|
When considering how to manage data sharing and privacy concerns, it helps to have a baseline understanding of how the technologies that policy will influence actually work. How do companies such as Google, Facebook, and Amazon use the data they gather on their users? Application programming interfaces (APIs) are one type of technology used by the tech giants that compile user data to be analyzed and shared with third parties.
An API allows applications or computers to communicate with one another through a coded interface. They are designed to interconnect two or more online services to exchange relative data points. Along with reducing friction for users, APIs allow additional access to data about each customer that conducts transactions across different platforms.
Through APIs, platform companies gain more data about visitors to each other’s websites or apps. For example, Google Maps may help you locate restaurants, hotels, or businesses close to a chosen destination. And other apps share content focused on a similar topic, so if you follow your favorite sports team on an app, it will also populate with news stories, statistics, schedules, and weather that are sourced by other services outside that actual app. When a user interacts with an app, the API allows for an exchange of data about that individual user with third-party advertising companies. These advertising companies run ads alongside the original content provided by a content source, which is how apps can be “free.” The user is paying for it with their data that is shared on the back end.
Before the Cambridge Analytica debacle showed the world how firms in the internet data sharing business were gaining troves of data on individuals, it was common for third parties to have access to users’ relationship statuses, work histories, entertainment choices, religion, and political views. After Cambridge Analytica, there has been a revamping of the relationships between websites or applications that use API data.
Europe’s General Data Protection Regulation (GDPR) has also forced a rethinking of data collection. As a result of GDPR, certain apps now need to gate specific data geographically, (or possibly not collect any data at all) to comply with local laws.
APIs also allow users to log into an application using credentials for another platform service, such as Facebook or Google, and be recognized as a validated user. If you are using Facebook’s login credentials to make it easier for you to access another website, you have just agreed to the permissions given to the Facebook marketing API that will enable ads for the items or services merchants think the user may want to purchase. Platforms like Facebook, Amazon, and Google offer advertisers a view into customers’ interests to enable the advertiser to find and select audiences for their products. The marketing API is a fundamental tool for this action.
Data brokers may aggregate several data sources to create a file on individual users that they can sell to advertisers. These data files consist of information on users’ platform interactions, interests, and geolocation history. Marketing APIs identify information of value to the advertising client, for example the name, geolocation — including addresses, gender, age, household income, household composition, education, and other personal information — that a user has given over to a platform at some point in another transaction.
The news around the types and amounts of data advertisers have access to has brought public scrutiny to the practice of how an API can interact with an online service. There is a stronger interest in the types of user data shared between companies and their relationships to each other. Discovery of these data troves and how they are used have revealed the fine line between improving ad delivery and practices that are invasive on user privacy.
Users want their interactions with websites and apps to be more convenient, but without feeling like they’re being watched or traded as a commodity. It’s not always apparent to the user when they give consent to the app or if they can change that once an app has been downloaded and used. For example, if you visit a golf course’s website or app, you may want to access current weather and scheduling programs that may be provided by a third party to the website owner. How does a user choose if a third party is given access to their personal data to use all of the website’s features?
A convenience factor weighs against the privacy implications each user needs to consider. While some companies have publicly noted that they have tightened control of the API data on users sold to third parties, transparent policies on data exchange are still needed. It’s up to each user to choose what their tolerance for information exchange is on the data they create while using an app.
As user awareness of these data transfers across the app ecosystem increases, it will be up to users to decide whether the convenience is worth the invasion of privacy. But policymakers considering legislation and regulation around the use of data must understand how data is used to enhance user experiences. While the sharing of data may feel invasive, it’s also why an app or website can provide a more interactive and informative experience to users.
Policymakers considering privacy regulations must understand how companies use data to enhance the user experience. Data sharing enables many apps and websites to provide a more interactive and informative experience.
|
