Tag: data

By Riccardo Spagni for Fin24

Privacy is widely held as a fundamental human right and is recognised in the UN Declaration of Human Rights, the International Covenant on Civil and Political Rights and in the Constitution of nearly every country in the world.

Privacy is becoming a growing concern as the world continues its mass digitisation. As we move more of our day-to-day business and personal communications and interactions online, the trail of personal data breadcrumbs we leave behind grows.

Take something as simple as an online transaction: when the average consumer pays a merchant in Europe via their PayPal account, their data goes to as many as 600 different companies. The consumer has zero visibility over any of the companies involved. The amount of metadata about our lives is staggering – and we have no control over any of it.

Financial privacy and its malcontents

Regulators have tried to resolve some of the issues around data privacy and use of personal information by businesses. The European Union’s General Data Protection Regulation is a far-reaching piece of legislation that aims to protect EU citizens from unwanted or unauthorised personal data use. Although the upper limits of its sanctions still need to be tested, GDPR promises fines of up to €20-million to organisations that compromise the personal data of any EU citizen.

But for most transactions, consumers and businesses remain at the mercy of a vast network of interlinked companies that process and distribute our personal metadata across the globe. A lot of this is driven by convenience: when cash was still the preferred payment method, people enjoyed a fair amount of privacy as cash transactions can be concluded away from any prying eyes.

With the introduction of electronic payment methods such as wire transfers, SWIFT, credit cards and mobile payments, privacy has been sacrificed for convenience. The amount of Know-Your-Customer (KYC) and Anti-Money Laundering (AML) processes in place means consumers have little in the way of financial privacy as financial services firms are bound by law to constantly analyse transactions for any irregularities and report them to authorities where appropriate.

Shining a light on criminality

Financial crime is a massive problem. A 2018 Thomson Reuters survey of 2373 respondents in 19 countries – including South Africa – found that the aggregate lost turnover as a result of financial crimes amounted to $1.45-trillion, or 3.5% of their total global turnover. In Europe, on average one in every 200 transactions reviewed by bank compliance officers lead to a criminal investigation, but only 1% of criminal proceeds generated in the EU are confiscated by authorities.

But financial privacy is not only important to criminals; it is a critical safety measure for every digital citizen. Without financial privacy, personal and financial safety can be compromised by criminals who could, for example, see the value of a purchase that someone made – as well as their personal details – and use that information to target them with criminal activities. As a business, financial privacy keeps intimate business details such as salary information, profit margins and revenue away from unwanted eyes.

Cryptocurrencies often come into the firing line for their anonymity and lack of regulatory oversight. High-profile examples of illicit purchases on the dark web using cryptocurrencies have made regulators wary of their potential for driving criminal activity.

Not all cryptocurrencies are made equal

A large part of the appeal of cryptocurrencies is that they are more discrete than mainstream payment methods. And while this is partly what makes them attractive to criminals, it is unfair to assume all discrete transactions are criminal. We all make purchases we would rather other people not know about, for fear of embarrassment or judgement. Anonymity also has its benefits: who hasn’t suddenly seen a spike in advertisements related to something you once searched for online, or saw similar products to one you’ve just bought advertised on sites you visit?

Privacy enhancing cryptocurrencies are built on five pillars, namely:

  • Unlinkability, which conceals where transactions are going to;
  • Untraceability, which conceals the origins of transactions;
  • Cryptgraphically valueless, which hides the value of a transaction;
  • Passively hidden, which conceals the transaction from other internet users; and
  • Optionality, which maximises the privacy set while still enabling you to reveal information should you need to.

But not all cryptocurrencies are created equal. And not all have the privacy of their users as a primary concern. Cryptocurrencies such as Monero were built to provide users with the optimum amount of privacy. That’s why I’d add a sixth pillar to the above, namely Ideology. Since cryptocurrencies involve thousands – even millions – of people, it is critical that the cryptocurrency is managed according to a strict set of privacy-enhancing guidelines.

Every contributor to Monero, for example, understands they are responsible for other people’s money, privacy and, by extension, safety. Contributors could, through reckless actions, compromise someone’s financial security or even their lives. Any privacy project that treats it with less care is indistinguishable from a scam and can put people’s lives at risk.

There’s a popular argument that honest people don’t need privacy since they have nothing to hide. But that’s fallacy. As Edward Snowden put it, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different to saying you don’t care about free speech because you have nothing to say.”

Financial privacy is a fundamental human right. Technology can be both the greatest inhibitor or promoter of privacy. The responsibility rests on all of us who participate in the new world of cryptocurrencies to ensure we protect the privacy of our users.

By Jamie McKane for MyBroadband

A Vodacom customer contacted MyBroadband this week stating that their mobile data bundles were being depleted on a “Last In First Out” (LIFO) basis, which is in contravention of ICASA’s regulations which came into effect on 1 March 2019.

Among other requirements, these regulations require networks to deplete data on a “First In First Out” (FIFO) basis.

This means that your older data bundles should be used up before your newer bundles in order to optimise the amount of data eligible for rollover.

Depleting newer data bundles first means that the average expiry date of a customer’s rolled-over data balance becomes earlier.

The customer who contacted MyBroadband received a 20GB data bundle on 1 March 2019 and was left with 4.27GB of this bundle on 31 March 2019. On 1 April 2019, the customer then received a new 20GB data bundle.

According to the FIFO system, the bundle with a balance of 4.27GB should have been depleted first when usage occurred – but the new 20GB bundle which expired on 30 April began depleting instead.

MyBroadband contacted Vodacom for feedback on this case to determine whether this was an isolated incident or a possible failure to switch to the new rules.

Vodacom responds
Vodacom told MyBroadband that applying new systems in line with the regulations to its large customer base was a technical challenge.

“To meet the requirements of the regulations, Vodacom had to apply an order of consumption rule change to a base of over 40 million subscribers in addition to a number of other changes brought about by ICASA’s charter,” Vodacom stated.

“As one might expect with a complex and technical implementation of this magnitude – arguably one of the largest in Vodacom’s history – there will be some glitches.”

Vodacom said its technical team has worked tirelessly to resolve these when they arise and is currently investigating the case mentioned above.

“[The affected customer]’s case is an isolated incident that our technical team is currently investigating as all customers should have their data depleting according to the FIFO order of consumption rules,” Vodacom stated.

Vodacom added that its new data depletion system has already been implemented which automatically prevents out-of-bundle use.

Customers can also purchase Vodacom’s Data Refill product or set an out-of-bundle limit if they wish to retain connectivity after depleting their data bundle.

By Chantall Presence for IOL 

Vodacom on Wednesday announced it would rollover data for free following outrage from its customers and South Africa’s telecommunications regulator.

The mobile operator had initially indicated it would charge customers R49 to rollover unused data or transfer to data to friends and family.

In a statement, Vodacom detailed its new tariffs ahead of new data rules taking effect this week.

“From 1 March, remaining data on bundle purchases by all customers will be rolled over at no additional charge once a customer purchases the same bundle as the original one,” the statement said.

Transferring unused data will, however, come at a cost.

“Customers will be able to transfer data that is about to expire to friends and family on the Vodacom network for fees ranging from free for 50MB up to a maximum of R20 for 1GB.”

In a bid to lower the high cost of data in South Africa, the End-User and Subscriber Service Charter regulations were amended and come into effect on Thursday.

The new rules on data include consumers being notified of how much data they are consuming, people being given the option to roll over or transfer data before it expires, and mobile operators not being able to charge consumers out of bundle rates without their prior consent.

Rain and Huawei roll out high-speed 5G in SA

By Siseko Njobeni for Business Live

SA’s data-only network operator Rain, which is partly owned by businessmen Patrice Motsepe, Paul Harris and Michael Jordaan, has partnered with Chinese telecoms giant Huawei to roll out the high-speed 5G network by the middle of 2019.

The roll-out will make SA one of the first countries to launch 5G, which promises faster download speeds, reliable network connectivity and the ability to connect more devices at once.

“The network will provide fibre-like speeds without installation complexities, time delays and cost of laying fibre in underserviced areas,” Rain CEO Willem Roos said on Tuesday.

Rain and Huawei made the announcement at the 2019 Mobile World Congress in Barcelona, Spain, where 5G took centre stage.

“5G is here. If there is any doubt, you only have to walk around [the conference],” said Harris, who is also Rain chair.

He said that the development of 5G products later in the year would hit the industry like a tsunami.

Roos said Rain would take advantage of its existing 4G network and allocated spectrum.

Huawei said its products would enable Rain to use the existing network, saying leveraging existing infrastructure would accelerate the roll-out of the 5G network. Rain had about 3,000 4G sites in SA, Roos said.

“It is well-known that as broadband penetration increases in a country, you get better economic growth. With better economic growth, you can see improvement in employment. We are big supporters of [President Cyril Ramaphosa’s plan] to re-energise investment in SA.

“We made a promise to invest a significant amount of money in 5G,” Roos said.

“We hope to have rolled out a significant number of towers in [Cape Town, Johannesburg and Durban] by mid-2019 to offer commercial services to clients.”

Rain planned to roll out the network rapidly, aiming for “significant” coverage in metropolitan areas initially, he said. The company said it wanted to deploy 1,000 5G sites in major cities in the next two years.

Responding to a question during the announcement, Roos said Rain had no immediate plans to expand to the rest of Africa. “Obviously, there is complexity around spectrum, licences and those kinds of issues. Certainly, SA can play a crucial role as the gateway to Africa. We will see if commercial opportunities that make sense arise.”

GSMA director-general Mats Granryd said: “The arrival of 5G forms a major part of the world’s move towards an era of intelligent connectivity, which alongside developments in the Internet of Things, big data and artificial intelligence, is poised to be a key driver of economic growth over the coming years.”

GSMA is a global mobile industry body.

It said in a report that 5G would account for 15% of global mobile connections by 2025.

What it costs to send a WhatsApp message in SA

By Jamie McKane for MyBroadband

WhatsApp has become the most popular messaging app for smartphones in South Africa, thanks to its cheap messaging costs compared to standard SMS rates offered by mobile operators.

The app offers South Africans a way to call, text, and share media with each other at rates far lower than anything offered by mobile networks, even when using a mobile data bundle.

Our previous tests have shown that using WhatsApp to call over a mobile data connection is far cheaper than making a cellular call to another user.

However, other forms of communication offered by the app use different amounts of mobile data.

We therefore tested how much data was used by different types of WhatsApp messaging and calling options.

Data usage
The WhatsApp data usage was measured using WhatsApp’s built-in network usage tools, which provide a refined data usage measurement for smaller options such as text messages.

Data on video and voice calling over WhatsApp was sourced from MyBroadband’s previous tests.

We used two Android smartphones for this test, sending one message at a time between the devices and monitoring the data usage reflected within the application.

The data usage for text messages, standard-resolution photos, one-minute voice calls, 30-second voice notes, 10-second videos, and one-minute voice calls was collected and compared to provide an overview of the data usage requirements for WhatsApp on a modern smartphone.

From the data we collected, it is apparent that certain functions such as voice notes and standard text messages use very little data and can be quite optimal for communicating over mobile data.

To determine how much each message would cost, we compared the amount of data used for each message type with the price of a 1GB data bundle on each mobile network in South Africa.

Standard 1GB mobile data bundle pricing was used to provide parity with Rain, which charges a flat R50-per-GB rate on its data-only network.

We used these prices to calculate a price-per-MB, which was then used to calculate how much each WhatsApp message type would cost on the mobile networks.

The results are posted below:

By Emily Glazer, Deepa Seetharaman and AnnaMaria Andriotis for Wall Street Journal 

The social-media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking-account balances, as part of an effort to offer new services to users.

Facebook increasingly wants to be a platform where people buy and sell goods and services, besides connecting with friends. The company over the past year asked JPMorgan Chase JPM 0.37% & Co., Wells Fargo & Co., Citigroup Inc. C 0.01% and U.S. Bancorp USB 0.70% to discuss potential offerings it could host for bank customers on Facebook Messenger, people familiar with the matter said.

Facebook has talked about a feature that would show its users their checking-account balances, the people said. It has also pitched fraud alerts, some of the people said.

Data privacy is a sticking point in the banks’ conversations with Facebook, said people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many 87 million Facebook users without their consent.

One large U.S. bank pulled away from the talks due to privacy concerns, some of the people said.

Facebook has told banks that the additional customer information could be used to offer services that might entice users to spend more time on Messenger, a person familiar with the discussions said. The company is trying to deepen user engagement: Investors shaved more than $120 billion from its market value in one day last month after it said its growth is starting to slow.

Facebook said it wouldn’t use the bank data for ad-targeting purposes or share it with third parties.

“We don’t use purchase data from banks or credit-card companies for ads,” spokeswoman Elisabeth Diana said. “We also don’t have special relationships, partnerships or contracts with banks or credit-card companies to use their customers’ purchase data for ads.”

Facebook shares climbed sharply Monday on the news, rising 4.45%, marking the biggest one-day gain since last month’s historic drop.

Banks face pressure to build relationships with big online platforms, which reach billions of users and drive a growing share of commerce. They also are trying to reach more users digitally. Many struggle to gain traction in mobile payments.

Yet banks are hesitant to hand too much control to third-party platforms such as Facebook. They prefer to keep customers on their own websites and apps.

As part of the proposed deals, Facebook asked banks for information about where their users are shopping with their debit and credit cards outside of purchases they make using Facebook Messenger, the people said. Messenger has some 1.3 billion monthly active users, Chief Operating Officer Sheryl Sandberg said on the company’s second-quarter earnings call last month.

Alphabet Inc.’s Google and Amazon.com Inc. also have asked banks to share data if they join with them, in order to provide basic banking services on applications such as Google Assistant and Alexa, according to people familiar with the conversations.

Facebook has taken a harder public line on privacy since the Cambridge Analytica uproar. A product privacy team has announced new features such as “clear history,” which would allow users to prevent the service from collecting their off-Facebook browsing details. It also is making efforts to alert users to its privacy settings.

That hasn’t assuaged concerns over Facebook’s privacy practices. Bank executives are worried about the breadth of information being sought, even if it means their bank might not being available on certain platforms their customers use. Bank customers would need to opt-in to the proposed Facebook services, the company said in a statement Monday.

JPMorgan isn’t “sharing our customers’ off-platform transaction data with these platforms, and have had to say no to some things as a result,” spokeswoman Trish Wexler said.

Banks view mobile commerce as one of their biggest opportunities but are still running behind technology firms such as PayPal Holdings Inc. PYPL 0.62% and Square Inc. Customers have moved slowly, too; many Americans still prefer using credit or debit cards, along with cash and checks.

In an effort to compete with PayPal’s Venmo, a group of large banks last year connected their smartphone apps to money-transfer network Zelle. Results are mixed so far: While usage has risen, many banks still aren’t on the platform.

In recent years, Facebook has tried to transform Messenger into a hub for customer service and commerce, in keeping with a broader trend among mobile messaging services.

A partnership with American Express Co. AXP 1.04% allows Facebook users to contact the card company’s representatives. Last year, Facebook struck a deal with PayPal that allows users of that payment service to send money through Messenger. And Mastercard Inc. MA 0.54% cardholders can place online orders with certain merchants through Messenger using the card company’s Masterpass digital wallet. (A Mastercard spokesman said Facebook doesn’t see the card users’ information.)

Rain takes on Vodacom, MTN

By Nick Hedley for Business Day 

The new mobile operator backed by prominent businessmen Patrice Motsepe, Paul Harris and Michael Jordaan is taking the fight over data prices to sector giants Vodacom and MTN.

Rain, a data-only network operator that launched mobile services two weeks ago, wanted to win over its rivals’ heavy data users with a simpler offering and competitive prices, CEO Willem Roos said.

Amid a decline in traditional voice revenues and public scrutiny over connectivity costs, data is becoming a major battleground for SA’s telecommunications companies, and the market is ballooning – Vodacom, MTN, Cell C and Telkom generated a combined R47bn in data revenues in SA in their financial years ended December and March.

Rain does not offer traditional voice services, but sells data for R50 a gigabyte, while outside of peak evening hours, its customers can use unlimited data for R250 a month, according to Roos, the former CEO of Outsurance.

In the two weeks since launching the product, “our business volumes have surprised us slightly on the positive side, particularly since we didn’t do any advertising”, he said.

“I really think we’ve addressed a few pain points in the market that customers have experienced, and although our offering is somewhat limited geographically and in being data only, for customers where that makes sense, I think it’s quite a compelling product.”

The metropolitan-focused operator plans to grow its network from 2,100 cellphone towers to 5,000 within the next three years.

Rain, which also offers fixed-wireless services, had mostly resolved “teething problems” related to delayed deliveries of SIM cards, Roos said.

The company, which is more than 40% black-owned, was promoting dual-SIM phones, where customers used Rain for data services and a rival’s network to make traditional voice calls. Roos said some customers were becoming comfortable with the idea of ditching voice-enabled SIM cards altogether and making all their calls on WhatsApp and other internet-based services.

With Rain’s coverage confined to cities and large towns, “we accept it’s slightly a niche product, but not small — I still think there are millions of people it would appeal to”.

Rain already lets Vodacom roam on its network and Roos said that it was considering giving mobile virtual network operators access to its spectrum and infrastructure.

“We have had discussions with a number of players. But I think the data-only aspect still needs to be proven, and we’re also keen on building our own business because the real value would lie in building a good retail business…. We’d like to become a decent-sized player.”

Africa Analysis director Dobek Pater said while it would take time for Rain to build market share, its mobile offering was likely to have a “significant” effect on the market.

It could stimulate competition by allowing new operators to use its network, while its larger competitors would probably have to reduce their data prices further, Pater said.

Bar some of Telkom’s offerings, Rain was the cheapest operator in the market for consumers who used less than 20GB of data a month.

“In terms of what Icasa [the Independent Communications Authority of SA] and the Competition Commission are trying to achieve in terms of reducing data prices and the cost to communicate, that will transpire to a large extent through private sector initiatives anyway. Competitive market forces will force prices down even further.”

By Tehillah Niselow for Fin24 

Liberty Holdings customers received SMSs on Saturday alerting them that personal information related to their insurance policies could have been stolen by an external party.

The Information Regulator, which has asked for information about the Liberty breach, is clearly concerned about the increasing number of cyber attacks affecting personal data in South Africa.

“Without a fully functional Information Regulator, these breaches will continue to occur without sanctions provided for in the Protection of Personal Information Act (POPIA),” said chairperson Advocate Pansy Tlakula.

Tlakula urged “the powers that be to assist it in fast tracking its operationalisation”.

According to corporate law firm Michalsons, certain limited sections of POPIA have already been implemented. However, the bulk of the legislation will only commence at a later date, to be proclaimed by the president. As there is a one-year grace period, the POPIA deadline might only be set for the end of 2019 or in 2020.

In the meantime, South Africans are coming under heightened attack from cyber criminals and hackers.

Andrew Chester, MD of Ukuvuma Security, told Fin24 that affected clients or users should immediately alert their banks and cellphone provider. They should also undertake a credit check as well as a Google search to determine whether their personal information is in the public domain.

Liberty email hack

In SMSs to clients on Saturday, financial services company Liberty informed them that its email repository had been breached by a third party trying to demand a “ransom” in exchange for the data.

Liberty has not revealed much about the breach, citing a police investigation. CEO David Munro confirmed that Liberty’s insurance clients were the only ones affected, and that none of its other business had been compromised.

The company said none of its clients have been impacted financially, and that individuals will be personally advised if their information has been affected.

ViewFines licence details

In May the Hawks, the State Security Agency and the Information Regulator said they would probe the breach of personal records of 943 000 South African drivers, allegedly from online traffic fine website ViewFines.

The information reportedly contained the names, identity numbers and email addresses of South African drivers stored on the ViewFines website in plaintext.

The ViewFines website is owned by Aggregated Payment Systems. News24 reported that its operations manager confirmed the company was “implementing security measures immediately” to improve the website after being informed of the breach.

The source of the data was located by Troy Hunt, an Australian security researcher and creator of the free service Have I Been Pwned, which checks whether an individual’s information has been compromised.

Facebook scandal

While Facebook founder and CEO Mark Zuckerberg had to face angry lawmakers in the US and European Union, it was reported that the data breach involving the UK political consultancy affected almost 60 000 South African users.

In May, the Information Commissioner’s Office of the United Kingdom (which regulates Facebook outside the US and Canada) advised the Information Regulator of South Africa that over 87 million people had been affected worldwide.

However, no evidence could be found of South Africans having been targeted, as the majority of users involved were in the US.

Master Deed’s data breach “biggest” digital security threat in SA

Hunt was once again instrumental in revealing what was known as the “biggest” data breach in South African history, together with iAfrikan CEO Tefo Mohapi in October 2017.

Over 60 million South Africans’ personal data, from ID numbers to company directorships, was believed to have been affected.

The information was traced to Jigsaw Holdings, a holding company for several real estate firms including Realty1, ERA and Aida. The information reportedly came from credit bureau agencies, and was used to vet potential clients.

The information trove was found not to have been hacked, as it was stored in an easily accessible manner on an open web server.

Ster-Kinekor’s database compromised

Movie theatre chain Ster-Kinekor was responsible for up to 7 million South Africans falling victim to a data leak in March 2017.

Fin24 reported that Durban developer Matt Cavanagh announced he had discovered a flaw in Ster-Kinekor’s booking website, and that he had reported it to the company.

There were between 6 and 7 million users in the database. Of those, 1.6 million people had email addresses linked to them on the movie theatre chain’s database.

By Harry Pettit for MailOnline 

An ’embarrassing’ leak shows the European Union has fallen short of its own data protection laws.

The European Commission’s website has published 700 records, including the names, addresses and mobile numbers of conference attendees, according to a report.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR).

The Commission has previously warned that those who breach these rules, which came into force last week, could face millions in fines.

Following the leak, a spokesperson said the authority was exempt from GDPR laws for ‘legal reasons’.

Officials in Brussels will follow a similar set of new laws that ‘mirror’ those laid out in GDPR.

These rules will not enter force until autumn, according to the Telegraph.

The spokesperson added that the Commission is ‘taking and will continue to take all the necessary steps to comply’.

GDPR aims to strengthen and unify data protection for all individuals within the EU, which means cracking down on how companies use and sell user data.

Under GDPR, companies are required to report data breaches within 72 hours, as well as allow customers to export their data and delete it.

Companies scrambled to comply with the rules before they were ratified on May 25 with the Commission threatening hefty fines for those who breached them.

The bureaucracy’s website exposed 700 records that include people’s names, professions, and even some postcodes and addresses.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation. GDPR aims to strengthen and unify data protection for all individuals within the EU.

The records, some of which featured the private information of Britons, were collected during EU meetings and conferences and stored on data spreadsheets.

Tech website Indivigital found the documents are among thousands hosted by the website Europa.eu that are freely accessible online.

Many of them could be found by simply searching for the document on Google.

This leak would constitute a breach of GDPR rules were the blunder committed by other organisations or businesses.

What is GDPR?

The General Data Protection Regulation is an EU-wide law that cam into force on May 25 2018.

It gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.

For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data.

It also grants users a right to easily access the data collected from them and transparency on how it is being used.

Everyday users have to do very little to comply with GDPR – it’s more targeted at big online businesses.

Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines.

This ends territorial-based accountability used by some firms not based in the EU to previously avoid sanction.

The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around leaks.

The weight of fines able to be issued has also increased under GDPR.

Regulators will be able to issue penalties equivalent of up to four per cent of annual global turnover or 20 million euro (£17.5 million) – whichever is greater.

For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.

Fines for such a breach can reach up to £17.5 million ($23 million) or four per cent of global turnover – whichever is largest.

Jon Baines, a data protection expert at law firm Mishcon de Reya, described the ‘irony’ of the EU’s admission.

‘Although the information disclosed here does not appear to be particularly sensitive, it does raise questions about the general level of compliance, and whether any further inadvertent disclosures have been made,’ he told the Telegraph.

Steve Gailey, security expert at database security firm Exabeam, added that the exposure ‘is embarrassing for the EU, coming hot on the heels of GDPR’.

By Scott Duke Kominers for Bloomberg 

How much is your privacy on Facebook worth?

This question has seen renewed attention following the revelation that political analysis firm Cambridge Analytica, hired by the Trump election campaign, gained access to the private information of more than 50 million users. One of the possible responses that’s generated some discussion is the creation of a paid tier that’s free of ads and data sharing. 1 Such an option would likely be socially beneficial and have considerable public appeal. But my guess is that it would be pretty expensive, too.

Let’s start with some rough calculations. Facebook’s annual ad revenue was about $40 billion in 2017, with 2.13 billion monthly active users. That means the average user is worth roughly $20 in ads to Facebook a year. That’s probably already a lot more than many users would pay for privacy on the social network.

But the price also depends on who would choose to pay for greater privacy. And it’s likely that many of the users who would opt for more protection could be worth more than $20 each to the company.

Why’s that? First, the value of keeping your data private increases with the amount of data you provide on the platform; by the same token, the more data you give Facebook, the better it can advertise to you. Similarly, you might find privacy especially valuable if there’s something unusual or unique about you that makes you especially easy to target.

The people who can afford a paid tier are on average wealthier; that too makes them more valuable to advertisers. And some of them already have browser ad blockers, so it’s hard to reach them via other channels.

To make up for those sorts of customers opting out of data sharing, Facebook would have to charge a lot more than the average of $20 just to break even. A back-of-the-envelope estimate based on the Pareto principle — 80 percent of the ad revenue coming from 20 percent of users — suggests that if mostly high-value users purchase privacy, then Facebook would need to charge closer to $80 a year.

That’s much more than even high estimates of the value most people attach to having access to Facebook. And it’s still a substantial underestimate of the likely price. According to Facebook’s annual report, the company’s 239 million North American users are responsible for a bit less than half of ad revenue; applying the Pareto principle to them would suggest annual privacy prices in the range of $325 a person.

If price alone were the question, Facebook might indeed want to charge huge amounts for enhanced privacy. The users who buy out won’t all be the most valuable users, and it would be pretty lucrative if the company could sustainably charge some customers much more for privacy than the annual ad revenue they generate. But that’s unlikely to work out in the long run.

Putting a high price on privacy would make it clear just how much Facebook’s user data is worth. We’d probably see increased calls to share that value by giving users a portion of revenues. The consumer-led drive for increased privacy would likely accelerate, too, prompting a growing number of users to leave the platform (assuming they can’t afford or are unwilling to pay for greater privacy).

A user exodus plus enhanced scrutiny of data practices would quickly eat away at the profits from offering the paid tier, making the whole thing a losing proposition.

Facebook must have run the numbers on this already, using much better information than we have here. The idea of a paid tier isn’t new; if Facebook hasn’t offered such an option, the company probably thinks it would be a money-loser. So if we want Facebook users to have control over how their data is shared, we may need outside pressure. The company isn’t likely to provide the option on its own.

It’s also worth noting that advertising and data sharing don’t have to be completely coupled. Facebook could enhance privacy directly by adopting data protection strategies based on privacy science, as Apple, Google, and the Census have in some of their applications.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top