The big four UK mobile phone companies – EE, Vodafone, O2 and Three – have been accused of selling potentially sensitive data to third parties without seeking the explicit consent of their customers and failing to provide any obvious way of opting out.
That is the damning claim of social entrepreneur and privacy campaigner Geoff Revill, speaking at the Privacy Advantage Summit in London. He has studied the sign-up contracts and privacy policies of the four main UK mobile service providers and found them wanting.
“Every day in the UK we are under mass surveillance by mobile companies with our every move tracked and annotated by commercial entities for their financial gain,” Revill said. “Worse, the vast majority of us are unaware that we opted into this tracking, and turning off location on our phones makes no difference at all.”
Location data is highly sensitive as it provides a record of where consumers have been and who else was there at the same time, Revill explained, giving the hypothetical example of a person who first visits their GP more frequently, then attends a hospital and then a specialist cancer clinic.
“In countries where the healthcare you receive depends on having the right insurance cover, this information in the hands of an insurer could mean that this person doesn’t receive treatment for cancer,” he explained.
Even if the data is anonymised before being sold on to third, de-anonymising records to re-identify an individual from their phone, location and browsing records can be trivial, Revill claimed.
He believes that the policies of all four mobile giants appear to allow for the collection of location data, with most probably collecting browsing and search history too, although this is hard to ascertain. Certainly all of them make it very difficult for the customer to opt out of this collection, either at time of sign-up or subsequently, Revill insists.
“Trust in a business is about confidence that our value exchanges are fair and equitable,” he said. “When a business takes and sells such insightful data as our movement history, and compounds their activity by making opaque that they do so and how to opt out of such an exchange, then we have to ask ourselves if we can trust businesses operating such unethical business practices.”