You guarded your data carefully, but companies still seem to know about you and your movements across the internet and offline. How did it happen? 

This post is a summary of the article Shadow footprints and the provision of digital behavioral data: a digital civics perspective on psychology research @ Journal of Digital Social Research

Collecting Data

Companies collect data in a variety of ways, and things you do offline are now traceable like things you do online, creating new streams of data for companies to use. As data companies share, sell, and acquire new data sets, they put that information together.  When this happens the missing holes in the data become more obvious, and new technologies can help fill in the gaps. One way is because they are able to quickly figure out how the different pieces of data fit together- they can find similarities in pieces of data and recognise that this data is about you- making it almost impossible to remain anonymous- even when you think you are. Did you log into a fake account? The data probably still shows that you’re using the same IP address as your other account. Did you have to give your name, location, and birthday to sign up to a service? Its easy to put those pieces of information together as services share data. 

Another way is that the people who are connected to this missing hole in the data can also help to fill in the blanks. Is the hole around a bunch of family members? You can probably figure out who is missing- especially if family photos are posted.

There’s also another way we often don’t think about: demographic sampling.  It only takes a small number of people in a group to tell you a lot about what all the people in the group have in common. You may protect your own data, but if even a small number of people in your demographic -people you may not even know- share their information, companies can figure out targeted insights about you, even if you kept your own data private.

“In short, a lack of data is still data, and when all, or indeed most, of the surrounding data is present, it’s much easier to see the shape of the missing piece: in the case of individuals interacting within a networked, information-rich environment, this allows the formulation of fairly accurate and highly specialized profiles of individuals who, while they may not technically be present in the data environment themselves, can be extrapolated into digital existence by their surrounding data representations. We label this phenomenon, the shadow footprint” (p. 189)

Shadow Footprints

The term shadow footprint is a mix of the terms “shadow profile” (A concept observed by David Garcia, after a data breach at Facebook in 2012 revealed that they had data about individuals who weren’t signed up to Facebook) and a “digital footprint” (where an individual’s life and movements on and offline can be tracked using their personal data).

Shadow footprints aren’t just data and information from one profile- they include all of the data that is increasingly traceable across all of the plaforms and interactions of someone’s life-both on and offline. This means all the data that you may consensually give when you agree to terms and services on websites and social media apps, and all the dynamic data, like location data, that can be traced as you go about your daily routine with your phone in your pocket. But this also includes all the data that is collected, even when your consent is not required – data like the information that can be figured out about you based on what other people you know supply, or what companies can figure out about you by using information collected from other people you don’t know in your demographic who may have given up their data more freely. 

Is that even legal??

Unfortunately, despite a lot of concerns, there are very few laws that curtail such data collection and use. And the ones we do have don’t cover a lot of the eventualities people assume they protect against. So while companies have to ask you to consent to certain data being collected, this doesn’t even begin to touch on the various forms of data that companies can access and build without having to legally ask for your permission.

Your personal data is big business- and worth a lot of money, but companies encourage you to give it up in exchange for “free” use of their services. Every time you hand our personal information for use of a social media app, or a digital product, your valuable data goes into the hands of companies who can use or sell it.

A great example of the ways in which data can be used and constructed was put together by the New York Times, who created a visual map to show how location data could identify protestors, political actors, celebrities, and private citizens- literally tracing the steps in their daily activities. 

Specific Targeting

Not surprisingly, all of this information can be used to manipulate individuals, and it can also be used to guide the behaviour of entire groups of people- especially when combined with psychological know-how. This has huge implications on the daily lives of all people. From our purchasing choices to our political decisions, use of this data can target individuals most likely to act in certain ways, can subtly guide us toward certain paths, or can ally us with certain causes. For example, election manipulation relies on psychological principles such as group think, and affective polarisation (which spurs your emotions toward divisive feelings and practices)- combined with specific personal information, this can be used to build large groups receptive to certain ideas, with certain people singled out as more likely to act or lead others. It can also strengthen ties between these people and others more likely to follow them- building into larger and larger political actions.

“Shadow footprints provide increasing amounts of data about individuals leanings, that allow for the formulation of strengthened networks of common purpose, and the manipulation of group dynamics, that can achieve a multitude of aims specified by those who have the information made available by these shadow footprints” (p. 192)

Protecting Yourself

Data is sacred and personal. It belongs to you, and no one should be able to take it and use it against you! The extraordinary value of personal data means we shouldn’t give it away lightly- and services that demand it claiming to be “free” are not “free”- you are paying a high price for those services.

There are some things that we can do to protect our data. We can regulate data protection through strengthening data protection laws, enforcing these laws more strongly, and appointing independent oversight bodies to protect personal data. We can also educate people about the value of their data and the consequences of their ethical data decisions. We can also improve ethical frameworks and guidelines around the use of data: setting clear expectations for how data should be used. And finally, we can engage and strengthen our democratic institutions, encouraging public participation about data rights, Protecting individual rights while acknowledging community needs, and reinforcing the checks and balances on civic power. 

There is no perfect solution to this problem, but we must all work together to protect individual and community privacy rights.