A plan to study data mining of social-networking sites bankrolled by Germany‘s largest credit-reporting agency provoked outrage after internal documents about the project were leaked to German media outlets.
Spiegel Online reported that data gathered from Facebook, Twitter, LinkedIn, other social networks and even Google Street View could be used for “identifying and assessing the prospects and threats” along with determining “the current opinions of a person.”
Sound creepy? Both politicians and ordinary Germans thought so too, and there was a public outcry. German credit agency Schufa said the project fell within the scope of German privacy laws, but the backlash prompted the university it commissioned to conduct the research to bow out of what was supposed to be a three-year project, and Schufa followed with an announcement saying it wouldn’t pursue the initiative.
Privacy experts say this is a shot across the bow. “Social-media data poses a potential problem in lots of situations,” says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse.
Although the German venture was scuttled shortly after its inception, a combination of factors make it unlikely that this quick retreat will end the broader privacy war over the issue. For one thing, there’s just too much money to be made: credit reporting and collections is a $20 billion business. American privacy laws are also much more lax compared with those of European countries. Most important, the data is there for the taking: Americans are alarmingly cavalier about what they post online and how much information they expose to the public.
(MORE: Can Interviewers Insist on ‘Shoulder Surfing’ Your Facebook Page?)
“People are starting to get smarter about it, but what you put online can essentially live forever,” says Rodney Nelsestuen, senior research director at CEB TowerGroup. “The challenge is that people don’t believe there’s a connection.”
According to a new Consumer Reports study, nearly 13 million Facebook users either don’t know how to manage their privacy settings or don’t even realize they exist. Only 37% have altered their privacy settings to control what third-party apps can “see” about them — which they have the ability to do in some cases based on the activity of a user’s friend.
Right now companies collect tons of information about our online habits, probably more than most of us realize. For instance, Consumer Reports says, if you visit a Web page that has a Like option, Facebook knows you’ve been there — even if you don’t like the page. Increasingly, social-network users are burdened with changes to privacy policies that expose more data by default, putting the onus on the individual to secure their information.
So far, all this data is sliced and diced primarily with the goal of selling us stuff. That can be annoying and a little creepy, but it’s pretty benign compared with the potential use of that type of information to determine our creditworthiness.
In the name of risk management, companies have begun sifting through increasingly esoteric and hard-to-measure details about people’s lives. Today credit bureau Experian announced the debut of a product it calls an Extended View Score. Intended for people without bank accounts and spotty credit histories, the formula uses alternative data sources like rent-payment history and public records to create a score.
(MORE: FTC Thinks Your Privacy’s Under Attack Too)
“Companies are doing this already all the time,” says Felix Naumann, head of the information-systems department at the Hasso Plattner Institute of the University of Potsdam, where the German research would have been carried out. Naumann says the three-year project was intended to study the usefulness of and challenges in social-network data mining. For example: Do references to yachts and limos mean you’re wealthy or just a fan of reality shows about the lives of the rich and famous?
How much of a risk are you if you read crime stories, vent about a speeding ticket or Like every bar in town? Figuring this out is an interesting academic riddle. It’s also the holy grail for credit agencies, digital-marketing companies and other platforms that collect and organize consumer data — and it could hurt consumers.
“If you like things pertaining to risky behaviors, that may be perceived as part of your personality makeup,” says Lillie Coney, associate director of the Electronic Privacy Information Center.
Norm Magnuson, vice president of public affairs at the Consumer Data Industry Association, the trade group that represents credit bureaus, says credit-reporting agencies in the U.S. aren’t going as far as Schufa attempted. “I’m not aware of any CRAs here in the States that are doing anything with social media in the context of trying to add it to the credit file,” he says.
But that doesn’t mean they wouldn’t like to. “There’s a huge interest in trying to understand that and use it to make money,” Nelsestuen says. “I know there’s a lot of experimentation going on with it.”
In other words, it may be just a matter of time. Companies have already figured out how to turn profiles into profits when it comes to marketing. Now they’ve set their sights on risk management, a vague buzzword that translates into some very real-world outcomes like how much you pay to borrow money.
“This is still the Wild West in many ways,” Nelsestuen says.