Wednesday , February 24 2021

GDPR allows users to see the collected data. Journalists can not read it directly – Security – cnBeta.COM

In recent years, technology companies have dominated a large amount of data about people. If they fall into the wrong hands, they can pose a great danger. In response to this danger, Europe has enacted the General Data Protection Regulations (GDPR), which gives users a greater "right of access." According to the regulations, any company must provide users with data collected and hosted by them.In addition, these companies must provide data in an easy way for users to read in a timely manner and provide enough background information to help users understand how the company compiles and uses this information.

The original intention of GDPR is that when users understand what data the company has, it can be used to make informed decisions, such as deciding whether to provide these data and collect data without their consent. Let these companies pay the price.

The problem, however, is that companies are often ashamed to provide this information. After all, if your services are basically "forced consent" (Google has recently been fined $ 50 million), you might not want to let users see how much personal information they collect. Technology reporter Jon Porter decided to test the "access rights" offered by the four largest technology companies operating in the European Union: Apple, Amazon, Facebook and Google. Their findings show that, although users can obtain raw data, it is really difficult to understand, and it is difficult to make informed decisions based on this data.

According to the rules of the ICO of the United Kingdom data protection regulator, companies must provide all personal data, that is, any identifiable or identifiable data related to natural persons, at the request of the # user Information must be provided to people in a "commonly used electronic format" in a "concise, transparent, comprehensible and accessible" manner, using clear and concise language. " It seems simple, however, how do the giants of the Four Great Technology do it?

Initially, Porter easily downloaded their data. Both Google and Apple data download services allow you to choose which data you want to download. Facebook does not do it, but these three companies are easy to find personal information on their websites. At the same time, obtaining data on Amazon is a bit complicated and you need to make a touch on the "Contact Us" page of the site to find options that are hidden at the bottom of the list. Potter waited 30 days before receiving the link to download his data.

However, when Potter looked at the data he received, things got messy. Some files have ambiguous tags and the file format of other files is a headache. In fact, discovering what Potter is looking is not as simple as he thinks.

Tracking data for Google locations is especially hard to understand. The company has been criticized several times to track users of Android, even if they have disabled the main feature of tracking locations on the operating system. Consumer groups from seven European countries have filed complaints with their respective data security regulators, using the rights granted by GDPR to download personal data, which should be a way of verifying whether these services use certain techniques to collect more data . It should be a means to allow companies such as Google to assume responsibility.

But when you observe the data, it is difficult to see and understand. All Google Porter location data is contained in a 61MB JSON file, and when it is opened with Chrome, it shows a confusing variety of fields called "timestimpms", "lattudeE7", "logitudeE7" and an evaluation of If you are sitting on the site or sitting in a certain mode of transport.

Porter said that he has no doubt that this is all the information about the location history that Google has linked to his account, but without context, the data makes no sense. You have to work hard to begin to understand these numbers and import them into another software for a proper analysis. If the purpose of GDPR is to give people more control and understanding of the data collected from the company, this part of the data downloaded by Google is almost useless. If you want to enter data on another system, JSON is great. But if you want to evaluate the amount of data that Google has and make informed data privacy decisions, they are not so useful.

Regarding other files, Porter does not even know what data he was looking at. A 4GB HTML file called "My activity" in the ADS folder can show you a lot of content related to the ad tracking data collected by Google, but there are no comments or metadata to explain it.

So far, these files are the most confusing and most important of the complete data download. They contain lots of personal information that potential advertisers want, and Google should work harder to explain the meaning of the information. The company has provided index HTML files to summarize user data, why not include information about the contents of each file?

Despite the problems, Apple's performance in publishing data is better than Google's. Most of the data that Apple provides are easy to read and understand, such as CSV, TXT and JPG, with just a few JSON files. However, when you enter these files, there is still a lot of information that is difficult to understand.

For example, the file called "Apple ID account information" seems to contain 11 registrations on almost the same in the Porter Apple account, all of which were created on the same date in 2014, but Apple does not he explained what they are What? Another unbelievable CSV "Apps and Service Analytics" file seems to contain a complete list of all Porter searches on the App Store, but it has too many empty cells, only when you see a file of 6.7MB. There is data

Although it is horrible to listen to all Alexa requests, Amazon has done a much better job of presenting data, but it may have relatively little support for people. In most cases, the files and folders provided by Amazon have a clear label, although the company still has some jobs to do to better mark the content of the spreadsheet.

The irony is that Facebook actually has the most understandable data among the four services. First of all, each file provided by Facebook is an HTML file, and each document is sorted in a clearly marked folder, which provides the user with an overview of what each document contains. The files themselves have a clear design and format, and their navigation seems to browse a page on Facebook, although one of the pages is completely stored on the user's computer.

Facebook downloads include files of long indexes that show users where to find all of their information

It is horrible to see the amount of personal information stored in Facebook, but at least you know exactly what the information is, without guessing it based on the content of each file.

At the end of the experiment, Porter found almost 138 GB of data in the four services he contacted. Among them, 1.1GB comes from Facebook, 392MB comes from Amazon, and 254MB comes from Apple. Although Google has 72.5 GB of data for Potter downloads, most are Google Drive and Google Photos backups, which are 44.3 GB and 25.7 GB, respectively. The remaining Google data is only 2.5 GB.

After trying to solve and understand everything, it is clear that if these companies want us to really control their data, they still have a long way to managing their GDPR regulations. Being able to download data is one thing, but to make it useful, it means working harder to make sure that the downloaded content is easier for ordinary people. At a minimum, this means that these companies must provide a better index to explain to users what information they are in this file, but it also means that they can organize the content of these files in their own way .

Source link