or marketers insight about existing and prospective customers by a y mobile devices, vehicle tele – such as location data shared b locational x matics, GPS range that signifies each cons umer’s likelihood to exhibit cert ain characteristics or data, planned journeys entered into satnavs, and sensor data co llected from radio- perform certain actions”. The idea of assigning a number to ind ividuals to predict future frequency identification (RFID) tags; , which has been around for decades. credit scoring behavior is well known from behavioral x sumers’ use of adverts clicked on, data on con – such as websites visited and ring products and still one of The the most , one of the earliest credit sco FICO score Problems of games apps, and telematics data panies; captured by motor insurance com important ones in the U.S., is today based on the consumer’s pa yment history, the amounts credit scoring – such as Internet Protocol (IP ) addresses and device data suc h as the IMEI technical x etail accounts, installment owed, the length of credit history, the “mix of credit cards, r (International Mobile Equipment Identity); the type and frequency loans, finance company accounts and mortgage loans” in use, and communications – such as entries in social media and in email exchanges; x 366 Citron and Pasquale (2014, of opening “new accounts” or applying for “new credit”. social relationships x – such as the links between family members and friends their opacity, arbitrary p.10) summarized the problems of credit scores for consumers: “ In the ’s paper “The evolution of on line-user data” they listed Boston Consulting Group Online results, and disparate impact” on different population groups, often systematizing demographic behavioral or data including attributes such as age, gender and income, user data discriminatory practices. data including user’s interests and attitudes, purchase intention data contextual Most credit scores are based on information collected by credit report agencies. In 2012, social data, and user location measuring “a person’s plans to make a specific purchase”, f credit report accuracy the FTC reported that 26% of survey participants in its study o e” – in marketing it is often data describing “the relationship a person has with other peopl “identified at least one potentially material error on at least one of their three credit assumed that “people who are connected” have similar attributes (see Busby et al 2012). reports” (FTC 2012, p. i ). According to a German study published by both the Federal of relationship that the Personal data can also be categorized on the basis of the type Ministry of Justice and Consumer Protection and the Federal Min istry of the Interior, collecting company has with the consumer (CMA 2015, p. 34): is collected by businesses, which have a direct relationship with x First-party data consumers. It is collected “directly and exclusively from consu mers through or service in a shop”. ing a transaction for a product interactions”, for instance “dur 366 tion/WhatsInYourScore.aspx [2 5.01.2016] http://www.myfico.com/CreditEduca 85 85 84

86 credit scores are often based on estimations and their validity on an individual level is ta management platforms Data brokers and online da 5.5 367 (see ULD, 2014). questionable According to the United States Government Accountability Office, or data brokers World Privacy Forum ’s report “The Scoring of America” (Dixon et al 2014, p. 8) The Rate, rank are companies “that collect inf information resellers ormation, including personal summarizes the history of scoring and offers a detailed analysi consumer scores s on how and segment the purpose of reselling information about consumers, from a wide variety of sources for are widely used beyond credit scoring today – in many fields fr om marketing to consumers -sector businesses and such information to their customers, which include both private scribes an individual or healthcare. According to their d efinition, a consumer score “de government agencies” (GAO 2006, p. 1). ts a consumer’s behavior, sometimes a group of individual s (like a household), and predic siers on large parts of the Until recently, these companies, which often have extensive dos Data brokers, t consumers” based on r scores “rate, rank, or segmen habit, or predilection.” Consume population, were little known to the public. Despite the low af finity for data protection the unknown information about “consumer characteristics, past behaviors, an d other attributes in and the non-existent "right to informational self-determination " as it is defined in Europe, force vernments “to make s are used by businesses and go statistical models”. These model ces of these companies an increasing media coverage and public debate about the practi decisions about individual consumers and groups of consumers”, and the “consequences came up, also in the United States. can range from innocuous to impo rtant”. Consumer scores are use d for many different purposes “from predicting fraud to predicting the health care c osts of an individual to After a report on data brokers by the Senate Committee on Commerce, Science, and Massive eligibility decisions to almost anything”. Transportation Federal Trade Commission published a report on data (2013) the U.S. amounts Acxiom, Core Logic, Datalogix, eBureau, brokers in 2014, which examined nine companies, of data World Privacy Forum While in 2007, the identified less than 25 types of consumer scores, Hundreds of (see FTC, 2014). As a result, Recorded Future and ID Analytics, Intelius, PeekYou, Rapleaf their research in 2014 “uncovered hundreds of scores, with the strong likelihood that secret the FTC stated that collect ”massive amounts of data” about consumers data brokers thousands of custom scores exist”. Some examples of consumer sc ores that they examined consumer from “online and offline sources” and “combine them into profil es about each of us”, (Dixon et al 2014, p. 19): scores rmation collected “largely without consumers’ knowledge” (FTC 2014, p. C-3). Info Consumer profitability scores x “predict, identify, and target marketing prospects in includes data such as purchase behavior, browsing history, soci al media activities, health households likely to be profitable and pay debt”. affiliation. The following tabl status, religious and political e shows some examples of how Job Security Score ncome and capacity to pay”. “claims to predict future i The x data about consumers is collected: Charitable Donor Scores “seek to classify and rank those who donate to charities”. x Consumers... Their data is collected by... x Churn scores “seek to predict when a customer will move his or her business or ata brokers ... post information publicly online d account to another merchant”. Medication Adherence Score predicts if people are “likely to take” their x The ... o nline stores shop online “medication according to [their] doctor’s orders”. websites ...r egister on websites Some x an can “predict mortality within one year”. While these scores “c Frailty Scores ...s stores hop at stores ct costs, and this raises n also be used to simply proje predict care needs, the scores ca ...f companies ill out warranty cards ng activities”. questions about possible misuse in non-health scores or marketi ...buy houses local governments x retailers at Fraud Scores are “used everywhere from the Post Office at point of sale to Table 21: Data Brokers in the U.S.: examples for th e ways of personal data. Source: FTC 2014, p. 2 point of sale to behind-the-scenes credit card transactions”. The nine companies examined in the FTC report obtain their data from public authorities offers even a “Smoker Assessment Score” and a The U.S.-based company Social Intelligence TC 2014, p. 11 et seq.): as well as from public and commercial sources. Some examples (F “Substance Abuse Score”, which “provides a real-time assessment of an applicant’s 368 substance abuse risk”. Commercial sources Public sources Government sources elephone Telephone and other nses e.g. pilots, Professional lice Information from t cts” where “the speakers In 2014, the FTC hosted a seminar on “alternative scoring produ „Alternative“ companies directories doctors, lawyers, architects described a variety of predictive analytics products offered by many data brokers to scoring ranging from identity predict trends and consumer behavior in a variety of contexts, Recreational licenses e.g. hunting, Press reports Information from automobile verification and fraud prevention to marketing and advertising” . The FTC explains that dealers fishing edictive scores “raise a f these scores”. Thus, these pr “consumers are largely unaware o Real property and assessor records e.g. Publicly available Purchase history from 369 variety of potential privacy concerns and questions”. taxes, assed values, deeds, mortgages information from the erchants m ial internet e.g. soc etc. media sites and blogs (via w eb crawler) Online or offline marketing Voter registra tion information e.g. te of birth, party surveys, warranty registrations name, address, da 367 für Banken und Auskunfteien In German: „Es wird festgestellt, dass die Datenschutznovelle and contests affiliatio n Beeinträchtigungen der Auswirkungen hinsichtlich ihres Auskunftsverhaltens hatte, dass Motor vehicle and driving records Verbraucherrechte aber weiter bestehen. [...] Scores basieren a uf Schätzungen, deren individueller Aussagegehalt oft fragwürdig ist.“ Court records e.g. criminal records, 368 http://socialintel.com/life/ [22.08.2016] birth, marriage, divorce, death 369 https://www.ftc.gov/news-events/events-calendar/2014/03/spring -privacy-series-alternative- recor ds, civil actions and judgments scoring-products [25.01.2016] in the U.S. collect data from. Source: FTC, 2014 Table 22: Examples for sources, which data brokers 86 87 86

87 credit scores are often based on estimations and their validity on an individual level is ta management platforms Data brokers and online da 5.5 367 (see ULD, 2014). questionable According to the United States Government Accountability Office, data brokers or ’s report “The Scoring of America” (Dixon et al 2014, p. 8) World Privacy Forum The Rate, rank are companies “that collect inf information resellers ormation, including personal summarizes the history of scoring and offers a detailed analysi consumer scores s on how and segment the purpose of reselling information about consumers, from a wide variety of sources for are widely used beyond credit scoring today – in many fields fr om marketing to consumers -sector businesses and such information to their customers, which include both private scribes an individual or healthcare. According to their d efinition, a consumer score “de government agencies” (GAO 2006, p. 1). ts a consumer’s behavior, sometimes a group of individual s (like a household), and predic siers on large parts of the Until recently, these companies, which often have extensive dos Data brokers, t consumers” based on r scores “rate, rank, or segmen habit, or predilection.” Consume population, were little known to the public. Despite the low af finity for data protection the unknown information about “consumer characteristics, past behaviors, an d other attributes in and the non-existent "right to informational self-determination " as it is defined in Europe, force vernments “to make s are used by businesses and go statistical models”. These model ces of these companies an increasing media coverage and public debate about the practi decisions about individual consumers and groups of consumers”, and the “consequences came up, also in the United States. can range from innocuous to impo rtant”. Consumer scores are use d for many different purposes “from predicting fraud to predicting the health care c osts of an individual to After a report on data brokers by the Senate Committee on Commerce, Science, and Massive eligibility decisions to almost anything”. Transportation Federal Trade Commission published a report on data (2013) the U.S. amounts Acxiom, Core Logic, Datalogix, eBureau, brokers in 2014, which examined nine companies, of data World Privacy Forum identified less than 25 types of consumer scores, While in 2007, the Hundreds of (see FTC, 2014). As a result, Recorded Future ID Analytics, Intelius, PeekYou, Rapleaf and their research in 2014 “uncovered hundreds of scores, with the strong likelihood that secret collect ”massive amounts of data” about consumers data brokers the FTC stated that thousands of custom scores exist”. Some examples of consumer sc ores that they examined consumer from “online and offline sources” and “combine them into profil es about each of us”, (Dixon et al 2014, p. 19): scores “largely without consumers’ knowledge” (FTC 2014, p. C-3). Info rmation collected x “predict, identify, and target marketing prospects in Consumer profitability scores al media activities, health includes data such as purchase behavior, browsing history, soci households likely to be profitable and pay debt”. status, religious and political affiliation. The following tabl e shows some examples of how Job Security Score The ncome and capacity to pay”. x “claims to predict future i data about consumers is collected: Charitable Donor Scores “seek to classify and rank those who donate to charities”. x Consumers... Their data is collected by... x Churn scores “seek to predict when a customer will move his or her business or ... post information publicly online data brokers account to another merchant”. predicts if people are “likely to take” their The Medication Adherence Score x ...shop online online stores “medication according to [their] doctor’s orders”. ...register on websites websites an can “predict mortality within one year”. While these scores “c Some Frailty Scores x stores ...shop at stores predict care needs, the scores ca n also be used to simply proje ct costs, and this raises ...fill out warranty cards companies questions about possible misuse ng activities”. in non-health scores or marketi ...buy houses local governments retailers at Fraud Scores are “used everywhere from the Post Office at point of sale to x Table 21: Data Brokers in the U.S.: examples for th e ways of personal data. Source: FTC 2014, p. 2 point of sale to behind-the-scenes credit card transactions”. from public authorities The nine companies examined in the FTC report obtain their data offers even a “Smoker Assessment Score” and a Social Intelligence The U.S.-based company TC 2014, p. 11 et seq.): as well as from public and commercial sources. Some examples (F of an applicant’s “Substance Abuse Score”, which “provides a real-time assessment 368 substance abuse risk”. Government sources Commercial sources Public sources Information from t Professional lice nses e.g. pilots, elephone Telephone and other In 2014, the FTC hosted a seminar on “alternative scoring produ cts” where “the speakers „Alternative“ directories companies doctors, lawyers, architects described a variety of predictive analytics products offered by many data brokers to scoring ranging from identity predict trends and consumer behavior in a variety of contexts, Recreational licenses e.g. hunting, Press reports Information from automobile verification and fraud prevention to marketing and advertising” . The FTC explains that dealers fishing edictive scores “raise a f these scores”. Thus, these pr “consumers are largely unaware o Real property and assessor records e.g. Publicly available Purchase history from 369 variety of potential privacy concerns and questions”. taxes, assed values, deeds, mortgages information from the merchants ial internet e.g. soc etc. media sites and blogs eb crawler) (via w marketing Online or offline tion information e.g. Voter registra te of birth, party surveys, warranty registrations name, address, da 367 für Banken und Auskunfteien In German: „Es wird festgestellt, dass die Datenschutznovelle affiliatio n and contests Beeinträchtigungen der Auswirkungen hinsichtlich ihres Auskunftsverhaltens hatte, dass driving records Motor vehicle and uf Schätzungen, deren individueller Verbraucherrechte aber weiter bestehen. [...] Scores basieren a Aussagegehalt oft fragwürdig ist.“ Court records e.g. criminal records, 368 http://socialintel.com/life/ [22.08.2016] birth, marriage, divorce, death 369 https://www.ftc.gov/news-events/events-calendar/2014/03/spring -privacy-series-alternative- recor ds, civil actions and judgments scoring-products [25.01.2016] in the U.S. collect data from. Source: FTC, 2014 Table 22: Examples for sources, which data brokers 87 87 86

88 373 e for data brokers in the Information from public authorities has played an important rol It is beyond the platforms (DMP ). demand-side platforms (DSP), and data management from the authorities but U.S. for decades. Sometimes, this data is not directly obtained scope of this report to cover all of these concepts, however th e latter are especially its to local authorities. purchased from companies or even collected manually through vis Data management platform (DMPs) are essentially real-time online data relevant here. Since there is no central population register in the U.S., the data retrieved from voter pidly) collect, integrate, brokers, they are the “central hub” used to “seamlessly (and ra f verified, basic information registrations or driver's license data is an important source o manage and activate those large volumes of data” and to “aggreg ate, integrate, manage 374 blog article, they offer Gartner According to a about individuals. In addition, data brokers obtain information from other data brokers sources of data”. and deploy disparate 375 companies the ability to: that, for example, aggregate the “purchase history of 190 milli on individual consumers from more than 2600 merchants” (ibid., p. 14). x import data , for example “information about customers, such as their custo mer erences about them. They Data brokers combine and analyze the collected data to make inf Sensitive ID or email address (to identify them), what they have bought o r looked at, their “define consumers in categories” (Senate use this data to create products that inferences and other characteristics”, fo r example from loyalty status” and “demographic ). According to the FTC, ii Committee on Commerce, Science, and Transportation 2013, p. forms marketing systems, e-mail, e-commerce and customer loyalty plat potentially sensitive information is inferred about individuals , for example about their x , for example “two data sources with a common field like a match customer IDs e the collected data for an renting. Some data brokers stor ethnicity, income, health and pa by the DMP as customer ID or email address (or anonymized ID)” can be “stored unlimited period to market to consumers online. , and combine online and offline data belonging to the same person” The data collected is often passed on by several companies. Sev en of the nine data brokers collect new data x , for example by putting “tags” on the company’s website, email s, . In consequence, it would be provide data to each other investigated by the FTC advertisements, and mobile apps “virtually impossible for a cons umer to determine how a data broker obtained his or her x for example “pre-defined or custom segments provide access to data vendors, data”(FTC 2014, p. 14). of (anonymous) people to target” also called “audiences” characteristics, sometimes with specific find segments x that often already exist for many decades, such as large data brokers In addition to Online tracking (by analyzing and categorizing users) new players Acxiom , there are many in the fields of online tracking and targeted x for example “by finding people who suggest new groups of people to target, mounts of personal information. Many of the companies advertising which collect vast a look like your curre nt customers”, so-called “lookalikes” involved are largely unknown to the public, but often record ev ery click on the Internet about “who to target”, “with what message”, and “in what send instructions x and every interaction on mobile d evices. Some websites and mobile apps transmit ersonalize websites channel” or on “what device”, for example to target ads or to p third parties, to whom information to more than 200 different companies at once. These argely unknown ad networks information about website visits is transferred to, are often l to detect the Datanyze , a website offering market shar e data based on a “web crawler Example or and web analytics services, but also prominent companies like G oogle, Facebook 376 377 , lists the following da ta management platforms: presence of a technology” DMPs Twitter (see chapter 0). ate (Nielsen Display Ads), Lotame, [x+1] LiveRamp (Acxiom), DataLogix (Oracle), eXel 370 The U.S. company claims to “help thousands of companies collect data” Segment , and How to send nce, Krux, Acxiom, Digilant, Flxone, Navegg, (Rocket Fuel), Bluekai (Oracle), AudienceScie ps with the flip of a switch”. promotes its service as follows: “Send your data to over 100 ap user data to TailTarget, Platform 161, I-Behavior, Eyeota, Sojern, Brilig, NuggAd, Enreach, Adobe ’s service into their website and mobile apps. After Segment Developers can easily embed 100 services Audience Manager, Blueconic, Crowd Science, Epsilon ut the users’ behavior to es automatically send data abo installation, the embedded servic According to a report by Led Astray (2015, p. 2), a rather cont roversial business sector List brokers to users in any way. As more than 100 third-party companies, without this being visible online lead the field of g ecosystem and data brokers is relying on the online advertisin and online lead each integration offered by comes with a certain amount of effort, their available Segment that a consumer , which “is the business of selli generation ng leads — pieces of evidence generation third-party tracking services pr obably cover some of the most p opular ones in the market, 371 is interested in a product or service”. Lead generators “encour age consumers to provide ranging from advertising and analytics to CRM services. o businesses that offer d often “sell consumers’ data t information about themselves” an Actually, there are thousands of companies and services, to who m personal data from 3,000 tracking risky financial products and oth er controversial services”. They collect “sensitive financial both website visits and from the use of smartphone apps is tran sferred. At this point in companies information from vulnerable and often desperate consumers” to o ffer them, for example, bout most of these time, the sector is rather nontransparent and little is known a lists of names and payday loans. Data bro kers have collected and sold extensive as well. On its website, the companies, which might be due to a lack of systematic research addresses of consumers grouped by specific characteristics for decades, including lists of Ghostery privacy service lists nearly 3,000 companies, to whom data from websites or nd depression, and the people “suffering from condition s including cancer, diabetes, a tivities and short descriptions apps is transferred to on a regular basis. The list contains ac of the companies and, in some ca ses, information on the use of the data, links to privacy 372 policies and possibilities to Opt-Out. online advertising and tracking Many different types of companies exist in the 373 Data ttps://www.clickz.com/clickz/colu For basic explanations see: h mn/1931527/dsps-ssps-rtbs- dmps-online-medias-alphabet-soup [25.01.2016] business , such as ad servers, ad network s, ad exchanges, supply-side pl atforms (SSP), Management 374 tion for Right-Time Winterberry Group (2012): The Data Management Platform: Founda Platforms Customer Engagement. A Winterberry Group Whitepaper. Online: (DSPs) a_Management_Platforms- http://www.iab.net/media/file/Win terberry_Group_White_Paper-Dat November_2012.pdf [25.01.2016] 375 370 https://segment.com/ [25.01.2016] http://blogs.gartner.com/martin-kihn/data-management-platform [25.01.2016] 371 376 http://www.datanyze.com https://segment.com/integrations [25.01.2016] /faq/ [26.01.2016] 372 377 http://www.datanyze .com/market-share/ dmp/ [26.01.2016] http://www.ghosteryenterprise.com/company-database/ [25.01.201 6] 88 89 88

89 373 demand-side platforms (DSP), and data management platforms (DMP ). It is beyond the Information from public authorities has played an important rol e for data brokers in the e latter are especially scope of this report to cover all of these concepts, however th from the authorities but U.S. for decades. Sometimes, this data is not directly obtained Data management platform (DMPs) are essentially real-time online data relevant here. purchased from companies or even collected manually through vis its to local authorities. brokers, they are the “central hub” used to “seamlessly (and ra pidly) collect, integrate, Since there is no central population register in the U.S., the data retrieved from voter manage and activate those large volumes of data” and to “aggreg ate, integrate, manage registrations or driver's license data is an important source o f verified, basic information 374 sources of data”. Gartner and deploy disparate blog article, they offer According to a from other data brokers about individuals. In addition, data brokers obtain information 375 companies the ability to: on individual consumers that, for example, aggregate the “purchase history of 190 milli from more than 2600 merchants” (ibid., p. 14). x import data mer customers, such as their custo , for example “information about erences about them. They Data brokers combine and analyze the collected data to make inf Sensitive ID or email address (to identify them), what they have bought o r looked at, their use this data to create products that “define consumers in categories” (Senate inferences and other characteristics”, fo r example from loyalty status” and “demographic Committee on Commerce, Science, and Transportation 2013, p. ). According to the FTC, ii forms marketing systems, e-mail, e-commerce and customer loyalty plat , for example about their potentially sensitive information is inferred about individuals , for example “two data sources with a common field like a match customer IDs x ethnicity, income, health and pa renting. Some data brokers stor e the collected data for an customer ID or email address (or anonymized ID)” can be “stored by the DMP as , and combine online and offline data unlimited period to market to consumers online. belonging to the same person” The data collected is often passed on by several companies. Sev en of the nine data brokers x collect new data , for example by putting “tags” on the company’s website, email s, investigated by the FTC . In consequence, it would be provide data to each other advertisements, and mobile apps umer to determine how a data broker obtained his or her “virtually impossible for a cons for example “pre-defined or custom segments x provide access to data vendors, data”(FTC 2014, p. 14). of (anonymous) people to target” find segments with specific characteristics, sometimes also called “audiences” x that often already exist for many decades, such as In addition to large data brokers Online tracking (by analyzing and categorizing users) Acxiom , there are many new players in the fields of online tracking and targeted x for example “by finding people who suggest new groups of people to target, mounts of personal information. Many of the companies advertising which collect vast a look like your curre nt customers”, so-called “lookalikes” involved are largely unknown to the public, but often record ev ery click on the Internet about “who to target”, “with what message”, and “in what send instructions x and every interaction on mobile d evices. Some websites and mobile apps transmit ersonalize websites channel” or on “what device”, for example to target ads or to p third parties, to whom information to more than 200 different companies at once. These argely unknown ad networks information about website visits is transferred to, are often l to detect the Datanyze , a website offering market shar e data based on a “web crawler Example or and web analytics services, but also prominent companies like G oogle, Facebook 376 377 , lists the following da ta management platforms: presence of a technology” DMPs Twitter (see chapter 0). ate (Nielsen Display Ads), Lotame, [x+1] LiveRamp (Acxiom), DataLogix (Oracle), eXel 370 , and claims to “help thousands of companies collect data” Segment The U.S. company How to send nce, Krux, Acxiom, Digilant, Flxone, Navegg, (Rocket Fuel), Bluekai (Oracle), AudienceScie ps with the flip of a switch”. promotes its service as follows: “Send your data to over 100 ap user data to TailTarget, Platform 161, I-Behavior, Eyeota, Sojern, Brilig, NuggAd, Enreach, Adobe ’s service into their website and mobile apps. After Segment Developers can easily embed 100 services Audience Manager, Blueconic, Crowd Science, Epsilon ut the users’ behavior to es automatically send data abo installation, the embedded servic According to a report by Led Astray (2015, p. 2), a rather cont roversial business sector List brokers to users in any way. As more than 100 third-party companies, without this being visible online lead the field of g ecosystem and data brokers is relying on the online advertisin and online lead each integration offered by comes with a certain amount of effort, their available Segment that a consumer , which “is the business of selli generation ng leads — pieces of evidence generation third-party tracking services pr obably cover some of the most p opular ones in the market, 371 is interested in a product or service”. Lead generators “encour age consumers to provide ranging from advertising and analytics to CRM services. o businesses that offer d often “sell consumers’ data t information about themselves” an Actually, there are thousands of companies and services, to who m personal data from 3,000 tracking risky financial products and oth er controversial services”. They collect “sensitive financial both website visits and from the use of smartphone apps is tran sferred. At this point in companies information from vulnerable and often desperate consumers” to o ffer them, for example, bout most of these time, the sector is rather nontransparent and little is known a lists of names and payday loans. Data bro kers have collected and sold extensive as well. On its website, the companies, which might be due to a lack of systematic research addresses of consumers grouped by specific characteristics for decades, including lists of Ghostery privacy service lists nearly 3,000 companies, to whom data from websites or nd depression, and the people “suffering from condition s including cancer, diabetes, a tivities and short descriptions apps is transferred to on a regular basis. The list contains ac of the companies and, in some ca ses, information on the use of the data, links to privacy 372 policies and possibilities to Opt-Out. online advertising and tracking Many different types of companies exist in the 373 Data ttps://www.clickz.com/clickz/colu For basic explanations see: h mn/1931527/dsps-ssps-rtbs- dmps-online-medias-alphabet-soup [25.01.2016] business , such as ad servers, ad network s, ad exchanges, supply-side pl atforms (SSP), Management 374 tion for Right-Time Winterberry Group (2012): The Data Management Platform: Founda Platforms Customer Engagement. A Winterberry Group Whitepaper. Online: (DSPs) a_Management_Platforms- http://www.iab.net/media/file/Win terberry_Group_White_Paper-Dat November_2012.pdf [25.01.2016] 375 370 https://segment.com/ [25.01.2016] http://blogs.gartner.com/martin-kihn/data-management-platform [25.01.2016] 371 376 http://www.datanyze.com https://segment.com/integrations [25.01.2016] /faq/ [26.01.2016] 372 377 http://www.datanyze .com/market-share/ dmp/ [26.01.2016] http://www.ghosteryenterprise.com/company-database/ [25.01.201 6] 89 89 88

90 medications used for those conditions; another is offering list s naming consumers, their According to the major U.S. privacy compliance company , a TRUSTe hash is in fact Hashed e on Commerce, Science, credit scores, and specific health conditions” (Senate Committe personally-identifiable information (PII) , when the “entire reason for keeping the identifiers 378 s have been compiled, for . Traditionally, these list and Transportation 2013, p. 5) hashed data is to be able to identify a discrete user the next time they return to the site”. It can be eepstake entries, but example, from mail order customers, magazine subscribers and sw er the user’s email may be a “good security rationale” when a service “cannot recov personal data ting and scoring the they are nowadays also created or enriched by analyzing, segmen hen the user next enters address and name” and “associated data will only be recovered w extensive databases from online data brokers. their email address and name”, but it “fails to understand the privacy implications by 382 ignoring the definition of PII”. The Marketing scholar Joseph Turow concluded: Cross-device tracking and linking user profiles with hidden identifiers 5.6 y soften the impact of the Industry claims of anonymity surrounding all these data ma As described in the previous chapter, online data management pl atforms allow companies sorting and labeling processes. But in doing so, it seriously undermines the traditional to import their customer data, combine it with millions of deta iled third-party user meaning of the word. If a company can follow and interact with you in the digital sources, to identify their own profiles from online and offline customers or to target other environment – and that potentially includes the mobile phone and your television set – its often offer to analyze, individuals through online or offline channels. These platforms claim that you are anonymous is meaningless, particularly when firms intermittently add ta brokers and segment and score consumers, and they are connected to other da offline information to the online data and then simply strip the name and address to 383 advertising companies. make it “anonymous.” the platforms cooperate ross several tracking companies To recognize website visitors ac „Anonymous“ data used in their eir clients often describe the Data management platforms and th There is no cookie synching with each other and use for example , which refers to “the process of identification? d”. Apparently, hashing is tracking and sharing processes as “anonymized” or “de-identifie anonymous 379 match user This way, they can mapping user Ids from one system to another”. Adobe in fact pseudonymization rather than anonymization. In 's digital marketing identification across different systems identifiers such as ad networks, ad exchanges and data ts that “marketers magazine CMO, Ruth Boardman, a “leading privacy lawyer”, sugges providers. But today’s data management platforms offer more tha n just the identification anonymised data, rather should stop trying to convince themselves they are working with 384 n many life situations by of people surfing the web. They promise to identify consumers i Information Commissioner’s Office , the . Iain Bourne from the than personal information” matching profile data from differ ent sources and mostly claim that this matching is ong debate about whether UK’s privacy regulator, adds: “It’s not really worth having a l “anonymous”. this is not personal information when it’s aimed at identifying people” (ibid.) Matching is a crucial point for consumer privacy the privacy scholar In his paper “Singling out people without knowing their names” Singling out otection authorities “take Frederik Borgesius (2016, p. 2) concluded that European data pr people without -mail address or their Unique identifiers for consumers are often derived from their e Unique s personal data if it uses data to single out a person, the view that a company processe knowing their phone number. Based on these identifiers, data records from cor porate customer identifiers dingly be “merely one of the even if it cannot tie a name to these data”. A name would accor names databases can be linked with third-party profiles from data bro kers, social network identifiers that can be tied to data about a person, and it is not even the most practical profiles, online and mobile beha vior gathered via tracking serv ices or cookies, and any identifier” for today’s online tracking economy. other device, platform or service consumers are using in everyd ay life. To create these . They convert, for example, an email hashing unique identifiers, most vendors use Deterministic and probabilistic cross-device tracking 380 nction such as MD5. address into an alphanumeric string by using a cryptographic fu matching data from different Since consumers are increasingly using multiple devices, In theory, hashing is a one-way operation and cannot be reverse d. But, aside from many Anonymous devices is considered as a major challenge for tracking and data compa nies. When 381 , when we imagine real-time data sharing other possible ways of de-anonymization matching via Internet users are surfing the web, websites can identify them again as the same user, for between all kinds of companies collecting hundreds of millions all of e-mail addresses and hashing? easily be deleted or blocked, instance, via cookies (see chapter 4). But browser cookies can of them use the same “one way” operation to “anonymize” these e-mail addresses, ple computers, and computers can be used by multiple persons, people can use multi these “anonymized” email addresses can be matched across differ ent datasets. Consumers game coming devices, from use of mobile apps and other up cookies don’t help to track the can therefore be recognized again, as soon as they use a servic e linked with the same and consoles to smart TVs fitness trackers . To match these different devices, the email address. Although some of t involved in these data he companies and organizations n cookies. In 2015, Omar Tawako l, the general manager tracking industry needs more tha 385 , they can always he name or address of consumers sharing processes may not know t that marketers had “these first-party data assets: data tied stated Data Cloud ’s of Oracle identify them as the same person in many situations and link th eir profile to red and modeled data. comprehensive information based on volunteered, observed, infer 382 http://www.truste.com/blog/2013/ 01.2016] 04/16/data-anonymization/ [25. 383 Joseph Turow (2011): The Daily You. Cited from: Senate Committ ee on Commerce, Science, and Transportation (2013, p. 32) 378 384 Science, and Transportation CMO. by Adobe (2015): Adobe Summit EMEA: Brands Advised To Alw The data broker report from the Senate Committee on Commerce, ays Assume It’s Personal. Online: http://www.cmo.com/featur mmit-emea-brands-advised- e author’s German 2014 report es/articles/2015/4/29/adobe-su (2013) provides a comprehensive overview on list brokers. In th “Kommerzielle Digitale Überwachung im Alltag” German list broke rs have been investigated. to-always-assume-its-personal.html [16.08.2016] 379 385 https://www.admonsters.com/blog/cookie-synching [25.01.2016] eMarketer (2015): Cross-Device Targeting and Measurement Will Impact Digital Display 380 ://www.emarketer.com/Article/C Advertisers in 2015. Online: http ross-Device-Targeting- https://www.clickz.com/clickz/column/2288689/whats-an-email-ha sh-anyway [25.01.2016] 381 Measurement-Will-Impact-Digital-Display-Advertisers-2015/101208 1 [25.01.2016] See chapter 2.3 90 91 90

91 According to the major U.S. privacy compliance company TRUSTe , a hash is in fact s naming consumers, their medications used for those conditions; another is offering list Hashed , when the “entire reason for keeping the personally-identifiable information (PII) e on Commerce, Science, credit scores, and specific health conditions” (Senate Committe identifiers 378 s have been compiled, for . Traditionally, these list time they return to the site”. It hashed data is to be able to identify a discrete user the next and Transportation 2013, p. 5) can be eepstake entries, but example, from mail order customers, magazine subscribers and sw er the user’s email may be a “good security rationale” when a service “cannot recov personal data ting and scoring the they are nowadays also created or enriched by analyzing, segmen hen the user next enters address and name” and “associated data will only be recovered w extensive databases from online data brokers. their email address and name”, but it “fails to understand the privacy implications by 382 ignoring the definition of PII”. The Marketing scholar Joseph Turow concluded: Cross-device tracking and linking user profiles with hidden identifiers 5.6 y soften the impact of the Industry claims of anonymity surrounding all these data ma atforms allow companies As described in the previous chapter, online data management pl sorting and labeling processes. But in doing so, it seriously undermines the traditional iled third-party user to import their customer data, combine it with millions of deta meaning of the word. If a company can follow and interact with you in the digital sources, to identify their own profiles from online and offline customers or to target other environment – and that potentially includes the mobile phone and your television set – its often offer to analyze, individuals through online or offline channels. These platforms claim that you are anonymous is meaningless, particularly when firms intermittently add segment and score consumers, and they are connected to other da ta brokers and offline information to the online data and then simply strip the name and address to 383 advertising companies. make it “anonymous.” ross several tracking companies the platforms cooperate To recognize website visitors ac „Anonymous“ data used in their eir clients often describe the Data management platforms and th There is no , which refers to “the process of with each other and use for example cookie synching identification? d”. Apparently, hashing is tracking and sharing processes as “anonymized” or “de-identifie anonymous 379 match user This way, they can mapping user Ids from one system to another”. Adobe in fact pseudonymization rather than anonymization. In 's digital marketing identification across different systems identifiers such as ad networks, ad exchanges and data ts that “marketers magazine CMO, Ruth Boardman, a “leading privacy lawyer”, sugges providers. But today’s data management platforms offer more tha n just the identification anonymised data, rather should stop trying to convince themselves they are working with 384 n many life situations by of people surfing the web. They promise to identify consumers i Information Commissioner’s Office , the . Iain Bourne from the than personal information” matching profile data from differ ent sources and mostly claim that this matching is ong debate about whether UK’s privacy regulator, adds: “It’s not really worth having a l “anonymous”. this is not personal information when it’s aimed at identifying people” (ibid.) Matching is a crucial point for consumer privacy the privacy scholar In his paper “Singling out people without knowing their names” Singling out otection authorities “take Frederik Borgesius (2016, p. 2) concluded that European data pr people without -mail address or their Unique identifiers for consumers are often derived from their e Unique s personal data if it uses data to single out a person, the view that a company processe knowing their phone number. Based on these identifiers, data records from cor porate customer identifiers dingly be “merely one of the even if it cannot tie a name to these data”. A name would accor names databases can be linked with third-party profiles from data bro kers, social network identifiers that can be tied to data about a person, and it is not even the most practical profiles, online and mobile beha vior gathered via tracking serv ices or cookies, and any identifier” for today’s online tracking economy. other device, platform or service consumers are using in everyd ay life. To create these . They convert, for example, an email hashing unique identifiers, most vendors use Deterministic and probabilistic cross-device tracking 380 nction such as MD5. address into an alphanumeric string by using a cryptographic fu matching data from different Since consumers are increasingly using multiple devices, In theory, hashing is a one-way operation and cannot be reverse d. But, aside from many Anonymous devices is considered as a major challenge for tracking and data compa nies. When 381 , when we imagine real-time data sharing other possible ways of de-anonymization matching via Internet users are surfing the web, websites can identify them again as the same user, for between all kinds of companies collecting hundreds of millions all of e-mail addresses and hashing? easily be deleted or blocked, instance, via cookies (see chapter 4). But browser cookies can of them use the same “one way” operation to “anonymize” these e-mail addresses, ple computers, and computers can be used by multiple persons, people can use multi these “anonymized” email addresses can be matched across differ ent datasets. Consumers game coming devices, from use of mobile apps and other up cookies don’t help to track the can therefore be recognized again, as soon as they use a servic e linked with the same and consoles to smart TVs fitness trackers . To match these different devices, the email address. Although some of t involved in these data he companies and organizations n cookies. In 2015, Omar Tawako l, the general manager tracking industry needs more tha 385 , they can always he name or address of consumers sharing processes may not know t that marketers had “these first-party data assets: data tied stated Data Cloud ’s of Oracle identify them as the same person in many situations and link th eir profile to red and modeled data. comprehensive information based on volunteered, observed, infer 382 http://www.truste.com/blog/2013/ 01.2016] 04/16/data-anonymization/ [25. 383 Joseph Turow (2011): The Daily You. Cited from: Senate Committ ee on Commerce, Science, and Transportation (2013, p. 32) 378 384 Science, and Transportation CMO. by Adobe (2015): Adobe Summit EMEA: Brands Advised To Alw The data broker report from the Senate Committee on Commerce, ays Assume It’s Personal. Online: http://www.cmo.com/featur mmit-emea-brands-advised- e author’s German 2014 report es/articles/2015/4/29/adobe-su (2013) provides a comprehensive overview on list brokers. In th “Kommerzielle Digitale Überwachung im Alltag” German list broke rs have been investigated. to-always-assume-its-personal.html [16.08.2016] 379 385 https://www.admonsters.com/blog/cookie-synching [25.01.2016] eMarketer (2015): Cross-Device Targeting and Measurement Will Impact Digital Display 380 ://www.emarketer.com/Article/C Advertisers in 2015. Online: http ross-Device-Targeting- https://www.clickz.com/clickz/column/2288689/whats-an-email-ha sh-anyway [25.01.2016] 381 Measurement-Will-Impact-Digital-Display-Advertisers-2015/101208 1 [25.01.2016] See chapter 2.3 91 91 90

92 to email, data tied to a physical address, data tied to cookies —and they’re all massively use “ultrasonic audio through the use of the speakers on the co mputer or device”, which is disconnected.” That is why “cross-linking everything across scr eens and devices” would then “recognized and received on the other smart device”. They use it not just to match be “the biggest and most important trend this year”. In 2015, t he FTC has initiated an users “cross-device”, but also “cross-channel”, and embed “ audio beacon signals into TV 386 racking and consumer privacy. investigation on cross-device t commercials ”, which are received by tracking apps and allow users who were exposed to 395 a specific TV program to be identified. , for example by deterministic cross-device matching The most important approach is Linking user Cross-device identifiers by major platforms? latforms with millions of identifying users when they have logged into one of the major p accounts and 387 This way, it is possible to link information Twitter . users, such as Google, Facebook or device s connecting their However, the most relevant data sharing occurs between companie Google, Twitter fiers such as hashed email gathered on users across platforms and devices, based on identi identifiers 397 396 and Twitter customer and CRM data with the online tracking universe. Both Google and Facebook’s d cookies from d addresses, mobile identifiers an ifferent tracki ng companies. To link started to offer companies the ability to Facebook started to allow CRM matching in 2015. Atlas mobile device identifiers like the Apple Identifier for Advertisers (IFA/IDFA) or the 398 Facebook ’s Custom Audiences match their customer data already back in 2012. 388 Microsoft ’s “Advertising ID” helps tracking Google Advertising ID can be used. product allows companies to uploa d “hashed” email addresses or phone numbers to target 389 ny companies providing During the past years, ma Windows users. Windows phone and 399 In early 2013, Facebook started to partner with data brokers these customers online. platforms and services introduced unique identifiers for users. introduced its Verizon such as Acxiom, Epsilon, Datalogix and BlueKai (the latter now both owned by Oracle ). article published by the “Precision ID”, a “unique hashed ID” which has, according to an 400 , which Atlas Facebook also acquired the “giant ad-serving and measurement business” Oracle trade magazine Experian adexchanger “to , partnerships with data brokers like and will, according to a company statement, “solve the cross-device problem” and help 390 d third-party data”. enable anonymous matches between the Precision ID identifier an 401 Atlas An ishers” companies “reach real people acr oss devices, platforms and publ dvertising vendors also Some data brokers, data management platforms and other online a representative explained that the “data that Facebook has on it s 1.3 billion users is data 391 and the Oracle Acxiom introduced their own unique identifiers, such as AbiliTec Link ’s 402 . An Atlas whitepaper states that “Facebook syncs the Atlas and that we can use in Atlas” 392 ID Graph . 403 . Facebook cookies” by writing “a v ersion of the user’s Facebook ID into the Atlas cookie” 393 According to adexchanger’s “Mark entity”, another eter’s Guide To Cross-Device Id Probabilistic ’s Atlas could “help tie online ads to offline Facebook According to the Wall Street Journal, Facebook’s approach is to use probabilistic cross-device matching , offered by companies such as -device cross sales”. For example, a “consumer who purchases a pair of shoes in a store might volunteer cross device ID Experian Tapad, Drawbridge . Probabilistic matching is and matching account, t. If the email address is link ed to a Facebook her email address at the checkou “achieved by algorithmically analyzing thousands of different anonymous data points – when and where the consumer saw could inform the retailer, if, Facebook its ads across 404 A marketing magazine summarized that Facebook had in fact introduced a device type, operating system, location data [... ], time of day [...] – to create statistical, the web”. aka likely, matches between devices. For exam ple, if a phone, a tablet and a laptop , which would not only work on “cross-device ID based on logged in users” ts in the same places every weekday, it’s connect to the same networks or Wi-Fi hotspo Facebook facebook.com , , but also on “thousands of other Instagram ’s mobile app and safe to surmise that all three devices belong to a specific commuter.” websites and apps”. They would u se a “combination” of their “Fa cebook ID” and “mobile IDFA) and Android's device identifiers such as Apple's Identifier for Advertising ( The guide lists the following pro viders for cross-device tracki ng: Acxiom, Adelphic, Adobe, AOL, BlueKai (acquired by Oracle), Conversant (acquired by 394 http://adexchanger.com/data-driven-thinking/cross-device-track ing-dont-believe-the-hype/ is Mobile, Krux, Lotame, MediaMath, Neustar Epsilon/Alliance Data), Criteo, Crosswise, Ir [25.01.2016] 395 Comments for November 2015 Calabrese, C., McInnis, K. L., Hans, G. S., Norcie, G. (2015): Aggregate Knowledge, Turn, 4INFO, [x+1] (acquired by Rocket Fuel). ology. Online: Workshop on Cross-Device Tracking. Center For Democracy & Techn Another way to link two devices belonging to the same consumer with each other is to use Ultrasonic https://cdt.org/files/2015/10/10.16.15-CDT-Cross-Device-Comments.pdf [25.01.2016] 396 394 -on-first-party-data/ ogle-allows-targeted-ads-based http://adexchanger.com/mobile/go inks”. Companies even “apps that can hear TV sounds, QR codes, NFC” and other “data l audio signals [25.01.2016] to link devices 397 Weber, H. (2015): Twitter’s new ‘partner audiences‘ will help more advertisers track you outside Twitter. VentureBeat. Online: http://venturebeat.com/2015/03/05 /twitters-new-partner- [25.01.2016] audiences-will-help-more-advertisers-track-you-outside-twitter/ 398 386 device-tracking om Audience CRM Ads Increase Constine, J. (2012): First Results Are In: Facebook’s New Cust https://www.ftc.gov/news-events/events-calendar/2015/11/cross- [25.01.2016] Conversions And Lower Costs. TechChrunch. Online: 387 [25.01.2016] http://techcrunch.com/2012/10/11/facebook-custom-audience-ads/ tracking-is-insome-tips/ https://iapp.org/news/a/cookies-are-so-yesterday-cross-device- 399 [25.01.2016] https://www.facebook.com/ads/man age/customaudiences/tos.php [2 5.01.2016] 388 400 http://adexchanger.com/data-exch ss-device-identity/ Cookies Look Like. Business Edwards, J. (2013): This Is What Facebook Thinks The Future Of anges/a-marketers-guide-to-cro [25.01.2016] Insider. Online: http://www.businessinsider.com/facebook-cookie -ads-from-atlas-2013-12 389 [25.01.2016] https://msdn.microsoft.com/en- 401 us/library/windows/apps/windows.system.userprofile.advertisingm anager.advertisingid 1.2016] http://atlassolutions.com/2014/09/29/meet-the-new-atlas/ [25.0 402 [25.01.2016] eMarketer (2014): Bye-Bye, Cookies-Atlas Tracks Consumers Onli ne and Offline via Facebook 390 las-Tracks-Consumers-Online- emarketer.com/Article/Bye-Bye-CookiesAt IDs. Online: http://www. a-deep-dive-on-verizons- http://adexchanger.com/data-exchanges/can-you-identify-me-now- Offline-via-Facebook-IDs/1011661 [25.01.2016] data-practices/ [25.01.2016] 403 391 ment & Delivery. Online: k [25.01.2016] Atlas Solutions, LLC (2015): The Case for People-based Measure https://developer.myacxiom.com/code/api/endpoints/abilitec-lin 392 for_people_based_measurement_ https://atlassolutionstwo.files.wordpress.com/2014/12/the_case_ Oracle Inc. (2015): Oracle buys Datalogix. Online: final_1-15.pdf [25.01.2016] http://www.oracle.com/us/corporat al-presentation-2395307.pdf e/acquisitions/datalogix/gener 404 Marshall, Jack (2014): What Marketers Need to Know About Faceb ook’s Atlas. Wallstreet Journal, [25.01.2016] 393 Sep 29, 2014. Online: http://blogs.wsj.com/cmo/2014/09/29/what- marketers-need-to-know- ss-device-identity/ http://adexchanger.com/data-exchanges/a-marketers-guide-to-cro about-facebooks-atlas/ [25.01.2016] [25.01.2016] 92 93 92

93 mputer or device”, which is use “ultrasonic audio through the use of the speakers on the co to email, data tied to a physical address, data tied to cookies —and they’re all massively then “recognized and received on the other smart device”. They use it not just to match eens and devices” would disconnected.” That is why “cross-linking everything across scr users “cross-device”, but also “cross-channel”, and embed “ audio beacon signals into TV he FTC has initiated an be “the biggest and most important trend this year”. In 2015, t 386 racking and consumer privacy. investigation on cross-device t exposed to ”, which are received by tracking apps and allow users who were commercials 395 a specific TV program to be identified. deterministic cross-device matching , for example by The most important approach is Linking user Cross-device identifiers by major platforms? latforms with millions of identifying users when they have logged into one of the major p accounts and 387 This way, it is possible to link information Twitter . users, such as Google, Facebook or device s connecting their However, the most relevant data sharing occurs between companie Google, Twitter fiers such as hashed email gathered on users across platforms and devices, based on identi identifiers 397 396 and Twitter Google with the online tracking universe. Both customer and CRM data and Facebook’s d cookies from d addresses, mobile identifiers an ifferent tracki ng companies. To link started to offer companies the ability to Facebook started to allow CRM matching in 2015. Atlas mobile device identifiers like the Apple Identifier for Advertisers (IFA/IDFA) or the 398 Facebook ’s Custom Audiences match their customer data already back in 2012. 388 Microsoft ’s “Advertising ID” helps tracking Google Advertising ID can be used. product allows companies to uploa d “hashed” email addresses or phone numbers to target 389 ny companies providing During the past years, ma Windows users. Windows phone and 399 In early 2013, Facebook started to partner with data brokers these customers online. platforms and services introduced unique identifiers for users. introduced its Verizon such as Acxiom, Epsilon, Datalogix and BlueKai (the latter now both owned by Oracle ). article published by the “Precision ID”, a “unique hashed ID” which has, according to an 400 , which Atlas Facebook also acquired the “giant ad-serving and measurement business” Oracle trade magazine Experian adexchanger “to , partnerships with data brokers like and will, according to a company statement, “solve the cross-device problem” and help 390 d third-party data”. enable anonymous matches between the Precision ID identifier an 401 Atlas An oss devices, platforms and publ ishers” companies “reach real people acr dvertising vendors also Some data brokers, data management platforms and other online a representative explained that the “data that Facebook has on it s 1.3 billion users is data 391 and the Oracle Acxiom introduced their own unique identifiers, such as ’s AbiliTec Link 402 . An Atlas whitepaper states that “Facebook syncs the Atlas and that we can use in Atlas” 392 . ID Graph 403 . ersion of the user’s Facebook ID into the Atlas cookie” Facebook cookies” by writing “a v 393 another entity”, eter’s Guide To Cross-Device Id According to adexchanger’s “Mark Probabilistic could “help tie online ads to offline Facebook ’s Atlas According to the Wall Street Journal, Facebook’s probabilistic cross-device matching approach is to use , offered by companies such as - device cross in a store might volunteer sales”. For example, a “consumer who purchases a pair of shoes cross device ID Experian Tapad, Drawbridge . Probabilistic matching is and matching account, t. If the email address is link ed to a Facebook her email address at the checkou “achieved by algorithmically analyzing thousands of different anonymous data points – when and where the consumer saw could inform the retailer, if, Facebook its ads across 404 A marketing magazine summarized that Facebook had in fact introduced a device type, operating system, location data [... ], time of day [...] – to create statistical, the web”. , which would not only work on “cross-device ID based on logged in users” ple, if a phone, a tablet and a laptop aka likely, matches between devices. For exam Facebook , but also on “thousands of other Instagram ’s mobile app and facebook.com , connect to the same networks or Wi-Fi hotspo ts in the same places every weekday, it’s safe to surmise that all three devices belong to a specific commuter.” cebook ID” and “mobile websites and apps”. They would u se a “combination” of their “Fa IDFA) and Android's device identifiers such as Apple's Identifier for Advertising ( viders for cross-device tracki ng: The guide lists the following pro Acxiom, Adelphic, Adobe, AOL, BlueKai (acquired by Oracle), Conversant (acquired by 394 http://adexchanger.com/data-driven-thinking/cross-device-track ing-dont-believe-the-hype/ is Mobile, Krux, Lotame, MediaMath, Neustar Epsilon/Alliance Data), Criteo, Crosswise, Ir [25.01.2016] 395 Calabrese, C., McInnis, K. L., Hans, G. S., Norcie, G. (2015): Comments for November 2015 Aggregate Knowledge, Turn, 4INFO, [x+1] (acquired by Rocket Fuel). ology. Online: Workshop on Cross-Device Tracking. Center For Democracy & Techn Another way to link two devices belonging to the same consumer with each other is to use Ultrasonic https://cdt.org/files/2015/10/10.16.15-CDT-Cross-Device-Comments.pdf [25.01.2016] 396 394 -on-first-party-data/ ogle-allows-targeted-ads-based http://adexchanger.com/mobile/go Companies even “apps that can hear TV sounds, QR codes, NFC” and other “data l inks”. audio signals [25.01.2016] to link devices 397 Weber, H. (2015): Twitter’s new ‘partner audiences‘ will help more advertisers track you outside /twitters-new-partner- Twitter. VentureBeat. Online: http://venturebeat.com/2015/03/05 [25.01.2016] audiences-will-help-more-advertisers-track-you-outside-twitter/ 386 398 device-tracking Constine, J. (2012): First Results Are In: Facebook’s New Cust om Audience CRM Ads Increase https://www.ftc.gov/news-events/events-calendar/2015/11/cross- [25.01.2016] Conversions And Lower Costs. TechChrunch. Online: 387 http://techcrunch.com/2012/10/11/facebook-custom-audience-ads/ [25.01.2016] tracking-is-insome-tips/ https://iapp.org/news/a/cookies-are-so-yesterday-cross-device- 399 [25.01.2016] https://www.facebook.com/ads/man 5.01.2016] age/customaudiences/tos.php [2 388 400 Cookies Look Like. Business Edwards, J. (2013): This Is What Facebook Thinks The Future Of http://adexchanger.com/data-exch anges/a-marketers-guide-to-cro ss-device-identity/ [25.01.2016] -ads-from-atlas-2013-12 Insider. Online: http://www.businessinsider.com/facebook-cookie 389 [25.01.2016] https://msdn.microsoft.com/en- 401 us/library/windows/apps/windows.system.userprofile.advertisingm anager.advertisingid http://atlassolutions.com/2014/09/29/meet-the-new-atlas/ [25.0 1.2016] 402 [25.01.2016] ne and Offline via Facebook eMarketer (2014): Bye-Bye, Cookies-Atlas Tracks Consumers Onli 390 IDs. Online: http://www. las-Tracks-Consumers-Online- emarketer.com/Article/Bye-Bye-CookiesAt a-deep-dive-on-verizons- http://adexchanger.com/data-exchanges/can-you-identify-me-now- Offline-via-Facebook-IDs/1011661 [25.01.2016] data-practices/ [25.01.2016] 391 403 https://developer.myacxiom.com/code/api/endpoints/abilitec-lin k [25.01.2016] ment & Delivery. Online: Atlas Solutions, LLC (2015): The Case for People-based Measure 392 for_people_based_measurement_ https://atlassolutionstwo.files.wordpress.com/2014/12/the_case_ Oracle Inc. (2015): Oracle buys Datalogix. Online: final_1-15.pdf [25.01.2016] http://www.oracle.com/us/corporat e/acquisitions/datalogix/gener al-presentation-2395307.pdf 404 Marshall, Jack (2014): What Marketers Need to Know About Faceb ook’s Atlas. Wallstreet Journal, [25.01.2016] 393 Sep 29, 2014. Online: http://blogs.wsj.com/cmo/2014/09/29/what- marketers-need-to-know- ss-device-identity/ http://adexchanger.com/data-exchanges/a-marketers-guide-to-cro about-facebooks-atlas/ [25.01.2016] [25.01.2016] 93 93 92

94 still does “not allow its cross- Advertising ID”. However, according to the article, Atlas released the names of the 19 hijackers on 11 September 2001, Ac xiom had identified 405 409 device data to leave Facebook's walls”. Germany since has been active in Acxiom eleven of them in their own databases. 410 According to a talk by 2004 and has already collected data on 44 million Germans. ermany and Poland, the company possesses “offline Acxiom’s Managing Director for G 411 claims to have data Acxiom UK profile data” on “nearly every household in Germany”. 5.7 Case studies and example companies s and behavioral on “over 40 million consumers” and “1,000 lifestyle demographic 412 variables”. doing business with There is little solid research about the practices of companies personal data of consumers. In addition, this ecosystem is evol ving and changing very fast. 413 lists hundreds of “data Acxiom ’s "Consumer Data Products Catalog" from 2011 Data catalog Within a few months, a company t hat is examined by researchers or media, may have been or households to complete elements” which corporate clients can obtain about individuals acquired, merged with other comp rvices offered. anies or rapidly changed the se their customer databases. In addition to basic information such as name, age, gender, phone numbers, email addresses, e ducation, occupation, children , income and credit card Based on the different typologies of the personal data ecosyste m as described in the Companies in lable. In the "geography use, detailed records on housing and vehicle ownership are avai previous chapters and on a review of literature and media artic les, several companies different fields n the “ethnicity” category ten ent attributes are available, i and address" category, 25 differ sby et al (2012), Chester were selected for a more detailed examination. Starting with Bu . In addition, data on voting party and attributes – for example several “race codes” (2014), CMA (2015), Deighton (2013), Dixon et al (2014), FTC (2 015), McConville (2014) , “lotteries” or "interests" such as “dieting/weight loss”, “casino”, “gambling” and Senate Committee on Commerce, Science, and Transportation ( 2013) also several lists “smoking/tobacco” are available. Data on health “needs” such as “allergy related”, of clients and partners of companies which were mentioned in th ese publications, have and “diabetic focus” is “arthritis / mobility”, “disabled individual in the household” , mid-sized, and small companies, ranging from been examined. We selected large “derived from purchases and self-reported sources”. Most of them are based in the generalists offering diverse portfolios to smaller specialists. cluded companies based in U.S., but some are offering their services globally. We also in According to their data catalog, Acxiom to categorize people and “scores” offers several Acxiom’s ’s headquarters are in Dublin, Ireland. Germany, Netherlands and India. Experian predict their future behavior, such as “NetWorth Gold”, the “Ch aritable Giving Score”, the Audience “Life Insurance Purchase Propensity”, the “Consumer Prominence Indicator” and the Operating udies and exemplary The goal of this review of products and services in the case st “Inferred Household Rank”. As part of their analysis and segmentation system System questions such as: What types of persona companies is to answer l data about consumers "Personicx", households are assigned to one or more of 1,270 gr oups describing their ted? Which products do do they collect, analyze and sell? How many consumers are affec lifestyle, based on “specific consumer behavior and demographic characteristics”. Sub ymous” is the collection, match ing and exploitation of these companies offer? How “anon modules provide data on specific target groups, for example "Pe rsonicx Hispanic", And what are the ies claim to use anonymization? personal data really when compan predicts “consumer life "Personicx Insurance Groups" or "Personicx Life Changes", which implications and risks for consumers? stage changes”. "Personicx" is apparently no longer offered sep arately, but was part of the 5.7.1 Acxiom – the world's largest commercial database on consumers 414 from em (AOS)" until 2015. According to an analysis "Acxiom Audience Operation Syst a “comprehensive view of an audience” acr oss Gartner in 2013 , this system offered Acxiom claims to have “data and insight” into “700 million consumers The U.S. company Up to 3,000 “channels, devices and media sources” with “unduplicated data, enriched by detailed 407 406 for nearly every U.S. consumer”. worldwide”, including into over “3,000 propensities attributes on al and social pr demographic, contextual, behavior ofiles” from “ both online and offline , but analysts of According to the New York Times, “few consumers have ever heard Acxiom 700 million activities”. 408 say it has amassed the world's largest commercial database on c onsumers”. The consumers company was founded in 1969, under the name Demographics Inc ., and initially performed Gartner Acxiom ’s technology could “connect individual profiles across emphasized that Connecting direct mail campaigns based on the data of public phone books, including advertisement devices and channels” and “relate them to a common record conta ining personally individual , according to their annual report 2014, manages Acxiom for election campaigns. Today 2.5 profiles? and maintains 3.7 “billion prospect records” for clients. billion “customer relationships” They operate 15,000 customer databases for 7,000 companies from sectors such as and work for “47 of the finance, insurance, retail, heal thcare, travel and automotive, 409 Shortly after the FBI had Fortune 100” companies, but also for U.S. government agencies. Heard Of You. Fortune Behar, Richard (2004): Never Heard Of Acxiom? Chances Are It's Magazine, 23.02.2004. Online: 04/02/23/362182/index.htm http://archive.fortune.com/magazines/fortune/fortune_archive/20 [22.01.2016] 410 Mclaughlin, Catriona (2013): Acxiom. Die Besserwisser. Die Zei t, 05.07.2013. Online: 405 /komplettansicht [22.01.2016] http://www.zeit.de/2013/28/acxiom Rodgers, Z. (2014): With Atlas Relaunch, Facebook Advances New Cross-Device ID Based On 411 atforms/with-atlas-relaunch- Logged In Users. AdExchanger. O nline: http://adexchanger.com/pl YouTube-Video from the panel di scussion "Die Strategien der gr oßen Daten-Anbieter" on d3con facebook-advances-new-cross-device-id-based-on-logged-in-users/ [25.01.2016] 2014 conference on 11.02.2014 in Hamburg. In German he said: "H eute haben wir in Deutschland 406 Minute 14:50: r nahezu jeden Haushalt", from Offline-Profildaten verfügbar fü According to Merriam-Webster, a propensity is a "strong natura l tendency to do something" or com/watch?v=W41HcRo-3P8 [22.01.2016] https://www.youtube. an "often intense natural inclination or preference", see: http ://www.merriam- 412 webster.com/dictionary/p ropensity [01.08.2016] /Facebook-Case-Study- http://dq2qu0j6xxb34.cloudfront.net/wp-content/uploads/2014/01 407 Final-no-bleed.pdf [22.01.2016] Acxiom Corporation (2014): Annual Report 2014. Online: 413 http://files.shareholder.com/dow -E136-4701-B0F2- nloads/ACXM/0x0x763250/A1DBFBD8 Online: Acxiom: The Power of Insight: C onsumer Data Products Catalog. .2016] 3DC695E5ED08/acxiom2014_Annual_Report_FINAL_RRD_PDF_.pdf [22.01 https://www.hashdoc.com/documents/8135/data-products-catalog [22.01.2016] 414 408 e Consumer Genome. New York Singer, Natasha (2012): You for Sale. Mapping, and Sharing, th Frank, Andrew; Kihn, Martin (2013): Acxiom's Audience Operatin g System Could Reinvent Data- ner.com/doc/2597521?ref=ddisp Driven Marketing. Gartner, 26.09.2013. Online: https://www.gart Times, June 16, 2012. Online: http://www.nytimes.com/2012/06/17 /technology/acxiom-the- quiet-giant-of-consumer-database-marketing.html [22.01.2016] [22.01.2016] 94 95 94

95 released the names of the 19 hijackers on 11 September 2001, Ac xiom had identified still does “not allow its cross- Advertising ID”. However, according to the article, Atlas 405 409 device data to leave Facebook's walls”. Germany since Acxiom eleven of them in their own databases. has been active in 410 According to a talk by 2004 and has already collected data on 44 million Germans. ermany and Poland, the company possesses “offline Acxiom’s Managing Director for G 411 profile data” on “nearly every household in Germany”. claims to have data Acxiom UK 5.7 Case studies and example companies s and behavioral on “over 40 million consumers” and “1,000 lifestyle demographic 412 variables”. doing business with There is little solid research about the practices of companies personal data of consumers. In addition, this ecosystem is evol ving and changing very fast. 413 Acxiom ’s "Consumer Data Products Catalog" from 2011 lists hundreds of “data Data catalog Within a few months, a company t hat is examined by researchers or media, may have been or households to complete elements” which corporate clients can obtain about individuals acquired, merged with other comp rvices offered. anies or rapidly changed the se their customer databases. In addition to basic information such as name, age, gender, phone numbers, email addresses, e ducation, occupation, children , income and credit card Based on the different typologies of the personal data ecosyste m as described in the Companies in lable. In the "geography use, detailed records on housing and vehicle ownership are avai previous chapters and on a review of literature and media artic les, several companies different fields n the “ethnicity” category ten ent attributes are available, i and address" category, 25 differ sby et al (2012), Chester were selected for a more detailed examination. Starting with Bu . In addition, data on voting party and attributes – for example several “race codes” (2014), CMA (2015), Deighton (2013), Dixon et al (2014), FTC (2 015), McConville (2014) , “lotteries” or "interests" such as “dieting/weight loss”, “casino”, “gambling” and Senate Committee on Commerce, Science, and Transportation ( 2013) also several lists “smoking/tobacco” are available. Data on health “needs” such as “allergy related”, of clients and partners of companies which were mentioned in th ese publications, have and “diabetic focus” is “arthritis / mobility”, “disabled individual in the household” , mid-sized, and small companies, ranging from been examined. We selected large “derived from purchases and self-reported sources”. Most of them are based in the generalists offering diverse portfolios to smaller specialists. cluded companies based in U.S., but some are offering their services globally. We also in According to their data catalog, Acxiom to categorize people and “scores” offers several Acxiom’s ’s headquarters are in Dublin, Ireland. Germany, Netherlands and India. Experian predict their future behavior, such as “NetWorth Gold”, the “Ch aritable Giving Score”, the Audience “Life Insurance Purchase Propensity”, the “Consumer Prominence Indicator” and the Operating udies and exemplary The goal of this review of products and services in the case st “Inferred Household Rank”. As part of their analysis and segmentation system System questions such as: What types of persona companies is to answer l data about consumers "Personicx", households are assigned to one or more of 1,270 gr oups describing their ted? Which products do do they collect, analyze and sell? How many consumers are affec lifestyle, based on “specific consumer behavior and demographic characteristics”. Sub ymous” is the collection, match ing and exploitation of these companies offer? How “anon modules provide data on specific target groups, for example "Pe rsonicx Hispanic", And what are the ies claim to use anonymization? personal data really when compan predicts “consumer life "Personicx Insurance Groups" or "Personicx Life Changes", which implications and risks for consumers? stage changes”. "Personicx" is apparently no longer offered sep arately, but was part of the 5.7.1 Acxiom – the world's largest commercial database on consumers 414 to an analysis from em (AOS)" until 2015. According "Acxiom Audience Operation Syst a “comprehensive view of an audience” acr oss Gartner in 2013 , this system offered Acxiom claims to have “data and insight” into “700 million consumers The U.S. company Up to 3,000 “channels, devices and media sources” with “unduplicated data, enriched by detailed 407 406 for nearly every U.S. consumer”. worldwide”, including into over “3,000 propensities attributes on al and social pr demographic, contextual, behavior ofiles” from “ both online and offline , but analysts of According to the New York Times, “few consumers have ever heard Acxiom 700 million activities”. 408 The say it has amassed the world's largest commercial database on c onsumers”. consumers company was founded in 1969, under the name Demographics Inc ., and initially performed Gartner Acxiom ’s technology could “connect individual profiles across emphasized that Connecting direct mail campaigns based on the data of public phone books, including advertisement devices and channels” and “relate them to a common record conta ining personally individual , according to their annual report 2014, manages Acxiom for election campaigns. Today 2.5 profiles? and maintains 3.7 “billion prospect records” for clients. billion “customer relationships” They operate 15,000 customer databases for 7,000 companies from sectors such as and work for “47 of the finance, insurance, retail, heal thcare, travel and automotive, 409 Shortly after the FBI had Fortune 100” companies, but also for U.S. government agencies. Heard Of You. Fortune Behar, Richard (2004): Never Heard Of Acxiom? Chances Are It's Magazine, 23.02.2004. Online: 04/02/23/362182/index.htm http://archive.fortune.com/magazines/fortune/fortune_archive/20 [22.01.2016] 410 Mclaughlin, Catriona (2013): Acxiom. Die Besserwisser. Die Zei t, 05.07.2013. Online: 405 /komplettansicht [22.01.2016] http://www.zeit.de/2013/28/acxiom Rodgers, Z. (2014): With Atlas Relaunch, Facebook Advances New Cross-Device ID Based On 411 atforms/with-atlas-relaunch- Logged In Users. AdExchanger. O nline: http://adexchanger.com/pl YouTube-Video from the panel di scussion "Die Strategien der gr oßen Daten-Anbieter" on d3con facebook-advances-new-cross-device-id-based-on-logged-in-users/ [25.01.2016] 2014 conference on 11.02.2014 in Hamburg. In German he said: "H eute haben wir in Deutschland 406 Minute 14:50: r nahezu jeden Haushalt", from Offline-Profildaten verfügbar fü According to Merriam-Webster, a propensity is a "strong natura l tendency to do something" or com/watch?v=W41HcRo-3P8 [22.01.2016] https://www.youtube. an "often intense natural inclination or preference", see: http ://www.merriam- 412 webster.com/dictionary/p ropensity [01.08.2016] /Facebook-Case-Study- http://dq2qu0j6xxb34.cloudfront.net/wp-content/uploads/2014/01 407 Final-no-bleed.pdf [22.01.2016] Acxiom Corporation (2014): Annual Report 2014. Online: 413 http://files.shareholder.com/dow -E136-4701-B0F2- nloads/ACXM/0x0x763250/A1DBFBD8 Online: Acxiom: The Power of Insight: C onsumer Data Products Catalog. .2016] 3DC695E5ED08/acxiom2014_Annual_Report_FINAL_RRD_PDF_.pdf [22.01 https://www.hashdoc.com/documents/8135/data-products-catalog [22.01.2016] 414 408 e Consumer Genome. New York Singer, Natasha (2012): You for Sale. Mapping, and Sharing, th Frank, Andrew; Kihn, Martin (2013): Acxiom's Audience Operatin g System Could Reinvent Data- ner.com/doc/2597521?ref=ddisp Driven Marketing. Gartner, 26.09.2013. Online: https://www.gart Times, June 16, 2012. Online: http://www.nytimes.com/2012/06/17 /technology/acxiom-the- quiet-giant-of-consumer-database-marketing.html [22.01.2016] [22.01.2016] 95 95 94

96 Acxiom ’s y”. AOS would identifiable information” from a “customer database of a compan the “challenges of tracking cookies” and that’s why “working wi to verify LiveRamp th eliminate the need for third-party cookies , the common “method of connecting ces, browsers, and matches” would enable marketers to reach consumers “across devi services”. behavior across websites”, which hundreds of companies in onlin e ad targeting still rely some privacy appeal”. on. As third-party cookies are co ntroversial, this would have “ Acxiom offers insights into how to “request data for people, places, Data Services API ’s Health interests ’ use AOS “respond” to However, it would be “unclear how the privacy community” would 423 based on “unique identifiers for person, place, and household households, or entities” and stated, that “risk of personally identifiable information and first-party data”. Gartner 424 sities, and , for example about “the consume r’s insurance behaviors, propen documents” da bility persua remains high that some marketers and consumers may misuse, mist rust or 426 425 , and about the “likelihood” of someone “to be , health “interests” preferences” misunderstand” this technology. In conclusion, it is recommende d that businesses 427 . influenced by social media” o” that third-party cookies “consider strategic options for the increasingly likely scenari will be “replaced by large data e such as Acxiom and d by companies xchanges operate has started to cooperate with the dominant online During the past few years, Acxiom Bank data, Google”. and Facebook companies. They have partnered with both Twitter , for example to “target offline ads to users on the social networks based on their purchases in stores”. Together with shopping, 415 LiveRamp Connect , which “combines the announced Acxiom In 2015, its new service Matching Google they have been working on ways to “match how clicks on ’s ad network tie Google Google and very best elements of LiveRamp ’s Audience Operating System” with the services of Acxiom , customer data 428 Acxiom announced a “new integration with ’s In 2016, LiveRamp to in-store sales”. Facebook 416 Back in 2012, LiveRamp Acxiom a “data onboarding” company acquired by in May 2014. with online 429 reported Acxiom offline behavior of consumers, Regarding Google Customer Match”. 417 that client companies send them customer records, explained on their corporate blog identifiers to be able to recognize a consumer’s identity, when a store cle rk captures the shopper’s which are “keyed by some sort of identifier, such as an email a ddress, postal address, or name from a check or credit card at the point of sale and then asks for the shopper’s ZIP matches these customer records to “online identifiers” that geographical code”. LiveRamp 430 According to Chester et al (2014 , p. 39), the company explaine d code or phone number. offers companies the ability are “associated with a browser or device”. In 2016, LiveRamp and “data broker that it could take “bank data” and combine it with information Acxiom to “use CRM data, purchase histories, and third ̻ party data to address consumers at every social media, ’search,’ and partners provide about a consumer’s ‘behaviors,’ ‘email opens,’ 418 party data across stage of their customer journey” ̻ and to use “CRM, sales, and third l” could be “scored and ‘offline’ activity. Detailed information regarding an individua 20 billion records each more than 200 marketing platforms”. They claim to “onboard segmented”, for example, “knowing that an individual is a ‘fema le with small children, online devices and month” and offer companies to “match” their “anonymized data to ard ad’”. searched on site for travel rewards’ and also was ‘served ... a c ̻ to-one digital IDs” using “advanced recognition technologies, includin g exact one Oracle and their consumer data brokers Bluekai and Datalogix 5.7.2 emphasizes that they “anonymize” LiveRamp and Acxiom AbiliTec”. In parallel, matching identification process that removes all company’s “customer data files through a de ̻ , the world’s second-largest software adexchanger According to the trade magazine Oracle , 419 personally identifiable information”. 431 , has recently become a vendor with $29.6 billion in software revenue during 2013 432 In 2012 and keting”. “strong data-management contender” and a “leader” in “cloud mar claims to “anonymize” data reco Acxiom rds, but offers “exact one-to-one matching” to its Exact one-to- , a marketing automation com Eloqua acquired Oracle 2013, pany, for $871 million and clients. While this could be mere t rhetoric, it could also ly a questionable, inconsisten one matching strongly opposed to the signify that single persons can easily be identified, which is has hed with 420 ’s “Data Services API” principle of “anonymized” data records. According to their Acxiom identifiers AbiliTec Link product does not just “bring together only similar customer re cords”, but is for each record to allow the ds”, while “assigning one link able to “link all customer recor most complete view of each customer”. It allows “instant recogn ition of customers” and Acxiom’s even “identifies the household of which an individual is a memb “hashed er”. 423 01.2016] https://developer.myacxiom.com/code/api/data-bundles/main [22. entity representation” seems to be used as a unique identifier for an individual, bas ed on 424 dle/identification-and- https://developer.myacxiom.com/code/api/data-bundles/level1bun email addresses, phone numbers or nearly any combination of the former and name, linkage [22.01.2016] 421 422 address, city and zip code. The marketing blog ClickZ that “marketers summarized 425 surance [22.01.2016] https://developer.myacxiom.com/code/api/data-bundles/bundle/in 426 are starting to realize that CRM data – specifically the hash o f the email address – is an althAndMedical https://developer.myacxiom.com/code/api/data-bundles/bundle/he [22.01.2016] form, cross-browser key”. This would overcome many of amazing cross-device, cross-plat 427 https://developer.myacxiom.com/code/api/data-bundles/bundle/so cialMedia [22.01.2016] 428 sical World to Online Data. Wall Dwoskin, Elizabeth (2014): Data Broker Acxiom Moves to Tie Phy Street Journal, May 05, 2014. Online: http://blogs.wsj.com/digi ts/2014/05/14/data-broker- acxiom-moves-to-tie-physical-world-to-online-data [22.01.2016] 429 mp-Extends-Data- /home/20160526005180/en/LiveRa http://www.businesswire.com/news 415 Connectivity-Partnership-Google [01.08.2016] 6] -liveramp-connect/ [22.01.201 http://www.acxiom.com/introducing 416 430 Singer, Natasha (2012): You for Sale. Mapping, and Sharing, th e Consumer Genome. New York Kaye, K. (2015): Why Acxiom Killed AOS and Used LiveRamp Name for New Platform. /datadriven-marketing/acxiom- Advertising Age, Feb 24, 2015. Online: http://adage.com/article /technology/acxiom-the- Times, June 16, 2012. Online: http://www.nytimes.com/2012/06/17 quiet-giant-of-consumer-database-marketing.html [22.01.2016] 2.01.2016] kills-aos-brand-launches-combined-targeting-platform/297276/ [2 431 417 w/ [22.01.2016] oftware vendor, Gartner says. http://liveramp.com/engineering/data-onboarding-system-overvie Kanaracus, C. (2014); Oracle overtakes IBM as second-largest s 418 ine: http://www.computerworld.c om/article/2489278/it- Computerworld. Mar 31, 2014. Onl http://liveramp.com/why-data-connectivity/ [22.01.2016] 419 as-second-largest-software-vendor--gartner-says.html management/oracle-overtakes-ibm- 016] http://liveramp.com/why-liveramp/liveramp-onboarding/ [22.01.2 420 [22.01.2016] k [22.01.2016] https://developer.myacxiom.com/code/api/endpoints/abilitec-lin 421 432 https://developer.myacxiom.com/code/api/endpoints/hashed-entit Rodgers, Z. (2015): Answering Your Questions About Google’s Fo rthcoming DMP. Adexchanger, y [22.01.2016] 422 April 24, 2015. Online: http://a dexchanger.com/data-exchanges/a nswering-your-questions-about- Hendricks, D. (2014): What Acxiom „Hash“ Figured Out. Clickz, May 21, 2014. Online: googles-forthcoming-dmp/ [22.01.2016] https://www.clickz.com/clickz/column/2345821/what-acxiom-hash-f igured-out [22.01.2016] 96 97 96

97 to verify LiveRamp th the “challenges of tracking cookies” and that’s why “working wi would identifiable information” from a “customer database of a compan y”. Acxiom ’s AOS ces, browsers, and matches” would enable marketers to reach consumers “across devi , the common “method of connecting eliminate the need for third-party cookies services”. e ad targeting still rely behavior across websites”, which hundreds of companies in onlin some privacy appeal”. ntroversial, this would have “ on. As third-party cookies are co Acxiom offers insights into how to “request data for people, places, ’s Data Services API Health interests ’ use AOS “respond” to However, it would be “unclear how the privacy community” would 423 households, or entities” based on “unique identifiers for person, place, and household and stated, that “risk Gartner of personally identifiable information and first-party data”. 424 documents” , for example about “the consume r’s insurance behaviors, propen sities, and da bility persua remains high that some marketers and consumers may misuse, mist rust or 425 426 , and about the “likelihood” of someone “to be , health “interests” preferences” d that businesses misunderstand” this technology. In conclusion, it is recommende 427 . influenced by social media” o” that third-party cookies “consider strategic options for the increasingly likely scenari d by companies xchanges operate will be “replaced by large data e such as Acxiom and has started to cooperate with the dominant online During the past few years, Acxiom Bank data, Google”. Facebook Twitter companies. They have partnered with both , for example to “target and offline ads to users on the social networks based on their purchases in stores”. Together with shopping, 415 its new service LiveRamp Connect , which “combines the announced Acxiom In 2015, Matching Google Google ’s ad network tie they have been working on ways to “match how clicks on Google and ’s Audience Operating System” with the services of very best elements of Acxiom LiveRamp , customer data 428 to in-store sales”. LiveRamp In 2016, announced a “new integration with Acxiom ’s Facebook 416 Back in 2012, LiveRamp in May 2014. Acxiom a “data onboarding” company acquired by with online 429 Regarding offline behavior of consumers, Acxiom reported Google Customer Match”. 417 that client companies send them customer records, explained on their corporate blog identifiers rk captures the shopper’s to be able to recognize a consumer’s identity, when a store cle which are “keyed by some sort of identifier, such as an email a ddress, postal address, or name from a check or credit card at the point of sale and then asks for the shopper’s ZIP matches these customer records to “online identifiers” that LiveRamp geographical code”. 430 code or phone number. d , p. 39), the company explaine According to Chester et al (2014 offers companies the ability LiveRamp are “associated with a browser or device”. In 2016, Acxiom that it could take “bank data” and combine it with information and “data broker to “use CRM data, purchase histories, and third party data to address consumers at every ̻ social media, ’search,’ and partners provide about a consumer’s ‘behaviors,’ ‘email opens,’ 418 and to use “CRM, sales, and third ̻ party data across stage of their customer journey” ‘offline’ activity. Detailed information regarding an individua l” could be “scored and more than 200 marketing platforms”. They claim to “onboard 20 billion records each le with small children, segmented”, for example, “knowing that an individual is a ‘fema month” and offer companies to “match” their “anonymized data to online devices and ard ad’”. searched on site for travel rewards’ and also was ‘served ... a c to-one g exact one ̻ digital IDs” using “advanced recognition technologies, includin Oracle and their consumer data brokers Bluekai and Datalogix 5.7.2 and Acxiom AbiliTec”. In parallel, LiveRamp matching emphasizes that they “anonymize” company’s “customer data files through a de ̻ identification process that removes all adexchanger , the world’s second-largest software According to the trade magazine Oracle , 419 personally identifiable information”. 431 , has recently become a vendor with $29.6 billion in software revenue during 2013 432 In 2012 and “strong data-management contender” and a “leader” in “cloud mar keting”. rds, but offers “exact one-to-one matching” to its claims to “anonymize” data reco Acxiom Exact one-to- Eloqua acquired pany, for $871 million and 2013, , a marketing automation com Oracle clients. While this could be mere t rhetoric, it could also ly a questionable, inconsisten one matching signify that single persons can easily be identified, which is strongly opposed to the hed has with 420 their ’s “Data Services API” principle of “anonymized” data records. According to Acxiom identifiers AbiliTec Link product does not just “bring together only similar customer re cords”, but is ds”, while “assigning one link able to “link all customer recor for each record to allow the most complete view of each customer”. It allows “instant recogn ition of customers” and even “identifies the household of which an individual is a memb er”. Acxiom’s “hashed 423 https://developer.myacxiom.com/code/api/data-bundles/main [22. 01.2016] entity representation” seems to be used as a unique identifier for an individual, bas ed on 424 https://developer.myacxiom.com/code/api/data-bundles/level1bun dle/identification-and- email addresses, phone numbers or nearly any combination of the former and name, linkage [22.01.2016] 422 421 that “marketers The marketing blog summarized ClickZ address, city and zip code. 425 surance [22.01.2016] https://developer.myacxiom.com/code/api/data-bundles/bundle/in 426 are starting to realize that CRM data – specifically the hash o f the email address – is an https://developer.myacxiom.com/code/api/data-bundles/bundle/he althAndMedical [22.01.2016] form, cross-browser key”. This amazing cross-device, cross-plat would overcome many of 427 cialMedia [22.01.2016] https://developer.myacxiom.com/code/api/data-bundles/bundle/so 428 sical World to Online Data. Wall Dwoskin, Elizabeth (2014): Data Broker Acxiom Moves to Tie Phy ts/2014/05/14/data-broker- Street Journal, May 05, 2014. Online: http://blogs.wsj.com/digi acxiom-moves-to-tie-physical-world-to-online-data [22.01.2016] 429 /home/20160526005180/en/LiveRa mp-Extends-Data- http://www.businesswire.com/news 415 Connectivity-Partnership-Google [01.08.2016] http://www.acxiom.com/introducing -liveramp-connect/ [22.01.201 6] 416 430 for New Platform. e Consumer Genome. New York Kaye, K. (2015): Why Acxiom Killed AOS and Used LiveRamp Name Singer, Natasha (2012): You for Sale. Mapping, and Sharing, th /technology/acxiom-the- Times, June 16, 2012. Online: http://www.nytimes.com/2012/06/17 Advertising Age, Feb 24, 2015. Online: http://adage.com/article /datadriven-marketing/acxiom- quiet-giant-of-consumer-database-marketing.html [22.01.2016] kills-aos-brand-launches-combined-targeting-platform/297276/ [2 2.01.2016] 431 417 w/ [22.01.2016] oftware vendor, Gartner says. Kanaracus, C. (2014); Oracle overtakes IBM as second-largest s http://liveramp.com/engineering/data-onboarding-system-overvie 418 om/article/2489278/it- Computerworld. Mar 31, 2014. Onl ine: http://www.computerworld.c http://liveramp.com/why-data-connectivity/ [22.01.2016] 419 management/oracle-overtakes-ibm- as-second-largest-software-vendor--gartner-says.html 016] http://liveramp.com/why-liveramp/liveramp-onboarding/ [22.01.2 420 [22.01.2016] https://developer.myacxiom.com/code/api/endpoints/abilitec-lin k [22.01.2016] 432 421 y [22.01.2016] Rodgers, Z. (2015): Answering Your Questions About Google’s Fo rthcoming DMP. Adexchanger, https://developer.myacxiom.com/code/api/endpoints/hashed-entit 422 April 24, 2015. Online: http://a dexchanger.com/data-exchanges/a nswering-your-questions-about- Hendricks, D. (2014): What Acxiom „Hash“ Figured Out. Clickz, May 21, 2014. Online: googles-forthcoming-dmp/ [22.01.2016] https://www.clickz.com/clickz/column/2345821/what-acxiom-hash-f igured-out [22.01.2016] 97 97 96

98 433 Responsys , a cloud-marketing platform, for $1.5 billion. In 2014, they acquired the data information originating from “offline data on 110+ million hous eholds from U.S. Census, 434 , one of and also Datalogix BlueKai management platform for a reported $400 million ources” (ibid., p. 15). d “permissible credit header s public record housing & deeds” an brokers (see FTC 2014), the companies which was part of the FTC’s investigation on data categorizes people into “over 1,800 segments” based on “purcha Datalogix se-based data, 443 435 rich demographics and deep financial insights“. . In 2016, Oracle bought AddThis , a “data company” known for for reported $1.2 billion 15 million on more than “harvesting updated behavioral data through its share buttons” 444 in 2012 to allow Facebook with was among the first data brokers partnering Datalogix Partnership 436 and , which provides “machine-learning based cross- Crosswise worldwide, websites advertisers to target users based not only on their online behavior, but also on Facebook with Facebook ss “user and device activity data from billions of unique device data” and claims to proce 445 , for example based on data about “known buyers” of specific br ands, offline data 437 devices every month”. [s]” and “known demographics” s uch as age, gender and “known online & offline purchase 447 446 438 ’s data management platform (DMP) provides an overview on the Datalogix’s “Facebook Audience Guide” BlueKai According to a corporate presentation income. BlueKai, an ata for personalized allows companies to combine first-party data with third-party d offered allows Facebook-related product portfolio of the company. One product online data ers” on companies to “reach consumers likely to respond to mortgage off urely share” their customer , Facebook marketing and online targeting. It also allows “partners to sec management BlueKai ial way”. Together with Oracle , data “in a mutually benefic would enable applied for because these consumers have “similar profile characteristics” as those “who platform companies to “build more complete customer profiles, enriched w ith detailed 1st party who “have mortgages online ”. Another one allows targeting consumers on Facebook (DMP) data, easily accessible 3rd party er data”. BlueKai data, and new 2nd party partn claims to similar profile characteristics of consumers who applied for an d purchased auto insurance product allows via an online channel”. The users to be targeted based Facebook “DLX TV” offer the “world’s largest data marketplace for digital marketers” with “access to the largest aggregation of licensed households and on osure data” on 4.2 million U.S. 3rd party data providers availa on data from “set-top-box TV exp ble anywhere”. Their data attributes including “Audience Data Marketplace” provides clients “more than 30,000 “tracked data from both live & recorded (DVR) viewing”. With “DLX OnRamp” companies data (“any CRM file”) to intent, B2B, past purchases, geo/demo, interest/lifestyle, bran ded and qualified can pass on their customer Datalogix , which then “matches and converts the file to Facebook users”. They explain that this pr oduct allows companies to ” from “more than 200 data 700 million global profiles demographics” and “over providers”. they “match on 20+ “identify users with multiple email addresses”, but in general 448 variables including postal address and multiple email addresses ”. Datalogix Oracle acquired, has data “on $2 trillion in consumer , the second company that Datalogix, lds” and it “connects spending from 1,500 data partners across 110 million US househo Oracle Data Cloud All these products and services now seem to be part of the . A press purchasing Oracle Data 439 449 ntation offline purchasing data to digital media”, according to a prese explains this product consists of “Oracle Data as a Service fo r Marketing” (with . Together with release Cloud: 3 billion data worth $2 f consumers” ith the richest understanding o they could provide marketers “w Oracle, n 300 data partners”), and “access to more than 1 billion profiles globally” and “more tha trillion profiles rding to EPIC based on “what they do, what they say, and what they buy”. Acco , Datalogix from more than 700 million cial” (which “derives insights “Oracle Data as a Service for So mainly collects data “by forming partnerships with stores who o ffer membership or social messages daily, across mo re than 40 million social media and news data sites”). In 440 on Oracle indicates that data originates from sources such as “10+ billi loyalty cards”. Oracle om over 15 stated that it is “aggregating more than 3 billion profiles fr April 2016, 441 442 450 They also use the brand name “Oracle Data SKU-level transactions across 1500 leading retailers ”, “UPC level purchases from million websites in its data marketplace”. ub, mass and drugstore” and “3+ 50+ retailers across grocery, cl billion donation records h is part of the “Oracle Marketing Cloud”, and Management Platform (DMP)”, whic 451 Oracle “Data Directory” offers insights on the ’s across US households” (Oracle 2015, p. 14). Oracle Datalogix (DLX) offers “data types” “powered by” the “Oracle Data Cloud”. such as . It is used to “reach audiences based on financial behavior “DLX Finance” services and data types provided by Oracle ’s affiliated entities and partner companies. The including credit cards, home value, net worth, income and more” and is based on still branded as BlueKai , directory includes several of Oracle’s own services, which are Datalogix and AddThis , but also a detailed overview on consumer data offered by more than 40 “data partners” such as Acxiom, Alliant Data, AnalyticsIQ, comScore, Experian, (see Oracle 2015). TruSignal and Forbes, GfK, Lotame, MasterCard, Neustar, TransUnion 433 ion. Adweek, December 20, 2013. le Buys Responsys for $1.5 Bill Heine, Christopher (2013): Orac s/technology/oracle-buys-responsys-15-billion-154630 Online: http://www.adweek.com/new [22.01.2016] 434 Dignan, L. (2014): Oracle acquires BlueKai, rounds out its mar keting cloud. ZDNet, Feb 24, 2014. Online: http://www.zdnet.com/article/oracle-acquires-bluekai-ro unds-out-its-marketing-cloud/ 443 [22.01.2016] s/online/syndicated-segments/ [22.01.2016] http://www.datalogix.com/audience 444 435 talogix. Wall Street Journal. Feb. 4, ase Records To Show Ads The Constine, J. (2012): Facebook Will Use Datalogix Offline Purch Chernova, Y. (2015): Oracle Paid More Than $1.2 Billion for Da 2015. Online: http://www.wsj.com/articles/oracle-paid-more-than Perfect Number Of Times. Techchrunch, Oct 01, 2012. Online: -1-2-billion-for-datalogix- 1423083774 [22.01.2016] http://techcrunch.com/2012/10/01/facebook-ads-frequency/ [22.01 .2016] 445 436 what you do outside Facebook. Koetsier, J. (2013): Facebook now lets ads target you based on Kaye, K. (2016): With AddThis Buy, Oracle Gets Pipeline to Con tinually Update Audience Data. 3/04/10/facebook-launches- Venturebeat, April 10, 2013. Online: http://venturebeat.com/201 Advertising Age, Jan. 05, 2016. Online: http://adage.com/articl e/datadriven-marketing/addthis- partner-categories-to-help-advertisers-target-demand-not-just-d emographics/ [22.01.2016] buy-oracle-pipeline-audience-data/301998/ [22.01.2016] 446 437 http://www.datalogix.co ok_Audience_Guide.pdf m/wp-content/uploads/2013/10/DLX_Facebo html [01.08.2016] https://www.oracle.com/corporate/acquisitions/crosswise/index. 438 [22.01.2016] http://www.oracle.com/us/corporate/acquisitions/bluekai/genera l-presentation-2150582.pdf 447 [22.01.2016] Ibid. 439 448 http://www.oracle.com/us/corporat e/acquisitions/d atalogix/gene ral-presentation- Ibid. 449 -daas-072214 [22.01.2016] e/pressrelease/data-cloud-and http://www.oracle.com/us/corporat 2395307.pdf [22.01.2016] 440 450 https://www.oracle.com/corporate/acquisitions/crosswise/index. [22.01.2016] /facebook_and_datalogix.html https://epic.org/privacy/facebook html [01.08.2016] 441 451 https://www.oracle.com/marketing cloud/products/data-management -platform/index.html SKU = stock-keeping unit 442 UPC = universal product code [22.01.2016] 98 99 98

99 433 information originating from “offline data on 110+ million hous eholds from U.S. Census, In 2014, they acquired the data Responsys , a cloud-marketing platform, for $1.5 billion. 434 , one of and also Datalogix public record housing & deeds” an ources” (ibid., p. 15). d “permissible credit header s for a reported $400 million management platform BlueKai brokers (see FTC 2014), the companies which was part of the FTC’s investigation on data categorizes people into “over 1,800 segments” based on “purcha se-based data, Datalogix 443 435 rich demographics and deep financial insights“. . In 2016, Oracle bought AddThis , a “data company” known for for reported $1.2 billion 15 million on more than “harvesting updated behavioral data through its share buttons” 444 in 2012 to allow with Facebook was among the first data brokers partnering Datalogix Partnership 436 , which provides “machine-learning based cross- and Crosswise worldwide, websites users based not only on their online behavior, but also on Facebook advertisers to target with Facebook ss “user and device activity data from billions of unique device data” and claims to proce 445 , for example based on data about “known buyers” of specific br ands, offline data 437 devices every month”. uch as age, gender and [s]” and “known demographics” s “known online & offline purchase 447 446 438 Datalogix’s “Facebook Audience Guide” data management platform (DMP) provides an overview on the BlueKai ’s According to a corporate presentation income. BlueKai, an allows companies to combine first-party data with third-party d offered allows Facebook-related product portfolio of the company. One product ata for personalized online data urely share” their customer marketing and online targeting. It also allows “partners to sec , Facebook companies to “reach consumers likely to respond to mortgage off ers” on management Oracle as those “who data “in a mutually benefic ial way”. Together with would enable , BlueKai because these consumers have “similar profile characteristics” applied for platform companies to “build more complete customer profiles, enriched w ith detailed 1st party mortgages online ”. Another one allows targeting consumers on Facebook who “have (DMP) data, easily accessible 3rd party BlueKai er data”. data, and new 2nd party partn claims to d purchased auto insurance similar profile characteristics of consumers who applied for an users to be targeted based offer the “world’s largest data marketplace for digital marketers” with “access to the via an online channel”. The “DLX TV” product allows Facebook largest aggregation of licensed osure data” on 4.2 million U.S. 3rd party data providers availa households and on on data from “set-top-box TV exp ble anywhere”. Their LX OnRamp” companies “tracked data from both live & recorded (DVR) viewing”. With “D “Audience Data Marketplace” provides clients “more than 30,000 data attributes including , which then “matches and ded and qualified can pass on their customer data (“any CRM file”) to Datalogix intent, B2B, past purchases, geo/demo, interest/lifestyle, bran oduct allows companies to ” from “more than 200 data 700 million global profiles demographics” and “over converts the file to Facebook users”. They explain that this pr providers”. they “match on 20+ “identify users with multiple email addresses”, but in general 448 variables including postal address and multiple email addresses ”. Datalogix Oracle acquired, has data “on $2 trillion in consumer , the second company that Datalogix, Oracle Data Cloud All these products and services now seem to be part of the . A press lds” and it “connects spending from 1,500 data partners across 110 million US househo purchasing Oracle Data 439 449 . Together with release explains this product consists of “Oracle Data as a Service fo r Marketing” (with ntation offline purchasing data to digital media”, according to a prese Cloud: 3 billion data worth $2 n 300 data partners”), and “access to more than 1 billion profiles globally” and “more tha Oracle, ith the richest understanding o f consumers” they could provide marketers “w trillion profiles from more than 700 million cial” (which “derives insights “Oracle Data as a Service for So rding to EPIC based on “what they do, what they say, and what they buy”. Acco , Datalogix social messages daily, across mo and news data sites”). In re than 40 million social media mainly collects data “by forming partnerships with stores who o ffer membership or 440 stated that it is “aggregating more than 3 billion profiles fr April 2016, Oracle om over 15 Oracle indicates that data originates from sources such as “10+ billi on loyalty cards”. 450 441 442 purchases from ”, “UPC level transactions across 1500 leading retailers million websites in its data marketplace”. They also use the brand name “Oracle Data SKU-level h is part of the “Oracle Marketing Cloud”, and Management Platform (DMP)”, whic 50+ retailers across grocery, cl ub, mass and drugstore” and “3+ billion donation records 451 Oracle “powered by” the “Oracle Data Cloud”. offers insights on the “Data Directory” ’s (DLX) offers “data types” Oracle Datalogix across US households” (Oracle 2015, p. 14). services and data types provided by partner companies. The ’s affiliated entities and Oracle “DLX Finance” . It is used to “reach audiences based on financial behavior such as , directory includes several of Oracle’s own services, which are still branded as BlueKai including credit cards, home value, net worth, income and more” and is based on Datalogix and AddThis , but also a detailed overview on consumer data offered by more 40 “data partners” than such as Acxiom, Alliant Data, AnalyticsIQ, comScore, Experian, TruSignal Forbes, GfK, Lotame, MasterCard, Neustar, TransUnion and (see Oracle 2015). 433 ion. Adweek, December 20, 2013. le Buys Responsys for $1.5 Bill Heine, Christopher (2013): Orac Online: http://www.adweek.com/new s/technology/oracle-buys-responsys-15-billion-154630 [22.01.2016] 434 Dignan, L. (2014): Oracle acquires BlueKai, rounds out its mar keting cloud. ZDNet, Feb 24, 2014. Online: http://www.zdnet.com/article/oracle-acquires-bluekai-ro unds-out-its-marketing-cloud/ 443 [22.01.2016] [22.01.2016] s/online/syndicated-segments/ http://www.datalogix.com/audience 435 444 Chernova, Y. (2015): Oracle Paid More Than $1.2 Billion for Da ase Records To Show Ads The Constine, J. (2012): Facebook Will Use Datalogix Offline Purch talogix. Wall Street Journal. Feb. 4, Perfect Number Of Times. Techchrunch, Oct 01, 2012. Online: 2015. Online: http://www.wsj.com/articles/oracle-paid-more-than -1-2-billion-for-datalogix- 1423083774 [22.01.2016] http://techcrunch.com/2012/10/01/facebook-ads-frequency/ [22.01 .2016] 436 445 Koetsier, J. (2013): Facebook now lets ads target you based on tinually Update Audience Data. what you do outside Facebook. Kaye, K. (2016): With AddThis Buy, Oracle Gets Pipeline to Con 3/04/10/facebook-launches- Venturebeat, April 10, 2013. Online: http://venturebeat.com/201 Advertising Age, Jan. 05, 2016. Online: http://adage.com/articl e/datadriven-marketing/addthis- partner-categories-to-help-advertisers-target-demand-not-just-d emographics/ [22.01.2016] buy-oracle-pipeline-audience-data/301998/ [22.01.2016] 446 437 http://www.datalogix.co ok_Audience_Guide.pdf m/wp-content/uploads/2013/10/DLX_Facebo html [01.08.2016] https://www.oracle.com/corporate/acquisitions/crosswise/index. 438 [22.01.2016] http://www.oracle.com/us/corporate/acquisitions/bluekai/genera l-presentation-2150582.pdf 447 [22.01.2016] Ibid. 439 448 http://www.oracle.com/us/corporat e/acquisitions/d atalogix/gene ral-presentation- Ibid. 449 -daas-072214 [22.01.2016] e/pressrelease/data-cloud-and http://www.oracle.com/us/corporat 2395307.pdf [22.01.2016] 440 450 https://www.oracle.com/corporate/acquisitions/crosswise/index. [22.01.2016] /facebook_and_datalogix.html https://epic.org/privacy/facebook html [01.08.2016] 441 451 https://www.oracle.com/marketing cloud/products/data-management -platform/index.html SKU = stock-keeping unit 442 UPC = universal product code [22.01.2016] 99 99 98

100 452 , the Oracle Identity Graph (also “Oracle ID According to a corporate presentation ditional sources” (e.g. availability and formats of different data from a “mix” of “tra A unique ID for Graph”) “unites all [consumer] interactions across various chan nels to create one “customer profile data and transactional data, including orders , service requests”) and consumers dressable identities across addressable consumer profile”. I t allows companies to “unify ad ctures, videos”), companies “social data” (e.g. “unified soci al profiles, Tweets, posts, pi nd prospects everywhere”. all devices, screens and channels” and to “identify customers a mbination of traditional should “plug that data into a da ta exchange” and “enrich the co D”, “email ID”, “mobile Oracle mentions several kinds of IDs such as a “postal ID”, “cookie I view of the customer”. data and social data to gain insights based on a more complete 453 ID”, “registration ID” and a “set-top ID”. In another presentat they state that “the ion master data management (MDM) Oracle is, along with IBM and SAP , , a major player in & devices”, and claim to Oracle ID Graph connects an individual customer to all channels which has, according to Gartner , “become a critical discipline required for dealing with the 460 challenges of social data, ‘big data’ and data in the cloud”. 229 million “device ID’s” have access to . Oracle ’s developer website explains how all 454 : kinds of personal information collected by clients are linked w Oracle ID Graph ith the Experian – expanding from cred it scoring to consumer data 5.7.3 On the one hand, “data ingest”, which is the “process of collec ting and classifying user 461 user attributes from your onli ne, offline, data” into Oracle ’s platform, “entails extracting . is one of the three major credit reporting agencies in the U.S Experian , and a global Data on 235m “offline match integration” allows to “onboard data and mobile source”. In addition, player in credit services, analytics, fraud detection, and mark eting data. With around people in the 462 463 from a data warehouse, a Customer Relationship Management (CRM) database, or an $4.5 billion. employees in 39 countries, the total revenue for 2015/2016 was 17.000 U.S., 45m in the optimize, analyze, and email-based offline source”, which then can be used to “target, Experian maintains credit information on about 220 million U.S. consume rs, “demographic UK and 68m in 455 model your users based on their offline attributes”. information” on about 235 million people in 117 million “living units across the U.S.”, and Germany 464 In the UK, their information on “more than 650 mi llion vehicles” in the U.S. and Canada. rmation matching The developer website provides further details on the user info Details on llion records, and they process 1.5 million credit reports “consumer database” holds 45 mi 456 clients should “identify” users “in both the online and offline space” To process. the matching 465 Experian Germany, In is able to categorize 68 million adults along lifestyle per week. Oracle . The “most send their “match keys”, which could be “any unique user id”, t o process 466 On a global level, claims to have “insights on Experian 2.3 billion groups. common match key” is an “encrypted/hashed email address”, becau se it could be 467 which The company runs 18 consumer credit bureaus around the world, ”. consumers en the user signs on to your int of sale (POS) and online wh “collected offline during the po 468 Marketing services, which contribute 18% to contribute 49% to its global revenue. site”. Clients can either use “Oracle Hashed IDs”, which are “g enerated from raw 469 to “identify who your Identity Manager , include products like the global revenue personally identifiable informat ion (PII)” such as e-mail addre sses or phone numbers Intelligence Manager to “understand customers are regardless of channel or device”, the on “e-mail addresses, “using Oracle BlueKai code”, or “encrypted/hashed UUIDs” based Interactions Manager to “engage with your customer behaviors and preferences” and the phone numbers, physical addresses, and client account numbers”, and even IP addresses. 470 your customers with the right message”. will “synchronize them to the network of user Oracle After receiving these match keys, and statistical IDs that are linked together in the Oracle ID G raph (OIDG), which is used to According to Dixon et al (2014, p. 43 et seq.), offers several types of consumer Experian Predict, manage IDs and user attributes for all Oracle BlueKai customers ”. Clients can also which “helps marketers identify and effectively target under- ChoiceScore scores. Their identify and 471 database, or any other “onboard the mobile da ta stored” in their “data warehouse, CRM is created “from consumer demographic, behavioral, banked and emerging consumers” target offline source” to “monetize those audiences” and contribute such as mobile identifiers and geo-demographic information”. allows Median Equivalency Score ’s Experian 's IDFA, the Apple Google Advertising ID and the . Even a “unique identification Android ID corporate customers to “identify areas that may be more or less likely to have future header (UIDH)” can be used to “offer marketers and advertisers the ability to target users derogatory credit activity”. The ConsumerView Profitability Score , which is “designed to 457 based on their online behavior”. This is Verizon mobile network on, for example, the rketing prospects in households likely to be profitable and predict, identify, and target ma Verizon ’s “perma cookie”, which was controversially discussed apparently referring to ’s “ConsumerView” database. A special version of this Experian pay debt”, is based on 458 already. 472 is marketed to healthcare companies, who can “leverage informa tion about score 473 . consumer’s lifestyles, interests and activities” and “bolsters health risk assessments” 459 In a whitepaper published in 2013 Oracle recommends that client companies should Combining and CRM data, ”, for example customer, sales integrate their “enterprise data with “social master data data”. They suggest the following “data-integration process”: A fter identifying the with social data 460 http://www.gartner.com/newsroom/id/1886314 [13.01.2016] 461 https://www.usa.gov/credit-reports [13.01.2016] 462 50) [16.08.2016] https://www.experianplc.com/media/2733/experian-ar2016.pdf (p. 463 452 e/acquisitions/d http://www.oracle.com/us/corporat https://www.experianplc.com/media/2733/experian-ar2016.pdf (p. 27) [16.08.2016] atalogix/gene ral-presentation- 464 2395307.pdf [22.01.2016] .html [13.01.2016] http://www.experian.com/corporate/experian-corporate-factsheet 453 465 xperian/capabilities.html [13 862.pdf [22.01.2016] /lad-2015-ses16178-toledo-2604 https://www.oracle.com/us/assets http://www.experian.co.uk/about-e .01.2016] 466 454 resse/brochures/p-2010-03-01-so-lebt-der-kunde- ID-160C5787-1226-4CE2- http://www.experian.de/assets/p https://docs.oracle.com/cloud/latest/daasmarketing_gs/DSMKT/GU konsumentensegmentierung.pdf [13.01.2016] A418-24454DA3EC36.htm [22.01.2016] 467 455 rketing-services http://www.experian.com/assets/ma /brochures/ma rketing-suite-brochure-04- Ibid. 456 2015.pdf [13.01.2016] Ibid. 457 468 -services/ [13.01.2016] t-us/our-business-lines/credit https://www.experianplc.com/abou Ibid. 458 469 Hoffman-Andrews, J. (2014): Verizon Injecting Perma-Cookies to Track Mobile Customers, https://www.experianplc.com/about-us/our-business-lines/market ing-services/ [13.01.2016] 470 Bypassing Privacy Controls. Eff, Nov 03, 2014. Online: l [13.01.2016] http://www.experian.com/marketing -services/market ing-suite.htm 471 2016] 2014/11/verizon-x-uidh [22.01. https://www.eff.org/de/deeplinks/ Dixon et al (2014) cited a reseller of the data 459 472 ew-healthcare.html https://www.experian.com/small-b usiness/listdetails/consumervi Enterprise Data = Enhanced Oracle (2013): The value of social data. Integrated Social and [05.08.2016] w.sponsor- Analytics. Oracle white paper, December 2013. Online: http://ww 473 ed.com.au/app/webroot/uploaded_f iles/media/SRM_US_EN_WP_SocialD ata_1.pdf [13.01.2016] Dixon et al (2014) cited Experian’s website 100 101 100

101 452 , the Oracle Identity Graph (also “Oracle ID ditional sources” (e.g. availability and formats of different data from a “mix” of “tra According to a corporate presentation A unique ID for “customer profile data and transactional data, including orders , service requests”) and Graph”) “unites all [consumer] interactions across various chan nels to create one consumers ctures, videos”), companies “social data” (e.g. “unified soci al profiles, Tweets, posts, pi addressable consumer profile”. I t allows companies to “unify ad dressable identities across mbination of traditional should “plug that data into a da ta exchange” and “enrich the co nd prospects everywhere”. all devices, screens and channels” and to “identify customers a view of the customer”. data to gain insights based on a more complete data and social D”, “email ID”, “mobile mentions several kinds of IDs such as a “postal ID”, “cookie I Oracle 453 is, along with Oracle , a major player in master data management (MDM) IBM and SAP , they state that “the ion ID”, “registration ID” and a “set-top ID”. In another presentat which has, according to Gartner , “become a critical discipline required for dealing with the Oracle ID Graph connects an individual customer to all channels & devices”, and claim to 460 challenges of social data, ‘big data’ and data in the cloud”. have access to 229 million “device ID’s” . Oracle ’s developer website explains how all 454 Oracle ID Graph : kinds of personal information collected by clients are linked w ith the 5.7.3 Experian – expanding from cred it scoring to consumer data ting and classifying user On the one hand, “data ingest”, which is the “process of collec 461 Oracle ’s platform, “entails extracting user attributes from your onli ne, offline, data” into . is one of the three major credit reporting agencies in the U.S Experian , and a global Data on 235m “offline match integration” and mobile source”. In addition, allows to “onboard data player in credit services, analytics, fraud detection, and mark eting data. With around people in the 463 462 from a data warehouse, a Customer Relationship Management (CRM) database, or an $4.5 billion. employees in 39 countries, the total revenue for 2015/2016 was 17.000 U.S., 45m in the optimize, analyze, and email-based offline source”, which then can be used to “target, Experian maintains credit information on about 220 million U.S. consume rs, “demographic UK and 68m in 455 model your users based on their offline attributes”. information” on about 235 million people in 117 million “living units across the U.S.”, and Germany 464 In the UK, their information on “more than 650 mi llion vehicles” in the U.S. and Canada. The developer website provides further details on the user info rmation matching Details on 1.5 million credit reports “consumer database” holds 45 mi llion records, and they process 456 “identify” users “in both the online and offline space” To clients should process. the matching 465 Experian Germany, In is able to categorize 68 million adults along lifestyle per week. o Oracle . The “most send their “match keys”, which could be “any unique user id”, t process 466 Experian On a global level, claims to have “insights on 2.3 billion groups. common match key” is an “encrypted/hashed email address”, becau se it could be 467 which The company runs 18 consumer credit bureaus around the world, consumers ”. int of sale (POS) and online wh “collected offline during the po en the user signs on to your 468 Marketing services, which contribute 18% to contribute 49% to its global revenue. enerated from raw site”. Clients can either use “Oracle Hashed IDs”, which are “g 469 to “identify who your Identity Manager , include products like the global revenue ion (PII)” such as e-mail addre personally identifiable informat sses or phone numbers to “understand customers are regardless of channel or device”, the Intelligence Manager on “e-mail addresses, “using Oracle BlueKai code”, or “encrypted/hashed UUIDs” based your customer behaviors and preferences” and the to “engage with Interactions Manager phone numbers, physical addresses, and client account numbers”, and even IP addresses. 470 your customers with the right message”. will “synchronize them to the network of user Oracle After receiving these match keys, and statistical IDs that are linked together in the Oracle ID G raph (OIDG), which is used to offers several types of consumer According to Dixon et al (2014, p. 43 et seq.), Experian Predict, manage IDs and user attributes for all Oracle BlueKai customers ”. Clients can also which “helps marketers identify and effectively target under- ChoiceScore scores. Their identify and 471 “onboard the mobile da database, or any other ta stored” in their “data warehouse, CRM is created “from consumer demographic, behavioral, banked and emerging consumers” target offline source” to “monetize those audiences” and contribute mobile identifiers such as ’s allows Median Equivalency Score Experian and geo-demographic information”. Google Advertising ID and the Android ID 's IDFA, the Apple . Even a “unique identification likely to have future corporate customers to “identify areas that may be more or less header (UIDH)” can be used to “offer marketers and advertisers the ability to target users derogatory credit activity”. The ConsumerView Profitability Score , which is “designed to 457 This is mobile network Verizon based on their online behavior”. on, for example, the predict, identify, and target ma rketing prospects in households likely to be profitable and Verizon ’s “perma cookie”, which was controversially discussed apparently referring to Experian ’s “ConsumerView” database. A special version of this pay debt”, is based on 458 already. 472 is marketed to healthcare companies, who can “leverage informa tion about score 473 . consumer’s lifestyles, interests and activities” and “bolsters health risk assessments” 459 recommends that client companies should Oracle In a whitepaper published in 2013 Combining and CRM data, ”, for example customer, sales integrate their “enterprise data with “social master data data”. They suggest the following “data-integration process”: A fter identifying the with social data 460 http://www.gartner.com/newsroom/id/1886314 [13.01.2016] 461 https://www.usa.gov/credit-reports [13.01.2016] 462 50) [16.08.2016] https://www.experianplc.com/media/2733/experian-ar2016.pdf (p. 463 452 e/acquisitions/d http://www.oracle.com/us/corporat https://www.experianplc.com/media/2733/experian-ar2016.pdf (p. 27) [16.08.2016] atalogix/gene ral-presentation- 464 2395307.pdf [22.01.2016] .html [13.01.2016] http://www.experian.com/corporate/experian-corporate-factsheet 453 465 xperian/capabilities.html [13 862.pdf [22.01.2016] /lad-2015-ses16178-toledo-2604 https://www.oracle.com/us/assets http://www.experian.co.uk/about-e .01.2016] 466 454 resse/brochures/p-2010-03-01-so-lebt-der-kunde- ID-160C5787-1226-4CE2- http://www.experian.de/assets/p https://docs.oracle.com/cloud/latest/daasmarketing_gs/DSMKT/GU konsumentensegmentierung.pdf [13.01.2016] A418-24454DA3EC36.htm [22.01.2016] 467 455 rketing-services http://www.experian.com/assets/ma /brochures/ma rketing-suite-brochure-04- Ibid. 456 2015.pdf [13.01.2016] Ibid. 457 468 -services/ [13.01.2016] t-us/our-business-lines/credit https://www.experianplc.com/abou Ibid. 458 469 Hoffman-Andrews, J. (2014): Verizon Injecting Perma-Cookies to Track Mobile Customers, https://www.experianplc.com/about-us/our-business-lines/market ing-services/ [13.01.2016] 470 Bypassing Privacy Controls. Eff, Nov 03, 2014. Online: l [13.01.2016] http://www.experian.com/marketing -services/market ing-suite.htm 471 2016] 2014/11/verizon-x-uidh [22.01. https://www.eff.org/de/deeplinks/ Dixon et al (2014) cited a reseller of the data 459 472 ew-healthcare.html https://www.experian.com/small-b usiness/listdetails/consumervi Enterprise Data = Enhanced Oracle (2013): The value of social data. Integrated Social and [05.08.2016] w.sponsor- Analytics. Oracle white paper, December 2013. Online: http://ww 473 ed.com.au/app/webroot/uploaded_f iles/media/SRM_US_EN_WP_SocialD ata_1.pdf [13.01.2016] Dixon et al (2014) cited Experian’s website 101 101 100

102 Reversely, Never Pay score based on “credit reporting data” can be used to Experian ’s 99% of the UK’s targetable population client or publisher 1st party data, [...] ” can be 482 reached. “ensure that consumers who have a high never-pay risk are not i ncluded in” the client 474 predicts “response and lifetime Veriscore ’s Experian company’s “marketing efforts”. 483 from U.S. (2011) the ConsumerView Experian According to the “List Services Catalog” Political views, uch as call centers and value of new customers generated from alternate media sources s liation to “children by age, m occupation and political affi database contains attributes fro ethnicity and 475 . registration forms” corporate customers can select from 181 month, day or year of birth”. Via Ethnic Insight medication 476 allows “social profiling” and “profile The company’s Social Intelligence Platform ethnicities, religions and c ountries “of origin”. The BehaviorBank database includes preferences Data from butes” by harnessing erian consumer and social attri analysis combining customer, Exp “responsive consumers who have purchased items or have complete d surveys on their social media data from social media platf orms. It consists of the Social Data Linkage service, which pations, ailments, diet and leisure activities, brand preferences, computer ownership, occu obtains “individual-level public Facebook behavioral data” thro ugh “list-based email is updated monthly and fitness, financial products, reading preferences and more.” It which gathers “individual-level Social Analytics Engine address matching”, and the contains data including “known t ransactional data, printed surv eys via direct mail and online surveys”. “as consumers provide private opt-in Facebook behavioral data” from Facebook permission via the Facebook Open ncludes “name, address, Graph Protocol”. Social data i type, prefers champagne or Attributes include whether someone has a “dry” or “oily” skin gender, fan pages, including possible competitors, birthday, relationship status, posts, 100 scotch, is a smoker or not, or i s an “active military member” o r a “veteran”. Nearly gagement scores”. posting date” and allows for example the creation of “social en medication preferences e from Insulin to Prozac are available, “ailments” listed includ Delphi for Customer Management , which returns Besides credit scoring products like Alzheimer’s disease, cancer, cli nical depression, heart disease , multiple sclerosis and Credit risk and “over 200 variables” and provides “multiple scores to target ea ch specific area of customer Transactional Data on ConsumerView “wheelchair”. Another product called is based on marketing 477 Experian UK offers products in the fiel ud , ds of identity verification, fra management” “actual retail (catalog, Internet , and brick and mortar) purcha se history” and provides data 478 employee screening. line document verification, and prevention, age verification, on many categories from “low price home décor” and “extreme snow s ports” to “high price Delphi for Marketing combines the “wealth of consumer credit and marketing data” to also offers a “New Homeowners Database”, a “New Experian jewelry and accessories”. 484 . Movers Database”, and a “New Parents Database” avoid targeting those who “generate scores based on an individual’s credit risk” and to “ 479 are already under financial stress”. According to the U.S. Senate Commi ttee on Commerce, Science, an d Transportation (2013, An “underclass 480 the “ConsumerView” marketing UK’s “Data Directory” brochure, Experian According to has also offered “targeting products p. 24), Experian identifying financially vulnerable Experian UK’s of the working database contains “for enrichment”, 42 million names 49 million names and addresses described r named “Hard Times”, which was ”, for example a consumer cluste populations ” poor “Data 33 million email addresses, 20 million mobile numbers and addresses “for prospecting”, as: “This is the bottom of the socioeconomic ladder, the poore st lifestyle Experian by Directory” eristics, lifestyles and e numbers. In addition, “consumer charact and 25 million landlin segment in the nation. Hard Times are older singles in poor cit y neighborhoods. Nearly ” from demographics to “financial attitudes and over 500 variables behaviours” with “ this is an underclass of the three-quarters of the adults are between the ages of 50 and 75; working poor and destitute seniors without family support”. behaviours” are available. Several “propensity models” can for example “indicate the oduct, or use a particular likelihood of an individual or household to own a particular pr Experian’s In 2014, subsidiary AdTruth introduced its AdTruth ID , an identifier that Fraud ” which can be “based life event triggers service”. Furthermore, “daily, weekly or monthly 485 A company representative enables companies to link consumers across devices. detection ving home or having a baby”, ar e offered. Their “Club on important life events like mo 486 that they aim “to build a platform to manage all datasets in explained in an interview technology Canvasse” offers information about the “ buying habits of over 23 million individuals that rs across all data sets”. The one place” and to “connect use technology came from AdTruth enables linking 481 have purchased” from home shopping companies. Experian 41st Parameter acquired in 2013. According to that , a fraud detection company of marketing Experian Hitwise product is able to “report on millions of unique internet user s, ’s provides “a number of variables AdTruth interview, how to identify a single user and Linking offline data hundreds of millions of monthly site visits and tens of million s of monthly searches”. whether “this is a single many applications are coming from a device” to help predicting data to online l addresses with 33 million on line email ChannelView allows “combining” offline posta , this technology “empowers the world’s most Experian person or not”. According to behavior g customer records” of companie contacts, and to enrich “existin s with “any of our 500+ progressive brands to identify, link and engage audiences acros s all digital touch points” 488 487 Experian , which is able to “reconcile and AdTruth Resolve In 2015, announced lifestyle variables or social-demographic models” to “bring ema il and mobile data to life”. today. By “linking” the “ConsumerView database of 49m individuals and 27m households to 482 Ibid. 474 483 tters/fraud_advis erian.com/assets/data- http://www.experian.com/newsle tml [22.08.2016] Catalog. Online: http://www.exp or/0409/cc_qa.h Experian (2011): List Services 475 university/brochures/ems-list-services-catalog.pdf [13.01.2016] Dixon et al (2014) cited Experian’s website 484 476 .html [13.01.2016] -services/social-intelligence http://www.experian.com/marketing Ibid. 477 485 omer-management.html http://www.experian.co.uk/consume r-information/delphi-for-cust Joe, R. (2014): How AdTruth Adds Truth To Cross-Device Connect ions. Adexchanger, Jul 02, 2014. nichannel-2/how-adtruth-adds-t ruth-to-cross-device- [13.01.2016] Online: http://adexchanger.com/om 478 connections/ [13.01.2016] ity-and-fraud.html [13.01.2016] http://www.experian.co.uk/ident 479 486 Ibid. http://www.experian.co.uk/assets /business-strategies/brochures /delphi-for-marketing- 487 http://www.experian.com/decision-analytics/identity-and-fraud/ product-sheet-final.pdf [13.01.2016] adtruth.html [30.08.2016] 488 480 /brochure-data-directory.pdf PRNewswire (2015): Experian solves industry-wide challenge of https://www.experian.co.uk/assets /marketing-services/brochures engaging audiences across all devices and environments with the launch of AdTruth Resolve. Ma r. 03,2015, Online: [13.01.2016] 481 http://www.prnewswire.com/news-re leases/experian-marketing-serv ices-solves-industry-wide- Ibid. 102 102 103

103 99% of the UK’s targetable population ” can be client or publisher 1st party data, [...] based on “credit reporting data” can be used to Reversely, Experian Never Pay score ’s 482 reached. “ensure that consumers who have a high never-pay risk are not i ncluded in” the client 474 predicts “response and lifetime Veriscore ’s Experian company’s “marketing efforts”. 483 from U.S. (2011) the ConsumerView Experian According to the “List Services Catalog” Political views, uch as call centers and value of new customers generated from alternate media sources s liation to “children by age, m occupation and political affi database contains attributes fro ethnicity and 475 . registration forms” corporate customers can select from 181 month, day or year of birth”. Via Ethnic Insight medication 476 allows “social profiling” and “profile The company’s Social Intelligence Platform ethnicities, religions and c ountries “of origin”. The BehaviorBank database includes preferences Data from butes” by harnessing erian consumer and social attri analysis combining customer, Exp “responsive consumers who have purchased items or have complete d surveys on their social media data from social media platf orms. It consists of the Social Data Linkage service, which pations, ailments, diet and leisure activities, brand preferences, computer ownership, occu obtains “individual-level public Facebook behavioral data” thro ugh “list-based email is updated monthly and fitness, financial products, reading preferences and more.” It which gathers “individual-level Social Analytics Engine address matching”, and the contains data including “known t ransactional data, printed surv eys via direct mail and online surveys”. “as consumers provide private opt-in Facebook behavioral data” from Facebook permission via the Facebook Open ncludes “name, address, Graph Protocol”. Social data i type, prefers champagne or Attributes include whether someone has a “dry” or “oily” skin gender, fan pages, including possible competitors, birthday, relationship status, posts, 100 scotch, is a smoker or not, or i s an “active military member” o r a “veteran”. Nearly gagement scores”. posting date” and allows for example the creation of “social en medication preferences e from Insulin to Prozac are available, “ailments” listed includ Delphi for Customer Management , which returns Besides credit scoring products like Alzheimer’s disease, cancer, cli nical depression, heart disease , multiple sclerosis and Credit risk and “over 200 variables” and provides “multiple scores to target ea ch specific area of customer Transactional Data on ConsumerView “wheelchair”. Another product called is based on marketing 477 Experian UK offers products in the fiel ud , ds of identity verification, fra management” “actual retail (catalog, Internet , and brick and mortar) purcha se history” and provides data 478 employee screening. line document verification, and prevention, age verification, on many categories from “low price home décor” and “extreme snow s ports” to “high price Delphi for Marketing combines the “wealth of consumer credit and marketing data” to also offers a “New Homeowners Database”, a “New Experian jewelry and accessories”. 484 . Movers Database”, and a “New Parents Database” avoid targeting those who “generate scores based on an individual’s credit risk” and to “ 479 are already under financial stress”. According to the U.S. Senate Commi ttee on Commerce, Science, an d Transportation (2013, An “underclass 480 the “ConsumerView” marketing UK’s “Data Directory” brochure, Experian According to has also offered “targeting products p. 24), Experian identifying financially vulnerable Experian UK’s of the working database contains “for enrichment”, 42 million names 49 million names and addresses described r named “Hard Times”, which was ”, for example a consumer cluste populations ” poor “Data 33 million email addresses, 20 million mobile numbers and addresses “for prospecting”, as: “This is the bottom of the socioeconomic ladder, the poore st lifestyle Experian by Directory” eristics, lifestyles and e numbers. In addition, “consumer charact and 25 million landlin segment in the nation. Hard Times are older singles in poor cit y neighborhoods. Nearly ” from demographics to “financial attitudes and over 500 variables behaviours” with “ this is an underclass of the three-quarters of the adults are between the ages of 50 and 75; working poor and destitute seniors without family support”. behaviours” are available. Several “propensity models” can for example “indicate the oduct, or use a particular likelihood of an individual or household to own a particular pr Experian’s In 2014, subsidiary AdTruth introduced its AdTruth ID , an identifier that Fraud ” which can be “based life event triggers service”. Furthermore, “daily, weekly or monthly 485 A company representative enables companies to link consumers across devices. detection ving home or having a baby”, ar e offered. Their “Club on important life events like mo 486 that they aim “to build a platform to manage all datasets in explained in an interview technology Canvasse” offers information about the “ buying habits of over 23 million individuals that rs across all data sets”. The one place” and to “connect use technology came from AdTruth enables linking 481 have purchased” from home shopping companies. Experian 41st Parameter acquired in 2013. According to that , a fraud detection company of marketing Experian Hitwise product is able to “report on millions of unique internet user s, ’s provides “a number of variables AdTruth interview, how to identify a single user and Linking offline data hundreds of millions of monthly site visits and tens of million s of monthly searches”. whether “this is a single many applications are coming from a device” to help predicting data to online l addresses with 33 million on line email ChannelView allows “combining” offline posta , this technology “empowers the world’s most Experian person or not”. According to behavior g customer records” of companie contacts, and to enrich “existin s with “any of our 500+ progressive brands to identify, link and engage audiences acros s all digital touch points” 488 487 Experian , which is able to “reconcile and AdTruth Resolve In 2015, announced lifestyle variables or social-demographic models” to “bring ema il and mobile data to life”. today. By “linking” the “ConsumerView database of 49m individuals and 27m households to 482 Ibid. 474 483 tters/fraud_advis erian.com/assets/data- http://www.experian.com/newsle tml [22.08.2016] Catalog. Online: http://www.exp or/0409/cc_qa.h Experian (2011): List Services 475 university/brochures/ems-list-services-catalog.pdf [13.01.2016] Dixon et al (2014) cited Experian’s website 484 476 .html [13.01.2016] -services/social-intelligence http://www.experian.com/marketing Ibid. 477 485 omer-management.html http://www.experian.co.uk/consume r-information/delphi-for-cust Joe, R. (2014): How AdTruth Adds Truth To Cross-Device Connect ions. Adexchanger, Jul 02, 2014. nichannel-2/how-adtruth-adds-t ruth-to-cross-device- [13.01.2016] Online: http://adexchanger.com/om 478 connections/ [13.01.2016] ity-and-fraud.html [13.01.2016] http://www.experian.co.uk/ident 479 486 Ibid. http://www.experian.co.uk/assets /business-strategies/brochures /delphi-for-marketing- 487 http://www.experian.com/decision-analytics/identity-and-fraud/ product-sheet-final.pdf [13.01.2016] adtruth.html [30.08.2016] 488 480 /brochure-data-directory.pdf PRNewswire (2015): Experian solves industry-wide challenge of https://www.experian.co.uk/assets /marketing-services/brochures engaging audiences across all devices and environments with the launch of AdTruth Resolve. Ma r. 03,2015, Online: [13.01.2016] 481 http://www.prnewswire.com/news-re leases/experian-marketing-serv ices-solves-industry-wide- Ibid. 103 102 103

104 g cookies, device IDs, IP associate” a company’s “existing digital identifiers — includin companies receive information from the pool when they deliver t heir own data to the 502 503 . tenant screening also offers arvato pool. ’s “Marketing Suite”, this would represent Experian addresses and more”. As a part of rategy to provide arketing Services' long-term st “another milestone in Experian M Their Profile Tracking module is able to “identify particular internet access devices on Cross-device 489 oss all channels”. marketers with a ubiquitous, con sistent and persistent link acr the basis of this hash-ID clearly and in real-time”, because “[ n]o matter” if the device is a and tracking 5.7.4 arvato Bertelsmann – credit scorin g and consumer data in Germany “PC, tablet, smartphone or game console: each of these devices leaves a unique and hash IDs 504 risk management product The company’s identifiable trace, the so-called hash-ID”. is a large service provider in Owned by the German corporate group Bertelsmann , arvato Avoiding is based on “experience with payments, information from shoppi for e-commerce ng digital marketing, financial ser vices, customer relationship ma nagement, supply chain -risk high f “current and historical dit ratings”. It can make use o baskets and external data on cre management and IT se rvices. Their 70.000 employees in 40 countr ies are generating a customers nking of customer data”. To es “analysis and intelligent li customer information” and provid 490 600 million and their CRM division is serving business volume of nearly 5 billion arvato automated system, avoid making their “decision-making system” sound like a fully 491 arvato n manages “around 10,000 custom ers, ’s “Financial Solutions” divisio . consumers emphasizes that online shops receive the “results of these chec ks in the form of a specializing primarily in the ret ions, insurance, banking ail/e-commerce, telecommunicat recommendation for action (e.g. offer for a method of payment)” . Follow-up processes can 492 Besides finance and accounting, factoring, collection and and healthcare sectors”. 505 then be “triggered by the eShop/customer system”. nt and credit scoring payment processing they are also offering several risk manageme 493 AZ Direct , a leading direct marketing and data broker runs arvato At the same time, Marketing eloped at all”. products, stating that “[h]igh-risk customers should not be dev 506 , they ries. According to a corporate company in German-speaking count presentation data: 600 Having “40 million characteristics with negative information ab out 7.8 million persons” in Scoring and offer 600 attributes on 70 mill ion consumers and 40 million hou seholds in Germany, attributes on 494 Their application year. Germany, they claim to perform “100 million credit checks” per predicting ed on 300 million shopping transa ctions. In their amongst other data sources bas 70 million xpected customer , for example, offers companies a “reliable prediction of the e scoring future consumer database AZ DIAS , an “ID” is assigned to every single person, household and consumers behavior (e.g. payment of the purchase or repayment of a loan)” , because “[p]otentially vior beha be reached via direct mail, 33 building. 32 million people can million people via targeted high risk should be profitable customers should be acquired while customers with a ne. According to their email, and 27 million people via “data-driven advertising” onli 495 allows companies to Informa-Storno-Score The avoided from the very beginning”. ibutes like age, sex, lifestyle, ct, 2015) they offer profile attr “Merkmalskatalog” (see AZ Dire 496 “predict a customer’s natural lo yalty and, therefore, the proba bility of a cancellation”. 507 . In addition, people social status, children, income and even the ethnical origin of names Behavior scoring o”. It is provides “a consistent measure of risk for the entire portfoli can be categorized in terms of online usage, financial behavior , and for example, whether liable predictions for the based on the “historic behaviour of each customer and allows re 508 All these they focus on security/stability or tend to risky behavior rega rding insurance. 497 future”. enrichment of existing customer databases attributes are also available for the on different aggregate levels (for example 5, 20 or 70 households) . The “Informa-Geoscore”, With the company’s "infoRate+” system, “all existing internal and external data can be Integrate all which predicts good or bad future payment behavior, is availabl e on an aggregate of 20 sources include “information fr om credit agencies, densified and integrated”. Data existing households on average (see AZ Direct 2015). telephone and bank data registers as well as data from the AZ D irect address database, a internal and 498 . The “infoRate+” system can be used for company of arvato Financial Solutions" external data 509 which adailty Furthermore, runs the targeting and da ta management platform arvato Online data 499 , and it allows “[f]lexible online “[c]ontrolling payment methods and credit limits” 510 “data partners” to capitalize their “offline data”, for example “master data” or offers management 500 Available modules include address verification, checking evaluation of customers”. 511 offers to support the adailty , . To their so-called “matching partners” “transaction data” platform “negative lists”, validation of phone numbers and bank details, detecting fraud, scoring (DMP) 501 arvato ’s Telecommunications Pool Lists like and “[m]icro-geographic analysis”. contain “information on consumers with negative payment behavio r”. Participating 502 a- http://www.arvato-infoscore.de/en/services/risk-management/dat pools/telecommunications-pool/closed-data-pool/ [15.01.2016] 503 http://www.arvato-infoscore-mie cross-all-devices-and-environm terauskunft.de/ [15.01.2016] challenge-of-engaging-audiences-a ents-with-the-launch-of-adtruth- 504 resolve-300044838.html [13.01.2016] file-tracking/ [15.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/pro 505 489 https://www.experianplc.com/media/news/2015/adtruth-resolve/ [ http://www.arvato-infoscore.de/en/services/risk-management/ris k-solution-services/ 17.08.2016] 490 [15.01.2016] https://www.arvato.com/en/about/ facts-and-figures.html [15.01. 2016] 506 491 Hüffner, W. (2015): Datenschutzkonformes Smart Data und Data P https://crm.arvato.com/en.html [15.01.2016] ooling. arvato Digital 492 Marketing, Mar. 05, 2015. Online: https://www- https://www.arvato.com/finance/en.html [15.01.2016] 493 950.ibm.com/events/wwe/grp/grp006.nsf/vLookupPDFs/H%C3%BCffer_I BM_SPSS_2015/$file/H 5.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/ [1 494 %C3%BCffer_IBM_SPSS_2015.pdf [15.01.2016] 1.2016] http://www.arvato-infoscore.de/en/company/facts-figures/ [15.0 507 495 lication-scoring/ Rückschlüsse auf die In German: "Namensherkunft: [...] Hier können über den Vornamen http://www.arvato-infoscore.de/en/services/risk-management/app Herkunft des Vornamens, d.h. die Nationalität der Person, gemac ht werden". Available options [15.01.2016] 496 t". include "Deutsch klingend", "Ausländisch klingend", "Assimilier orma-storno-score-for- http://www.arvato-infoscore.de/en/services/risk-management/inf 508 cancellations/ [15.01.2016] tsorientierter Typ" and "Versicherungstypologie", Available options include "Sicherhei 497 "Risikobereiter Typ". http://www.arvato-infoscore.de/en/services/risk-management/beh aviour-scoring/effective- 509 instrument/ [15.01.2016] -Dienstleistungen. Online: One to One New Marketing (2013): Arvato bündelt CRM und Dialog 498 ndelt-CRM-und-Dialog-Dienstle istungen-23590.html (http://www.onetoone.de/Arvato-bue orate/ [15.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/inf 499 [15.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/inf orate/benefits/ [15.01.2016] 510 500 http://adality.de/partner/ [15.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/inf orate/ [15.01.2016] 511 501 Ibid., in German: „Als Datenpar tner kapitalisieren wir Ihre Of orate/online-evaluation-of- http://www.arvato-infoscore.de/en/services/risk-management/inf fline-Daten (z. B. Stammdaten, Transaktionsdaten)“ customers/ [15.01.2016] 104 105 104

105 heir own data to the companies receive information from the pool when they deliver t g cookies, device IDs, IP associate” a company’s “existing digital identifiers — includin 503 502 . tenant screening also offers arvato pool. ’s “Marketing Suite”, this would represent addresses and more”. As a part of Experian arketing Services' long-term st “another milestone in Experian M rategy to provide on Their Profile Tracking module is able to “identify particular internet access devices Cross-device 489 sistent and persistent link acr marketers with a ubiquitous, con oss all channels”. n]o matter” if the device is a the basis of this hash-ID clearly and in real-time”, because “[ and tracking g and consumer data in Germany arvato Bertelsmann – credit scorin 5.7.4 leaves a unique and “PC, tablet, smartphone or game console: each of these devices hash IDs 504 The company’s risk management product identifiable trace, the so-called hash-ID”. Owned by the German corporate group is a large service provider in arvato , Bertelsmann Avoiding for e-commerce is based on “experience with payments, information from shoppi ng vices, customer relationship ma digital marketing, financial ser nagement, supply chain -risk high f “current and historical dit ratings”. It can make use o baskets and external data on cre ies are generating a management and IT se rvices. Their 70.000 employees in 40 countr customers nking of customer data”. To es “analysis and intelligent li customer information” and provid 490 and their CRM division is serving 600 million business volume of nearly 5 billion automated system, arvato avoid making their “decision-making system” sound like a fully 491 n manages “around 10,000 custom ers, arvato ’s “Financial Solutions” divisio consumers . emphasizes that online shops receive the “results of these chec ks in the form of a ail/e-commerce, telecommunicat ions, insurance, banking specializing primarily in the ret . Follow-up processes can recommendation for action (e.g. offer for a method of payment)” 492 Besides finance and accounting, factoring, collection and and healthcare sectors”. 505 then be “triggered by the eShop/customer system”. payment processing they are also offering several risk manageme nt and credit scoring 493 AZ Direct arvato At the same time, , a leading direct marketing and data broker runs Marketing eloped at all”. products, stating that “[h]igh-risk customers should not be dev 506 , they ries. According to a corporate company in German-speaking count presentation data: 600 Having “40 million characteristics with negative information ab out 7.8 million persons” in Scoring and offer 600 attributes on 70 mill ion consumers and 40 million hou seholds in Germany, attributes on 494 Their application year. Germany, they claim to perform “100 million credit checks” per predicting ed on 300 million shopping transa ctions. In their amongst other data sources bas 70 million xpected customer , for example, offers companies a “reliable prediction of the e scoring future consumer database AZ DIAS , an “ID” is assigned to every single person, household and consumers behavior (e.g. payment of the purchase or repayment of a loan)” , because “[p]otentially vior beha building. 32 million people can be reached via direct mail, 33 million people via targeted profitable customers should be acquired while customers with a high risk should be email, and 27 million people via “data-driven advertising” onli ne. According to their 495 Informa-Storno-Score The allows companies to avoided from the very beginning”. “Merkmalskatalog” (see AZ Dire ibutes like age, sex, lifestyle, ct, 2015) they offer profile attr 496 “predict a customer’s natural lo yalty and, therefore, the proba bility of a cancellation”. 507 . In addition, people names social status, children, income and even the ethnical origin of Behavior scoring provides “a consistent measure of risk for the entire portfoli o”. It is can be categorized in terms of online usage, financial behavior , and for example, whether based on the “historic behaviour of each customer and allows re liable predictions for the 508 All these rding insurance. they focus on security/stability or tend to risky behavior rega 497 future”. attributes are also available for the on enrichment of existing customer databases . The “Informa-Geoscore”, different aggregate levels (for example 5, 20 or 70 households) With the company’s "infoRate+” system, “all existing internal and external data can be Integrate all which predicts good or bad future payment behavior, is availabl e on an aggregate of 20 densified and integrated”. Data om credit agencies, sources include “information fr existing households on average (see AZ Direct 2015). telephone and bank data registers as well as data from the AZ D irect address database, a internal and 498 . The “infoRate+” system can be used for company of arvato Financial Solutions" external data 509 which arvato adailty ta management platform runs the targeting and da Furthermore, Online data 499 , and it allows “[f]lexible online “[c]ontrolling payment methods and credit limits” 510 to capitalize their “offline data”, for example “master data” “data partners” or offers management 500 Available modules include address verification, checking evaluation of customers”. 511 . To their so-called offers to support the adailty , “matching partners” “transaction data” platform “negative lists”, validation of phone numbers and bank details, detecting fraud, scoring (DMP) 501 arvato ’s Telecommunications Pool Lists like and “[m]icro-geographic analysis”. contain “information on consumers with negative payment behavio r”. Participating 502 a- http://www.arvato-infoscore.de/en/services/risk-management/dat pools/telecommunications-pool/closed-data-pool/ [15.01.2016] 503 challenge-of-engaging-audiences-a terauskunft.de/ [15.01.2016] cross-all-devices-and-environm ents-with-the-launch-of-adtruth- http://www.arvato-infoscore-mie 504 resolve-300044838.html [13.01.2016] file-tracking/ [15.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/pro 505 489 k-solution-services/ https://www.experianplc.com/media/news/2015/adtruth-resolve/ [ http://www.arvato-infoscore.de/en/services/risk-management/ris 17.08.2016] 490 [15.01.2016] facts-and-figures.html [15.01. 2016] https://www.arvato.com/en/about/ 506 491 ooling. arvato Digital https://crm.arvato.com/en.html [15.01.2016] Hüffner, W. (2015): Datenschutzkonformes Smart Data und Data P 492 Marketing, Mar. 05, 2015. Online: https://www- https://www.arvato.com/finance/en.html [15.01.2016] 493 BM_SPSS_2015/$file/H 950.ibm.com/events/wwe/grp/grp006.nsf/vLookupPDFs/H%C3%BCffer_I 5.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/ [1 494 %C3%BCffer_IBM_SPSS_2015.pdf [15.01.2016] 1.2016] http://www.arvato-infoscore.de/en/company/facts-figures/ [15.0 507 495 http://www.arvato-infoscore.de/en/services/risk-management/app Rückschlüsse auf die lication-scoring/ In German: "Namensherkunft: [...] Hier können über den Vornamen [15.01.2016] Herkunft des Vornamens, d.h. die Nationalität der Person, gemac ht werden". Available options 496 t". include "Deutsch klingend", "Ausländisch klingend", "Assimilier orma-storno-score-for- http://www.arvato-infoscore.de/en/services/risk-management/inf 508 cancellations/ [15.01.2016] tsorientierter Typ" and "Versicherungstypologie", Available options include "Sicherhei 497 "Risikobereiter Typ". http://www.arvato-infoscore.de/en/services/risk-management/beh aviour-scoring/effective- 509 instrument/ [15.01.2016] One to One New Marketing (2013): Arvato bündelt CRM und Dialog -Dienstleistungen. Online: 498 ndelt-CRM-und-Dialog-Dienstle istungen-23590.html (http://www.onetoone.de/Arvato-bue http://www.arvato-infoscore.de/en/services/risk-management/inf orate/ [15.01.2016] 499 [15.01.2016] orate/benefits/ [15.01.2016] http://www.arvato-infoscore.de/en/services/risk-management/inf 500 510 http://www.arvato-infoscore.de/en/services/risk-management/inf http://adality.de/partner/ [15.01.2016] orate/ [15.01.2016] 501 511 Ibid., in German: „Als Datenpar fline-Daten (z. B. Stammdaten, tner kapitalisieren wir Ihre Of http://www.arvato-infoscore.de/en/services/risk-management/inf orate/online-evaluation-of- Transaktionsdaten)“ customers/ [15.01.2016] 105 105 104

106 matching of offline data to cookies, for example by incorporati ng “tags” or “pixels” into In 2014 provider, in order to “empower telematics , a Wunelli acquired LexisNexis Telematics, 512 527 . They promise that their combined “datasets” will . Data products offered include socio- their clients’ websites and email newsletters insurers to leverage telematics” insurance 514 513 by According to a talk ending capacity and income. demographic data, interests, sp result “in one of the largest provider-held insurance telematic s databases in the world” to scores and CEO Christian Vennemann, is also able to access the adality database containing AZ Direct “support insurers as they assess risk”. LexisNexis also provides insurance scores based on marketing 515 250 attributes about 70 million “persons”. “applied at the time of quote, at underwriting, at renewal credit report data, which can be 529 528 Their “PowerView Score” is based on data from various and for prescreening”. 5.7.5 LexisNexis and ID Analytics – scorin g, identity, fraud and credit risks sources, including “telecom/utility payment data”, property dat a and asset ownership. It 516 “incremental allows auto lenders to predict creditworthiness and to perform The controversially discussed data broker Choicepoint, which had extensive data LexisNexis LexisNexis segmentation to upgrade or downgrade terms”. In addition, also provides more than ten years ago, records about 220 million people, was acquired by LexisNexis 530 “scores insurance marketing solutions for . For example, their product Lead Optimizer RELX Group (formerly known as and is now part of the risk management division of Reed 518 517 by eliminating leads in real-time” and offers insurers to “save time and money , n 500 million consumers claims to have data o LexisNexis Risk Solutions . Elsevier) 531 for insurers unproductive leads early in the process”. Their DirectLink(SM) product of U.S. local government and they work for all 50 of the 50 largest U.S. banks, for 70% 519 “seamlessly integrates all compon er contact campaigns ents of prospecting and custom They provide risk management authorities and for 80% o f U.S. federal agencies. mize responses and conversion” and acquire and retain into a complete system” to “opti aming and for the healthcare , retail, travel, government, g solutions for insurance, finance l and telemarketing, and the “profitable customers“. It allows the integration of mail, emai sector. In 2015, the director of their government division told the New York Times: prospect data attribute selecti use of “individual customer and ons” as well as “predictive ernment entities”, and tion, we know more than the gov “Because of our identity informa 520 models” for segmentation and targeting. . he added: “We know where virtually every individual over 18 is” 522 521 The U.S.-based scorin g and data company ID Analytics offers products for identity ID Analytics , , insurance scores LexisNexis provides data about consumer creditworthiness Biometric data 532 and was one of the nine companies verification, credit scoring, fraud risk and payments on both applicants and employees, as well as “resident background checks for employers loyalty cards 523 , bsidiary of ker study (FTC, 2014). It is a su examined in the FTC’s data bro LifeLock Inc. Their identity and screening” services to “protect [...] property from problem renters”. and social 533 ID Network contained “more than 700 524 In 2012, their which had 669 employees in 2014. offers to “link” from photos to biometric data authentication system TrueID media one numbers and emails”, billion instances of PII, like names, addresses, SSNs, DOBs, ph fingerprints “to other user data to track transactional behavio r throughout the customer 534 It has providing insights about “more than 315 million unique people i n the U.S.”. abase of “34 billion records lifecycle”. The identity of persons can be verified using a dat that contain this PII, including 1.7 billion consumer transactions “aggregated more than from over 10,000 sources ” and “of nearly 4,100 ID types from nearly 200 countries”. 535 , the “ID Network” is nt 2.9 million reported fraud events”. According to another docume Identity can also be linked with “payment cards, checks, loyalty cards and other tributions of more than a “consortium of consumer behavioral data built through the con customer data” “the . Moreover, even biometric services for voice recognition using 525 ncial service institutions, three 250 enterprise clients”. In 2014, “six of the top ten U.S. fina Their Social Media individual's voice” are offered sound, pattern and rhythm of an . n U.S. credit card issuers” have of the top four U.S. wireless carriers, and seven of the top te which is part of their product "LexisNexis Accurint® for Law Enforcement" offers Monitor contributed data. within specific geographical l ocations” and to “discover to “identify posts and/or tweets 526 unlock the value of big data fr om social media”. risks and threats” in order to “ ID Score offers an that an application will , which “assesses the likelihood ID Analytics Online, call 536 provides access to an “identity repository” in In addition, ID Analytics result in fraud”. center, mail ID Network which “54 million identity elements” are “updated daily”. The c ompany’s -store and in Attributes are a “set of derived data poin ts”, that are implementable “ac ross all points of a tore”. It “examines customer contact including online, call centers, mail, and in-s 512 Ibid., in German: „Als Matchingpartner können Sie uns dabei un terstützen, anonymisierte Offline- consumer’s identity elements , individually and in combination, across eight categories Sie integrieren hierfür ein Tag Daten mit Cookies anzureichern. (bzw. Pixel) in Ihre reichweitenstarke Website oder E-Mail-Aussendungen“ 513 http://adality.de/produkte/ [15.01.2016] 514 ube.com/watch YouTube video, from minute 1: 50: https://www.yout ?v=W41HcRo-3P8 [15.01.2016] 515 die Daten“ von AZ Direct, die „70 Ibid., in German: Adality hätte „aktuell exklusiv Zugriff auf Millionen Personen mit über 250 k ombinierbaren Merkmalen“ in ih rer „Datenbank“ hätten. 516 O'Harrow, Robert (2005): They're Watching You. Bloomberg Busin essweek, 23.01.2005. Online: 527 es/2005-01-23/theyre-watching- http://www.businessweek.com/stori you [15.01.2016] newsevents/press-release.aspx?i d=1400513019730653 http://www.lexisnexis.com/risk/ 517 [11.01.2016] http://www.lexisnexis.com/risk [22.01.2016] 528 518 about/data.aspx [22.01.2016] http://www.lexisnexis.com/risk/ [22.08.2016] products/insurance/attract.aspx http://www.lexisnexis.com/risk/ 529 519 about/default.aspx [22.01.2016] http://www.lexisnexis.com/risk/products/credit-risk-management http://www.lexisnexis.com/risk/ /powerview-score.aspx 520 [22.08.2016] Singer, N. (2015): Bringing Big Data to the Fight against Bene fits Fraud. New York Times, Feb. 20, 530 2015. Online: http://www.nytimes.com/2015/02/22/technology/brin ging-big-data-to-the-fight- oducts/insurance/lead-optimiz er.aspx [22.08.2016] http://www.lexisnexis.com/risk/pr 531 against-benefits-fraud.html [22.01.2016] spx [22.08.2016] http://www.lexisnexis.com/risk/pr oducts/insurance/directlink.a 532 521 http://www.idanalytics.com/ [11.01.2016] anagement.aspx [22.01.2016] http://www.lexisnexis.com/risk/products/riskview-credit-risk-m 533 522 products/insurance/attract.aspx https://www.lifelock.com/about/ [11.01.2016] [22.01.2016] http://www.lexisnexis.com/risk/ 523 534 s-White-Paper1.pdf ID-Analytics-I-See-Fraud-Ring https://www.lexisnexis.com/gover nment/solutions/literature/screening.pdf [22.01.2016] http://www.idanalytics.com/media/ 524 wnloads/literature/trueid.pdf [22.01.2016] http://www.lexisnexis.com/risk/do [11.01.2016] 535 525 http://www.idanalytics.com/medi a/Exploring-the-Impact-of-SSN-R http://www.lexisnexis.com/risk/pr oducts/voice-biometrics.aspx [22.01.2016] andomization.pdf 526 [11.01.2016] http://www.lexisnexis.com/risk/ d=1381851197735305 newsevents/press-release.aspx?i 536 score/ [11.01.2016] http://www.idanalytics.com/solutions/fraud-risk-management/id- [22.01.2016] 106 107 106

107 provider, in order to “empower telematics , a Wunelli acquired LexisNexis In 2014 matching of offline data to cookies, for example by incorporati ng “tags” or “pixels” into Telematics, 527 512 . They promise that their combined “datasets” will . Data products offered include socio- insurers to leverage telematics” their clients’ websites and email newsletters insurance 514 513 According to a talk by ending capacity and income. demographic data, interests, sp result “in one of the largest provider-held insurance telematic s databases in the world” to scores and is also able to access the CEO Christian Vennemann, database containing AZ Direct adality “support insurers as they assess risk”. LexisNexis also provides insurance scores based on marketing 515 250 attributes about 70 million “persons”. “applied at the time of quote, at underwriting, at renewal credit report data, which can be 529 528 Their “PowerView Score” is based on data from various and for prescreening”. 5.7.5 LexisNexis and ID Analytics – scorin g, identity, fraud and credit risks sources, including “telecom/utility payment data”, property dat a and asset ownership. It 516 “incremental allows auto lenders to predict creditworthiness and to perform The controversially discussed data broker Choicepoint, which had extensive data LexisNexis LexisNexis segmentation to upgrade or downgrade terms”. In addition, also provides more than ten years ago, records about 220 million people, was acquired by LexisNexis 530 “scores insurance marketing solutions for . For example, their product Lead Optimizer RELX Group (formerly known as and is now part of the risk management division of Reed 518 517 by eliminating leads in real-time” and offers insurers to “save time and money , n 500 million consumers claims to have data o LexisNexis Risk Solutions . Elsevier) 531 for insurers unproductive leads early in the process”. Their DirectLink(SM) product of U.S. local government and they work for all 50 of the 50 largest U.S. banks, for 70% 519 “seamlessly integrates all compon er contact campaigns ents of prospecting and custom They provide risk management authorities and for 80% o f U.S. federal agencies. mize responses and conversion” and acquire and retain into a complete system” to “opti aming and for the healthcare , retail, travel, government, g solutions for insurance, finance l and telemarketing, and the “profitable customers“. It allows the integration of mail, emai sector. In 2015, the director of their government division told the New York Times: prospect data attribute selecti use of “individual customer and ons” as well as “predictive ernment entities”, and tion, we know more than the gov “Because of our identity informa 520 models” for segmentation and targeting. . he added: “We know where virtually every individual over 18 is” 522 521 The U.S.-based scorin g and data company ID Analytics offers products for identity ID Analytics , , insurance scores LexisNexis provides data about consumer creditworthiness Biometric data 532 and was one of the nine companies verification, credit scoring, fraud risk and payments on both applicants and employees, as well as “resident background checks for employers loyalty cards 523 , bsidiary of ker study (FTC, 2014). It is a su examined in the FTC’s data bro LifeLock Inc. Their identity and screening” services to “protect [...] property from problem renters”. and social 533 ID Network contained “more than 700 524 In 2012, their which had 669 employees in 2014. offers to “link” from photos to biometric data authentication system TrueID media one numbers and emails”, billion instances of PII, like names, addresses, SSNs, DOBs, ph fingerprints “to other user data to track transactional behavio r throughout the customer 534 It has providing insights about “more than 315 million unique people i n the U.S.”. abase of “34 billion records lifecycle”. The identity of persons can be verified using a dat that contain this PII, including 1.7 billion consumer transactions “aggregated more than from over 10,000 sources ” and “of nearly 4,100 ID types from nearly 200 countries”. 535 , the “ID Network” is nt 2.9 million reported fraud events”. According to another docume Identity can also be linked with “payment cards, checks, loyalty cards and other tributions of more than a “consortium of consumer behavioral data built through the con customer data” “the . Moreover, even biometric services for voice recognition using 525 ncial service institutions, three 250 enterprise clients”. In 2014, “six of the top ten U.S. fina Their Social Media individual's voice” are offered sound, pattern and rhythm of an . n U.S. credit card issuers” have of the top four U.S. wireless carriers, and seven of the top te which is part of their product "LexisNexis Accurint® for Law Enforcement" offers Monitor contributed data. within specific geographical l ocations” and to “discover to “identify posts and/or tweets 526 unlock the value of big data fr om social media”. risks and threats” in order to “ ID Score offers an that an application will , which “assesses the likelihood ID Analytics Online, call 536 provides access to an “identity repository” in In addition, ID Analytics result in fraud”. center, mail ID Network which “54 million identity elements” are “updated daily”. The c ompany’s -store and in Attributes are a “set of derived data poin ts”, that are implementable “ac ross all points of a tore”. It “examines customer contact including online, call centers, mail, and in-s 512 Ibid., in German: „Als Matchingpartner können Sie uns dabei un terstützen, anonymisierte Offline- consumer’s identity elements , individually and in combination, across eight categories Sie integrieren hierfür ein Tag Daten mit Cookies anzureichern. (bzw. Pixel) in Ihre reichweitenstarke Website oder E-Mail-Aussendungen“ 513 http://adality.de/produkte/ [15.01.2016] 514 ube.com/watch YouTube video, from minute 1: 50: https://www.yout ?v=W41HcRo-3P8 [15.01.2016] 515 die Daten“ von AZ Direct, die „70 Ibid., in German: Adality hätte „aktuell exklusiv Zugriff auf Millionen Personen mit über 250 k ombinierbaren Merkmalen“ in ih rer „Datenbank“ hätten. 516 O'Harrow, Robert (2005): They're Watching You. Bloomberg Busin essweek, 23.01.2005. Online: 527 es/2005-01-23/theyre-watching- http://www.businessweek.com/stori you [15.01.2016] newsevents/press-release.aspx?i d=1400513019730653 http://www.lexisnexis.com/risk/ 517 [11.01.2016] http://www.lexisnexis.com/risk [22.01.2016] 528 518 about/data.aspx [22.01.2016] http://www.lexisnexis.com/risk/ [22.08.2016] products/insurance/attract.aspx http://www.lexisnexis.com/risk/ 529 519 about/default.aspx [22.01.2016] http://www.lexisnexis.com/risk/products/credit-risk-management http://www.lexisnexis.com/risk/ /powerview-score.aspx 520 [22.08.2016] Singer, N. (2015): Bringing Big Data to the Fight against Bene fits Fraud. New York Times, Feb. 20, 530 2015. Online: http://www.nytimes.com/2015/02/22/technology/brin ging-big-data-to-the-fight- oducts/insurance/lead-optimiz er.aspx [22.08.2016] http://www.lexisnexis.com/risk/pr 531 against-benefits-fraud.html [22.01.2016] spx [22.08.2016] http://www.lexisnexis.com/risk/pr oducts/insurance/directlink.a 532 521 http://www.idanalytics.com/ [11.01.2016] anagement.aspx [22.01.2016] http://www.lexisnexis.com/risk/products/riskview-credit-risk-m 533 522 products/insurance/attract.aspx https://www.lifelock.com/about/ [11.01.2016] [22.01.2016] http://www.lexisnexis.com/risk/ 523 534 s-White-Paper1.pdf ID-Analytics-I-See-Fraud-Ring https://www.lexisnexis.com/gover nment/solutions/literature/screening.pdf [22.01.2016] http://www.idanalytics.com/media/ 524 wnloads/literature/trueid.pdf [22.01.2016] http://www.lexisnexis.com/risk/do [11.01.2016] 535 525 http://www.idanalytics.com/medi a/Exploring-the-Impact-of-SSN-R http://www.lexisnexis.com/risk/pr oducts/voice-biometrics.aspx [22.01.2016] andomization.pdf 526 [11.01.2016] http://www.lexisnexis.com/risk/ d=1381851197735305 newsevents/press-release.aspx?i 536 score/ [11.01.2016] http://www.idanalytics.com/solutions/fraud-risk-management/id- [22.01.2016] 107 107 106

108 547 of behavior” including “confirmed negative behavior” and “demog raphics/mode of living” , it targeted activists, reporters, labor abusing its power . According to The Nation 537 548 and the “historical use of internet-enabled devices”. – suggested to report s and - according to a leaked unions and political organization cking tools to break into and even used "sophisticated ha investigate activists’ families ID Analytics In addition, offers “credit risk solutions” to help companies improve their Credit scoring posal called “The WikiLeaks Thr eat” and related email computers". Later in 2011, a pro “lending” and “approval and pricing decisions” by “pairing trad itional credit data with 549 The document, which is . Anonymous conversations were leaked by the Hacker Group 538 b-prime markets”. powerful alternative insights from the wireless, banking and su 550 was prepared by the three data intelligence firms Palantir still available online, ID Analytics own statement, their product uses the “unique According to Credit Optics . The presentation was publicly Technologies Berico Technologies , and HBGary Federal , ID Network blend of traditional and alternative consumer credit data” in t he to “inject criticized for being unethical a tive tactics against s it mentioned “potential proac 539 It can also tom models”. new, predictive information into existing credit bureau and cus ps, disinformation, WikiLeaks includ[ing] feeding the fuel between the feuding grou 540 , to “prescreen” and to “[i]dentify the right be used for profiling existing customers creating messages around actions to sabotage or discredit the opposing organization, and 541 In 2010, prospects”, or to send “direct-mail offers to risk-appropriate consumers” only. 551 error.” iLeaks and then calling out the submitting fake documents to Wik announced to offer a scorin g product, which includes TransUnions ’s credit TransUnion 542 552 ID Analytics . data as well as “alternative” data from Infosec Institute named Palantir as one of the principal , the In a comprehensive report PRISM program and indicated that the company may play a technological partners for the 5.7.6 Palantir – data analytics for nat ional security, banks and insurers describes founder role in financing . The German Facebook Palantir manager magazin Peter Thiel as one of the most successful investors in Silicon Valley and first Facebook Palantir a sense that the company trade s is not a typical data broker in Technologies 553 Whether Peter Thiel’s investment in and relationship with plays a Facebook financier. personal data. However, is an important data intelligence company, providing its Palantir role in Palantir ’s intelligence services is not publicly known. sophisticated analytical services to both public and private cu stomers. om corporate is valued at about $20 billion and earns 75% of its revenue fr Palantir Today, Insurance, Palantir was founded in 2004 by Alexander Karp and Peter Thiel. The lat ter is also the Some of the clients, to whom the company delivers fraud detection services, studies of consumer financial founder of the online payment company Facebook . The and the first investor in PayPal world’s most 554 Its “two main products, and Gotham behavior and analyses of the competition. services and company was originally designed to “uncover terror networks usi ng the approach PayPal sensitive sets 543 rate data , serve the same basic purpose—bringing together massive, dispa Metropolis healthcare By linking and simultan eously querying large had devised to fight [...] cybercriminals”. of data n’t obvious to the human sources and scouring them for connections and patterns that are numbers of databases, Palantir provided a valuable service for the intelligence and 555 Palantir ’s clients come from a variety o f industries and sectors, such as financial eye”. oftware and services to the 2009, the company supplied its s national security agencies. In insurance analytics, services, retail, legal intelligence, pharmaceutical companies, and the Pentagon , the Central Intelligence Agency (CIA) Federal Bureau of 544 eral and local law healthcare delivery, disease response, biomedical research, fed In 2013, the software solutions were within more than 50 projects. Investigation (FBI) 556 enforcement agencies, defense, intelligence and accountability. US Government, used by police departments and by at least 12 groups within the including CIA, FBI, NSA, the Mar ine Corps and the Air Force and dealt “with some of the Alliant Data and Analytics IQ – pa yment data and consumer scores 5.7.7 545 world’s most sensitive sets of data”. The marketing data company Alliant Data claims to be the “industry’s largest source of Connecting Palantir raised significant public aware ness in 2011, when the company was exposed by a Public debates returns, billings, and ring information on “payments, detailed micropayment data” offe purchases with hacker group “to be in negotiation for a proposal to track labo r union activists and other from “more than 400 write-offs” as well as aggregating “consumer response behavior” online tracking critics of the U.S. Chamber of Commerce, the largest business l obbying group in 546 Palantir accused of was . The proposal lead to public debates, and Washington” 547 d Their Power. The Nation, Jun. Fang, L. (2013): How Spy Agency Contractors Have Already Abuse ncy-contractors-have-already- 11, 2013. Online: https://www.thenation.com/article/how-spy-age 537 abused-their-power/ [30.08.2016] a/Fraud-ID-Network-Attributes-D atasheet.pdf [11.01.2016] http://www.idanalytics.com/medi 538 548 Ibid. -risk-analytics [11.01.2016] http://www.idanalytics.com/solutions/credit-risk-solutions-and 539 549 Ragan, S. (2011): Data Intelligence firms proposed a systemati c attack against WikiLeaks. The http://www.idanalytics.com/solutions/credit-risk-solutions-and -risk-analytics/alternative- Tech Herald, Feb. 10, 2011. http es/Data-intelligence-firms- credit-data/ [11.01.2016] ://www.thetechherald.com/articl 540 proposed-a-systematic-attack-aga inst-WikiLeaks/12751/ [30.08.2016] -risk-analytics/credit-optics- http://www.idanalytics.com/solutions/credit-risk-solutions-and 550 portfolio-management/ [11.01.2016] https://wikileaks.org/IMG/pdf/WikiLeaks_Response_v6.pdf [30.08 .2016] 551 541 Ragan, S. (2011) Firm targeting WikiLeaks cuts ties with HBGar y – apologizes to reporter. -risk-analytics/credit-optics- http://www.idanalytics.com/solutions/credit-risk-solutions-and http://www.thetechherald.com/arti cuts-ties-with-HBGary- prescreen/ [11.01.2016] cles/Firm-targeting-WikiLeaks- 542 apologizes-to-reporter/12767/ [30.08.2016] pticstm-plus-score http://newsroom.transunion.com/transunion-unveils-new-credit-o 552 [11.01.2016] Infosec Institute (2013): The Palantir Technologies model, lig hts and shadows on a case of 543 success. Posted in General Security, Jul. 9, 2013. Online: http ://resources.infosecinstitute.com/the- Gorman, S. (2009): How Team of Geeks Cracked Spy Trade. Wall S treet Journal, Sept.4, 2009. palantir-technologies-model-lights-and-shadows-on-a-case-of-suc cess/ [30.08.2016] Online: http://www.wsj.com/articles/SB125200842406984303 [30.08 .2016] 553 544 Ibid. Rungg, A. (2015): Palantir und die dunkle Seite der Macht. Manager magazin, Jan. 14, 2015. 545 Online: http://www.mana ger-magazin.de/unternehmen/it/palantir-u nd-die-dunkle-seite-der- Burns, M. (2015): Leaked Palant ir Doc Reveals Uses, Specific F unctions And Key Clients. macht-a-1013000-2.html [30.08.2016] TechCrunch, Jan. 11, 2016. Online: https://techcrunch.com/2015/ 01/11/leaked-palantir-doc- 554 reveals-uses-specific-functions-and-key-clients/ [30.08.2016] Lev-Ram, M. (2016): Palantir Connects the Dots With Big Data. Fortune, Mar. 1, 2016. Online: 546 Fang, L. (2016): The CIA is Investing in Firms that Mine Your Tweets and Instagram Photos. The http://fortune.com/palantir-bi g-data-analysis/ [30.08.2016] 555 Intercept, Apr.14, 2016. Online: https://theintercept.com/2016/ 04/14/in-undisclosed-cia- Ibid. 556 investments-social-media-mining-looms-large/ [30.08.2016] https://www.palantir.com/solutions/ [30.08.2016] 108 108 109

109 547 abusing its power . According to The Nation , it targeted activists, reporters, labor raphics/mode of living” of behavior” including “confirmed negative behavior” and “demog 537 548 and the “historical use of internet-enabled devices”. – suggested to unions and political organization report s and - according to a leaked and even used "sophisticated ha cking tools to break into investigate activists’ families In addition, ID Analytics offers “credit risk solutions” to help companies improve their Credit scoring posal called “The WikiLeaks Thr eat” and related email computers". Later in 2011, a pro itional credit data with “lending” and “approval and pricing decisions” by “pairing trad 549 The document, which is . conversations were leaked by the Hacker Group Anonymous 538 b-prime markets”. powerful alternative insights from the wireless, banking and su 550 was prepared by the three data intelligence firms Palantir still available online, product uses the “unique ID Analytics According to own statement, their Credit Optics . The presentation was publicly Berico Technologies , and HBGary Federal , Technologies ID Network he to “inject blend of traditional and alternative consumer credit data” in t tive tactics against criticized for being unethical a s it mentioned “potential proac 539 It can also tom models”. new, predictive information into existing credit bureau and cus WikiLeaks includ[ing] feeding the fuel between the feuding grou ps, disinformation, 540 , to “prescreen” and to “[i]dentify the right be used for profiling existing customers creating messages around actions to sabotage or discredit the opposing organization, and 541 In 2010, prospects”, or to send “direct-mail offers to risk-appropriate consumers” only. 551 submitting fake documents to Wik iLeaks and then calling out the error.” ’s credit TransUnion announced to offer a scorin g product, which includes TransUnions 542 552 data as well as “alternative” data from . ID Analytics named Infosec Institute as one of the principal , the Palantir In a comprehensive report program and indicated that the company may play a PRISM technological partners for the Palantir – data analytics for nat ional security, banks and insurers 5.7.6 . The German Facebook role in financing describes founder Palantir manager magazin Valley and first Peter Thiel as one of the most successful investors in Silicon Facebook s Palantir Technologies is not a typical data broker in a sense that the company trade 553 plays a Whether Peter Thiel’s investment in and relationship with Facebook financier. Palantir personal data. However, is an important data intelligence company, providing its role in ’s intelligence services is not publicly known. Palantir sophisticated analytical services to both public and private cu stomers. is valued at about $20 billion and earns 75% of its revenue fr om corporate Today, Palantir Insurance, ter is also the was founded in 2004 by Alexander Karp and Peter Thiel. The lat Palantir Some of the studies of consumer clients, to whom the company delivers fraud detection services, financial . The Facebook and the first investor in PayPal founder of the online payment company world’s most 554 Gotham and Its “two main products, behavior and analyses of the competition. services and ng the approach PayPal to “uncover terror networks usi company was originally designed sensitive sets 543 , serve the same basic purpose—bringing together massive, dispa Metropolis rate data healthcare By linking and simultan eously querying large had devised to fight [...] cybercriminals”. of data n’t obvious to the human sources and scouring them for connections and patterns that are numbers of databases, Palantir provided a valuable service for the intelligence and 555 Palantir ’s clients come from a variety o f industries and sectors, such as financial eye”. oftware and services to the 2009, the company supplied its s national security agencies. In insurance analytics, services, retail, legal intelligence, pharmaceutical companies, and the Pentagon , the Central Intelligence Agency (CIA) Federal Bureau of 544 eral and local law healthcare delivery, disease response, biomedical research, fed In 2013, the software solutions were within more than 50 projects. Investigation (FBI) 556 enforcement agencies, defense, intelligence and accountability. US Government, used by police departments and by at least 12 groups within the including CIA, FBI, NSA, the Mar ine Corps and the Air Force and dealt “with some of the Alliant Data and Analytics IQ – pa yment data and consumer scores 5.7.7 545 world’s most sensitive sets of data”. The marketing data company Alliant Data claims to be the “industry’s largest source of Connecting Palantir raised significant public aware ness in 2011, when the company was exposed by a Public debates returns, billings, and ring information on “payments, detailed micropayment data” offe purchases with hacker group “to be in negotiation for a proposal to track labo r union activists and other from “more than 400 write-offs” as well as aggregating “consumer response behavior” online tracking critics of the U.S. Chamber of Commerce, the largest business l obbying group in 546 Palantir accused of was . The proposal lead to public debates, and Washington” 547 d Their Power. The Nation, Jun. Fang, L. (2013): How Spy Agency Contractors Have Already Abuse ncy-contractors-have-already- 11, 2013. Online: https://www.thenation.com/article/how-spy-age 537 abused-their-power/ [30.08.2016] a/Fraud-ID-Network-Attributes-D atasheet.pdf [11.01.2016] http://www.idanalytics.com/medi 538 548 Ibid. -risk-analytics [11.01.2016] http://www.idanalytics.com/solutions/credit-risk-solutions-and 539 549 Ragan, S. (2011): Data Intelligence firms proposed a systemati c attack against WikiLeaks. The http://www.idanalytics.com/solutions/credit-risk-solutions-and -risk-analytics/alternative- Tech Herald, Feb. 10, 2011. http es/Data-intelligence-firms- credit-data/ [11.01.2016] ://www.thetechherald.com/articl 540 proposed-a-systematic-attack-aga inst-WikiLeaks/12751/ [30.08.2016] -risk-analytics/credit-optics- http://www.idanalytics.com/solutions/credit-risk-solutions-and 550 portfolio-management/ [11.01.2016] https://wikileaks.org/IMG/pdf/WikiLeaks_Response_v6.pdf [30.08 .2016] 551 541 Ragan, S. (2011) Firm targeting WikiLeaks cuts ties with HBGar y – apologizes to reporter. -risk-analytics/credit-optics- http://www.idanalytics.com/solutions/credit-risk-solutions-and http://www.thetechherald.com/arti cuts-ties-with-HBGary- prescreen/ [11.01.2016] cles/Firm-targeting-WikiLeaks- 542 apologizes-to-reporter/12767/ [30.08.2016] pticstm-plus-score http://newsroom.transunion.com/transunion-unveils-new-credit-o 552 [11.01.2016] Infosec Institute (2013): The Palantir Technologies model, lig hts and shadows on a case of 543 success. Posted in General Security, Jul. 9, 2013. Online: http ://resources.infosecinstitute.com/the- Gorman, S. (2009): How Team of Geeks Cracked Spy Trade. Wall S treet Journal, Sept.4, 2009. palantir-technologies-model-lights-and-shadows-on-a-case-of-suc cess/ [30.08.2016] Online: http://www.wsj.com/articles/SB125200842406984303 [30.08 .2016] 553 544 Ibid. Rungg, A. (2015): Palantir und die dunkle Seite der Macht. Manager magazin, Jan. 14, 2015. 545 Online: http://www.mana ger-magazin.de/unternehmen/it/palantir-u nd-die-dunkle-seite-der- Burns, M. (2015): Leaked Palant ir Doc Reveals Uses, Specific F unctions And Key Clients. macht-a-1013000-2.html [30.08.2016] TechCrunch, Jan. 11, 2016. Online: https://techcrunch.com/2015/ 01/11/leaked-palantir-doc- 554 reveals-uses-specific-functions-and-key-clients/ [30.08.2016] Lev-Ram, M. (2016): Palantir Connects the Dots With Big Data. Fortune, Mar. 1, 2016. Online: 546 Fang, L. (2016): The CIA is Investing in Firms that Mine Your Tweets and Instagram Photos. The http://fortune.com/palantir-bi g-data-analysis/ [30.08.2016] 555 Intercept, Apr.14, 2016. Online: https://theintercept.com/2016/ 04/14/in-undisclosed-cia- Ibid. 556 investments-social-media-mining-looms-large/ [30.08.2016] https://www.palantir.com/solutions/ [30.08.2016] 109 108 109

110 subscription, continuity, and one-shot brands”. They offer “600 + Audience Selects” on 270 The following table shows examples of the number of “unique” we b browsers and mobile 568 557 devices per country they provide access to: Data resources include “tra nsaction-level behavioral, million U.S. consumers. demographic and lifestyle data on more than 270 million consume rs” (Oracle 2015, p. 29). France Germany Italy Netherlands Pakistan Poland Spain Turkey UK Russia ’s “Online Audiences” are availa ble “through most major platfor ms via partnerships Alliant 21.3m 77.2m 146.3m 25.3m 56.8m 59.7m 121.2m 42.9m 13.8m 11m n 115 million U.S. with over 70 DSPs, DMPs, and ad exchanges” – and contain data o and 47 million “30-day households, 180 million “30-day Unique IDs (desktop devices)”, 558 ould be cookie and mobile These “30-day Unique IDs” c Unique IDs (mobile devices)”. Brazil Argentina Mexico Canada U.S. Australia Japan Indonesia India China at least one time in 30 identifiers of web browsers and mobile devices, which are used 29.2m 14.3m 98.7m 35.6m 32.4m 891m 34.2m 83.1m 3.5m 70.1m claims to have “over two billion match keys for consumers, Alliant days. All in all, 559 including email addresses, mob ile numbers and device IDs”. Table 23: How many “million monthly uniques” Lotame provides access to, per country. Source: Lotame data with “newly Alliant also offers “database enrichmen t” to enhance other companies’ Database onthly uniques” in the U.S., As they, for example, claim to provide access to 891 “million m Third-party updated emails, mobile device ide ntifiers, postal addresses and predictive/descriptive enrichment s are separately counted. it seems that different web browsers and mobile devices of user and CRM data 560 product is a “source of alternative data TransactionBase Furthermore, their variable”. and credit In addition, Lotame offers “direct integrations with over 20 of the world’s larges t third- 569 ” and contains “detailed scoring, and billing management for credit decisions, thin file scoring On its website, the company g ives insights about the data party data providers”. 570 payment information” on “over 90 million consumers”. It offers “financial services and Clients can “collect first-party data” from across their strategies it offers to clients. insurance marketers a full range of credit-scoring solutions” a nd “provides full “sites, apps and ad campaigns”, and combine it with “other firs t-party sources, such as 561 According to Chester et al (2014), prescreening services for qualification of lead lists”. Lotame ithin their “CRM system”. email data or data housed” w could then “create audience has been selling information on “Financially Challenged”, “Cre dit Card Rejects”, Alliant ons”, and enrich these “by segments”, selecting “specific demographics, interests and acti “Credit Challenged”, and “Risky Consumers”. and services in online using third-party data”. Integrations with many other companies 572 571 ”) allow corporate , ad server, exchange and SSP marketing (with “every major DSP AnalyticsIQ is a consumer data analytics company based in Atlanta whose pr oducts are, AnalyticsIQ clients can use customers to use the audience segments for targeting. Finally, Lotame for example, offered by Oracle (2015, p. 30). The company claims to provide data about , a “private marketplace” for the “secure exchange of first-party data” to “access Syndicate 210 million individuals and 110 mi 0 “unique data llion U.S. households from 12 574 573 is Lotame Syndicate rich second-party data not available in the open marketplace”. 562 demographics, purchase, lifesty , including “aggregated credit, le and real-estate sources” ffluent audiences” but are especially designed for companies who are “targeting the same a 563 Their “consumer financial information, econometrics, financial and proprietary data”. Lotame “not directly competing with each other”. As an example mentions a “luxury auto intelligence” portfolio includes s everal scoring products to pr edict “consumer financial brand” that could “share select audience data with an app that profiles 5-star travel behavior”. Beside of several , they offer “affluence scores” like “Spendex”, GeoCredit scores resorts”. scores” like “Home “InvestorIQ”, “WealthIQ” and “IncomeIQ”, and “home and mortgage 564 mographic data products” include The company’s “de ValueIQ “ and “Home EquityIQ”. According to Oracle (2015, p. 82), “Lotame Smart Data” categorizes “100% declared and “100%” AnalyticsIQ offers EthnicIQ and “ Political & Religious Affiliation ”. Furthermore demonstrated data (NOT panel-based, modeled, or inferred) into over 2200 audience declared data, “consumer lifestyle and behavior , SocialIQ influence score al data” like the social media segments”. Their partners “place proprietary Behavioral Collect ion Pixels”, allow them to matched with which predicts “consumer social and the loyalty score media activity and influence”, action, search, purchase intent “collect demographic, interest, , and other data points”. offline sources 565 “ChurnIQ”, which “predicts a consumer’s likelihood to be loyal” to a brand. Demographic data ation, would be “100% Self-declared by a user on a profile or registr is based on “articles read, on-site and matched with offline sources”. Behavioral data 5.7.8 Lotame – an online data management platform (DMP) could complete on a page”, searches, clicked on, searched for and any other action a user partnership with but also information about “in-store purchases” is collected in Lotame is a data management platform (DMP), which allows corporate cu stomers to buy Buying and 566 companies “who anonymously match in-store purchases to online c ookies for targeting”. and three billion cookies They provide “access to a pool of more than and sell data. selling data 567 is available – from “users that frequently complete social act Finally, also ions social data ”, which they categorize into “thousands” of “segments”. two billion mobile device IDs that others online can see, such as sharing, rating, posting, o r commenting”. Drawbridge – tracking and recognizing people across devices 5.7.9 nsure that consumers are d in cross-device tracking to e Several companies are specialize 3.6 billion their PC or their recognized as the same person when using different devices like devices from 1.2 billion 557 http://alliantinsight.com/solut nces/ [11.01.2016] ion-sets/alliant-consumer-audie consumers 558 es/ [11.01.2016] http://alliantinsight.com/solut ion-sets/alliant-online-audienc 559 http://alliantinsight.com/solut ion-sets/alliant-engage/ [31.01 .2016] 568 560 “Million Monthly Uniques”, Ibid. http://alliantinsight.com/solution-sets/alliant-data-marts/ [1 1.01.2016] 561 569 ion-sets/alliant-transactionbas http://alliantinsight.com/solut e/ [11.01.2016] Ibid. 562 570 http://analytics-iq.com/ [11.01.2016] http://www.lotame.com/p latform/ [19.01.2016] 563 571 http://analytics-iq.com/data-solutions/data-foundation/ [11.01 .2016] DSP = demand-side platform 564 572 SSP = supply-side platform http://analytics-iq.com/data-solutions/consumer-financial-inte lligence/ [11.01.2016] 573 565 Ibid. utions/demographics-lifestyle/ [19.01.2016] http://analytics-iq.com/data-sol 574 566 -how-can-it-add-value-to- : http://www.lotame.com/data-e “Buying Data” and “Selling Data” xchange/ [19.01.2016] -what-is-lotame-syndicate-and http://www.lotame.com/resource/qa 567 Ibid. my-data-strategy/ [19.01.2016] 110 111 110

111 b browsers and mobile The following table shows examples of the number of “unique” we subscription, continuity, and one-shot brands”. They offer “600 + Audience Selects” on 270 568 557 devices per country they provide access to: nsaction-level behavioral, Data resources include “tra million U.S. consumers. demographic and lifestyle data on more than 270 million consume rs” (Oracle 2015, p. 29). France Germany Italy Netherlands Pakistan Poland Spain Turkey UK Russia ’s “Online Audiences” are availa ble “through most major platfor ms via partnerships Alliant 21.3m 77.2m 146.3m 25.3m 56.8m 59.7m 121.2m 42.9m 13.8m 11m n 115 million U.S. with over 70 DSPs, DMPs, and ad exchanges” – and contain data o and 47 million “30-day households, 180 million “30-day Unique IDs (desktop devices)”, 558 ould be cookie and mobile These “30-day Unique IDs” c Unique IDs (mobile devices)”. Brazil Argentina Mexico Canada U.S. Australia Japan Indonesia India China at least one time in 30 identifiers of web browsers and mobile devices, which are used 29.2m 14.3m 98.7m 35.6m 32.4m 891m 34.2m 83.1m 3.5m 70.1m claims to have “over two billion match keys for consumers, Alliant days. All in all, 559 including email addresses, mob ile numbers and device IDs”. Table 23: How many “million monthly uniques” Lotame provides access to, per country. Source: Lotame data with “newly Alliant also offers “database enrichmen t” to enhance other companies’ Database onthly uniques” in the U.S., As they, for example, claim to provide access to 891 “million m Third-party updated emails, mobile device ide ntifiers, postal addresses and predictive/descriptive enrichment s are separately counted. it seems that different web browsers and mobile devices of user and CRM data 560 product is a “source of alternative data TransactionBase Furthermore, their variable”. and credit In addition, Lotame offers “direct integrations with over 20 of the world’s larges t third- 569 ” and contains “detailed scoring, and billing management for credit decisions, thin file scoring On its website, the company g ives insights about the data party data providers”. 570 payment information” on “over 90 million consumers”. It offers “financial services and Clients can “collect first-party data” from across their strategies it offers to clients. insurance marketers a full range of credit-scoring solutions” a nd “provides full “sites, apps and ad campaigns”, and combine it with “other firs t-party sources, such as 561 According to Chester et al (2014), prescreening services for qualification of lead lists”. Lotame ithin their “CRM system”. email data or data housed” w could then “create audience has been selling information on “Financially Challenged”, “Cre dit Card Rejects”, Alliant ons”, and enrich these “by segments”, selecting “specific demographics, interests and acti “Credit Challenged”, and “Risky Consumers”. and services in online using third-party data”. Integrations with many other companies 572 571 ”) allow corporate , ad server, exchange and SSP marketing (with “every major DSP AnalyticsIQ is a consumer data analytics company based in Atlanta whose pr oducts are, AnalyticsIQ clients can use customers to use the audience segments for targeting. Finally, Lotame for example, offered by Oracle (2015, p. 30). The company claims to provide data about , a “private marketplace” for the “secure exchange of first-party data” to “access Syndicate 210 million individuals and 110 mi 0 “unique data llion U.S. households from 12 574 573 is Lotame Syndicate rich second-party data not available in the open marketplace”. 562 demographics, purchase, lifesty , including “aggregated credit, le and real-estate sources” ffluent audiences” but are especially designed for companies who are “targeting the same a 563 Their “consumer financial information, econometrics, financial and proprietary data”. Lotame “not directly competing with each other”. As an example mentions a “luxury auto intelligence” portfolio includes s everal scoring products to pr edict “consumer financial brand” that could “share select audience data with an app that profiles 5-star travel behavior”. Beside of several , they offer “affluence scores” like “Spendex”, GeoCredit scores resorts”. scores” like “Home “InvestorIQ”, “WealthIQ” and “IncomeIQ”, and “home and mortgage 564 mographic data products” include The company’s “de ValueIQ “ and “Home EquityIQ”. According to Oracle (2015, p. 82), “Lotame Smart Data” categorizes “100% declared and “100%” AnalyticsIQ offers EthnicIQ and “ Political & Religious Affiliation ”. Furthermore demonstrated data (NOT panel-based, modeled, or inferred) into over 2200 audience declared data, “consumer lifestyle and behavior , SocialIQ influence score al data” like the social media segments”. Their partners “place proprietary Behavioral Collect ion Pixels”, allow them to matched with which predicts “consumer social and the loyalty score media activity and influence”, action, search, purchase intent “collect demographic, interest, , and other data points”. offline sources 565 “ChurnIQ”, which “predicts a consumer’s likelihood to be loyal” to a brand. Demographic data ation, would be “100% Self-declared by a user on a profile or registr is based on “articles read, on-site and matched with offline sources”. Behavioral data 5.7.8 Lotame – an online data management platform (DMP) could complete on a page”, searches, clicked on, searched for and any other action a user partnership with but also information about “in-store purchases” is collected in Lotame is a data management platform (DMP), which allows corporate cu stomers to buy Buying and 566 companies “who anonymously match in-store purchases to online c ookies for targeting”. and three billion cookies They provide “access to a pool of more than and sell data. selling data 567 is available – from “users that frequently complete social act Finally, also ions social data ”, which they categorize into “thousands” of “segments”. two billion mobile device IDs that others online can see, such as sharing, rating, posting, o r commenting”. Drawbridge – tracking and recognizing people across devices 5.7.9 nsure that consumers are d in cross-device tracking to e Several companies are specialize 3.6 billion their PC or their recognized as the same person when using different devices like devices from 1.2 billion 557 http://alliantinsight.com/solut nces/ [11.01.2016] ion-sets/alliant-consumer-audie consumers 558 es/ [11.01.2016] http://alliantinsight.com/solut ion-sets/alliant-online-audienc 559 http://alliantinsight.com/solut ion-sets/alliant-engage/ [31.01 .2016] 568 560 “Million Monthly Uniques”, Ibid. http://alliantinsight.com/solution-sets/alliant-data-marts/ [1 1.01.2016] 561 569 ion-sets/alliant-transactionbas http://alliantinsight.com/solut e/ [11.01.2016] Ibid. 562 570 http://analytics-iq.com/ [11.01.2016] http://www.lotame.com/p latform/ [19.01.2016] 563 571 http://analytics-iq.com/data-solutions/data-foundation/ [11.01 .2016] DSP = demand-side platform 564 572 SSP = supply-side platform http://analytics-iq.com/data-solutions/consumer-financial-inte lligence/ [11.01.2016] 573 565 Ibid. utions/demographics-lifestyle/ [19.01.2016] http://analytics-iq.com/data-sol 574 566 -how-can-it-add-value-to- : http://www.lotame.com/data-e “Buying Data” and “Selling Data” xchange/ [19.01.2016] -what-is-lotame-syndicate-and http://www.lotame.com/resource/qa 567 Ibid. my-data-strategy/ [19.01.2016] 111 111 110

112 smartphone. One of them is Drawbridge , which claims to have about 1.2 billion other methods. is, according to themselves, embedded in Flurry 540,000 different apps 575 According to their privacy “consumers connected across more than 3.6 billion devices”. on iOS, Android and other platforms , and installed on more than 1.4 billion 582 576 . Thus, the company “has built they receive user data from “various advertising exchanges, platform and ad unique profiles on more than policy, smartphones and tablets 584 583 a “trove of mobile-app-user Forbes and, according to ion and interest-based networks” and combine it with “a 1.4 billion devices worldwide” dditional demographic, geolocat data that is bigger in reach than Google a nd Facebook”. Drawbridge uses “probabilistic segment data” from third-party providers. Subsequently, modeling” to “determine the probability that a desktop web cook ie and a mobile device claims to measure one-third of the global app activity and “se es an average of 7 Flurry Hardcore are this device matching inform belong to the same User” and “sh ation” with their apps per device on over 90% of the world’s devices”. Because us er behaviour can be gamers, new tics or other services”. The corporate clients “to enable them to provide advertising, analy h picture about a person’s analyzed across apps, Flurry would be able to “paint a ric mothers and ate and time of visits), IP information they receive includes visited websites (including d 585 into segments and to target users categorize users The platform offers to interests”. LGBT addresses, mobile device identifiers such as Apple IDFA or Goog le Advertising ID, 586 based on attributes such as interests, gender, age, language, d evice, operating system geolocation (including GPS data), browser type, carrier, referr ing/exit pages, device Personas like “hardcore gamers”, “financial geeks”, “new and in accordance to so-called ie information. model, operating system, gender, age, clickstream data and cook 587 mothers”, “slots player” and even “LGBT” (lesbian, gay, bisexua l and transgender). 577 These "personas" and other data are calculated from the app-usa ge patterns. describes its device and behavior Drawbridge , In a corporate presentation „Connected fingerprinting technology the Connected Consumer Graph , which is “made up of Consumer 588 with the market research and consumer data company cooperates Since 2014, Flurry 350 profile ach of these graphs consists of “collected and inferred interconnected Device Graphs”. E Graph“ , which conducts surveys and sees itself as the “world’s leadin g digital data Research Now attributes s the company to “paint demographic and behavioral information”. This technology enable 589 combined their data with its own knowledge about the app Flurry collection company”. vidual consumer” and to “make e ducated predictions about a granular portrait of each indi tional “350 profile attributes including demographic, users and since then offers addi Drawbridge cross-device reach to be 400 million users and their devices”. indicates their 590 including “hundreds of offline data points” such as interest, lifestyle” information people in North America, 150 million in Latin America, 350 mill ion in EMEA (Europe, the 591 or targeting purposes. “household income, number of children and travel preferences” f Middle East and Africa), 200 mill 20 million in AUS/NZ. ion in APAC (Asia-Pacific) and ic [d]evice IDs” to also offers app developers to “[l]ocate and [t]arget] [s]pecif Flurry had analyzed their technology, compared it to other Drawbridge Nielsen According to , or “users who have made a retarget users, and to identify the “[m]ost valuable customers” cross-device identity approaches, and found it to be “97.3% acc urate in indicating a 592 purchase on your mobile website but not in your app”. receives comes from Drawbridge relationship between two or more devices”. Information more than 50 partners , including “mobile and desktop exchanges, advertisers, publish ers, InMobi ng 200 countries. is a mobile ad network with 17 offices across the globe coveri InMobi, 578 – for example: and Factual xAd data management platforms, and other data providers” oss 1 billion “monthly They claim to generate 138 billion “monthly ad impressions” acr tracking 1 st and (“1 ’s Oracle (“location data”), Acxiom and Adobe (“3rd party DMPs”), Exelate Bluekai active users”. They offer to categorize these users into “20,00 0+ refined audience billion app 579 593 LiveRamp ’s (CRM Data). Acxiom party DMPs”) and segments”, which can be “validated through a consumer panel of seven million users”. users 594 they may collect extensive data According to their privacy policy from January 2016, 580 , Drawbridge ’s CEO explains that they are no longer purely focusing on In an interview From 595 and the ads viewed, as well as information about “post-click about the user’s devices advertising. There would be other companies beyond advertising, including those in the advertising to activity in relation to the ad”, and information “mobile publis hers or app developers” have finance and travel industries th at “want to unde rstand the cons umer journey across finance? Drawbridge announced that they have partnered with devices”. Recently TVTY to “enable marketers [to] sync their digital reach across smartphones, tab lets, and personal ”. Their technology would be “more computers with TV programming in real-time 582 /advertisers/brands [22.01.2016] Archived version: http://www.flurry.com/solutions 581 accurate and faster than audio recognition”. m/solutions/advertisers/br g/web/20160125204729/http://www.flurry.co https://web.archive.or ands [22.08.2016] 5.7.10 Flurry, InMobi and Sense Networ ks – mobile and location data 583 Ibid. 584 Olson, Parmy (2013): Meet The Company That Tracks More Phones Than Google Or Facebook. The mobile analytics and ad platform Flurry , acquired by Yahoo in 2014, maintains a Tracking Forbes, 30.10.2013. Online: http://www.forbes.com/sites/parmyol son/2013/10/30/meet-the- system that collects information about smartphone users’ behavi or, and offers it to app across 1.4 company-that-tracks-more-phones-than-google-or-facebook/ [22.01 .2016] 585 geted advertising and vendors in order to analyze their users and earn money with tar billion devices http://www.flurry.com/solutions /advertisers/brands [22.01.2016] 586 Ibid. 587 0vF.pdf [22.01.2016] lt/files/resources/Personas%2 http://www.flurry.com/sites/defau 588 pp Users, Offline The Analytics Bergen, Mark (2014): Flurry Launches Service to Track Mobile A pps Picks Up. Advertising Age, Firm Partners With Research Now, As the Race to Target Inside A 575 earch-build-mobile-app-advertising- 24.03.2014. Online: http://adage.com/article/digital/flurry-res http://drawbridge.com/ [15.01.2016] 576 database/292287/ [22.01.2016] http://drawbridge.com/privacy [15.01.2016] 589 577 https://gallery.mailchimp.com/dd5380a49beb13eb00838c7e2/files/D http://www.researchnow.com/about-us [22.01.2016] B_White_Paper_011216.p 590 df [15.01.2016] https://www.flurry.com/sites/default/files/resources/FlurryEnh ancedPersonas.pdf 578 [22.01.2016] Ibid. 591 579 https://gallery.mailchimp.com/dd5380a49beb13eb00838c7e2/files/ http://www.flurry.com/solutions /advertisers/brands [22.01.2016] DB_MediaKit_011216.pdf 592 [15.01.2016] Ibid. 580 593 Device Marketing Data. Ha, A. (2015): Drawbridge Adds Offline Purchases To Its Cross- http://www.inmobi.com/company/ [16.01.2016] 594 cy-policy/ [16.01.2016] TechCrunch, May 4, 2015. Online: http://techcrunch.com/2015/05/ 04/drawbridge-cross-device/ http://www.inmobi.com/priva 595 E.g. device type, operating system, network provider, IP addre ss, browser version, carrier user [15.01.2016] 581 art/stop time, locale, time zone, WiFi ID, iOS identifiers, mac address, IMEI, phone model, session st http://drawbridge.com/news/p/dra wbridge-enables-marketers-to-s ync-cross-device-ads-with- network status, geo-location, unique device identifiers tv-programming-in-real-time-with-tvty-integration [15.01.2016] 112 113 112

113 other methods. 540,000 different apps is, according to themselves, embedded in Flurry smartphone. One of them is Drawbridge , which claims to have about 1.2 billion 575 According to their privacy , and installed on more than 1.4 billion on iOS, Android and other platforms “consumers connected across more than 3.6 billion devices”. 582 576 smartphones and tablets unique profiles on more than they receive user data from “various advertising exchanges, platform and ad . Thus, the company “has built policy, 583 584 Forbes a “trove of mobile-app-user 1.4 billion devices worldwide” and, according to networks” and combine it with “a ion and interest-based dditional demographic, geolocat data that is bigger in reach than Google a nd Facebook”. segment data” from third-party providers. Subsequently, Drawbridge uses “probabilistic ie and a mobile device modeling” to “determine the probability that a desktop web cook es an average of 7 claims to measure one-third of the global app activity and “se Flurry Hardcore belong to the same User” and “sh are this device matching inform ation” with their apps per device on over 90% of the world’s devices”. Because us er behaviour can be gamers, new corporate clients “to enable them to provide advertising, analy tics or other services”. The h picture about a person’s analyzed across apps, Flurry would be able to “paint a ric mothers and ate and time of visits), IP information they receive includes visited websites (including d 585 into segments and to target users categorize users The platform offers to interests”. LGBT addresses, mobile device identifiers such as Apple IDFA or Goog le Advertising ID, 586 based on attributes such as interests, gender, age, language, d evice, operating system geolocation (including GPS data), browser type, carrier, referr ing/exit pages, device Personas like “hardcore gamers”, “financial geeks”, “new and in accordance to so-called ie information. model, operating system, gender, age, clickstream data and cook 587 mothers”, “slots player” and even “LGBT” (lesbian, gay, bisexua l and transgender). 577 These "personas" and other data are calculated from the app-usa ge patterns. , Drawbridge describes its device and behavior In a corporate presentation „Connected Connected Consumer Graph , which is “made up of fingerprinting technology the Consumer 588 Since 2014, with the market research and consumer data company Flurry cooperates 350 profile ach of these graphs consists of “collected and inferred interconnected Device Graphs”. E Graph“ , which conducts surveys and sees itself as the “world’s leadin g digital data Research Now attributes s the company to “paint demographic and behavioral information”. This technology enable 589 Flurry collection company”. combined their data with its own knowledge about the app a granular portrait of each indi vidual consumer” and to “make e ducated predictions about tional “350 profile attributes including demographic, users and since then offers addi indicates their cross-device reach to be 400 million users and their devices”. Drawbridge 590 interest, lifestyle” information including “hundreds of offline data points” such as ion in EMEA (Europe, the people in North America, 150 million in Latin America, 350 mill 591 “household income, number of children and travel preferences” f or targeting purposes. 20 million in AUS/NZ. ion in APAC (Asia-Pacific) and Middle East and Africa), 200 mill ic [d]evice IDs” to also offers app developers to “[l]ocate and [t]arget] [s]pecif Flurry had analyzed their technology, compared it to other Nielsen , Drawbridge According to retarget users, and to identify the “[m]ost valuable customers” or “users who have made a cross-device identity approaches, and found it to be “97.3% acc urate in indicating a 592 purchase on your mobile website but not in your app”. relationship between two or more devices”. Information receives comes from Drawbridge more than 50 partners , including “mobile and desktop exchanges, advertisers, publish ers, InMobi ng 200 countries. is a mobile ad network with 17 offices across the globe coveri InMobi, 578 – for example: and Factual xAd data management platforms, and other data providers” oss 1 billion “monthly They claim to generate 138 billion “monthly ad impressions” acr tracking 1 st and (“1 ’s Oracle (“location data”), Acxiom and Adobe (“3rd party DMPs”), Exelate Bluekai active users”. They offer to categorize these users into “20,00 0+ refined audience billion app 579 593 ’s party DMPs”) and Acxiom (CRM Data). LiveRamp segments”, which can be “validated through a consumer panel of seven million users”. users 594 they may collect extensive data According to their privacy policy from January 2016, 580 , Drawbridge ’s CEO explains that they are no longer purely focusing on In an interview From 595 and the ads viewed, as well as information about “post-click about the user’s devices advertising. There would be other companies beyond advertising, including those in the advertising to activity in relation to the ad”, and information “mobile publis hers or app developers” have finance and travel industries th at “want to unde rstand the cons umer journey across finance? Drawbridge announced that they have partnered with devices”. Recently TVTY to “enable marketers [to] sync their digital reach across smartphones, tab lets, and personal ”. Their technology would be “more computers with TV programming in real-time 582 /advertisers/brands [22.01.2016] Archived version: http://www.flurry.com/solutions 581 accurate and faster than audio recognition”. m/solutions/advertisers/br g/web/20160125204729/http://www.flurry.co https://web.archive.or ands [22.08.2016] 5.7.10 Flurry, InMobi and Sense Networ ks – mobile and location data 583 Ibid. 584 Olson, Parmy (2013): Meet The Company That Tracks More Phones Than Google Or Facebook. The mobile analytics and ad platform Flurry , acquired by Yahoo in 2014, maintains a Tracking Forbes, 30.10.2013. Online: http://www.forbes.com/sites/parmyol son/2013/10/30/meet-the- system that collects information about smartphone users’ behavi or, and offers it to app across 1.4 company-that-tracks-more-phones-than-google-or-facebook/ [22.01 .2016] 585 geted advertising and vendors in order to analyze their users and earn money with tar billion devices http://www.flurry.com/solutions /advertisers/brands [22.01.2016] 586 Ibid. 587 0vF.pdf [22.01.2016] lt/files/resources/Personas%2 http://www.flurry.com/sites/defau 588 pp Users, Offline The Analytics Bergen, Mark (2014): Flurry Launches Service to Track Mobile A pps Picks Up. Advertising Age, Firm Partners With Research Now, As the Race to Target Inside A 575 earch-build-mobile-app-advertising- 24.03.2014. Online: http://adage.com/article/digital/flurry-res http://drawbridge.com/ [15.01.2016] 576 database/292287/ [22.01.2016] http://drawbridge.com/privacy [15.01.2016] 589 577 https://gallery.mailchimp.com/dd5380a49beb13eb00838c7e2/files/D http://www.researchnow.com/about-us [22.01.2016] B_White_Paper_011216.p 590 df [15.01.2016] https://www.flurry.com/sites/default/files/resources/FlurryEnh ancedPersonas.pdf 578 [22.01.2016] Ibid. 591 579 https://gallery.mailchimp.com/dd5380a49beb13eb00838c7e2/files/ http://www.flurry.com/solutions /advertisers/brands [22.01.2016] DB_MediaKit_011216.pdf 592 [15.01.2016] Ibid. 580 593 Device Marketing Data. Ha, A. (2015): Drawbridge Adds Offline Purchases To Its Cross- http://www.inmobi.com/company/ [16.01.2016] 594 cy-policy/ [16.01.2016] TechCrunch, May 4, 2015. Online: http://techcrunch.com/2015/05/ 04/drawbridge-cross-device/ http://www.inmobi.com/priva 595 E.g. device type, operating system, network provider, IP addre ss, browser version, carrier user [15.01.2016] 581 art/stop time, locale, time zone, WiFi ID, iOS identifiers, mac address, IMEI, phone model, session st http://drawbridge.com/news/p/dra wbridge-enables-marketers-to-s ync-cross-device-ads-with- network status, geo-location, unique device identifiers tv-programming-in-real-time-with-tvty-integration [15.01.2016] 113 113 112

114 “separately collected”. They seem to consider all this data not to be personally identifiable n to access user data However, many users consent to m obile apps asking for permissio 610 596 ent or appreciating the conseq uences”. “without understanding the agreem , and claim to “anonymise this information using one-way hashin g” before sharing data , purchase history with third-parties. The categorization of users is “based on payment and fraud detection 5.7.11 Adyen, PAY.ON and others – engagement levels, app launches” and includes segments, that he lp app developers to identify “[h]igh [v]alue [u]sers” who “don't spend enough money in your app”, “[d]ormant ping risk management and Many new players in the field of online payment are also develo 597 In June [u]sers” who “don’t spend enough time in your app”, and “[s]oci al [i]nfluencers”. d thus analyzing vast amounts o fraud detection technologies, an f data about consumer 2006, InMobi to pay $ 950,000, Federal Trade Commission was penalized by the U.S. behavior and about their devices often also offer credit . In addition, these companies eds of millions of tracked the locations of hundr because the company “deceptively utomated decisions on consumers, for example on scoring and algorithms to make a 598 sent”. without their knowledge or con consumers – including children – payment methods offered – or even to exclude consumers from sho pping. alytics company owned by the m is a mobile and location data an Sense Networks arketing Sense The Amsterdam-based payment company Adyen , for instance, describes its “risk Adyen, creating 599 According to their website, lion in revenue in 2013. , which generated $1 bil YP giant Networks, ustomers to “maintain the mitigation” platform “RevenueProtect” as a tool for corporate c a „holistic 600 611 and to predict where they use “mobile location data to understand consumer behavior” predicting It utilizes “lists of ”. perfect balance between fraud defense and optimized conversions view” 601 By analyzing “location patterns” – for example, where “consume rs shop, people will go. where people ernal risk checks, and known good and bad shopper attributes (e.g. card numbers)”, ext of shoppers iles” containing “over eat and hang out” – they build “anonymous, individual user prof will go “device fingerprinting” to “identify the same machine across mu ltiple sessions, despite the 602 They claim style habits”. ding shopping, dining and life 1,000 behavioral attributes inclu user changing login identities, attempting other clearing cache and cookies, and 603 , and to process “170 billion 612 to “have profiles built on over 150 million mobile users” claims to build “a holistic view of ShopperDNA A feature called obfuscation techniques”. y other than Google or location points per month into profiles”, more than “any compan the shopper behind each transaction by using advanced linking a lgorithms, proprietary 604 605 magazine Wired , the CEO of Sense Networks stated In an interview with Facebook”. k intelligence to track devices , networks and online device fingerprinting and networ 613 that “location data, created all day long just by having a phon e in your pocket, is probably It allows the “creation of automated rules that monitor the be havior” of persona”. 614 the richest source of information in the world today”. shoppers across different transactions. Their Retail Targeting get product “analyzes mobile travel patterns” to identify and “tar PAY.ON ’s fraud Bertelsmann Germany-based payment service provider and affiliate PAY.ON prospects” who are frequently near particular stores, or “when they are at other locations prevention tools include “ more than 120 risk checks ”. Besides “device fingerprinting” 606 In addition to targeting “people who shop at 615 near the retailer, such as home or work”. they offer access to “third-party databases, such as and “black and white listing” ks and go to car dealers” also specific retailers, frequent quick-serve restaurants, visit ban nts shall be accepted, address verifications and credit scores” regarding “which payme 616 demographic data (e.g. age, income, education or ethnicity) and lifestyle information . Examples for third-party providers mentioned are denied or manually reviewed” 607 608 also “build[s] According to their privacy policy, Sense Networks are available. er, Schufa, Telego! creditPass, Deltavista, ThreatMetrix, ReD Shield, Datacash Gatekeep anonymous profiles for 3rd party mobile publishers”. These publishers “provide” them and Deutsche Post Address Services, Intercard, Creditreform Boniversum, Arvato infoscore 617 other data such as application usage and demographic with “location data and possible PAY.ON also provides a system to offer shoppers "the right set of pay ment more. information”, which “may be tied to an anonymous identifier”. I n an additional “privacy nd fraud checks, historic methods" according to the "shopper risk group" based on "risk a 609 ction should be ‘opt-in’”. states that “all data colle Sense Networks principles” section, customer information, [...] external data (e.g. credit agency r ecords), identity checks and the differentiation of new and existing customers as well as sh opping basket information 618 and dynamic limit management". TSYS , another leading y Chester et al (2014, p. 11) summarized a white paper produced b Customer now enjoy payment processor, stating that companies in the financial services industry profiles based “unprecedented levels of insight to use in their consumer decis ion-making”. The original on bank 619 596 tion histories could “provide b provides details on how transac anks TSYS whitepaper transactions in real life” “This information does not enable us to work out your identity 597 ] http://www.inmobi.com/products/analytics-segments/ [16.01.2016 598 https://www.ftc.gov/news-events/ press-releases/2016/06/mobile- advertising-network- inmobi-settles-ftc-charges-it-tracked [01.08.2016] 599 works. The New York Times, Jan. Gelles, David (2014): YP, a Mobile Search Firm, Buys Sense Net 610 06, 2014. Online: http://dealbook.nytimes.com/2014/01/06/yp-a- mobile-ad-firm-buys-a-rival- ocation. The Wall Street Journal, Jan. Dwoskin, E. (2014): In Digital Ads, It’s Location, Location, L sense-networks/ [16.01.2016] 06, 2014. Online: http://blogs.wsj.com/digits/2014/01/06/in-dig ital-ads-its-location-location- 600 location/ [07.01.2016] https://www.sensenetworks.com/li fe-happens-outside-of-the-geo- fence/ [16.01.2016] 611 601 ’ll Like. The New York Times, Jun. ] on/risk-management [17.08.2016 https://www.adyen.com/our-soluti Fitzgerald, M. (2008): Predicting Where You’ll Go and What You 612 22, 2008. Online: http://www.nytimes.com/2008/06/22/technology /22proto.html [16.01.2016] https://docs.adyen.com/developers/revenueprotect [17.08.2016] 602 613 https://www.adyen.com/our-solu tion/risk-management [17.08.201 6] https://www.sensenetworks.com/li fe-happens-outside-of-the-geo- fence/ [16.01.2016] 603 614 https://www.sensenetworks.com/cu https://docs.adyen.com/developers/revenueprotect [17.08.2016] stomers/advertisers/ [16.01.20 16] 604 615 https://www.payon.com/fraud-prevention [07.01.2016] %20platform/ oducts/macrosense%20technology https://www.sensenetworks.com/pr 616 [07.01.2016] https://www.payon.com/sites/www.pa uct sheet External Risk yon.com/files/downloads/Prod 605 Providers.pdf [17.08.2016] http://www.wired.co.uk/article/the-hidden-persuaders-mining-yo ur-mobile-phone-log 617 [07.01.2016] Ibid. 618 606 https://test.payon.com/sites/www. payon.com/files/downloads/PAY ON%20Productsheet- https://www.sensenetworks.com/retail-retargeting/ [07.01.2016] 607 07.01.2016] dience-segments-and-results/ [ https://www.sensenetworks.com/au Active-payment-method-selection.pdf [17.08.2016] 619 608 1.2016] mprove Cardholder Retention Hudson, R. (2013): How Card Issuers Can Leverage Big Data to I https://www.sensenetworks.com/principles/privacy-policy/ [07.0 609 https://www.sensenetworks.com/pr inciples/privacy-principles/ [07.01.2016] Efforts. TSys People-Centered Payments, Jun 2013, Online: 114 115 114

115 n to access user data However, many users consent to m obile apps asking for permissio “separately collected”. They seem to consider all this data not to be personally identifiable 610 596 ent or appreciating the conseq uences”. “without understanding the agreem , and claim to “anonymise this information using one-way hashin g” before sharing data , purchase history with third-parties. The categorization of users is “based on payment and fraud detection 5.7.11 Adyen, PAY.ON and others – engagement levels, app launches” and includes segments, that he lp app developers to identify “[h]igh [v]alue [u]sers” who “don't spend enough money in your app”, “[d]ormant ping risk management and Many new players in the field of online payment are also develo 597 In June [u]sers” who “don’t spend enough time in your app”, and “[s]oci al [i]nfluencers”. d thus analyzing vast amounts o fraud detection technologies, an f data about consumer 2006, InMobi to pay $ 950,000, Federal Trade Commission was penalized by the U.S. behavior and about their devices often also offer credit . In addition, these companies eds of millions of tracked the locations of hundr because the company “deceptively utomated decisions on consumers, for example on scoring and algorithms to make a 598 sent”. without their knowledge or con consumers – including children – payment methods offered – or even to exclude consumers from sho pping. alytics company owned by the m is a mobile and location data an Sense Networks arketing Sense The Amsterdam-based payment company Adyen , for instance, describes its “risk Adyen, creating 599 According to their website, lion in revenue in 2013. , which generated $1 bil YP giant Networks, ustomers to “maintain the mitigation” platform “RevenueProtect” as a tool for corporate c a „holistic 600 611 and to predict where they use “mobile location data to understand consumer behavior” predicting It utilizes “lists of ”. perfect balance between fraud defense and optimized conversions view” 601 By analyzing “location patterns” – for example, where “consume rs shop, people will go. where people ernal risk checks, and known good and bad shopper attributes (e.g. card numbers)”, ext of shoppers iles” containing “over eat and hang out” – they build “anonymous, individual user prof will go “device fingerprinting” to “identify the same machine across mu ltiple sessions, despite the 602 They claim style habits”. ding shopping, dining and life 1,000 behavioral attributes inclu user changing login identities, attempting other clearing cache and cookies, and 603 , and to process “170 billion 612 to “have profiles built on over 150 million mobile users” claims to build “a holistic view of ShopperDNA A feature called obfuscation techniques”. y other than Google or location points per month into profiles”, more than “any compan the shopper behind each transaction by using advanced linking a lgorithms, proprietary 604 605 magazine Wired , the CEO of Sense Networks stated In an interview with Facebook”. k intelligence to track devices , networks and online device fingerprinting and networ 613 that “location data, created all day long just by having a phon e in your pocket, is probably It allows the “creation of automated rules that monitor the be havior” of persona”. 614 the richest source of information in the world today”. shoppers across different transactions. Their Retail Targeting get product “analyzes mobile travel patterns” to identify and “tar PAY.ON ’s fraud Bertelsmann Germany-based payment service provider and affiliate PAY.ON prospects” who are frequently near particular stores, or “when they are at other locations prevention tools include “ more than 120 risk checks ”. Besides “device fingerprinting” 606 In addition to targeting “people who shop at 615 near the retailer, such as home or work”. they offer access to “third-party databases, such as and “black and white listing” ks and go to car dealers” also specific retailers, frequent quick-serve restaurants, visit ban nts shall be accepted, address verifications and credit scores” regarding “which payme 616 demographic data (e.g. age, income, education or ethnicity) and lifestyle information . Examples for third-party providers mentioned are denied or manually reviewed” 607 608 also “build[s] According to their privacy policy, Sense Networks are available. er, Schufa, Telego! creditPass, Deltavista, ThreatMetrix, ReD Shield, Datacash Gatekeep anonymous profiles for 3rd party mobile publishers”. These publishers “provide” them and Deutsche Post Address Services, Intercard, Creditreform Boniversum, Arvato infoscore 617 other data such as application usage and demographic with “location data and possible PAY.ON also provides a system to offer shoppers "the right set of pay ment more. information”, which “may be tied to an anonymous identifier”. I n an additional “privacy nd fraud checks, historic methods" according to the "shopper risk group" based on "risk a 609 ction should be ‘opt-in’”. states that “all data colle Sense Networks principles” section, customer information, [...] external data (e.g. credit agency r ecords), identity checks and the differentiation of new and existing customers as well as sh opping basket information 618 and dynamic limit management". TSYS , another leading y Chester et al (2014, p. 11) summarized a white paper produced b Customer now enjoy payment processor, stating that companies in the financial services industry profiles based “unprecedented levels of insight to use in their consumer decis ion-making”. The original on bank 619 596 tion histories could “provide b provides details on how transac anks TSYS whitepaper transactions in real life” “This information does not enable us to work out your identity 597 ] http://www.inmobi.com/products/analytics-segments/ [16.01.2016 598 https://www.ftc.gov/news-events/ press-releases/2016/06/mobile- advertising-network- inmobi-settles-ftc-charges-it-tracked [01.08.2016] 599 works. The New York Times, Jan. Gelles, David (2014): YP, a Mobile Search Firm, Buys Sense Net 610 06, 2014. Online: http://dealbook.nytimes.com/2014/01/06/yp-a- mobile-ad-firm-buys-a-rival- ocation. The Wall Street Journal, Jan. Dwoskin, E. (2014): In Digital Ads, It’s Location, Location, L sense-networks/ [16.01.2016] 06, 2014. Online: http://blogs.wsj.com/digits/2014/01/06/in-dig ital-ads-its-location-location- 600 location/ [07.01.2016] https://www.sensenetworks.com/li fe-happens-outside-of-the-geo- fence/ [16.01.2016] 611 601 ’ll Like. The New York Times, Jun. ] on/risk-management [17.08.2016 https://www.adyen.com/our-soluti Fitzgerald, M. (2008): Predicting Where You’ll Go and What You 612 22, 2008. Online: http://www.nytimes.com/2008/06/22/technology /22proto.html [16.01.2016] https://docs.adyen.com/developers/revenueprotect [17.08.2016] 602 613 https://www.adyen.com/our-solu tion/risk-management [17.08.201 6] https://www.sensenetworks.com/li fe-happens-outside-of-the-geo- fence/ [16.01.2016] 603 614 https://www.sensenetworks.com/cu https://docs.adyen.com/developers/revenueprotect [17.08.2016] stomers/advertisers/ [16.01.20 16] 604 615 https://www.payon.com/fraud-prevention [07.01.2016] %20platform/ oducts/macrosense%20technology https://www.sensenetworks.com/pr 616 [07.01.2016] https://www.payon.com/sites/www.pa uct sheet External Risk yon.com/files/downloads/Prod 605 Providers.pdf [17.08.2016] http://www.wired.co.uk/article/the-hidden-persuaders-mining-yo ur-mobile-phone-log 617 [07.01.2016] Ibid. 618 606 https://test.payon.com/sites/www. payon.com/files/downloads/PAY ON%20Productsheet- https://www.sensenetworks.com/retail-retargeting/ [07.01.2016] 607 07.01.2016] dience-segments-and-results/ [ https://www.sensenetworks.com/au Active-payment-method-selection.pdf [17.08.2016] 619 608 1.2016] mprove Cardholder Retention Hudson, R. (2013): How Card Issuers Can Leverage Big Data to I https://www.sensenetworks.com/principles/privacy-policy/ [07.0 609 https://www.sensenetworks.com/pr inciples/privacy-principles/ [07.01.2016] Efforts. TSys People-Centered Payments, Jun 2013, Online: 115 115 114

116 with a robust customer profile, including an indication of the customer’s approximate media reported that collected or leveraged in MasterCard’s processes”. In 2014, the 629 According to the action types, along with annual income, spending habits, online usage patterns and trans MasterCard Facebook “signed a two-year deal to share data”. and Facebook spokesman said: “'We are working with them to create targeting , a Daily Mail TSYS Transaction data , is, according to how he or she typically makes payments”. clusters using Custom Audiences — a tool that matches anonymise d data from Facebook “extremely valuable for predicting future customer behaviours a nd transactions” and it 630 cebook to their users.” or optimising ad delivery on Fa with their own anonymised data f “will provide a more complete pi d, in turn, identify which cture of cardholder behavior an 620 cardholders are most profitable”. 631 MasterCard reported $2.177 billion in , payment week According to the trade magazine Will 5.7.12 MasterCard – fraud scoring and marketing data revenue from payment processing in Q1 2014 and $341 million for “information products, MasterCard, for the latter was 22 percent including sales of data” already. However, the “rate of growth Visa and AmEx 621 They have s. provides “fraud scoring” technologies to financial institution MasterCard Fraud scoring versus 14 percent for payments”. The article suggests that “sel ling products and services become data developed predictive fraud models to reveal the risk based on s pending patterns using a and risk scores MasterCards created from data analytics could become” ’s “core business”. Besides companies? egrated authorization and fraud “vast repository of globally int data”. In the context of American Express , which has also started to offe r “audience segments for use in online ad credit scoring MasterCard has even utilized data from mobile phones to calculate risk. 632 recently launched its “Visa Integrated Marketing Solutions”, w hich , Visa targeting” 622 , they have “developed models showing that According to a report by the company out their own customers allows “[c]ard issuers and partners” to “combine information ab y — and willingness — to prepaid-mobile history and phone usage are predictive of abilit per year, as well as “other with powerful insights from more than 100 billion transactions” repay loans”. 633 their programs”. third-party demographic, lifestyle and economic data to inform MasterCard also offers their data for mark eting purposes. They provide “a ccess to relevant MasterCard’s l transactions from d on 95 billion anonymized, rea 2 and actionable intelligence base data for in 210 countries worldwide” to “[f]orecast consumer behavior” billion cardholders and marketing 623 Propensity Models for Their product to “[h]elp clients make better decisions”. 624 enables clients to use scores that “reflect a cardholder’s likelihood to Marketing engage in a behavior or respond to an offer”. These models are “available on consumer debit, consumer credit and commercial portfolios”. They explain that a “propensity model 625 rank” would order the “best prospects” within the client’s “car dholder population”. 626 allows companies to reach “online MasterCard Audiences Another product called Connecting audiences based on insights drawn from aggregate purchase behavior” for “more precise purchases to , transaction data is “[a]nonymous – no name online marketing”. According to MasterCard online data n amount, merchant, or contact information of any kind”, but “[i]ncludes transactio in order to “create millions of online/offline, location, date and time”. This data is analyzed segments” and to build “hundreds of unique audiences” by “aggre gating segment propensities and applying them to third-party consumer populati ons” available through 627 “ad networks and data aggregators”. eXelate MasterCard , which is offering ’s data to According to Nielsen ’s data platform Partnerships marketers, it is “collected from online & offline anonymized tr ansactions and associated with DMPs and 628 Another partner is with online populations through the use of proprietary analytic s”. Facebook Oracle t MasterCard ’s , who explains in its “Data Directory” (Oracle 2015, p. 84) tha “behavioral based segments” like “used vehicle sales”, “luxury” or “professional services” (e.g. “electricians, accounting, several categories like "top tier tax, legal”) are available in spenders" or “frequent transactors". Data is “ associated with cookie populations process”, but “[n]o PII is through a proprietary ‘privacy by design’ double blind matching 629 http://tsys.com/Assets/TSYS/down loads/wp_How Card-Issuers-Can-L Michael, S. (2014): MasterCard is mining Facebook users’ conve everage-Big-Data-pc.pdf rsations data to get consumer DailyMail Online, Oc (p.4) [17.08.2016] t can sell to banks. behavior information i t. 06, 2014. Online: 620 www.dailymail.co.uk/news/article-2 book-users-conversations- 782937/MasterCard-mining-Face Ibid. (p. 5)[07.01.2016] 621 data-consumer-behaviour-information-sell-banks.html [07.01.2016 ] .com/us/company/en/docs/ems_hosted_sell_ sheet.pdf [07.01.2016] https://www.mastercard 622 630 compendium.mastercard.com/app/SKU_pdfs/alternativeData.pdf [01 Ibid. .08.2016] 623 631 16] Hand in Hand. Paymentweek, Jun. Genova, J. (2014): For MasterCard, Processing and Analytics go ormation-services.html [07.01.20 www.mastercardadvisors.com/inf 624 rd-processing-and-analytics- 16, 2014. Online: http://paymentweek.com/2014-6-16-for-masterca www.mastercardadvisors.com/solut ions/product_list/propensity_m odels_for_marketing/ go-hand-in-hand-4908 [07.01.2016] [07.01.2016] 632 625 Kaye, K. (2013): Mastercard, AmEx Quietly Feed Data to Advertisers. AdvertisindAge, Apr. 16, Ibid. 626 2013. Online: http://adage.com/article/dataworks/mastercard-ame www.mastercardadvisors.com/solut x-feed-data- ions/media/customer_insights/m astercard_audiences.html [07.01.2016] marketers/240800/ [07.01.2016] 627 633 Ibid. http://investor.visa.com/news/news-details/2015/Visa-Launches- New-Platform-to-Help-Card- 628 [07.01.2016] http://partners.exelate.com/media/1/_orig/1441043383-5557.pdf Issuers-Market-and-Grow-Their-Business/default.aspx [07.01.2016 ] 116 117 116

117 media reported that collected or leveraged in MasterCard’s processes”. In 2014, the with a robust customer profile, including an indication of the customer’s approximate 629 According to the and MasterCard “signed a two-year deal to share data”. Facebook action types, along with annual income, spending habits, online usage patterns and trans Facebook spokesman said: “'We are working with them to create targeting , a Daily Mail TSYS Transaction data , is, according to how he or she typically makes payments”. clusters using Custom Audiences — a tool that matches anonymise d data from Facebook “extremely valuable for predicting future customer behaviours a nd transactions” and it 630 cebook to their users.” or optimising ad delivery on Fa with their own anonymised data f “will provide a more complete pi d, in turn, identify which cture of cardholder behavior an 620 cardholders are most profitable”. 631 MasterCard reported $2.177 billion in , payment week According to the trade magazine Will 5.7.12 MasterCard – fraud scoring and marketing data revenue from payment processing in Q1 2014 and $341 million for “information products, MasterCard, for the latter was 22 percent including sales of data” already. However, the “rate of growth Visa and AmEx 621 They have s. provides “fraud scoring” technologies to financial institution MasterCard Fraud scoring versus 14 percent for payments”. The article suggests that “sel ling products and services become data developed predictive fraud models to reveal the risk based on s pending patterns using a and risk scores MasterCards created from data analytics could become” ’s “core business”. Besides companies? egrated authorization and fraud “vast repository of globally int data”. In the context of American Express , which has also started to offe r “audience segments for use in online ad credit scoring MasterCard has even utilized data from mobile phones to calculate risk. 632 recently launched its “Visa Integrated Marketing Solutions”, w hich , Visa targeting” 622 , they have “developed models showing that According to a report by the company out their own customers allows “[c]ard issuers and partners” to “combine information ab y — and willingness — to prepaid-mobile history and phone usage are predictive of abilit per year, as well as “other with powerful insights from more than 100 billion transactions” repay loans”. 633 their programs”. third-party demographic, lifestyle and economic data to inform MasterCard also offers their data for mark eting purposes. They provide “a ccess to relevant MasterCard’s l transactions from d on 95 billion anonymized, rea 2 and actionable intelligence base data for in 210 countries worldwide” to “[f]orecast consumer behavior” billion cardholders and marketing 623 Propensity Models for Their product to “[h]elp clients make better decisions”. 624 enables clients to use scores that “reflect a cardholder’s likelihood to Marketing engage in a behavior or respond to an offer”. These models are “available on consumer debit, consumer credit and commercial portfolios”. They explain that a “propensity model 625 rank” would order the “best prospects” within the client’s “car dholder population”. 626 allows companies to reach “online MasterCard Audiences Another product called Connecting audiences based on insights drawn from aggregate purchase behavior” for “more precise purchases to , transaction data is “[a]nonymous – no name online marketing”. According to MasterCard online data n amount, merchant, or contact information of any kind”, but “[i]ncludes transactio in order to “create millions of online/offline, location, date and time”. This data is analyzed segments” and to build “hundreds of unique audiences” by “aggre gating segment propensities and applying them to third-party consumer populati ons” available through 627 “ad networks and data aggregators”. eXelate MasterCard , which is offering ’s data to According to Nielsen ’s data platform Partnerships marketers, it is “collected from online & offline anonymized tr ansactions and associated with DMPs and 628 Another partner is with online populations through the use of proprietary analytic s”. Facebook Oracle t MasterCard ’s , who explains in its “Data Directory” (Oracle 2015, p. 84) tha “behavioral based segments” like “used vehicle sales”, “luxury” or “professional services” (e.g. “electricians, accounting, several categories like "top tier tax, legal”) are available in spenders" or “frequent transactors". Data is “ associated with cookie populations process”, but “[n]o PII is through a proprietary ‘privacy by design’ double blind matching 629 http://tsys.com/Assets/TSYS/down loads/wp_How Card-Issuers-Can-L Michael, S. (2014): MasterCard is mining Facebook users’ conve everage-Big-Data-pc.pdf rsations data to get consumer DailyMail Online, Oc (p.4) [17.08.2016] t can sell to banks. behavior information i t. 06, 2014. Online: 620 www.dailymail.co.uk/news/article-2 book-users-conversations- 782937/MasterCard-mining-Face Ibid. (p. 5)[07.01.2016] 621 data-consumer-behaviour-information-sell-banks.html [07.01.2016 ] .com/us/company/en/docs/ems_hosted_sell_ sheet.pdf [07.01.2016] https://www.mastercard 622 630 compendium.mastercard.com/app/SKU_pdfs/alternativeData.pdf [01 Ibid. .08.2016] 623 631 16] Hand in Hand. Paymentweek, Jun. Genova, J. (2014): For MasterCard, Processing and Analytics go ormation-services.html [07.01.20 www.mastercardadvisors.com/inf 624 rd-processing-and-analytics- 16, 2014. Online: http://paymentweek.com/2014-6-16-for-masterca www.mastercardadvisors.com/solut ions/product_list/propensity_m odels_for_marketing/ go-hand-in-hand-4908 [07.01.2016] [07.01.2016] 632 625 Kaye, K. (2013): Mastercard, AmEx Quietly Feed Data to Advertisers. AdvertisindAge, Apr. 16, Ibid. 626 2013. Online: http://adage.com/article/dataworks/mastercard-ame www.mastercardadvisors.com/solut x-feed-data- ions/media/customer_insights/m astercard_audiences.html [07.01.2016] marketers/240800/ [07.01.2016] 627 633 Ibid. http://investor.visa.com/news/news-details/2015/Visa-Launches- New-Platform-to-Help-Card- 628 [07.01.2016] http://partners.exelate.com/media/1/_orig/1441043383-5557.pdf Issuers-Market-and-Grow-Their-Business/default.aspx [07.01.2016 ] 117 117 116

118 that now ignore their realizing that they might have summoned technological ‘spirits’ Summary of Findings and Discussion of its Societal Implications 6. command. The following sections summarize the state-of-the-art as we see it, based on the he chapters above. facts accumulated in t “If you have something that you don’t want anyone to of data collection a nd sharing through a vast globally In a nutshell, the ubiquity Status quo ing it in the first place” know, maybe you shouldn’t be do sacrifice networked digital infrastructure has led to a loss of control o ver data flows and a 634 Eric Schmidt, Google, 2009 of contextual integrity of personal data. As Helen Nissenbaum (2004) has argued, contextual integrity of data is a cornerstone for the protectio n of peoples’ privacy. With "Surveillance is not about knowing your secrets, s chapters, privacy is the vast and uncontrolled sharing practices outlined in previou but about managing populations, managing people" 635 undermined at scale without people noticing it. Katarzyna Szymielewicz, Vice-President EDRi, 2015 636 r customers. But they We assume that companies do not strive to consciously harm thei reached and Facebook Around the same time as Apple introduced its first smartphone 637 are confronted with the fact that data has become such an impor tant and strategic part of ta to in 2007, online advertisers started to use individual-level da 30 million users lucrative personal data many business models that they can hardly see a way out of this 3, p. 45). Less than ten profile and target users individually (Deighton and Johnson 201 criticism voiced by the market and the dynamics it has created. To deal with the rising s become a “convenient by- years later, ubiquitous and real-time corporate surveillance ha public, the media and political institutions, companies now loo k for strategies to deal with art et al 2014, p. 746). We ctions and interactions” (De Zw product of ordinary daily transa the data business and the associated ethical and legal challeng es. An important surveillance society as David Lyon foresaw it already in the early 1990s; have entered a transparency around their data- compromise in this effort could be to create more of “social sorting”, the perma a society in which the practices nent monitoring and intensive processes. Not surprisingly, transparency has been a core concern for the new nology and software ation through information tech classification of the whole popul 638 That said, as of today the status European General Data Protection Regulation (GDPR). algorithms, have silently become an everyday reality (see Lyon 1994, Lyon 2003). siness practices are still quo is: Transparency is not provided, but avoided. Ambiguous bu which we summarize and This surveillance society is enabled by a number of phenomena, Ubiquitous, the norm and even misleading rhetoric is used to trick people i nto one-sided and reflect on in this chapter. At t ance society is the technical he core of our current surveill invisible and disadvantageous data contracts. rvasive”. The idea that computing should be “ubiquitous”, “invisible” and “pe pervasive power imbalances between those parties that The lack of transparency is one enabler of acknowledged founding father of this thinking is Mark Weiser, a n American research possess data and those who don’t. Democratic as well as economi c thinkers have always scientist who used to work at , who once wrote: “The most profound technologies Xerox urrent abuses of been suspicious of information and power asymmetries. And the c of everyday life until they are those that disappear. They weave themselves into the fabric suspicion: Data richness is personal data that are highlighted in our report support their new way of thinking about are indistinguishable from it [...] we are trying to conceive a against people. Companies „turn individuals into systematically used to discriminate computers in the world, one that takes into account the natural human environment and n and Pasquale 2014). Everyone ranked and rated objects” (Citro is constantly sorted and o vanish into the background” (Weiser 1991, p.1). allows the computers themselves t addressed on the basis of their economic potential; a practice that is undermining the core Ever since this vision was formulated, computer scientists and engineers around the Who is in values of democracy: people’s equality and dignity. world have been working towards realizing it; interpreting the aspect of disappearance as control? dvised to consider what Against this background, consumers using digital services are a . Few engineers have a ubiquitous, sensor-based and networked digital infrastructure with a digital service we call their when starting to interact “customer lifetime risk” probably been expecting that the “mind-children” of this vision and their subsequent work provider. The question is whether they will ever do so? - When in fact people embrace the on it would be abused by economic and governmental forces in th e way that it is today. data-rich services that betray their trust. As we discuss at th e end of this chapter, perhaps, Bathing themselves in the shallow reassurance that “technology is neutral” they have been we are entrained to love embracing the soft digital controls ri sing around us and are thus laying powerful tools in the hands of many players. As this rep ort shows it is not obvious on the verge of becoming perfect self-censors. that all of the playe rs are able to live up to the responsibili ty required for them, because responsible use of data would include an ethical questioning an d partial refraining from practices we observe today. Few tech people have taken the warn ings that Marc Weiser voiced seriously. In 1999, he wrote that “the problem [associated with ubiquitous 6.1 Ubiquitous data collection e of control” (Weiser et al. terms of privacy is really on computing] while often couched in Our report shows that the collection of data concerning people and their daily lives has d engineers ar er scientists an 1999, p.694). Very slowly, comput ound the world are Networks of ork . As more and more devices and objects include sensors and netw ubiquitous become corporate invisibly . Information recorded by websites, connections, data collection is happening surveillance smartphone apps, fitness trackers ften transferred to a wide and many other platforms is o 634 le CEO Eric Schmidt Dismisses t Esguerra, Richard (2009): Goog he Importance of Privacy. A network of major online platforms, publishers, app third-party companies. range of deeplinks/2009/12/google-ceo- Online: https://www.eff.org/de/ Electronic Frontier Foundation. providers, data brokers and adve recognize, profile and rtising networks is now able to eric-schmidt-dismisses-privacy [01.08.2016] judge people at nearly every mom ent of their lives. By using ps eudonymous identifiers 635 Grossman, Wendy M (2016): Democracy, film review: How the EU' s data protection law was rofiles are matched based on phone numbers, email addresses and other attributes, p made. ZDNet UK Book Reviews, June 9, 2016. Online: http://www.z dnet.com/article/democracy- ection-law-was-made [01.08.201 film-review-how-the-eus-data-prot 6] 636 http://www.apple.com/pr/library /2007/01/09Apple-Reinvents-the -Phone-with- iPhone.html [01.08.2016] 637 dian, 25 July 2007. Online: Phillips, Sarah (2007): A brief history of Facebook. The Guar 638 European Commission (2016) ia [01.08.2016] logy/2007/jul/25/media.newmed https://www.theguardian.com/techno 118 119 118

119 that now ignore their realizing that they might have summoned technological ‘spirits’ Summary of Findings and Discussion of its Societal Implications 6. command. The following sections summarize the state-of-the-art as we see it, based on the he chapters above. facts accumulated in t “If you have something that you don’t want anyone to of data collection a nd sharing through a vast globally In a nutshell, the ubiquity Status quo ing it in the first place” know, maybe you shouldn’t be do sacrifice networked digital infrastructure has led to a loss of control o ver data flows and a 634 Eric Schmidt, Google, 2009 of contextual integrity of personal data. As Helen Nissenbaum (2004) has argued, contextual integrity of data is a cornerstone for the protectio n of peoples’ privacy. With "Surveillance is not about knowing your secrets, s chapters, privacy is the vast and uncontrolled sharing practices outlined in previou but about managing populations, managing people" 635 undermined at scale without people noticing it. Katarzyna Szymielewicz, Vice-President EDRi, 2015 636 r customers. But they We assume that companies do not strive to consciously harm thei reached and Facebook Around the same time as Apple introduced its first smartphone 637 are confronted with the fact that data has become such an impor tant and strategic part of ta to in 2007, online advertisers started to use individual-level da 30 million users lucrative personal data many business models that they can hardly see a way out of this 3, p. 45). Less than ten profile and target users individually (Deighton and Johnson 201 criticism voiced by the market and the dynamics it has created. To deal with the rising s become a “convenient by- years later, ubiquitous and real-time corporate surveillance ha public, the media and political institutions, companies now loo k for strategies to deal with art et al 2014, p. 746). We ctions and interactions” (De Zw product of ordinary daily transa the data business and the associated ethical and legal challeng es. An important surveillance society as David Lyon foresaw it already in the early 1990s; have entered a transparency around their data- compromise in this effort could be to create more of “social sorting”, the perma a society in which the practices nent monitoring and intensive processes. Not surprisingly, transparency has been a core concern for the new nology and software ation through information tech classification of the whole popul 638 That said, as of today the status European General Data Protection Regulation (GDPR). algorithms, have silently become an everyday reality (see Lyon 1994, Lyon 2003). siness practices are still quo is: Transparency is not provided, but avoided. Ambiguous bu which we summarize and This surveillance society is enabled by a number of phenomena, Ubiquitous, the norm and even misleading rhetoric is used to trick people i nto one-sided and reflect on in this chapter. At t ance society is the technical he core of our current surveill invisible and disadvantageous data contracts. rvasive”. The idea that computing should be “ubiquitous”, “invisible” and “pe pervasive power imbalances between those parties that The lack of transparency is one enabler of acknowledged founding father of this thinking is Mark Weiser, a n American research possess data and those who don’t. Democratic as well as economi c thinkers have always scientist who used to work at , who once wrote: “The most profound technologies Xerox urrent abuses of been suspicious of information and power asymmetries. And the c of everyday life until they are those that disappear. They weave themselves into the fabric suspicion: Data richness is personal data that are highlighted in our report support their new way of thinking about are indistinguishable from it [...] we are trying to conceive a against people. Companies „turn individuals into systematically used to discriminate computers in the world, one that takes into account the natural human environment and n and Pasquale 2014). Everyone ranked and rated objects” (Citro is constantly sorted and o vanish into the background” (Weiser 1991, p.1). allows the computers themselves t addressed on the basis of their economic potential; a practice that is undermining the core Ever since this vision was formulated, computer scientists and engineers around the Who is in values of democracy: people’s equality and dignity. world have been working towards realizing it; interpreting the aspect of disappearance as control? dvised to consider what Against this background, consumers using digital services are a . Few engineers have a ubiquitous, sensor-based and networked digital infrastructure with a digital service we call their when starting to interact “customer lifetime risk” probably been expecting that the “mind-children” of this vision and their subsequent work provider. The question is whether they will ever do so? - When in fact people embrace the on it would be abused by economic and governmental forces in th e way that it is today. data-rich services that betray their trust. As we discuss at th e end of this chapter, perhaps, Bathing themselves in the shallow reassurance that “technology is neutral” they have been we are entrained to love embracing the soft digital controls ri sing around us and are thus laying powerful tools in the hands of many players. As this rep ort shows it is not obvious on the verge of becoming perfect self-censors. that all of the playe rs are able to live up to the responsibili ty required for them, because responsible use of data would include an ethical questioning an d partial refraining from practices we observe today. Few tech people have taken the warn ings that Marc Weiser voiced seriously. In 1999, he wrote that “the problem [associated with ubiquitous 6.1 Ubiquitous data collection e of control” (Weiser et al. terms of privacy is really on computing] while often couched in Our report shows that the collection of data concerning people and their daily lives has d engineers ar er scientists an 1999, p.694). Very slowly, comput ound the world are Networks of ork . As more and more devices and objects include sensors and netw ubiquitous become corporate invisibly . Information recorded by websites, connections, data collection is happening surveillance smartphone apps, fitness trackers ften transferred to a wide and many other platforms is o 634 le CEO Eric Schmidt Dismisses t Esguerra, Richard (2009): Goog he Importance of Privacy. A network of major online platforms, publishers, app third-party companies. range of deeplinks/2009/12/google-ceo- Online: https://www.eff.org/de/ Electronic Frontier Foundation. providers, data brokers and adve recognize, profile and rtising networks is now able to eric-schmidt-dismisses-privacy [01.08.2016] judge people at nearly every mom ent of their lives. By using ps eudonymous identifiers 635 Grossman, Wendy M (2016): Democracy, film review: How the EU' s data protection law was rofiles are matched based on phone numbers, email addresses and other attributes, p made. ZDNet UK Book Reviews, June 9, 2016. Online: http://www.z dnet.com/article/democracy- ection-law-was-made [01.08.201 film-review-how-the-eus-data-prot 6] 636 http://www.apple.com/pr/library /2007/01/09Apple-Reinvents-the -Phone-with- iPhone.html [01.08.2016] 637 dian, 25 July 2007. Online: Phillips, Sarah (2007): A brief history of Facebook. The Guar 638 European Commission (2016) ia [01.08.2016] logy/2007/jul/25/media.newmed https://www.theguardian.com/techno 119 119 118

120 with digital records in cus cross-device and cross-platform tomer databases of a myriad they want to use it for later. A s the founder of a credit scori ng start-up stated: “We feel like 639 all data is credit data, we just don’t know how to use it yet”. ects and spaces are of other businesses (see chapter 5). More and more physical obj and doors to objects located connected to the Internet, ranging from printers, fridges, cars A player that demonstrates a powerful way for the decontextualization of data is Loss of context in public space. The Internet of Things envisions billions of in offices, industrial plants or to provide information as accur Facebook ate, real, valid . Facebook encourages its users cles, offices, factories, at networked sensors that are recording our lives, in cities, vehi (Dumortier 2009, p. 1). Facebook is not known for directly and complete as possible home and even in our bodies. ver, the company allows a large selling the personal profiles it collects; its core asset. Howe targeted advertising and group of marketers and app developers to leverage user data for which invisible sharing Many parties are interested in the recorded data. The extent to Example data user’s data may reappear or may be re-used in Facebook other purposes. Consequently, a revisiting the example of across devices and platforms is possible can be demonstrated by ecosystem very different contexts than expected by the users. For example , the data broker Experian by FIPA (2015). The car data c the “connected car”, as compiled reated is attractive not ess individual-level social data on its website offers its corporate clients the ability to harn only for automakers and their pa rtners but also for car dealers , insurance companies, from Facebook, including names, fan pages, relationship status and posts (see chapter hird-party app developers, iders, call center operators, t lenders, telematics service prov 5.7.3). Oracle recommends that companies integrate their enterp rise data with social data iders, mobile network operator vehicle infotainment content prov s or mobile device tworks of Facebook users are (see chapter 5.7.2). In practice, this means that the social ne system providers like . Also, third parties outside the telematics industry Google Apple and for instance used very successfully by car insurers for their fraud prevention algorithms. itself are standing in line to a ng local retailers and cquire telematics data, includi Telecom operators use Facebook s tatus data to double-check whet her contract-relevant merchants, online advertising agencies, data brokers, law enfor cement agencies, debt o what a person has stated data provided to them is correct (i.e. whether it corresponds t litigants and many more can be collectors, fraud investigators, added to the list of 640 potential bidders for the data. These examples demonstrate how Facebook has about themselves on Facebook). created an “asymmetry between a user’s imagined and actual audience” that “threatens As many other examples in our report show, personal data alread y is, and will lational self” (Dumortier 2009, l to act as a contextual and re the possibility of the individua ifferent purposes than it was increasingly be, used in completely different contexts or for d p. 11). The same is true for many other platforms, services and apps. The loss of one’s initially collected and this is done at ubiquitous scale. dignity. contextual and relational self again deeply undermines personal that is Another example of extensive de-contextualization is governmental surveillance Corporate data enabled by corporate databases (see e.g. De Zwart et al 2014). Many documents revealed accessed by 6.2 A loss of contextual integrity rnmental authorities are exce by Edward Snowden showed that gove ssively accessing governments information about citizens, which was originally collected by c orporate players. In As data is used for other purposes than the ones stated at the time of its collection, it may ions that investigate insurance claims or social benefits addition, companies and institut lose its contextual integrity. often use the same analytics tools that are used to investigate terrorism or delinquency fraud prevention, credit scoring or Data that has been collected in the context of online Marketing, risk (see chapter 3.5). and is used for customer relationship management, online targeting payment processing assessment tered according to risk other marketing purposes. For example, advertising gets pre-fil and even excluded from the judgments and “high risk” customers are treated differently, or employment 6.3 The transparency issue smartphone apps or social beginning. Conversely, data collected in marketing contexts, by practices in marketing networks, is used for risk assessment. Generally, companies and of data markets (such as Both, Edward Snowden’s revelations and critical investigations realm of and 5.7). In the and risk assessment are increasingly merging (see chapters 3.5 ta-sharing and this report) are slowly opening peoples’ eyes to the massive da for example, work , information that is collected to improve business processes – on. As a result, established po decontextualizing that is going licy bodies have started to customer satisfaction reports, lo in-store-tracking for customer cation tracking in logistics, data flows, including the Wor call for more transparency around ld Economic Forum (WEF agement tools – is also used to monitor, judge and control analytics, data from project man Parliament. Together the European mission (FTC) and 2014), the U.S. Federal Trade Com employees (see chapter 3.3). new regulation on with the Parliament, the European Commission passed the GDPR, a data protection which will come into effect in 2018 and tries to sanction com panies when Since the 1990s, scholar s have used the term function creep to describe when systems, they collect too much data about individuals and use it out of context. which are recording digital data about people, are later being used for tasks other than those originally intended (see Lyon 2010, p. 330). For example, the UK database of school anies are collecting data transparency is missing. Comp That said, at this point in time, Lack of children, which was set up in 1997 to collect “general aggregat e data to plan for services”, ), “largely without about billions of consumers from various sources (see chapter 5 transparency ren—how they arrive at later “became a means of amassing detailed information on child share data with others, it . IV). As data brokers often consumers’ knowledge” (FTC 2014, p . This phenomenon can be school, who eats meals at school, who has special needs” (ibid) is “virtually impossible for a consumer to determine how a data broker obtained” their observed in many areas today. More and more businesses are coll ecting vast amounts of ext or for what purpose information about people without even knowing yet in which cont 639 York Times, 24.03.2012. Online: Hardy, Quentin (2012): Just the Facts. Yes, All of Them. New ants-to-gather-the-data- http://www.nytimes.com/2012/03/2 5/business/factuals-gil-elbaz-w universe.html [27.07.2016] 640 According to a presentation of the author Yvonne Hofstetter h eld at the Club of Vienna in early 2016 120 121 120

121 they want to use it for later. A s the founder of a credit scori ng start-up stated: “We feel like with digital records in cus cross-device and cross-platform tomer databases of a myriad 639 all data is credit data, we just don’t know how to use it yet”. ects and spaces are of other businesses (see chapter 5). More and more physical obj and doors to objects located connected to the Internet, ranging from printers, fridges, cars A player that demonstrates a powerful way for the decontextuali zation of data is Loss of context in public space. The Internet of Things envisions billions of in offices, industrial plants or to provide information as accur Facebook ate, real, valid . Facebook encourages its users networked sensors that are recording our lives, in cities, vehi cles, offices, factories, at (Dumortier 2009, p. 1). Facebook is not known for directly and complete as possible home and even in our bodies. ver, the company allows a large selling the personal profiles it collects; its core asset. Howe group of marketers and app developers to leverage user data for targeted advertising and which invisible sharing Many parties are interested in the recorded data. The extent to Example data Facebook user’s data may reappear or may be re-used in other purposes. Consequently, a across devices and platforms is possible can be demonstrated by revisiting the example of ecosystem , the data broker Experian very different contexts than expected by the users. For example the “connected car”, as compiled by FIPA (2015). The car data c reated is attractive not on its website offers its corporate clients the ability to harn ess individual-level social data , insurance companies, rtners but also for car dealers only for automakers and their pa and posts (see chapter from Facebook, including names, fan pages, relationship status lenders, telematics service prov hird-party app developers, iders, call center operators, t 5.7.3). Oracle recommends that companies integrate their enterp rise data with social data iders, mobile network operator vehicle infotainment content prov s or mobile device (see chapter 5.7.2). In practice, this means that the social ne tworks of Facebook users are Google Apple system providers like . Also, third parties outside the telematics industry and for instance used very successfully by car insurers for their fraud prevention algorithms. cquire telematics data, includi ng local retailers and itself are standing in line to a Telecom operators use Facebook s tatus data to double-check whet her contract-relevant merchants, online advertising agencies, data brokers, law enfor cement agencies, debt o what a person has stated data provided to them is correct (i.e. whether it corresponds t collectors, fraud investigators, litigants and many more can be added to the list of 640 potential bidders for the data. has These examples demonstrate how Facebook about themselves on Facebook). created an “asymmetry between a user’s imagined and actual audience” that “threatens y is, and will As many other examples in our report show, personal data alread the possibility of the individua l to act as a contextual and re lational self” (Dumortier 2009, ifferent purposes than it was increasingly be, used in completely different contexts or for d apps. The loss of one’s p. 11). The same is true for many other platforms, services and initially collected and this is done at ubiquitous scale. dignity. contextual and relational self again deeply undermines personal governmental surveillance that is Another example of extensive de-contextualization is Corporate data enabled by corporate databases (see e.g. De Zwart et al 2014). Many documents revealed accessed by 6.2 A loss of contextual integrity ssively accessing by Edward Snowden showed that gove rnmental authorities are exce governments orporate players. In information about citizens, which was originally collected by c As data is used for other purposes than the ones stated at the time of its collection, it may addition, companies and institut claims or social benefits ions that investigate insurance lose its contextual integrity. terrorism or delinquency often use the same analytics tools that are used to investigate fraud prevention, credit scoring or Data that has been collected in the context of online Marketing, risk (see chapter 3.5). and is used for customer relationship management, online targeting payment processing assessment tered according to risk other marketing purposes. For example, advertising gets pre-fil and even excluded from the judgments and “high risk” customers are treated differently, or employment 6.3 The transparency issue smartphone apps or social beginning. Conversely, data collected in marketing contexts, by practices in marketing networks, is used for risk assessment. Generally, companies and of data markets (such as Both, Edward Snowden’s revelations and critical investigations realm of and 5.7). In the and risk assessment are increasingly merging (see chapters 3.5 ta-sharing and this report) are slowly opening peoples’ eyes to the massive da for example, work , information that is collected to improve business processes – on. As a result, established po decontextualizing that is going licy bodies have started to customer satisfaction reports, lo in-store-tracking for customer cation tracking in logistics, data flows, including the Wor call for more transparency around ld Economic Forum (WEF agement tools – is also used to monitor, judge and control analytics, data from project man Parliament. Together the European mission (FTC) and 2014), the U.S. Federal Trade Com employees (see chapter 3.3). new regulation on with the Parliament, the European Commission passed the GDPR, a panies when data protection which will come into effect in 2018 and tries to sanction com Since the 1990s, scholar s have used the term function creep to describe when systems, they collect too much data about individuals and use it out of context. which are recording digital data about people, are later being used for tasks other than those originally intended (see Lyon 2010, p. 330). For example, the UK database of school anies are collecting data transparency is missing. Comp That said, at this point in time, Lack of children, which was set up in 1997 to collect “general aggregat e data to plan for services”, ), “largely without about billions of consumers from various sources (see chapter 5 transparency ren—how they arrive at later “became a means of amassing detailed information on child share data with others, it . IV). As data brokers often consumers’ knowledge” (FTC 2014, p . This phenomenon can be school, who eats meals at school, who has special needs” (ibid) is “virtually impossible for a consumer to determine how a data broker obtained” their observed in many areas today. More and more businesses are coll ecting vast amounts of ext or for what purpose information about people without even knowing yet in which cont 639 York Times, 24.03.2012. Online: Hardy, Quentin (2012): Just the Facts. Yes, All of Them. New ants-to-gather-the-data- http://www.nytimes.com/2012/03/2 5/business/factuals-gil-elbaz-w universe.html [27.07.2016] 640 According to a presentation of the author Yvonne Hofstetter h eld at the Club of Vienna in early 2016 121 121 120

122 data (ibid). Most consumers have “no way of knowing that data b rokers may be collecting es sometimes seem to and target individuals (see chapter 5.6). In addition, business their data” at all (Senate Committee on Commerce, Science, and Transportation 2013, p. . For example, when it is intentionally confuse data privacy and data security 32). Consumers are often neither aware of what personal informa tion about them and emphasized that employers or insurers don’t have access to raw fitness data recorded by their behavior is collected, nor how this data is processed, wi th whom it is shared or sold, hird party (see chapter activity trackers, because it would be managed by a “neutral” t then based on such which conclusions can be drawn from it, and which decisions are y point of view. However eneficial from a data securit , 4.3.4). This seems to be clearly b 2013). Both dominant conclusions (see chapters 2-5, IWGDPT 2014, Tene and Polonetsky o much, who has access to from a data privacy point of view the crucial question is not s platforms – generally platforms and smaller providers of websites, services, apps and the raw data, but who has access to the enriched information, w hich is derived from it, such as activity indices or health scores. o the storage, processing speaking – act in a largely non-transparent way when it comes t and the utilization of personal data. about incompletely, inaccurately or not at all Taken together, users are often informed Users are eed to be able to To determine how a company obtained someone’s data, consumers n which data is being collected an e also chapters 4.2.1 and d shared with third parties (se Data brokers informed “retrace the path of data through a series of data brokers” (FTC 2014, p. IV), which is very own data, and they 4.3.3). Many companies do not even allow users to access their inaccurately sharing data pport this have been challenging. In fact, a number of technical tools that would su consider their algorithms as trade secrets (see Citron and Pasq uale 2014, Weichert 2013). with each other P3P gst others, the proposed and even standardized i n the past. These include, amon th the ability to access Most importantly, companies normally don’t provide consumers wi 2006) and academic work around sticky policies Protocol (Cranor 2003; Cranor et al. information inferred from collected data , although it is used to sort and categorize (Casassa Mont et al. 2003). A good overview of current works in this direction can be Science, and them on an individual level (see Senate Committee on Commerce, n “Personal Data Markets gained form a special issue of the journal Electronic Markets o many data sources” and Transportation 2013). Consumer scores, which are “derived from and Privacy” co-edited by one of the authors of this report (Sp iekermann et al. 2015). “used widely to predict behaviou , profitability” are opaque rs like spending, health, fraud However, most industry players have so far refused to co-operat e in the development and and “typically secret in some way”. The “existence of the score itself, its uses, the C P3P standard; a refusal avoided the use of existing technical standards, such as the W3 e hidden” (Dixon and underlying factors, data sources, or even the score range may b Gellman 2014, p. 6). that can be well recapitulated wh en looking into the failed deb ates around a potential Do No Track f past debates standard at the W3C or CMU Professor Lorrie Cranor’s account o with industry (Cranor 2012). 6.4 Power imbalances businesses often use Instead of enabling transparent data collection and data flows, documents; i.e. in their ambiguous and misleading rhetoric, both in user interfaces and transparent, corporate data mining practices remain While users become more and more A Big Data terms and conditions. As the Nor p. 4) observed, many wegian Consumer Council (2016, largely obscure. This is resultin g in an imbalance of power bet ween users and companies divide nerally unclear and terms of apps use “difficult and obscure language” and have “ge jevic (2014, p. 1673) stated tha t this “asymmetric (IWGDPT 2014, p. 9). Mark Andre “may” and “can”. Many complicated terms dominated by hypothetical language”, such as relationship between those who collect, store, and mine large q uantities of data, and those third parties for poorly apps “reserve the right to share personal data with unspecified Big Data divide whom data collection targets” leads to a . He points out that the “systemic, specified purposes”. Some “treat personal and ide ntifiable data as non-personal data” or structural opacity” (ibid, p. 1677) of today’s practices in dat a mining creates a divide use “unclear or ambiguous definitions of personal data” (ibid, p. 16). Danah Boyd et al ower” (ibid, p. 1676), who between those “with access to data, expertise, and processing p (2010, p.5) observed that companie s are even “tricking [people] into clicking through in a are able to analyze, categorize and sort people, and those “who find their lives affected by way that permission is granted unintentionally”. the resulting decisions” (ibid, p. 1683). His reflections are b ased on Boyd and Crawford Big Data rich etween the (2012, p. 674), who recognized a “new kind of digital divide” b dary uses of data is also ceive consent for various secon An ethically ambiguous way to re Hidden options . Tene and Polonetsky (2013, p and the Big Data poor . 255) compared the relation to hide or omit choices, which would actually be very important to protect one’s privacy. and limited between users and large data owners to a “game of poker where o ne of the players has his p” options. Users for example, offers a set of prominently placed “privacy checku Facebook, choices e hand is open will hand open and the other keeps his cards close”. The player whos can contact me” and “how can easily access options such as “who can see my stuff”, “who 641 limited power to influence how always lose. Consumers have very companies behave and hides some additional settings Facebook Although to stop someone from bothering me”. in decisions about how the systems and they cannot democratically participate relevant to privacy under the title “ads”, which allow users to control some aspects of how platforms work. third-party companies can make u se of their data on and off the Facebook platform, the company doesn’t give users a simple option to disallow third-pa rty companies from becomes increasingly This is especially true because opting out from data collection Opting out is 642 Instead, by focusing on options such as “who can see my stuff” making use of their data. difficult, or nearly impossible. void privacy contracts: Today, consumers can “hardly a difficult , which does not ’s “privacy checkup” promotes a very limited concept of privacy Facebook almost all banks, software and ha rdware vendors, social network ing sites, digital content ’s own utilization of the collected data. Facebook include services, retail loyalty progra iders employ them” mmes and telecommunications prov (Rhoen 2016, p. 2). For example, to use a standard mobile phone people have to link it to a es to the description of an also be observed when it com Misleading or limited rhetoric c Data security and Google user account at one of the major platforms such as Apple , at least as long as ten indicate that data will be how data is treated. Companies of “anonymized” or “de- vs. data The terms, which allow l knowledge (see chapter 4.1). they don’t have special technica when they are in fact using pse udonymous identifiers to track, identified” match, profile, privacy companies to collect and use personal data on many levels, are almost non-negotiable for consumers. The programmer and web entrepreneur Maciej Cegłowski (2016) pointed out of electricity, or cooked foods that “opting out of surveillance capitalism is like opting out — you are free to do it in theory”. In practice, it would mean “opting out of much of 641 ugust 13, 2016 Facebook user interface, accessed from a personal account on A modern life”. Whether the new European GDPR is really effective ly able to improve this 642 Ibid. 122 123 122

123 es sometimes seem to and target individuals (see chapter 5.6). In addition, business data (ibid). Most consumers have “no way of knowing that data b rokers may be collecting intentionally confuse data privacy and data security . For example, when it is Transportation 2013, p. their data” at all (Senate Committee on Commerce, Science, and fitness data recorded by emphasized that employers or insurers don’t have access to raw 32). Consumers are often neither aware of what personal informa tion about them and hird party (see chapter activity trackers, because it would be managed by a “neutral” t th whom it is shared or sold, their behavior is collected, nor how this data is processed, wi , y point of view. However eneficial from a data securit 4.3.4). This seems to be clearly b then based on such which conclusions can be drawn from it, and which decisions are o much, who has access to from a data privacy point of view the crucial question is not s 2013). Both dominant conclusions (see chapters 2-5, IWGDPT 2014, Tene and Polonetsky the raw data, but who has access to the enriched information, w hich is derived from it, platforms – generally platforms and smaller providers of websites, services, apps and such as activity indices or health scores. o the storage, processing speaking – act in a largely non-transparent way when it comes t and the utilization of personal data. about incompletely, inaccurately or not at all Taken together, users are often informed Users are which data is being collected an e also chapters 4.2.1 and d shared with third parties (se eed to be able to To determine how a company obtained someone’s data, consumers n Data brokers informed own data, and they 4.3.3). Many companies do not even allow users to access their “retrace the path of data through a series of data brokers” (FTC 2014, p. IV), which is very inaccurately sharing data consider their algorithms as trade secrets (see Citron and Pasq uale 2014, Weichert 2013). pport this have been challenging. In fact, a number of technical tools that would su with each other Most importantly, companies normally don’t provide consumers wi th the ability to access P3P gst others, the proposed and even standardized i n the past. These include, amon information inferred from collected data , although it is used to sort and categorize 2006) and academic work around sticky policies Protocol (Cranor 2003; Cranor et al. them on an individual level (see Senate Committee on Commerce, Science, and (Casassa Mont et al. 2003). A good overview of current works in this direction can be many data sources” and Transportation 2013). Consumer scores, which are “derived from gained form a special issue of the journal Electronic Markets o n “Personal Data Markets “used widely to predict behaviou rs like spending, health, fraud , profitability” are opaque iekermann et al. 2015). and Privacy” co-edited by one of the authors of this report (Sp itself, its uses, the and “typically secret in some way”. The “existence of the score e in the development and However, most industry players have so far refused to co-operat underlying factors, data sources, or even the score range may b e hidden” (Dixon and C P3P standard; a refusal avoided the use of existing technical standards, such as the W3 Gellman 2014, p. 6). Do ates around a potential en looking into the failed deb that can be well recapitulated wh No Track standard at the W3C or CMU Professor Lorrie Cranor’s account o f past debates with industry (Cranor 2012). 6.4 Power imbalances businesses often use Instead of enabling transparent data collection and data flows, documents; i.e. in their ambiguous and misleading rhetoric, both in user interfaces and transparent, corporate data mining practices remain While users become more and more A Big Data terms and conditions. As the Nor p. 4) observed, many wegian Consumer Council (2016, largely obscure. This is resultin g in an imbalance of power bet ween users and companies divide nerally unclear and terms of apps use “difficult and obscure language” and have “ge jevic (2014, p. 1673) stated tha t this “asymmetric (IWGDPT 2014, p. 9). Mark Andre “may” and “can”. Many complicated terms dominated by hypothetical language”, such as relationship between those who collect, store, and mine large q uantities of data, and those third parties for poorly apps “reserve the right to share personal data with unspecified Big Data divide whom data collection targets” leads to a . He points out that the “systemic, specified purposes”. Some “treat personal and ide ntifiable data as non-personal data” or structural opacity” (ibid, p. 1677) of today’s practices in dat a mining creates a divide use “unclear or ambiguous definitions of personal data” (ibid, p. 16). Danah Boyd et al ower” (ibid, p. 1676), who between those “with access to data, expertise, and processing p (2010, p.5) observed that companie s are even “tricking [people] into clicking through in a are able to analyze, categorize and sort people, and those “who find their lives affected by way that permission is granted unintentionally”. the resulting decisions” (ibid, p. 1683). His reflections are b ased on Boyd and Crawford Big Data rich etween the (2012, p. 674), who recognized a “new kind of digital divide” b dary uses of data is also ceive consent for various secon An ethically ambiguous way to re Hidden options . Tene and Polonetsky (2013, p and the Big Data poor . 255) compared the relation to hide or omit choices, which would actually be very important to protect one’s privacy. and limited between users and large data owners to a “game of poker where o ne of the players has his p” options. Users for example, offers a set of prominently placed “privacy checku Facebook, choices e hand is open will hand open and the other keeps his cards close”. The player whos can contact me” and “how can easily access options such as “who can see my stuff”, “who 641 limited power to influence how always lose. Consumers have very companies behave and hides some additional settings Facebook Although to stop someone from bothering me”. in decisions about how the systems and they cannot democratically participate relevant to privacy under the title “ads”, which allow users to control some aspects of how platforms work. third-party companies can make u se of their data on and off the Facebook platform, the company doesn’t give users a simple option to disallow third-pa rty companies from becomes increasingly This is especially true because opting out from data collection Opting out is 642 Instead, by focusing on options such as “who can see my stuff” making use of their data. difficult, or nearly impossible. void privacy contracts: Today, consumers can “hardly a difficult , which does not ’s “privacy checkup” promotes a very limited concept of privacy Facebook almost all banks, software and ha rdware vendors, social network ing sites, digital content ’s own utilization of the collected data. Facebook include services, retail loyalty progra iders employ them” mmes and telecommunications prov (Rhoen 2016, p. 2). For example, to use a standard mobile phone people have to link it to a es to the description of an also be observed when it com Misleading or limited rhetoric c Data security and Google user account at one of the major platforms such as Apple , at least as long as ten indicate that data will be how data is treated. Companies of “anonymized” or “de- vs. data The terms, which allow l knowledge (see chapter 4.1). they don’t have special technica when they are in fact using pse udonymous identifiers to track, identified” match, profile, privacy companies to collect and use personal data on many levels, are almost non-negotiable for consumers. The programmer and web entrepreneur Maciej Cegłowski (2016) pointed out of electricity, or cooked foods that “opting out of surveillance capitalism is like opting out — you are free to do it in theory”. In practice, it would mean “opting out of much of 641 ugust 13, 2016 Facebook user interface, accessed from a personal account on A modern life”. Whether the new European GDPR is really effective ly able to improve this 642 Ibid. 123 123 122

124 ions of consent remains to be s een. Either way it would only with its Article 7 on the condit the “financial distress they claim merely create Scores about consumers sometimes even Amplifying be an improvement for European c ution. itizens and not a worldwide sol to indicate”, and thus become (Citron and Pasquale 2014, p. self-fulfilling prophecies existing ay raise the cost of future 18). The “act of designating someone as a likely credit risk” m inequalities? dead” and that really eaders and others argue that “privacy is Sometimes, corporate l loans, insurance rates and/or decrease employability for this i ndividual. Similarly, argument for this people do not care about privacy any more. Their most important automatic judgments in hiring decrease future employability (ib id). But scoring is not only Facebook and other popular services. We do not agree with conclusion is the wide use of used in such crucial areas as banking, insurance and employment today. Data brokers and do perceive the power this argument. In contrast, research shows that Internet users mers in many areas of life. other businesses offer scores that segment, rate and rank consu p. 1685) qualitative them. Mark Andrejevic’s (2014, asymmetries online and react to Consumer scores ir future predict, for example, the profitability of individuals and the research shows that users feel “frustration over a sense of pow erlessness in the face of , possible care needs and income, the likeliness that someone will take medication or not increasingly sophisticated and co mprehensive forms of data coll ection and mining”. He even mortality (see chapter 5.4). at they dislike but feel argues that users “operate within structured power relations th powerless to contest” (ibid, p. 1678). A recent study of over 1300 Facebook users by one lication such as banking, insu rance, health, employment Compared to crucial fields of app Many small before they post anything of the authors of this report showed that 90 to 95% think twice ses has often been or law enforcement the use of personal data for marketing purpo decisions on na Zuboff (2015, p. 82) points (Spiekermann et al. 2016). Shosha to the chilling effects of considered as less relevant for r this report shows, the ights and justice. However, as consumers anticipatory conformity ”, which “assumes a point of origin in consciousness from which “ ng. Advertising can now spheres of marketing and risk management are increasingly mergi tions and social a choice is made to conform for the purposes of evasion of sanc be personalized on an individual ed, profiled and matched in level, and people are recogniz camouflage”. real-time – across devices, platforms and customer databases fr om myriads of companies. constantly sorting and categorizing Businesses are both customers and prospects, ogy for communication Given that the World Wide Web started out as a powerful technol valuable or when they are surfing the web or using mobile devices, according to how where it has arrived now. and knowledge, where people could open up freely, it is a pity they are. Consequently, businesses can, for example, calculate the exact minimum risky by governments and Today, it “has become a system that is often subject to control action necessary to keep custome sumer’s lives and rs loyal. Today, data about con corporations”, as the New York Ti mes frankly stated in an artic le about Tim Berners-Lee, about them every day – ranging decisions behavior is used to make many different small 643 its creator. (Graham 2005, p. 569) from how long someone has to wait when calling a phone hotline ethods someone gets (see to which contents, ads, offers, d iscounts, prices and payment m chapters 3.6 and 5.7). 6.5 Power imbalances abused: systematic discrimination and sorting top 30% of a company’s customers are When, as suggested by a major data broker, the Cumulative categorized as individuals who co of bottom 20% uld add 500% of value, and the disadvantage If companies and corporate leaders would take ethics and social responsibility as serious customers are categorized as ind ividuals who could actually cos t 400% of value, the e more acceptable for as they sometimes claim, then power imbalances could possibly b gnoring the latter 20%, company may “shower their top customers with attention, while i ersonal data markets users. Unfortunately, the abuse of information asymmetries in p ompanies in returns or customer service calls, cost c who may spend ‘too much’ time on shows only the contrary. The available information tends to be leveraged only for coupons, or otherwise cost more than they provide” (Marwick 201 3, p. 5). These “low- economic corporate advantage. Ethical reflections play no role. Even legal boundaries value targets” have been categorized as “ waste ” by data brokers (ibid). In contrast, have been widely ignored where a lack of sanctions allowed it. In countries where laws has been recognized as high based on a customer lifetime value Internet users, whose ulations have been bent, and directives exist that protect consumer’s privacy, those reg wide range of data, increasingly receive personalized offers, c alls and discounts via web undermined and misinterpreted frequently. and mobile ads, email and other channels (see chapter 3.6). Pri vacy expert Michael Fertik When companies use predictive analytics to judge, address or tr eat people differently or Limiting (2013) stated that the "rich" woul d already see "a different In ternet" than the "poor". choices of the even to deny them opportunities, individuals become the chances and chances and risky they experience Subsequently, when consumers are categorized as non-valuable or redlining c example is the practice know limited (see Lyon 2003). A classi n as , when choices not very significant on many small disadvantages in their everyday lives, each of them mation about an individual’s ne financial institutions use infor ighbourhood to predict risk their own, but accumulated resulting in a significant disadvant age in life. Perhaps this and creditworthiness. W hile companies may know that redlining i s biased against poor phenomenon could be labelled as a cumulative disadvantage . Originating from ure significant variation with in each subpopulation”, neighbourhoods and fails “to capt 644 , Oscar Gandy (2009, p. 1) use d this term to describe the inequality theory in sociology they might use it anyway, because profits are higher than costs from inaccuracy (Barocas statistics to an ever-widening number of life-decisions”, “application of probability and hat automatically and Selbst 2016, p. 689). In the field of employment, systems t score, nforce, and widen which “shape the opportunities people face” and “reproduce, rei may lead to the unfair discrimi sort and rank resumes nation and exclusion of applica nts, disparities in the quality of li fe that different groups of peo ple can enjoy”. kinds of predictive models depending on which individual attributes are included in which In addition, the different treatment of individuals based on op aque, automated decisions How to prove (see chapter 3.3). and a wide range of data entails another problem. As long as da ta and algorithms are unfair discrimination ? 644 09): Aging and Cumulative See e.g. Ferraro, Kenneth F., and Tetyana Pylypiv Shippee (20 643 Hardy, Q. (2016): The Web’s Creator Looks to Reinvent It. New York Times, June 7, 2016. Online: logist 49.3, 333–343, PMC. Online: Inequality: How Does Inequality Get Under the Skin? The Geronto ooks-to-reinvent-it.html technology/the-webs-creator-l http://www.nytimes.com/2016/06/08/ nequality_theory_for_research .net/publication/281549834_Cumulative_i https://www.researchgate [30.08.2016] _on_aging_and_the_life_course 124 125 124

125 Scores about consumers sometimes even create the “financial distress they claim merely Amplifying the “financial distress they claim merely create Scores about consumers sometimes even ions of consent remains to be s with its Article 7 on the condit een. Either way it would only self-fulfilling prophecies (Citron and Pasquale 2014, p. to indicate”, and thus become Amplifying existing ution. be an improvement for European c itizens and not a worldwide sol to indicate”, and thus become self-fulfilling prophecies (Citron and Pasquale 2014, p. ay raise the cost of future 18). The “act of designating someone as a likely credit risk” m existing inequalities? 18). The “act of designating someone as a likely credit risk” m ay raise the cost of future ndividual. Similarly, loans, insurance rates and/or decrease employability for this i inequalities? Sometimes, corporate l eaders and others argue that “privacy is dead” and that really ndividual. Similarly, loans, insurance rates and/or decrease employability for this i id). But scoring is not only automatic judgments in hiring decrease future employability (ib argument for this people do not care about privacy any more. Their most important automatic judgments in hiring decrease future employability (ib id). But scoring is not only today. Data brokers and used in such crucial areas as banking, insurance and employment conclusion is the wide use of Facebook and other popular services. We do not agree with today. Data brokers and used in such crucial areas as banking, insurance and employment other businesses offer scores that segment, rate and rank consu mers in many areas of life. do perceive the power this argument. In contrast, research shows that Internet users mers in many areas of life. other businesses offer scores that segment, rate and rank consu predict, for example, the profitability of individuals and the ir future Consumer scores asymmetries online and react to them. Mark Andrejevic’s (2014, p. 1685) qualitative ir future Consumer scores predict, for example, the profitability of individuals and the , possible care needs and income, the likeliness that someone will take medication or not erlessness in the face of research shows that users feel “frustration over a sense of pow income, the likeliness that someone will take medication or not , possible care needs and even mortality (see chapter 5.4). ection and mining”. He increasingly sophisticated and co mprehensive forms of data coll even mortality (see chapter 5.4). argues that users “operate within structured power relations th at they dislike but feel rance, health, employment Compared to crucial fields of app lication such as banking, insu Many small Compared to crucial fields of app lication such as banking, insu rance, health, employment powerless to contest” (ibid, p. 1678). A recent study of over 1300 Facebook users by one or law enforcement the use of personal data for marketing purpo ses has often been Many small decisions on ses has often been or law enforcement the use of personal data for marketing purpo of the authors of this report showed that 90 to 95% think twice before they post anything ights and justice. However, as considered as less relevant for r this report shows, the decisions on consumers considered as less relevant for r ights and justice. However, as this report shows, the (Spiekermann et al. 2016). Shosha na Zuboff (2015, p. 82) points to the chilling effects of ng. Advertising can now spheres of marketing and risk management are increasingly mergi consumers spheres of marketing and risk management are increasingly mergi ng. Advertising can now ”, which “assumes a point of origin in consciousness from which “ anticipatory conformity be personalized on an individual level, and people are recogniz ed, profiled and matched in be personalized on an individual level, and people are recogniz ed, profiled and matched in tions and social a choice is made to conform for the purposes of evasion of sanc om myriads of companies. real-time – across devices, platforms and customer databases fr camouflage”. om myriads of companies. real-time – across devices, platforms and customer databases fr Businesses are both customers and prospects, constantly sorting and categorizing both customers and prospects, constantly sorting and categorizing Businesses are valuable or when they are surfing the web or using mobile devices, according to how Given that the World Wide Web started out as a powerful technol ogy for communication when they are surfing the web or using mobile devices, according to how valuable or they are. Consequently, businesses can, for example, calculate risky the exact minimum where it has arrived now. and knowledge, where people could open up freely, it is a pity they are. Consequently, businesses can, for example, calculate risky the exact minimum sumer’s lives and rs loyal. Today, data about con action necessary to keep custome by governments and Today, it “has become a system that is often subject to control sumer’s lives and rs loyal. Today, data about con action necessary to keep custome behavior is used to make many different small decisions about them every day – ranging le about Tim Berners-Lee, mes frankly stated in an artic corporations”, as the New York Ti about them every day – ranging behavior is used to make many different small decisions (Graham 2005, p. 569) from how long someone has to wait when calling a phone hotline 643 its creator. (Graham 2005, p. 569) from how long someone has to wait when calling a phone hotline iscounts, prices and payment m to which contents, ads, offers, d ethods someone gets (see to which contents, ads, offers, d iscounts, prices and payment m ethods someone gets (see chapters 3.6 and 5.7). chapters 3.6 and 5.7). When, as suggested by a major data broker, the top 30% of a company’s customers are Cumulative 6.5 Power imbalances abused: systematic discrimination and sorting of a company’s customers are top 30% When, as suggested by a major data broker, the bottom 20% of categorized as individuals who co uld add 500% of value, and the Cumulative disadvantage bottom 20% of uld add 500% of value, and the categorized as individuals who co ividuals who could actually cos customers are categorized as ind t 400% of value, the disadvantage If companies and corporate leaders would take ethics and social responsibility as serious ividuals who could actually cos t 400% of value, the customers are categorized as ind gnoring the latter 20%, company may “shower their top customers with attention, while i e more acceptable for as they sometimes claim, then power imbalances could possibly b gnoring the latter 20%, company may “shower their top customers with attention, while i who may spend ‘too much’ time on customer service calls, cost c ompanies in returns or ersonal data markets users. Unfortunately, the abuse of information asymmetries in p ompanies in returns or who may spend ‘too much’ time on customer service calls, cost c coupons, or otherwise cost more than they provide” (Marwick 201 3, p. 5). These “low- shows only the contrary. The available information tends to be leveraged only for coupons, or otherwise cost more than they provide” (Marwick 201 3, p. 5). These “low- value targets” have been categorized as “ ” by data brokers (ibid). In contrast, waste economic corporate advantage. Ethical reflections play no role. Even legal boundaries ” by data brokers (ibid). In contrast, waste value targets” have been categorized as “ Internet users, whose customer lifetime value has been recognized as high based on a have been widely ignored where a lack of sanctions allowed it. In countries where laws customer lifetime value has been recognized as high based on a Internet users, whose wide range of data, increasingly receive personalized offers, c alls and discounts via web and directives exist that protect consumer’s privacy, those reg ulations have been bent, wide range of data, increasingly receive personalized offers, c alls and discounts via web vacy expert Michael Fertik and mobile ads, email and other channels (see chapter 3.6). Pri undermined and misinterpreted frequently. vacy expert Michael Fertik and mobile ads, email and other channels (see chapter 3.6). Pri ternet" than the "poor". d already see "a different In (2013) stated that the "rich" woul When companies use predictive analytics to judge, address or tr eat people differently or Limiting d already see "a different In ternet" than the "poor". (2013) stated that the "rich" woul risky they experience Subsequently, when consumers are categorized as non-valuable or even to deny them opportunities, individuals become the chances and choices of the chances and risky they experience Subsequently, when consumers are categorized as non-valuable or many small disadvantages in their everyday lives, each of them not very significant on redlining c example is the practice know limited (see Lyon 2003). A classi n as , when choices many small disadvantages in their everyday lives, each of them not very significant on age in life. Perhaps this their own, but accumulated resulting in a significant disadvant ighbourhood to predict risk financial institutions use infor mation about an individual’s ne their own, but accumulated resulting in a significant disadvant age in life. Perhaps this cumulative disadvantage phenomenon could be labelled as a . Originating from and creditworthiness. W s biased against poor hile companies may know that redlining i 644 , Oscar Gandy (2009, p. 1) use d this term to describe the cumulative disadvantage phenomenon could be labelled as a . Originating from inequality theory in sociology neighbourhoods and fails “to capt ure significant variation with in each subpopulation”, 644 , Oscar Gandy (2009, p. 1) use d this term to describe the “application of probability and statistics to an ever-widening number of life-decisions”, inequality theory in sociology they might use it anyway, because profits are higher than costs from inaccuracy (Barocas statistics to an ever-widening number of life-decisions”, “application of probability and nforce, and widen which “shape the opportunities people face” and “reproduce, rei hat automatically score, and Selbst 2016, p. 689). In the field of employment, systems t which “shape the opportunities people face” and “reproduce, rei nforce, and widen disparities in the quality of li ple can enjoy”. fe that different groups of peo sort and rank resumes nts, nation and exclusion of applica may lead to the unfair discrimi disparities in the quality of li fe that different groups of peo ple can enjoy”. In addition, the different treatment of individuals based on op aque, automated decisions How to prove depending on which individual attributes are included in which kinds of predictive models In addition, the different treatment of individuals based on op aque, automated decisions and a wide range of data entails another problem. As long as da ta and algorithms are How to prove unfair (see chapter 3.3). ta and algorithms are and a wide range of data entails another problem. As long as da unfair discrimination ? discrimination ? 644 See e.g. Ferraro, Kenneth F., and Tetyana Pylypiv Shippee (20 09): Aging and Cumulative logist 49.3, 333–343, PMC. Online: Inequality: How Does Inequality Get Under the Skin? The Geronto 644 09): Aging and Cumulative See e.g. Ferraro, Kenneth F., and Tetyana Pylypiv Shippee (20 nequality_theory_for_research .net/publication/281549834_Cumulative_i https://www.researchgate 643 Hardy, Q. (2016): The Web’s Creator Looks to Reinvent It. New York Times, June 7, 2016. Online: Inequality: How Does Inequality Get Under the Skin? The Geronto logist 49.3, 333–343, PMC. Online: _on_aging_and_the_life_course ooks-to-reinvent-it.html technology/the-webs-creator-l http://www.nytimes.com/2016/06/08/ nequality_theory_for_research https://www.researchgate .net/publication/281549834_Cumulative_i [30.08.2016] _on_aging_and_the_life_course 125 125 125 124

126 secret, it is not possible to even notice or prove discriminati on. For example, existing While errors in collected or transmitted data, inaccurate class ifications and assessments Inaccurate studies on personalized pricing f not impossible – to show that it is challenging – i ely impact the lives of based on flawed prediction model s and data analytics can massiv conclusions oducts or prices to different accurately investigate, whether online shops offer different pr individuals (see IWGDPT 2014, National Consumer Law Center 201 4, FTC 2016), Big Data chapter 3.6). Under these consumers based on individual attributes or user behavior (see analytics is far from objectivit y and accuracy in general (see Boyd et al 2012). Predictions circumstances consumers have no chance to understand, what their individual offers correlations and probabilities are blurry by design, because they are based on . and prices are based on, or whether they get individual offers and prices at all. rong district or swiping Someone, for example, knowing the wrong people, living in the w judged in a certain in a wrong way when using a mobile app may get categorized and h our incredibly “smart” With the Internet of Things and ever more data collected throug Internet of les de-contextualize and negative way. Companies carry the risk that their digital profi ther. Tim O’Reilly stated in environments, such sorting practices are likely to increase fur Things as a key misinterpret the interactions they recorded about their custome rs. The underlying 2014 that “advertising turned out to be the native business mod el for the internet”, but he to behavioral “motivations for particular actions are never explained or unde rstood” (De Zwart 2014, p. expects that “insurance is going to be the native business mode l for the Internet of change takenly being denied lead to “more individuals mis 718). Big Data analytics can also 645 . In a recent report about “The Internet of Things: Opportuniti es for Insurers” a Things” share some characteristics opportunities based on the actions of others” just because they relationships to connect consulting firm explains that insurers could “use IoT-enriched with other consumers (FTC 2016, p. 9). 646 Many experts d influence their behaviors”. more holistically to customers an incentives to interviewed by Pew Research (2014, p. 8) expect that “ try to get people to It is not only inaccuracy that ma a and predictions that are y harm consumers, but also dat Accurate, ” will become a “major driver” of the Internet of Things – for change their behavior “too accurate” (see Barocas and Selbst 2016). When companies in corporate sensitive but biased e healthy or safe manner or example, to motivate people to purchase a good, to act in a mor filiation, poverty or health personal attributes such as gender, age, ethnic or religious af to perform in a certain way at work. They conclude that the “re alities of this data- or even to the exclusion of into their automated decisions, this can lead to discrimination drenched world raise substanti al concerns about privacy and people’s abilities to entire parts of the population. For example, an insurance compa ny could “classify a control their own lives ” (ibid, p. 9). consumer as higher risk”, when this individual was categorized to have an “interest” in diabetes before he is actually suffering from it (FTC 2014, p. vi). This can also happen duals, but calculated by when sensitive attributes are not obtained directly from indivi in Refusal to participate algorithms based on statistical analysis or machine learning. 6.6 Companies hurt consumers and themselves about a person is available, digital tracking may have consequences too. If not enough data gh, also in the case where the risk of a customer relationship may be considered as too hi fire back. Companies which are most successful in their As in fairy tales, bad practices Inaccurate this would have been a good customer. a miserable public image and trust ratings are low. personal data business often have data Moreover, while they may be succ t, they often trade a big essful businesses at first sigh Finally, another problem for comp anies is that large data volum es also come with a certain Security chunk of out-dated data In the U.S., 26% of participants in a s urvey identified at least one and effective data protection becomes a costly and risky issue liability. Data security for threats p. i). In Germany the validity error on at least one of their three credit reports (FTC 2012, of data abuse and loss (see them. Wherever large amounts of data are stored there is a risk of credit scores has been assessed as questionable and often ba sed on estimations (see DatalossDB also chapter 4). According to , 3,930 security incidents were reported in the lms for algorithmic chapter 5.4). (Credit scoring is amongst the best-regulated rea year 2015, exposing more than 736 million records about individ uals such as email judgment on individuals). “Data quality problems plague every department, in every 648 The operational costs of the IT needed are huge. addresses, passwords and usernames. industry, at every level, and for every type of information [.. .] Studies show that knowledge worker s waste up to 50% of time hunting for data, ide ntifying and correcting errors, and seeking for confirmatory sources for data they do n ot trust”, writes David 6.7 Long term effects: the end of dignity? Redman in Harvard Business Review in 2013 (Redman 2013, p. 2). In fact, even y, there are at least a commercial computer programs rarely come without bugs. Typicall aluable customers or Online marketing aims to target individuals, who could become v lly commercialized few mistakes in every 10,000 lines of code, even in professiona loyal users, and in many cases to avoid individuals, who won’t. However, the goal is not 647 software products. uade them to act in certain only to reach people, who could be interested, but also to pers egister for a service, or ways, for example to click on an ad, participate in a survey, r purchase a product. Online marketing aims to increase “conversi on rates”, which describe s or app developers ted exactly in the way marketer the percentage of people, who ac wanted them to act. Marketers also want to prevent the loss of valuable customers (“customer churn”) or they want products (“cross- them to purchase complementary 645 firms reward, punish. The Myslewski, Rik (2014): The Inte rnet of Things helps insurance 649 products (“up-selling”). selling”) or more expensive Register, 24.05.2014. Online helps_insurance_firms_reward_ 4/05/23/the_internet_of_things_ http://www.theregister.co.uk/201 punish [01.08.2016] 646 of Things: Opportunity for Ins urers. December 2014. Online: ATKearney (2014): The Internet l-business/ideas-insights/featu red-article/- https://www.atkearney.com/digita unity-for-insurers/10192 /asset_publisher/Su8nWSQlHtbB/content/internet-of-things-opport [01.08.2016] 647 648 er’s Dilemma: Charting a Course https://blog.datalossdb.org/2016/02/11/2015-reported-data-bre aches-surpasses-all-previous- Martin C. Libicki, Lillian Ablon, Tim Webb (2015): The Defend years/ [01.08.2016] Toward Cybersecurity. RAND Corporation, p. 42. Online: 649 http://www.rand.org/content/dam/r and/pubs/research_reports/RR10 00/RR1024/RAND_RR102 nt: The Ultimate Guide to the See e.g. SCN Education (2001): Customer Relationship Manageme 4.pdf +Teubner Verlag, Wiesbaden. Efficient Use of CRM. Vieweg 126 127 126

127 ifications and assessments While errors in collected or transmitted data, inaccurate class secret, it is not possible to even notice or prove discriminati on. For example, existing Inaccurate based on flawed prediction model ely impact the lives of s and data analytics can massiv f not impossible – to show that it is challenging – i studies on personalized pricing conclusions individuals (see IWGDPT 2014, National Consumer Law Center 201 4, FTC 2016), Big Data oducts or prices to different accurately investigate, whether online shops offer different pr analytics is far from objectivit y and accuracy in general (see Boyd et al 2012). Predictions consumers based on individual attributes or user behavior (see chapter 3.6). Under these correlations and probabilities are blurry by design, because they are based on . circumstances consumers have no chance to understand, what their individual offers and prices at all. and prices are based on, or whether they get individual offers Someone, for example, knowing the wrong people, living in the w rong district or swiping judged in a certain in a wrong way when using a mobile app may get categorized and h our incredibly “smart” With the Internet of Things and ever more data collected throug Internet of les de-contextualize and negative way. Companies carry the risk that their digital profi ther. Tim O’Reilly stated in environments, such sorting practices are likely to increase fur Things as a key misinterpret the interactions they recorded about their custome rs. The underlying 2014 that “advertising turned out to be the native business mod el for the internet”, but he to behavioral “motivations for particular actions are never explained or unde rstood” (De Zwart 2014, p. expects that “insurance is going to be the native business mode l for the Internet of change takenly being denied lead to “more individuals mis 718). Big Data analytics can also 645 . In a recent report about “The Internet of Things: Opportuniti es for Insurers” a Things” share some characteristics opportunities based on the actions of others” just because they relationships to connect consulting firm explains that insurers could “use IoT-enriched with other consumers (FTC 2016, p. 9). 646 Many experts d influence their behaviors”. more holistically to customers an incentives to interviewed by Pew Research (2014, p. 8) expect that “ try to get people to It is not only inaccuracy that ma a and predictions that are y harm consumers, but also dat Accurate, ” will become a “major driver” of the Internet of Things – for change their behavior “too accurate” (see Barocas and Selbst 2016). When companies in corporate sensitive but biased e healthy or safe manner or example, to motivate people to purchase a good, to act in a mor filiation, poverty or health personal attributes such as gender, age, ethnic or religious af to perform in a certain way at work. They conclude that the “re alities of this data- or even to the exclusion of into their automated decisions, this can lead to discrimination drenched world raise substanti al concerns about privacy and people’s abilities to entire parts of the population. For example, an insurance compa ny could “classify a control their own lives ” (ibid, p. 9). consumer as higher risk”, when this individual was categorized to have an “interest” in diabetes before he is actually suffering from it (FTC 2014, p. vi). This can also happen duals, but calculated by when sensitive attributes are not obtained directly from indivi in Refusal to participate algorithms based on statistical analysis or machine learning. 6.6 Companies hurt consumers and themselves about a person is available, digital tracking may have consequences too. If not enough data gh, also in the case where the risk of a customer relationship may be considered as too hi fire back. Companies which are most successful in their As in fairy tales, bad practices Inaccurate this would have been a good customer. a miserable public image and trust ratings are low. personal data business often have data Moreover, while they may be succ t, they often trade a big essful businesses at first sigh Finally, another problem for comp anies is that large data volum es also come with a certain Security chunk of out-dated data In the U.S., 26% of participants in a s urvey identified at least one and effective data protection becomes a costly and risky issue liability. Data security for threats p. i). In Germany the validity error on at least one of their three credit reports (FTC 2012, of data abuse and loss (see them. Wherever large amounts of data are stored there is a risk of credit scores has been assessed as questionable and often ba sed on estimations (see DatalossDB also chapter 4). According to , 3,930 security incidents were reported in the lms for algorithmic chapter 5.4). (Credit scoring is amongst the best-regulated rea year 2015, exposing more than 736 million records about individ uals such as email judgment on individuals). “Data quality problems plague every department, in every 648 The operational costs of the IT needed are huge. addresses, passwords and usernames. industry, at every level, and for every type of information [.. .] Studies show that knowledge worker s waste up to 50% of time hunting for data, ide ntifying and correcting errors, and seeking for confirmatory sources for data they do n ot trust”, writes David 6.7 Long term effects: the end of dignity? Redman in Harvard Business Review in 2013 (Redman 2013, p. 2). In fact, even y, there are at least a commercial computer programs rarely come without bugs. Typicall aluable customers or Online marketing aims to target individuals, who could become v lly commercialized few mistakes in every 10,000 lines of code, even in professiona loyal users, and in many cases to avoid individuals, who won’t. However, the goal is not 647 software products. uade them to act in certain only to reach people, who could be interested, but also to pers egister for a service, or ways, for example to click on an ad, participate in a survey, r purchase a product. Online marketing aims to increase “conversi on rates”, which describe s or app developers ted exactly in the way marketer the percentage of people, who ac wanted them to act. Marketers also want to prevent the loss of valuable customers (“customer churn”) or they want products (“cross- them to purchase complementary 645 firms reward, punish. The Myslewski, Rik (2014): The Inte rnet of Things helps insurance 649 products (“up-selling”). selling”) or more expensive Register, 24.05.2014. Online helps_insurance_firms_reward_ 4/05/23/the_internet_of_things_ http://www.theregister.co.uk/201 punish [01.08.2016] 646 of Things: Opportunity for Ins urers. December 2014. Online: ATKearney (2014): The Internet l-business/ideas-insights/featu red-article/- https://www.atkearney.com/digita unity-for-insurers/10192 /asset_publisher/Su8nWSQlHtbB/content/internet-of-things-opport [01.08.2016] 647 648 er’s Dilemma: Charting a Course https://blog.datalossdb.org/2016/02/11/2015-reported-data-bre aches-surpasses-all-previous- Martin C. Libicki, Lillian Ablon, Tim Webb (2015): The Defend years/ [01.08.2016] Toward Cybersecurity. RAND Corporation, p. 42. Online: 649 http://www.rand.org/content/dam/r and/pubs/research_reports/RR10 00/RR1024/RAND_RR102 nt: The Ultimate Guide to the See e.g. SCN Education (2001): Customer Relationship Manageme 4.pdf +Teubner Verlag, Wiesbaden. Efficient Use of CRM. Vieweg 127 127 126

128 These techniques of marketing and customer relationship managem ent (CRM) are not ight to be treated as surveillance programmes due to social inequalities, the human r Influencing track and measure new. But as opposed to former times, marketers are now able to every scussion of this aspect equals is undermined. Dignity is undermined. A more detailed di behavior can be found in the next chapter. they try single interaction on an individual level. After measuring and analyzing behavior he way they want them to to “optimize” conversion rates, to make more “targets” act in t Finally, within the current netwo rks of digital tracking and co rporate surveillance “we can Kafkaesque act. They test different versions of functionalities, user inte rface designs, messages, never be sure, how we are being read or what the consequences a re” (Lyon 2010, p. 332). experience wordings or even different discounts and prices, and then measu re and analyze again how know why we see a People can at times confront a Kafkaesque experience. We don’t tion” are used to reward they can successfully influence behavior. Elements of “gamifica specific ad, why we receive a specific offer, or why we had to wait hours on the phone and incentivize desired behavior (see chapter 4.3.1). The more a company knows about hotline. Was it because we acted in a specific way before? Did the newsletter of that individuals, for example about t heir “personal biases and weakn esses” (Helberger 2016, p. political candidate contain issu a specific way? Was it es, which were personalized in ale” (Zuboff 2016). Based on people’s actual behavior at sc 15), the better they can “change pp, bought a specific product because we visited a specific website, used a specific mobile a digital tracking companies sometimes even “overcharge [people] when the data collected appen that we get a loan in the supermarket or watched a specific TV program? Could it h 650 indicates that the buyer is indifferent, uninformed or in a hur ry”. denied someday, when we visit the online gambling website once too often today? persuasion profiles Kaptein et al. (2011, p. 66) pointed to the concept of , which are “sets Pavlovian dogs orks of digital tracking Under the conditions of today’s opaque and non-transparent netw Humans as of estimates on the effectiveness of particular influence-strat egies on individuals, based on individuals do not know is recorded, analyzed and , which data about their lives numbers arketing openly admit that their past responses to these strategies”. Many businesses in m transferred – and which decision s are being made based on this information. They can’t 651 The question is whether in business we might they aim to achieve behavioral change. calculating their see how advertising networks and data brokers are continuously questionable ethic. Can it be have gotten so used to these strategies that we overlook their “customer value” or “risk score”, how these ratings are updated with each of their ian dogs? Do persuasive strateg ies – when they become right to use consumers as Pavlov interactions, and how this influences the contents and options they see. as personalized, pervasive and permanent as they do now – under mine the human autonomy ? Or have we indeed created a digital dignity that is central to human ffects of “anticipatory As outlined above, Shoshana Zuboff (2015) pointed towards the e Markets for environment in which people and masses are “managed” based on s urveillance in the way ne step further than many other conformity”. But she also went o researchers and scholars, behavioral er? Katarzyna Szymielewicz is quoted at the beginning of this chapt rkets for personal data”, but by pointing to the fact that we do not only see the rise of “ma ? control to describe a Big Other ”. She coined the concept of the markets for behavioral control “ Manipulation of opinions and desi res is unfortunately not limit ed to the realm of product Personalized new “distributed and largely uncontested new expression of powe r” (ibid, p. 75), which . For example, a voter targeting lar methods are used for and service marketing. Simi manipulation? would be different from Big Brother’s “centralized command and control” (ibid, p. 82). The campaign of a U.S. politician communicated political issues in different ways to different Big Other refers to a “ubiquitou s networked institutional regim e that records, modifies, people, based on extensive data about 220 million U.S. citizens , which were categorized and commodifies everyday experie nce from toasters to bodies, co mmunication to nal security or along their views on issues from environment, gun rights, natio surveillance capitalism . It started within thought” (ibid, p. 81) , a new “emergent logic of immigration (see chapter 3.1). P olitical manipulation through mass media and accumulation in the networked sphere”, which led to “new market s of behavioral advertising has been discussed s ince ages. Scholars in communic ation studies have long these “ markets of prediction and modification” (ibid, p. 1). According to Zuboff, 652 , challenged the idea of plain top-down manipulation as inappropr iate and too simplistic ” are “composed of those who sell opportunities to influence be behavioral control havior insisting that humans are able to use different individual appr opriation of communication 85). for profit and those who purchase such opportunities” (ibid, p. strategies. The shift to completely personalized interactions b ased on extensive individual on. profiles possibly creates new and unknown degrees of manipulati could “demean human In a newspaper essay she conclude s that surveillance capitalism Freedom, gin territory” and would dignity” (Zuboff 2016). She warns that society would enter “vir autonomy, en strategies to make manipulation, we also observe op In addition to opaque forms of Reward and face a drastic challenge that “threatens the existential and political canon of the democracy people change their behavior. Insurers reward consumers when they voluntarily agree to punishment defined by principles of self-determination”, for example “the modern liberal order wear devices, which permanently track their steps and everyday life activities, or when he ideals of social equality; the development of identity, sanctity of the individual and t they consent to the digital recording of their driving behavior . When they reach arbitrary, reedom that accrues to the autonomy, and moral reasoning; the integrity of contract, the f but transparent goals – such as a million steps or not driving too long during the night – e agreement; the functions making and fulfilling of promises; norms and rules of collectiv they receive financial incentives or discounts. Such programmes can be beneficial, as long of market democracy; the political integrity of societies; and the future of democratic as consumers can choose to not participate in digital tracking and have attractive sovereignty” (ibid). alternative options. However, when the incentives offered are c onsiderably more valuable ould effectively become in comparison to insurance programs without tracking, then it c mandatory for many people to participate; in particular for poo rer people who cannot 6.8. Final reflection: From volu ntary to mandatory surveillance? participate in self- afford to miss out on the discounts. When people feel forced to As described in the context of power imbalances above, opting out from digital tracking becomes increasingly difficult. Individuals can hardly avoid co nsenting to data collection without opting out of much of mo who don’t participate in dern life. In addition, persons 650 Zarsky T (2004): Desperately Seeking Solutions: Using Impleme ntation-Based Solutions for the data collection, who don’t have s ocial networking accounts or t oo thin credit reports, Troubles of Information Privacy in the Age of Data Mining and t he Internet Society. 56(1) Maine Law could be judged as “suspicious” and “too risky” in advance. Review 13, p. 52. See also p. 30-31. Quoted from: Borgesius (20 15) 651 See e.g. the results of a simple Google search after “marketi ng” and “behavioral change” Today’s personal data ecosystem raises many concerns about data being collected, Mandatory 652 See e.g. Fiske, John. Introduction to Communication Studies. London: Routledge, 1990. ithout informed consent of indi analyzed, transmitted and used w viduals. But in many consent? 128 128 129

129 ight to be treated as surveillance programmes due to social inequalities, the human r These techniques of marketing and customer relationship managem ent (CRM) are not Influencing scussion of this aspect equals is undermined. Dignity is undermined. A more detailed di track and measure new. But as opposed to former times, marketers are now able to every behavior can be found in the next chapter. they try single interaction on an individual level. After measuring and analyzing behavior he way they want them to to “optimize” conversion rates, to make more “targets” act in t Finally, within the current netwo rks of digital tracking and co rporate surveillance “we can Kafkaesque act. They test different versions of functionalities, user inte rface designs, messages, never be sure, how we are being read or what the consequences a re” (Lyon 2010, p. 332). experience wordings or even different discounts and prices, and then measu re and analyze again how know why we see a People can at times confront a Kafkaesque experience. We don’t tion” are used to reward they can successfully influence behavior. Elements of “gamifica specific ad, why we receive a specific offer, or why we had to wait hours on the phone and incentivize desired behavior (see chapter 4.3.1). The more a company knows about hotline. Was it because we acted in a specific way before? Did the newsletter of that individuals, for example about t heir “personal biases and weakn esses” (Helberger 2016, p. political candidate contain issu a specific way? Was it es, which were personalized in ale” (Zuboff 2016). Based on people’s actual behavior at sc 15), the better they can “change pp, bought a specific product because we visited a specific website, used a specific mobile a digital tracking companies sometimes even “overcharge [people] when the data collected appen that we get a loan in the supermarket or watched a specific TV program? Could it h 650 indicates that the buyer is indifferent, uninformed or in a hur ry”. denied someday, when we visit the online gambling website once too often today? persuasion profiles Kaptein et al. (2011, p. 66) pointed to the concept of , which are “sets Pavlovian dogs orks of digital tracking Under the conditions of today’s opaque and non-transparent netw Humans as of estimates on the effectiveness of particular influence-strat egies on individuals, based on individuals do not know is recorded, analyzed and , which data about their lives numbers arketing openly admit that their past responses to these strategies”. Many businesses in m transferred – and which decision s are being made based on this information. They can’t 651 The question is whether in business we might they aim to achieve behavioral change. calculating their see how advertising networks and data brokers are continuously questionable ethic. Can it be have gotten so used to these strategies that we overlook their “customer value” or “risk score”, how these ratings are updated with each of their ian dogs? Do persuasive strateg ies – when they become right to use consumers as Pavlov interactions, and how this influences the contents and options they see. as personalized, pervasive and permanent as they do now – under mine the human autonomy ? Or have we indeed created a digital dignity that is central to human ffects of “anticipatory As outlined above, Shoshana Zuboff (2015) pointed towards the e Markets for environment in which people and masses are “managed” based on s urveillance in the way ne step further than many other conformity”. But she also went o researchers and scholars, behavioral er? Katarzyna Szymielewicz is quoted at the beginning of this chapt rkets for personal data”, but by pointing to the fact that we do not only see the rise of “ma ? control to describe a Big Other ”. She coined the concept of the markets for behavioral control “ Manipulation of opinions and desi res is unfortunately not limit ed to the realm of product Personalized new “distributed and largely uncontested new expression of powe r” (ibid, p. 75), which . For example, a voter targeting lar methods are used for and service marketing. Simi manipulation? would be different from Big Brother’s “centralized command and control” (ibid, p. 82). The campaign of a U.S. politician communicated political issues in different ways to different Big Other refers to a “ubiquitou s networked institutional regim e that records, modifies, people, based on extensive data about 220 million U.S. citizens , which were categorized and commodifies everyday experie nce from toasters to bodies, co mmunication to nal security or along their views on issues from environment, gun rights, natio surveillance capitalism . It started within thought” (ibid, p. 81) , a new “emergent logic of immigration (see chapter 3.1). P olitical manipulation through mass media and accumulation in the networked sphere”, which led to “new market s of behavioral advertising has been discussed s ince ages. Scholars in communic ation studies have long these “ markets of prediction and modification” (ibid, p. 1). According to Zuboff, 652 , challenged the idea of plain top-down manipulation as inappropr iate and too simplistic ” are “composed of those who sell opportunities to influence be behavioral control havior insisting that humans are able to use different individual appr opriation of communication 85). for profit and those who purchase such opportunities” (ibid, p. strategies. The shift to completely personalized interactions b ased on extensive individual on. profiles possibly creates new and unknown degrees of manipulati could “demean human In a newspaper essay she conclude s that surveillance capitalism Freedom, gin territory” and would dignity” (Zuboff 2016). She warns that society would enter “vir autonomy, en strategies to make manipulation, we also observe op In addition to opaque forms of Reward and face a drastic challenge that “threatens the existential and political canon of the democracy people change their behavior. Insurers reward consumers when they voluntarily agree to punishment defined by principles of self-determination”, for example “the modern liberal order wear devices, which permanently track their steps and everyday life activities, or when he ideals of social equality; the development of identity, sanctity of the individual and t they consent to the digital recording of their driving behavior . When they reach arbitrary, reedom that accrues to the autonomy, and moral reasoning; the integrity of contract, the f but transparent goals – such as a million steps or not driving too long during the night – e agreement; the functions making and fulfilling of promises; norms and rules of collectiv they receive financial incentives or discounts. Such programmes can be beneficial, as long of market democracy; the political integrity of societies; and the future of democratic as consumers can choose to not participate in digital tracking and have attractive sovereignty” (ibid). alternative options. However, when the incentives offered are c onsiderably more valuable ould effectively become in comparison to insurance programs without tracking, then it c mandatory for many people to participate; in particular for poo rer people who cannot 6.8. Final reflection: From volu ntary to mandatory surveillance? participate in self- afford to miss out on the discounts. When people feel forced to As described in the context of power imbalances above, opting out from digital tracking becomes increasingly difficult. Individuals can hardly avoid co nsenting to data collection without opting out of much of mo who don’t participate in dern life. In addition, persons 650 Zarsky T (2004): Desperately Seeking Solutions: Using Impleme ntation-Based Solutions for the data collection, who don’t have s ocial networking accounts or t oo thin credit reports, Troubles of Information Privacy in the Age of Data Mining and t he Internet Society. 56(1) Maine Law could be judged as “suspicious” and “too risky” in advance. Review 13, p. 52. See also p. 30-31. Quoted from: Borgesius (20 15) 651 See e.g. the results of a simple Google search after “marketi ng” and “behavioral change” Today’s personal data ecosystem raises many concerns about data being collected, Mandatory 652 See e.g. Fiske, John. Introduction to Communication Studies. London: Routledge, 1990. ithout informed consent of indi analyzed, transmitted and used w viduals. But in many consent? 129 128 129

130 cases, people are required to consent, either because offers an d services that are not Markets (by Sarah Spiekermann) Ethical Reflections on Personal Data 7. based on invasive digital tracking are not available, or becaus e non-participation would lead to disadvantages in life. Scott Peppet (2010, p. 1) expect s that “those with valuable s will want to disclose credentials, clean medical records, and impressive credit score ve reached a massive As we have seen in the above chapters, personal data markets ha may then find that they those traits to receive preferential economic treatment. Others with a digital economy scale. Can we accept these in their current form as we move on ferences attached to staying must also disclose private information to avoid the negative in based on information technology? unraveling effect silent”. He points to an that could make disclosure of personal data Ethical reflections can help to find new ways for the design of personal data markets and “from a consensual to a more coerced decision” (ibid). Ethical identify rules for the actors operating within them. We therefo re include them in this theories It has been pointed out many tim es that there is a wide variety of reasons for individuals From taking second to last section of our b ook. I point of course to the li mitation that the normative applicable to ents of individualization to participate in self tracking, which are embedded in developm care of the theories applied hereafter are those dominating in the Western world. I take three of them personal data edge, self-optimization, and societal core values such as self-understanding, self-knowl self... data markets: Th e Utilitarian c alculus, which is the here and apply them to personal markets ility, self-control and self-ma self-improvement, self-responsib nagement. Based on the original philosophy underlying modern economics (Mill 1863/1987 ). The Kantian duty n sociology have shown chel Foucault, many scholars i work of the French philosopher Mi lly call “The perspective, which has been a cornerstone for what we historica that the way power works in society has shifted from “hard” aut hority and punishment to Enlightenment” (Kant 1784/2009), and finally Virtue Ethics, an approach to life that “soft” control. Individuals voluntarily become "entrepreneurs of the self", who are taking originates in Aristotle’s thinking about human flourishing and has seen considerable “care of the self” and “governing the self” (see Ajana 2005, Br öckling 2007, Whitson 2013, revival over the past 30 years (MacIntyre 1984). Lupton 2014). But while individuals are taking “care of the self”, insurers o r employers take control of ...to insurers on on personal data markets 7.1 A short Utilitarian reflecti the collected data and create rules to incentivize desired beha vior or penalize non-desired and employers behavior. Subsequently, “private self-tracking” becomes “pushed or imposed self- taking control The Utilitarian calculus, which originates in works by John Stu art Mill and Jeremy tracking”. It becomes “harnessed” to broader “commercial, econo mic or social Bentham, tries to weigh the beneficial and harmful consequences of actions. As a result of imperatives” (Lupton 2014). Thus the circle is complete. Volunt ary self-tracking cultures such a weighing process one can come to a conclusion on what is best to do (Mill ation management based on invi and classical, bureaucratic popul sible surveillance are arianism focused on the 1863/1987). What is important to know is that originally Utilit complementing each other. A publication by Ernst & Young asked whether tracking-based d for the past 160 years maximization of people’s happiness. While economic theory tende rs to introduce “Pay-As- insurance could already be the “new normal” and suggests insure onsequences of actions (utility to only emphasize the monetary c in money terms). John 653 You-Live (PAYL)” programs. e creed which accepts as the fo Stuart Mill actually wrote: “...th undation of morals, Utility, or the Greatest Happiness Princi ple, holds that actions are rig ht in proportion as they tend of happiness ... and that to promote happiness, wrong as they tend to produce the reverse atest amount of happiness standard is not the agent’s own greatest happiness, but the gre ereafter on personal data altogether” (1863/1987, pp. 278, 282). Hence, when reflecting h ore factors than just the ective, we must consider many m markets from a utilitarian persp financial benefits or harms of these markets. I do so by consid ering for instance the market’s effects on human knowle dge, power and relationships pr esuming that these values are important for happiness (based on (Maslow 1970)). Fo r complexity reasons I arianism as my discu opposed to Act-, or Rule ssion framework (as only use General Utilit Utilitarianism). benefit. Investors and From a Utilitarian perspective, monetary value is considered a Financial ainly have a ‘plus’ on their organizations collecting personal data can monetize it and cert Benefits Utilitarian balance sheet. Profits are especially justified, wh en companies redistribute some of their profits to pay for the common good through their taxes and create employment. Yet, profits need to be made on legitimate and fair grounds. As game theory layers are perceived as e-sided financial benefits of p has shown for decades, purely on ofits (Tisserand 2014). And unfair by those market participants that do not share in the pr so, if companies and data brokers continue leveraging financial benefits of personal data trading without data subjects’ a ctive share in the profits, the y might see a destabilization of their business in the mid- to long term. Behavioral economic s clearly suggests that people or “data subjects” would need to be financially compensa ted for their data somehow. 653 If we now assumed that at some point personal data markets foun d forms of profit Walter Poetscher (2015). Usage Based Insurance. The New Norma l? EY, July 2015. Online: UAssets/EY-usage-based-insuran ce-the-new- http://www.ey.com/Publication/vwL sharing, then on economic grounds personal data markets would a ppear advantageous or rance-the-new-normal.pdf [24.07 normal/$File/EY-usage-based-insu .2016] tilitarianism embeds a catering to some form of “happin ess”. Yet, as outlined above, U 130 131 130

131 cases, people are required to consent, either because offers an d services that are not Markets (by Sarah Spiekermann) Ethical Reflections on Personal Data 7. based on invasive digital tracking are not available, or becaus e non-participation would lead to disadvantages in life. Scott Peppet (2010, p. 1) expect s that “those with valuable s will want to disclose credentials, clean medical records, and impressive credit score ve reached a massive As we have seen in the above chapters, personal data markets ha may then find that they those traits to receive preferential economic treatment. Others with a digital economy scale. Can we accept these in their current form as we move on ferences attached to staying must also disclose private information to avoid the negative in based on information technology? unraveling effect silent”. He points to an that could make disclosure of personal data Ethical reflections can help to find new ways for the design of personal data markets and “from a consensual to a more coerced decision” (ibid). Ethical identify rules for the actors operating within them. We therefo re include them in this theories It has been pointed out many tim es that there is a wide variety of reasons for individuals From taking second to last section of our b ook. I point of course to the li mitation that the normative applicable to ents of individualization to participate in self tracking, which are embedded in developm care of the theories applied hereafter are those dominating in the Western world. I take three of them personal data edge, self-optimization, and societal core values such as self-understanding, self-knowl self... data markets: Th e Utilitarian c alculus, which is the here and apply them to personal markets ility, self-control and self-ma self-improvement, self-responsib nagement. Based on the original philosophy underlying modern economics (Mill 1863/1987 ). The Kantian duty n sociology have shown chel Foucault, many scholars i work of the French philosopher Mi lly call “The perspective, which has been a cornerstone for what we historica that the way power works in society has shifted from “hard” aut hority and punishment to Enlightenment” (Kant 1784/2009), and finally Virtue Ethics, an approach to life that “soft” control. Individuals voluntarily become "entrepreneurs of the self", who are taking originates in Aristotle’s thinking about human flourishing and has seen considerable “care of the self” and “governing the self” (see Ajana 2005, Br öckling 2007, Whitson 2013, revival over the past 30 years (MacIntyre 1984). Lupton 2014). But while individuals are taking “care of the self”, insurers o r employers take control of ...to insurers on on personal data markets 7.1 A short Utilitarian reflecti the collected data and create rules to incentivize desired beha vior or penalize non-desired and employers behavior. Subsequently, “private self-tracking” becomes “pushed or imposed self- taking control The Utilitarian calculus, which originates in works by John Stu art Mill and Jeremy tracking”. It becomes “harnessed” to broader “commercial, econo mic or social Bentham, tries to weigh the beneficial and harmful consequences of actions. As a result of imperatives” (Lupton 2014). Thus the circle is complete. Volunt ary self-tracking cultures such a weighing process one can come to a conclusion on what is best to do (Mill ation management based on invi and classical, bureaucratic popul sible surveillance are arianism focused on the 1863/1987). What is important to know is that originally Utilit complementing each other. A publication by Ernst & Young asked whether tracking-based d for the past 160 years maximization of people’s happiness. While economic theory tende rs to introduce “Pay-As- insurance could already be the “new normal” and suggests insure onsequences of actions (utility to only emphasize the monetary c in money terms). John 653 You-Live (PAYL)” programs. e creed which accepts as the fo Stuart Mill actually wrote: “...th undation of morals, Utility, or the Greatest Happiness Princi ple, holds that actions are rig ht in proportion as they tend of happiness ... and that to promote happiness, wrong as they tend to produce the reverse atest amount of happiness standard is not the agent’s own greatest happiness, but the gre ereafter on personal data altogether” (1863/1987, pp. 278, 282). Hence, when reflecting h ore factors than just the ective, we must consider many m markets from a utilitarian persp financial benefits or harms of these markets. I do so by consid ering for instance the market’s effects on human knowle dge, power and relationships pr esuming that these values are important for happiness (based on (Maslow 1970)). Fo r complexity reasons I arianism as my discu opposed to Act-, or Rule ssion framework (as only use General Utilit Utilitarianism). benefit. Investors and From a Utilitarian perspective, monetary value is considered a Financial ainly have a ‘plus’ on their organizations collecting personal data can monetize it and cert Benefits Utilitarian balance sheet. Profits are especially justified, wh en companies redistribute some of their profits to pay for the common good through their taxes and create employment. Yet, profits need to be made on legitimate and fair grounds. As game theory layers are perceived as e-sided financial benefits of p has shown for decades, purely on ofits (Tisserand 2014). And unfair by those market participants that do not share in the pr so, if companies and data brokers continue leveraging financial benefits of personal data trading without data subjects’ a ctive share in the profits, the y might see a destabilization of their business in the mid- to long term. Behavioral economic s clearly suggests that people or “data subjects” would need to be financially compensa ted for their data somehow. 653 If we now assumed that at some point personal data markets foun d forms of profit Walter Poetscher (2015). Usage Based Insurance. The New Norma l? EY, July 2015. Online: UAssets/EY-usage-based-insuran ce-the-new- http://www.ey.com/Publication/vwL sharing, then on economic grounds personal data markets would a ppear advantageous or rance-the-new-normal.pdf [24.07 normal/$File/EY-usage-based-insu .2016] tilitarianism embeds a catering to some form of “happin ess”. Yet, as outlined above, U 131 131 130

132 more holistic decision spectrum than just financial benefits. So I take another important think online and overcome their possible shyness. Except for ex cesses of disinhibition (i.e. mpacted by personal data arkets, which is likely to be i value created in personal data m trolling behavior), peoples’ opening-up behavior can be considered as a positive side of markets: knowledge extractable from Big Data. the Web. It can add to people’s inner peace, freedom and chance s to make friends. In s been recognized that sometim virtual worlds for instance it ha es friendships develop, trical. In our current So far, the knowledge created about people’s behavior is asymme Knowledge 014). However, data which are more honest and straightforward from the start (Yee 2 personal data market design, knowledge has become a powerful va lue from which only a and Power netize our personal markets are currently designed such that they systematically mo Acxiom, BlueKai, and large few service monopolies benefit; for instance data brokers like virtual world I can never be exchanges and sell and analyze our relational data. Being in a ked about “power data collectors, such as Google, Apple or Facebook. We have tal sure that my behavior and my discussions there with others will not be analyzed, imbalances” in the chapters abov e. Hence, the social utility po tentially created through Big monitored, sold or added to a ps ychological profile. As a resul t, the darker or idiosyncratic awback of power Data knowledge among a few players is counterbalanced by the dr part of my identity cannot be expressed or strive online. I hol d myself back. The Facebook asymmetries. studies we conducted at WU Vienna have shown that over 90% of t he users on the social es (Futurezone 2012). network “think twice” before they post something about themselv Power asymmetries breed distrust and undermine cooperation. In personal data markets, lf-censor and might We have discussed in the above chapter to what extent people se distrust can be observed in at least two forms: between econom ies, and between engage in “anticipatory conformity” (Zuboff 2015). corporates and people. Firstly, most European economies don’t h ave powerful data brokers. Their legal framework (i.e. the EU Directive on Data P rotection 95/46/EC) have e start. If personal data Holding oneself back in the way it is done today may just be th not allowed for the rise of this phenomenon at the same scale as was the case in the US. As r their e more aware of being watched o markets advance and people becom m the potential knowledge a result, European companies and institutions don’t benefit fro that strategic communication being potentially used against them, it might be t American players do. The aggregation inherent in personal data markets to the extent tha rsonal data markets communication could become the norm online. Even more so, if pe on this matter. Secondly, as result is a rising political tension between the US and the EU allowed people to make money on their data and their online conversations, we have shown above, people don’t know how much corporates know about them. The communication could become strongly calculus-driven. Already to day, people engage in people who provide their data don’t learn anything about themse lves from the knowledge ‘impression management’ online. Trying to trick machines into p aying higher prices for otential manipulation and that others hold about them. In contrast, they are exposed to p keywords used in artificial commu nication online seems far-fetc hed these days, but utility created through economic disadvantages (Christl 2014). So, taken together, the scenario. If this happened, t cannot be excluded as a potential hen the human relationships personal data markets’ knowledge potential is neutralized (or even negatively a result. involved in this online communication could seriously suffer as outweighed) by power asymmetries and their consequences. design. If we ensured Such negative effects could be mitigated through good technical h! If it were possible to build Political and technical design could change this calculus thoug ther monitored nor sold, truly private rooms in the digital realm where our data was nei hich people get full personal data markets as symmetrical knowledge structures, in w but instead encrypted, anonymized and deleted (when no longer u seful to the individual), insight into what companies know about them, societies might be come more then we could have more honest and deliberate communication onl ine; potentially e willing to give me knowledgeable and thoughtful. What would happen if Facebook wer digital realm could building very truthful relationships on digital platforms. The not only about the raw feedback on the entire data pool they hold about me, telling me contribute to our freedom and autonomy where needed. data they have, but also what my ut me? Who I am data tells them and others abo psychologically, emotionally as well as socially according to t heir current analytical markets show that their Taken together, a few short Utilitarian reflections on personal ight could be beneficial for models? The learning and sensitivity I might gain from this ins eir technical and organizatio nal design. Unfortunately, ethicality depends crucially on th uch feedback. me as an individual. I might grow and become more humble upon s h their one-sided financial their currently observable design as reported in this study wit However, I might also be so shoc ked about the conclusions Faceb ook’s algorithms make r ethicality from a gains, knowledge asymmetries and lack of privacy undermine thei Utilitarian perspective. this except me. I might sure nobody knows about all of about me that I would like to en demand choice and control over my an I might also prefer to data as a result. As a Europe Utilitarian philosophy is only one angle to think about the eth n act or a icality of a have my data stored and processed in Europe. Moreover, I could also feel that self- can complement phenomenon. As outlined above other philosophical perspectives tracking is not good for my development as a person and I might therefore prefer to not Utilitarian reasoning. Therefore, the next section is going to look at personal data markets g exit- and control rights, then participate in it at all. If all of this were granted, includin from a deontological perspective. y disappear. knowledge asymmetries between users and corporates could largel d technical design of personal Taken together: The political an data markets has the potential to assure two-sided kno wledge and symmetry of power. If market players and ion on personal data markets 7.2 A short deontological reflect policy makers went down this balanced ‘knowledge-creation’ path , then a positive argument would be created on the Utilitarian balance sheet. for duty. Deontology is a on”, a Greek word that stands The word “deontology” roots in “de th century Europe. One of the main fore philosophy of obligation , which flourished in 18 Knowledge, power and money are not all we care about. Other cru cial values for Belongingness thinkers of deontology was Imma nuel Kant. Kant (1724–1804), a G erman philosopher, is consideration in a Utilitarian calculus are the importance of h onest and free and Quality regarded as one of the most infl uential thinkers of “The Enligh tenment in Europe”. He communication between humans and our need for belongingness. So me parts of this of Human wanted to create a universal jus tification for moral actions. In order for moral belongingness can be nourished through our exchanges with other s online. How do Relationships justifications to be rational, he of an act might be too much argued that the consequences current data markets play into this dimension? efore not serve as a reliable subject to the volatile ideas of human happiness and could ther moral guideline. So he effectively questioned the Utilitarian k ind of reasoning I have used The digital realm has a huge pote ntial for honest communication . Scientists talk about a above. ore willing to say what they uler 2004). People tend to be m ‘disinhibition effect’ online (S 132 133 132

133 think online and overcome their possible shyness. Except for ex cesses of disinhibition (i.e. more holistic decision spectrum than just financial benefits. So I take another important trolling behavior), peoples’ opening-up behavior can be considered as a positive side of mpacted by personal data arkets, which is likely to be i value created in personal data m markets: knowledge extractable from Big Data. the Web. It can add to people’s inner peace, freedom and chance s to make friends. In es friendships develop, s been recognized that sometim virtual worlds for instance it ha So far, the knowledge created about people’s behavior is asymme trical. In our current Knowledge which are more honest and straightforward from the start (Yee 2 014). However, data lue from which only a personal data market design, knowledge has become a powerful va and Power netize our personal markets are currently designed such that they systematically mo Acxiom, BlueKai, and large few service monopolies benefit; for instance data brokers like exchanges and sell and analyze our relational data. Being in a virtual world I can never be ked about “power data collectors, such as Google, Apple or Facebook. We have tal sure that my behavior and my discussions there with others will not be analyzed, tentially created through Big e. Hence, the social utility po imbalances” in the chapters abov monitored, sold or added to a ps ychological profile. As a resul t, the darker or idiosyncratic Data knowledge among a few players is counterbalanced by the dr awback of power part of my identity cannot be expressed or strive online. I hol d myself back. The Facebook asymmetries. he users on the social studies we conducted at WU Vienna have shown that over 90% of t es (Futurezone 2012). network “think twice” before they post something about themselv Power asymmetries breed distrust and undermine cooperation. In personal data markets, lf-censor and might We have discussed in the above chapter to what extent people se distrust can be observed in at least two forms: between econom ies, and between engage in “anticipatory conformity” (Zuboff 2015). corporates and people. Firstly, most European economies don’t h ave powerful data brokers. Their legal framework (i.e. the EU Directive on Data P rotection 95/46/EC) have e start. If personal data Holding oneself back in the way it is done today may just be th not allowed for the rise of this phenomenon at the same scale as was the case in the US. As e more aware of being watched o r their markets advance and people becom institutions don’t benefit fro a result, European companies and m the potential knowledge that strategic communication being potentially used against them, it might be t American players do. The aggregation inherent in personal data markets to the extent tha rsonal data markets communication could become the norm online. Even more so, if pe on this matter. Secondly, as result is a rising political tension between the US and the EU allowed people to make money on their data and their online conversations, about them. The we have shown above, people don’t know how much corporates know day, people engage in communication could become strongly calculus-driven. Already to people who provide their data don’t learn anything about themse lves from the knowledge ‘impression management’ online. Trying to trick machines into p aying higher prices for otential manipulation and that others hold about them. In contrast, they are exposed to p nication online seems far-fetc hed these days, but keywords used in artificial commu economic disadvantages (Christl 2014). So, taken together, the utility created through cannot be excluded as a potential hen the human relationships scenario. If this happened, t personal data markets’ knowledge potential is neutralized (or even negatively involved in this online communication could seriously suffer as a result. outweighed) by power asymmetries and their consequences. Such negative effects could be mitigated through good technical design. If we ensured Political and technical design could change this calculus thoug h! If it were possible to build truly private rooms in the digital realm where our data was nei ther monitored nor sold, personal data markets as symmetrical knowledge structures, in w hich people get full but instead encrypted, anonymized and deleted (when no longer u seful to the individual), insight into what companies know about them, societies might be come more then we could have more honest and deliberate communication onl ine; potentially e willing to give me knowledgeable and thoughtful. What would happen if Facebook wer building very truthful relationships on digital platforms. The digital realm could feedback on the entire data pool they hold about me, telling me not only about the raw contribute to our freedom and autonomy where needed. data tells them and others abo data they have, but also what my ut me? Who I am Taken together, a few short Utilitarian reflections on personal markets show that their psychologically, emotionally as well as socially according to t heir current analytical eir technical and organizatio nal design. Unfortunately, ethicality depends crucially on th models? The learning and sensitivity I might gain from this ins ight could be beneficial for h their one-sided financial their currently observable design as reported in this study wit me as an individual. I might grow and become more humble upon s uch feedback. gains, knowledge asymmetries and lack of privacy undermine thei r ethicality from a ook’s algorithms make ked about the conclusions Faceb However, I might also be so shoc Utilitarian perspective. sure nobody knows about all of this except me. I might about me that I would like to en data as a result. As a Europe an I might also prefer to demand choice and control over my Utilitarian philosophy is only one angle to think about the eth n act or a icality of a have my data stored and processed in Europe. Moreover, I could also feel that self- phenomenon. As outlined above other philosophical perspectives can complement therefore prefer to not tracking is not good for my development as a person and I might look at personal data markets Utilitarian reasoning. Therefore, the next section is going to g exit- and control rights, then participate in it at all. If all of this were granted, includin from a deontological perspective. knowledge asymmetries between users and corporates could largel y disappear. d technical design of personal Taken together: The political an data markets has the potential to assure two-sided kno wledge and symmetry of power. If market players and ion on personal data markets 7.2 A short deontological reflect policy makers went down this balanced ‘knowledge-creation’ path , then a positive argument would be created on the Utilitarian balance sheet. for duty. Deontology is a on”, a Greek word that stands The word “deontology” roots in “de th century Europe. One of the main fore philosophy of obligation , which flourished in 18 Knowledge, power and money are not all we care about. Other cru cial values for Belongingness thinkers of deontology was Imma nuel Kant. Kant (1724–1804), a G erman philosopher, is consideration in a Utilitarian calculus are the importance of h onest and free and Quality regarded as one of the most infl uential thinkers of “The Enligh tenment in Europe”. He communication between humans and our need for belongingness. So me parts of this of Human wanted to create a universal jus tification for moral actions. In order for moral belongingness can be nourished through our exchanges with other s online. How do Relationships justifications to be rational, he of an act might be too much argued that the consequences current data markets play into this dimension? efore not serve as a reliable subject to the volatile ideas of human happiness and could ther moral guideline. So he effectively questioned the Utilitarian k ind of reasoning I have used The digital realm has a huge pote ntial for honest communication . Scientists talk about a above. ore willing to say what they uler 2004). People tend to be m ‘disinhibition effect’ online (S 133 133 132

134 can be justified only by A moral obligation, which he ca lled a “categorical imperative,” For this purpose it is crucial to discuss personal data markets ’ practices one by one. Kant’s Categorical something that is a universal principle in itself. So Kant formulated a Potential duties arising with data collection are very differen t from duties relevant in data Categorical that more specific actions should conform to. The first part of this imperative Imperative aggregation or analysis. Deontol ogical analysis forces us to lo ok at all market activities Imperative only in accordance with that maxim throu reads as follows: “Act gh which you can at the n the following only for the separately. For reasons of lengt h of this report I will do so i activity of data collection. same time will that it become a universal law” (Kant 1785/1999, p. 73, 4:421). Note the ues that one can try to live use of the word “maxim” here. For Kant, maxims are not just val Scott Howe could theoretically hold the maxim “Always collect t he data of the people such up to. Instead, maxims are a kind of subjective law or ‘princip le of action’ that can be know what has happened (because they are not asked for their that the people do not to act. Take the example having the maxim duty on which one has the universalized and up But deontological ethics quest explicit and informed consent).“ ions whether such a Wanting to never lie to anyone. to tell the truth would not be enough for Kant. In Kant’s nd whether Scott Howe can position is realistic. Deontological analysis seeks to understa according to that only (“Act sense, I have the duty to never lie or to always tell the truth really want such invisible collection to become a universal law . Instead of taking a “view maxim”). Why is Kant so strict? Because of the ethical confiden ce we can then have in our from nowhere” the philosophical t at the CEO would want heory demands to reflect on wh surroundings. If the above maxim would be a universal law then we could fully trust that for himself as well (the philosopher puts himself into the shoe s of the universal everyone tells the truth. ata collected without lawmaker). So, would Scott Howe want to have his own personal d Kant also argued that there should be a universal principle tha t guides my considerations and understanding he want to invest into reading his knowing? How much time would on what are worthwhile maxims: this is that in our maxims human beings should always collected at all about his terms and conditions? What intimate data would he want to have be treated as ends in themselves and never only used as a means to something. For this t rationally and in his own his friends? I could presume tha personal life and the lives of art that stressed human ical Imperative with a second p reason, he completed his Categor self-interest Scott Howe can actually not want that the data Ac xiom processes about son or in the person of dignity: “So act that you use humanity, whether in your own per himself and others to be collected without his conscious and ex plicit knowing and free means” (Kant 1785/1999, any other, always at the same time as an end, never merely as a consent; for instance information about his body weight, health status and diet, sleep p. 80, 4:429). quality and mental stress; his private phone number and place o f residence, favourite leisure spots, personal relation ships, secret passions, collect ions and weaknesses? In principles that are supposed to be held subjective In Kant’s philosophy, maxims are always contrast, it seems rational that Scott Howe would want his pers onal data to be collected by by a person; notably by the person who is supposed to take an e thical decision. When a parties he engages with only with his fully conscious, informed and explicit consent. Ethics person needs to make an ethical d ecision, Kant reasons that they should behave as if they from a deontological perspective demands that Scott’s duty resi des in now applying this iversal lawmaker”. Note the would not only decide for themselves, but as if they were a “un is to the end, Scott and his rate decisions. If we think th subjective principle to his corpo : Utilitarianism allows for difference between Utilitarianism and Deontology in this regard team at Acxiom would now need to think about how to make inform ed and conscious reasoning at an abstract level, weighing pros and cons of something without taking any ethical data collection possible from a technical and organizat ional perspective. Many stance. For instance, I can argue subjective that the pros of personal dat actual a markets . For instance, Acxiom could re quire its data suppliers to potential actions could be taken e argument is valid, are more knowledge, but the cons are more power asymmetries. Th prove that the data subjects’ informed consent was given for al l of Acxiom’s data r or lawmaker or analyst of per but the individual decision make sonal data markets that is processing purposes. To ensure t hat informed consent was given, it might support formulating this utilitarian argument is not personally touched or involved in this ticky policies (Casassa standards for controlled and pol icy-based data flows, such as s observation. He or she does therefore not perceive any duty to act towards anyone upon Mont et al. 2003). Acxiom might offer end-users full access to their personal records, the the analysis. Utilitarianism is hence analysing personal data markets ‘neutrally’. Thomas is of these records and allow f analysis that is done on the bas or dynamic consent red to this neutrality as prac Nagel would have critically refer ticing “a view from nowhere” with partners that are procedures (Kaye et al. 2014). Ac xiom might start working only (Nagel 1992). certified for fair data collection practices, etc. I do not wan t to expand here on the full list of potential actions Acxiom could engage in to enable Scott How e’s maxim. But what we Kant in contrast requires ethical decisions to be taken from a personal position that Scott Howe, eads to organizational and s that the ethical reflection l see from the line of arguments i If we want to use the Categoric involves subjective principles. al Imperative to ethically CEO of Acxiom technical design measures available to fulfil the maxim. elves in the shoes of a judge personal data markets, then we therefore need to put ours nalysis. When it comes to concrete person who is personally involved with the object of a if it thus followed Scott Can we presume that Acxiom would be ethically on the safe side personal data markets this could be any fictitious or real pers on who is involved in them. Howe’s new maxims? Unfortunately, not yet from a deontological view. “universal lawmaker” in coming close to being a true Ideally we choose a person who is nd formula of ng, ethical judgments need to According to deontological thinki these markets. This could be a person who is running a personal data market, such as consider the 2 People serving the Categorical Imperative as well. This formula condemns pract ices where people serve Scott Howe, current president and CEO of Acxiom, Lawrence J. El lison, head of Oracle and as a means to tion process to reach a as a means to an end. Are they only a means in the data collec only Bluekai or someone else in a comparatively powerful position. T o make the following an end certain end? The answer to this question is straight forward: I f we use people just as a reasoning didactically entertaining I allow myself to engage in the deontological analysis nd formula of the n the 2 er a data-sharing contract, the means to get their signature und xemplary ‘universal of personal data markets by taking Scott Howe of Acxiom as an e Categorical Imperative is not fulfilled. This is what mostly happens today. People’s notice decide on the ethicality of pra lawmaker’ who could be asked to ctices that his proprietary s not aim to easily inform peo and choice (if it is granted) doe ple as we have shown above. personal data company engages in. In contrast: Often people are just used to give their signature so that companies then have stain from certain The maxim of Scott Howe could be to have Acxiom engage in or ab a free ticket to use their data and make money. Current data co llection may then be netization. From a means of data collection, aggregation, analysis, sharing and mo erspective it is not permissible from a legal perspective, but from a duty-ethical p deontological perspective the question is what universal law Scott wants for himself and appropriate. which Acxiom engages in others. He needs to personally want that the data-activities in designs them for his company (or signs them off). should always take place in the way he 134 135 134

135 For this purpose it is crucial to discuss personal data markets ’ practices one by one. can be justified only by A moral obligation, which he ca lled a “categorical imperative,” Kant’s Potential duties arising with data collection are very differen t from duties relevant in data Categorical something that is a universal principle in itself. So Kant formulated a Categorical aggregation or analysis. Deontol ogical analysis forces us to lo ok at all market activities Imperative this imperative that more specific actions should conform to. The first part of Imperative separately. For reasons of lengt h of this report I will do so i n the following only for the only in accordance with that maxim throu gh which you can at the reads as follows: “Act activity of data collection. same time will that it become a universal law” (Kant 1785/1999, p. 73, 4:421). Note the ues that one can try to live use of the word “maxim” here. For Kant, maxims are not just val he data of the people such Scott Howe could theoretically hold the maxim “Always collect t le of action’ that can be up to. Instead, maxims are a kind of subjective law or ‘princip they are not asked for their know what has happened (because not that the people do to act. Take the example having the maxim on which one has the duty universalized and up explicit and informed consent).“ But deontological ethics quest ions whether such a Wanting to tell the truth would not be enough for Kant. In Kant’s to never lie to anyone. position is realistic. Deontological analysis seeks to understa nd whether Scott Howe can according to that sense, I have the duty to never lie or to always tell the truth (“Act only . Instead of taking a “view really want such invisible collection to become a universal law maxim”). Why is Kant so strict? Because of the ethical confiden ce we can then have in our heory demands to reflect on wh at the CEO would want from nowhere” the philosophical t we could fully trust that surroundings. If the above maxim would be a universal law then s of the universal for himself as well (the philosopher puts himself into the shoe everyone tells the truth. lawmaker). So, would Scott Howe want to have his own personal d ata collected without he want to invest into reading his knowing? How much time would and understanding Kant also argued that there should be a universal principle tha t guides my considerations terms and conditions? What intimate data would he want to have collected at all about his on what are worthwhile maxims: this is that in our maxims human beings should always t rationally and in his own his friends? I could presume tha personal life and the lives of to something. For this be treated as ends in themselves and never only used as a means xiom processes about self-interest Scott Howe can actually not want that the data Ac art that stressed human ical Imperative with a second p reason, he completed his Categor himself and others to be collected without his conscious and ex plicit knowing and free son or in the person of dignity: “So act that you use humanity, whether in your own per consent; for instance information about his body weight, health status and diet, sleep any other, always at the same time as an end, never merely as a means” (Kant 1785/1999, p. 80, 4:429). f residence, favourite quality and mental stress; his private phone number and place o leisure spots, personal relation ships, secret passions, collect ions and weaknesses? In In Kant’s philosophy, maxims are always subjective principles that are supposed to be held contrast, it seems rational that Scott Howe would want his pers onal data to be collected by by a person; notably by the person who is supposed to take an e thical decision. When a and explicit consent. Ethics parties he engages with only with his fully conscious, informed ecision, Kant reasons that they should behave as if they person needs to make an ethical d from a deontological perspective demands that Scott’s duty resi des in now applying this iversal lawmaker”. Note the would not only decide for themselves, but as if they were a “un is to the end, Scott and his rate decisions. If we think th subjective principle to his corpo difference between Utilitarianism and Deontology in this regard : Utilitarianism allows for team at Acxiom would now need to think about how to make inform ed and conscious reasoning at an abstract level, weighing pros and cons of something without taking any ional perspective. Many from a technical and organizat ethical data collection possible subjective actual stance. For instance, I can argue that the pros of personal dat a markets . For instance, Acxiom could re quire its data suppliers to potential actions could be taken are more knowledge, but the cons are more power asymmetries. Th e argument is valid, prove that the data subjects’ informed consent was given for al l of Acxiom’s data but the individual decision make r or lawmaker or analyst of per sonal data markets that is hat informed consent was given, processing purposes. To ensure t it might support or involved in this formulating this utilitarian argument is not personally touched ticky policies (Casassa standards for controlled and pol icy-based data flows, such as s observation. He or she does therefore not perceive any duty to act towards anyone upon full access to their personal records, the Mont et al. 2003). Acxiom might offer end-users hence analysing personal data markets ‘neutrally’. Thomas the analysis. Utilitarianism is or dynamic consent is of these records and allow f analysis that is done on the bas red to this neutrality as prac Nagel would have critically refer ticing “a view from nowhere” procedures (Kaye et al. 2014). Ac xiom might start working only with partners that are (Nagel 1992). certified for fair data collection practices, etc. I do not wan t to expand here on the full list of potential actions Acxiom could engage in to enable Scott How e’s maxim. But what we Kant in contrast requires ethical decisions to be taken from a personal position that Scott Howe, eads to organizational and s that the ethical reflection l see from the line of arguments i If we want to use the Categoric involves subjective principles. al Imperative to ethically CEO of Acxiom technical design measures available to fulfil the maxim. elves in the shoes of a judge personal data markets, then we therefore need to put ours nalysis. When it comes to concrete person who is personally involved with the object of a if it thus followed Scott Can we presume that Acxiom would be ethically on the safe side personal data markets this could be any fictitious or real pers on who is involved in them. Howe’s new maxims? Unfortunately, not yet from a deontological view. “universal lawmaker” in coming close to being a true Ideally we choose a person who is nd formula of ng, ethical judgments need to According to deontological thinki consider the 2 these markets. This could be a person who is running a personal data market, such as People serving the Categorical Imperative as well. This formula condemns pract ices where people serve Scott Howe, current president and CEO of Acxiom, Lawrence J. El lison, head of Oracle and as a means to tion process to reach a as a means to an end. Are they only a means in the data collec only Bluekai or someone else in a comparatively powerful position. T o make the following an end certain end? The answer to this question is straight forward: I f we use people just as a reasoning didactically entertaining I allow myself to engage in the deontological analysis nd formula of the n the 2 er a data-sharing contract, the means to get their signature und xemplary ‘universal of personal data markets by taking Scott Howe of Acxiom as an e Categorical Imperative is not fulfilled. This is what mostly happens today. People’s notice decide on the ethicality of pra lawmaker’ who could be asked to ctices that his proprietary s not aim to easily inform peo and choice (if it is granted) doe ple as we have shown above. personal data company engages in. In contrast: Often people are just used to give their signature so that companies then have stain from certain The maxim of Scott Howe could be to have Acxiom engage in or ab a free ticket to use their data and make money. Current data co llection may then be netization. From a means of data collection, aggregation, analysis, sharing and mo erspective it is not permissible from a legal perspective, but from a duty-ethical p deontological perspective the question is what universal law Scott wants for himself and appropriate. which Acxiom engages in others. He needs to personally want that the data-activities in designs them for his company (or signs them off). should always take place in the way he 135 135 134

136 nd So in order to fulfil the 2 part of the Categorical Imperat ive what would be Scot Howe’s ood judgments on the persons and goods. Phronesis seems vital for instance to make g duty? One strategy could be to position the data collection pro cess in a different way than utilitarian weights of the costs and benefits of personal data markets that I outlined above in the Utilitarian analysis. it is being done today. It is possible to view data collection as a means of deliberate a better world that thrives on participation in the crafting of more knowledge (as gy that focuses on Unlike Utilitarianism that focuses on consequences and deontolo discussed in the Utilitarian analysis above) and that sees less fraud. Personal data markets universal law makers, virtue et fects of actions on people. In hical analysis focuses on the ef se goals. Companies like to participate and share in the can give people the opportunity hether the technical, social et context virtue ethical analysis asks w the personal data mark Acxiom could collect data from f ully conscious individuals who are willing to share their and economic manifestations of d ata markets will influence peop le’s lives such that they to this path is one thing: Pe data for explicit causes. The key ople would need to es arête and phronesis. impede or hinder them to become the kind of person that possess is a key to Kant’s understandin buy into these goals. Autonomy g of ethical autonomously ns of oppression that bar Could personal data markets lead to subtle unconducive conditio conduct. people from cultivating their vi rtues and develop phronesis and arête? In doing so, could ts would consent to data colle Autonomous and free ction would mean that, first, data subjec sa Tessman: Could they impede people’s flourishing in any way? In the words of Li and they would then need need to learn about all of the purposes pursued with their data personal data markets create a condition of “systemic constitut ive bad luck”? (Tessman Most importantly, this fine-gra ined consent would need to to consent to these one by one. 2005) A bad luck that then undermines the long-term goodness of those affected. sharing, because if they deny be given freely. Data subjects today are often forced into data To answer these questions, it is helpful to envision a concrete person (actor) who might A concrete data sharing contradicts sharing, they are denied service delivery. Such enforcement for live in a future world in which personal data markets strive. L et’s take a fictitious person person Kant’s Categorical Imperative. Enforcement can also be very subtle; i.e. psychological called Bill who is seriously over weight and has therefore started to use a health-tracking pressure can be put on people by repeating mantras to them, suc h as “sharing is caring”, device. The device measures his weight, transpiration, heart ra te, cholesterol, fat, steps etc. Data collectors need to abstain from any of such manipulat ive tactics. They need to be he device as part of his plan and movements, calories, body posture, etc. Bill has acquired t very frank, and let the people decide as they want to. They need to be ready to forgo many althy condition. Yet, this plan to do a lot of sports in order to bring his body back into a he want to share. And they opportunities for collecting data from people who simply don’t hat Bill’s plan has failed. turns out to be extremely hard and the device’s data suggests t need to be willing to provide non-sharers with the same service as everyone else (even if Projecting today’s technical architectures into the future, all or most of Bill’s data would panies act this way will they this implied less profit for them). Only if data collecting com probably flow uncontrolled to the health app provider who might sell it on and share the enter the ethical white-zone; at least from Kant’s deontologica l perspective. rd parties, including insurance companies, data brokers, employer s, etc. The data with 3 then turns against him. His health app may be free, but it is very likely that Bill’s data he number of invitations health insurance rate might go up more steeply than expected. T tion on personal data markets 7.3 A short virtue ethical reflec ht be lower than he expected. he might get as a result of his applications for sales jobs mig h app data is behind this ‘systemic constitutive bad luck.’ Bill may not know that his healt th century rediscovery a 20 The virtue ethical approach to d ecision-making and behavior is The virtuousness of his character might not be directly impacte d by the fact that invisible of Aristotelian philosophy (Aristotle 1915; Aristotle 2000; Hur sthouse 1999; MacIntyre forces make life more difficult for him. However, what could ha ppen is that he becomes 1984). Virtue-ethical thinking fo hing or wellbeing of people; cuses on the long-term flouris depressed or angry. The chances to live a good life and to bene fit from the flourishing his chnology, or the existence a wellbeing that might become affected by certain behaviors, te are reduced. The data-driven c good character actually deserves ircumstances might lead of personal data markets. In Aristotle’s view a virtuous life i s a necessary condition for aracter into a frustrated ho might turn from a positive ch to a character change in Bill w slated as “wellbeing”). Two calls “eudemonia” (often tran flourishing; or achieving what he that Bill’s positive character is extremely resistant and that one. That said, it could also be ble eudemonia: these are concepts are particularly constitutive of virtuousness, and ena his person and behavior does not change much when faced with a data-world driving his arête and phronesis (Hursthouse 2012). life into a negative spiral. Virtue ethical analysis projected into a likely future does not give tential likelihood. definite answers. It just helps to envision scenarios with a po Arête stands for an excellent character expressed in well-balan ced behaviors towards The effects the nature of arête in his oneself and others (golden-mean behaviors). Aristotle pulls out of actions Virtue ethics also allows for analysis at both the organization al and societal level. Let’s Society at large “Nicomachean Ethics” where he de scribes a number of concrete vi rtues such as courage, on people ciety at large: We must ask therefore take a step back from Bill as a person and look at so ity, generosity, etc. (Aristo temperance, high-mindedness, verac tle 2000). These virtues are the question how an economy and a society evolves in which peop le start feeling spect of arête is that examples, which illustrate the meaning of arête. A noteworthy a and perceptions towards discriminated because of their data profiles. Their feelings to anything. Instead it virtuous behavior is generally not instrumental is driven out of an ey use (e.g. health apps) anyone they meet (e.g. employers, the state), or any service th re and film is full of inner compass for what is right and good. The world of literatu ple might start by distrust and ambiguity. Peo could become increasingly marked ella, Jane Bennett in Jane examples of arête: for instance the fairy tale character Cinder about him; that no presuming that the vis-à-vis knows more about them than they do Austin’s novel Pride and Prejudice or the protagonist Jake Sull y in James Cameron’s recent matter where they turn, they conf ront a knowledge asymmetry tha t puts them into a film ‘Avatar’. weaker position than they could be in if there was no data shar ing. If this evolution is permitted to happen, we will see a society reigned by distrust and lack of loyalty; or as emonia”) is phronesis. A core virtue leading to people’ s flourishing (also called “eud n which everyone is everyone el se’s wolf. This is indeed a Hume anticipated it: A society i Phronesis stands for practical wisdom. It is the knowledge and ability of a person to take very negative virtue ethical outlook. not right and just decisions. Phronesis is about rules that can directly be applied (such as alysis with societal dered that combines personal an A second scenario could be consi cognize in a situation what it legal regulations). Instead phronesis implies the ability to re implications. Let’s presume people would receive property right s in personal data and is that does justice to the virtues, people, and goods involved . Phronetic leaders are good could financially benefit from data markets. This is what the U tilitarian analysis above complete spectrum of in prioritizing the right actions and recognizing a relatively recommends. In such a scenario, B ill would be very well aware t hat his health data is decisions for virtues, consequences; including the “soft” or long-term consequences of 136 137 136

137 nd persons and goods. Phronesis seems vital for instance to make g ood judgments on the part of the Categorical Imperat ive what would be Scot Howe’s So in order to fulfil the 2 utilitarian weights of the costs and benefits of personal data markets that I outlined above duty? One strategy could be to position the data collection pro cess in a different way than in the Utilitarian analysis. as a means of deliberate it is being done today. It is possible to view data collection a better world that thrives on more knowledge (as participation in the crafting of gy that focuses on Unlike Utilitarianism that focuses on consequences and deontolo fraud. Personal data markets discussed in the Utilitarian analysis above) and that sees less hical analysis focuses on the ef fects of actions on people. In universal law makers, virtue et can give people the opportunity to participate and share in the se goals. Companies like the personal data mark hether the technical, social et context virtue ethical analysis asks w ully conscious individuals who are willing to share their Acxiom could collect data from f le’s lives such that they ata markets will influence peop and economic manifestations of d data for explicit causes. The key to this path is one thing: Pe ople would need to impede or hinder them to become the kind of person that possess es arête and phronesis. is a key to Kant’s understandin buy into these goals. Autonomy autonomously g of ethical Could personal data markets lead to subtle unconducive conditio ns of oppression that bar conduct. arête? In doing so, could people from cultivating their vi rtues and develop phronesis and they impede people’s flourishing in any way? In the words of Li sa Tessman: Could ction would mean that, first, data subjec consent to data colle Autonomous and free ts would ive bad luck”? (Tessman personal data markets create a condition of “systemic constitut purposes pursued with their data need to learn about all of the and they would then need 2005) A bad luck that then undermines the long-term goodness of those affected. to consent to these one by one. Most importantly, this fine-gra ined consent would need to sharing, because if they deny be given freely. Data subjects today are often forced into data To answer these questions, it is helpful to envision a concrete person (actor) who might A concrete data sharing contradicts sharing, they are denied service delivery. Such enforcement for live in a future world in which personal data markets strive. L et’s take a fictitious person person Kant’s Categorical Imperative. Enforcement can also be very subtle; i.e. psychological called Bill who is seriously over weight and has therefore started to use a health-tracking pressure can be put on people by repeating mantras to them, suc h as “sharing is caring”, device. The device measures his weight, transpiration, heart ra te, cholesterol, fat, steps etc. Data collectors need to abstain from any of such manipulat ive tactics. They need to be he device as part of his plan and movements, calories, body posture, etc. Bill has acquired t very frank, and let the people decide as they want to. They need to be ready to forgo many althy condition. Yet, this plan to do a lot of sports in order to bring his body back into a he want to share. And they opportunities for collecting data from people who simply don’t hat Bill’s plan has failed. turns out to be extremely hard and the device’s data suggests t need to be willing to provide non-sharers with the same service as everyone else (even if Projecting today’s technical architectures into the future, all or most of Bill’s data would panies act this way will they this implied less profit for them). Only if data collecting com probably flow uncontrolled to the health app provider who might sell it on and share the enter the ethical white-zone; at least from Kant’s deontologica l perspective. rd parties, including insurance companies, data brokers, employer s, etc. The data with 3 then turns against him. His health app may be free, but it is very likely that Bill’s data he number of invitations health insurance rate might go up more steeply than expected. T tion on personal data markets 7.3 A short virtue ethical reflec ht be lower than he expected. he might get as a result of his applications for sales jobs mig h app data is behind this ‘systemic constitutive bad luck.’ Bill may not know that his healt th century rediscovery a 20 The virtue ethical approach to d ecision-making and behavior is The virtuousness of his character might not be directly impacte d by the fact that invisible of Aristotelian philosophy (Aristotle 1915; Aristotle 2000; Hur sthouse 1999; MacIntyre forces make life more difficult for him. However, what could ha ppen is that he becomes 1984). Virtue-ethical thinking fo hing or wellbeing of people; cuses on the long-term flouris depressed or angry. The chances to live a good life and to bene fit from the flourishing his chnology, or the existence a wellbeing that might become affected by certain behaviors, te are reduced. The data-driven c good character actually deserves ircumstances might lead of personal data markets. In Aristotle’s view a virtuous life i s a necessary condition for aracter into a frustrated ho might turn from a positive ch to a character change in Bill w slated as “wellbeing”). Two calls “eudemonia” (often tran flourishing; or achieving what he that Bill’s positive character is extremely resistant and that one. That said, it could also be ble eudemonia: these are concepts are particularly constitutive of virtuousness, and ena his person and behavior does not change much when faced with a data-world driving his arête and phronesis (Hursthouse 2012). life into a negative spiral. Virtue ethical analysis projected into a likely future does not give tential likelihood. definite answers. It just helps to envision scenarios with a po Arête stands for an excellent character expressed in well-balan ced behaviors towards The effects the nature of arête in his oneself and others (golden-mean behaviors). Aristotle pulls out of actions Virtue ethics also allows for analysis at both the organization al and societal level. Let’s Society at large “Nicomachean Ethics” where he de scribes a number of concrete vi rtues such as courage, on people ciety at large: We must ask therefore take a step back from Bill as a person and look at so ity, generosity, etc. (Aristo temperance, high-mindedness, verac tle 2000). These virtues are the question how an economy and a society evolves in which peop le start feeling spect of arête is that examples, which illustrate the meaning of arête. A noteworthy a and perceptions towards discriminated because of their data profiles. Their feelings to anything. Instead it virtuous behavior is generally not instrumental is driven out of an ey use (e.g. health apps) anyone they meet (e.g. employers, the state), or any service th re and film is full of inner compass for what is right and good. The world of literatu ple might start by distrust and ambiguity. Peo could become increasingly marked ella, Jane Bennett in Jane examples of arête: for instance the fairy tale character Cinder about him; that no presuming that the vis-à-vis knows more about them than they do Austin’s novel Pride and Prejudice or the protagonist Jake Sull y in James Cameron’s recent matter where they turn, they conf ront a knowledge asymmetry tha t puts them into a film ‘Avatar’. weaker position than they could be in if there was no data shar ing. If this evolution is permitted to happen, we will see a society reigned by distrust and lack of loyalty; or as emonia”) is phronesis. A core virtue leading to people’ s flourishing (also called “eud n which everyone is everyone el se’s wolf. This is indeed a Hume anticipated it: A society i Phronesis stands for practical wisdom. It is the knowledge and ability of a person to take very negative virtue ethical outlook. not right and just decisions. Phronesis is about rules that can directly be applied (such as alysis with societal dered that combines personal an A second scenario could be consi cognize in a situation what it legal regulations). Instead phronesis implies the ability to re implications. Let’s presume people would receive property right s in personal data and is that does justice to the virtues, people, and goods involved . Phronetic leaders are good could financially benefit from data markets. This is what the U tilitarian analysis above complete spectrum of in prioritizing the right actions and recognizing a relatively recommends. In such a scenario, B ill would be very well aware t hat his health data is decisions for virtues, consequences; including the “soft” or long-term consequences of 137 137 136

138 shared and with whom and under what conditions. Let’s say that Bill is not too rich. 8. Recommended Action icensed out the usage of the health app provider and l Therefore he has made a deal with his health data for the next five years to come. He also struck a deal with his health nd allows him in return a insurance company that receives the data, tracks his progress a “You have to fight for your privacy or you will lose it” 654 10% discount on this rate over the next 5 years. At first sight , this looks much better than Eric Schmidt, Google, 2013 the kind of intransparent data-w actually might have taken a orld we are in right now. Bill prudent decision by selling his data, because this deal motivat es him to a certain degree to be conscious of the fact really change his fitness behavior. Through experience he might g in an intransparent A society based on ubiquitous digital tracking that is happenin Serious lf under some financial that he will not endure a fitness plan if he does not put himse vantage raises serious inating people for economic ad manner and systematically discrim concerns me that Bill knows everything t pressure to succeed. I also assu hat his insurance company concerns about the future of fre edom, democracy, autonomy and h uman dignity. We have knows about him. Loyalty and tru edge symmetry. From a st is created due to such knowl dividuals and networks argued above that there is a massive power imbalance between in development) at first sight there virtue ethical perspecti ve (which looks at his personality ives of billions of people. of companies processing vast amounts of information about the l seems to be no risk to Bill. To date, individuals have limited ways to protect themselves from corporate surveillance; even if they take the unrealistic step to remain largely offlin e. However, there is a serious virt o: What happens if Bill loses in this scenari ue ethical risk his health goals. He has weight and becomes quite sportive within a year. He has reached So where do we go from here? formed a good health-habitus. But still he is forced to continu e sharing his data. He is not Very often reports such as this one or academic work come to th e conclusion that Networks want to. Instead, he is allowed to stop using the health device, as he would naturally 655 shows very well, the regulators need to do something. As the film “Democracy” of control e otherwise he would forced to continue using it and bravely upload his data, becaus r 2,000 lobbyists were hired regulator is not in an easy position. It is being said that ove experience considerable financia l loss. Naturally, he will beco me aware of the fact that he exclusively to turn the new Euro pean framework for personal dat a regulation, the so- e a deal of himself. He might sells himself, or parts of himself. He realizes that he has mad called “GDPR”, into a weak piece of legislation. The corporate power in favor of corporate become aware that there is a long-term monitoring of his person happening at real-time. If surveillance is a “network of control” in itself. Over 4,000 am endments were made to the ption of the self. He might such awareness arises, it might not be healthy for Bill’s perce he European Parliament. n Albrecht, its rapporteur in t GDPR’s version as proposed by Ja as directed by others, as start seeing himself with different eyes. He might see himself Parliament were then Many of the good suggestions that got ratified by the European being forced to serve interests, which are not his own. And he might start disliking the twisted and weakened in the Council. Member states are known to have been sending serv