Imagine you walk into my bookshop. As you peruse my books, I take note of where you pause and what you pick up. I ask you questions about what you're looking for, and I make suggestions. I'm hoping that the more I get to know you, the better I can serve you, and the better chance that you'll become a regular.
My imaginary bookshop is small, and my landlord offered me a free security system. It uses video cameras focused on my aisles, and it sends the video feed to the cloud alerting me when it thinks somebody steals a book.
Now imagine that once you leave my bookshop, I take what I learn about you and turn that into extra money for me: I sell your wish list to others, and I get advertisers to pay me to target you based on your book interests. Also, that free security system let my landlord do the same, based on what else it learned about you while analyzing the security tapes.
My guess is that if I put that kind of disclosure on my imaginary bookshop, I wouldn't get many customers coming through my door. My bookshop would be rather empty, because although customers are happy if I use data linked to them to give them a better shopping experience, they would not be happy if I was using their information to monetize or trade or sell. The reason? Because any consumer-linkable information I collect belongs to the consumer, not to me.
This makes sense in the physical world, but somehow the Internet doesn't work this way. It should, but we're not there yet.
Somehow the Internet has convinced us that the price of better searches and entertainment only comes when others are allowed to trade, sell, or monetize the information that can be linked back to us. That's not fair, because your non-public information belongs to you, and, except for well-regulated and limited scenarios, nobody else should have the right to sell it, or use it to make money, or permit others to gather it from you.
In what kinds of scenarios can making a business out of consumer-linkable information be acceptable? Two examples come to mind: medical information and credit scores. Unlike the Internet, both medical information and credit scores involve well-regulated industries that have been built up around controlling how this information is protected, limited in its usage, and used appropriately. Strong consumer-focused laws make it clear that you own your data, and they provide protection against misuse. Your consent must be obtained, and only for specific use cases. We think these examples provide good models for how consumer-linkable information collected on the Internet should be handled.
Just because a company knows something personal about you, they don't have the right to sell or make money from others or trade it to somebody else. And they don't have the right to let others collect more linkable information about you. If a company does any of this, especially online while you visit its websites or use its apps, that company is a polluter, and they should be stopped.
Here's just a few examples of how a website or app can pollute your internet experience and take advantage of your linkable information:
- Google and Bing give you free searches in exchange for learning what you search for and click on, then use your information to charge advertisers to target you while you search.
- Taboola and Outbrain pay more ad revenue to news websites who let them track and target you based on what they learn about your interests.
- Google gives tens of millions of websites free analytics in exchange for collecting data on what you do on those websites.
- Meta, Google, Microsoft, Yahoo, and so many other ad networks have huge businesses based on them selling advertisers access to your information so you can be better targeted.
All of the above examples are unacceptable, because they're all trading in something that doesn't belong to them: information linkable back to you. Only polluters aggregate other people's linkable information and try to turn it into money. Only polluters claim that you gave them consent to resell and repackage and build businesses around your linkable information.
Meanwhile, the privacy debate swirling around various governments seems to be focused on how consumers can request to see what linkable information companies are exploiting, and whether they can request to be forgotten. There is talk about "do not sell" flags in browsers that websites and ad networks can voluntarily consume, but without any teeth behind them. We think these initiatives are missing the basic point: no company should consider consumer-linkable information theirs to resell, to trade, or to monetize outside of providing better and relevant first-party experiences directly back to the consumer.
The BigTech companies who grow their businesses by exploiting consumer-linkable information have been successful in fending off regulation of how they purchase, aggregate, use, and monetize this information. This needs to change.
This is why we've added two new polluter indicators, focused on customer-linkable information, to our list. AP-10 says companies can collect and use consumer-linkable information to improve their direct services, but they can't use it to sell, monetize, or improve third-party services. AP-11 says you can't let others collect consumer-linkable information on your site or in your apps.
It's time to call out this exploitative behavior for what it is: internet pollution. It's time for it to stop.