By Gavin Klose
(Co-founder, Feedsy)

I’m sure I’m not alone here. I’m sure many of you will have experienced the same thing I have. Every week, I receive around three calls – sometimes a little more, sometimes a little less – from ‘insurance research firms’ who try their best to get me to divulge personal details regarding my insurance.

These calls are obviously made by offshore call centres, using faked local phone numbers and dubious data privacy practices, and of course, I decline. I try to opt out, by verbally asking them to take me off the database, or by texting STOP to the relevant mobile number. Of course, the calls still come.

But, the question is, where are the calls coming from? Or, more appropriately, where are the callers getting my information from? The ethics – or lack of them – of cold callers have been discussed in detail, but what about the sources from which they draw their business leads?

In June 2018, ABC published some shocking findings from an investigation launched into applications and their data privacy and usage policies. The investigation found that even seemingly benign and actively useful applications such as the HealthEngine app – which helps users to book appointments with healthcare practitioners – are misleading the public by collecting personal data disingenuously, and then passing it on to third-party organisations as paid business leads.

The findings highlighted an average of 200 instances of client data being sold in this manner every month, between March and August of 2017. So what exactly is going on here, and how are the owners and operators getting away with it?

 

The Ambiguity of Consent

 

Of course, HealthEngine claims that their users provide full consent to the way in which their data is used, but, as so often happens, such details are buried in lengthy terms and conditions and simply go unnoticed.

Can this really be considered consent or a truly ethical referral? Is the issue with the application designers or is it with the general public who are simply unwilling to properly read the terms and conditions? This begs the question – as the intent has been published, albeit unclearly – have HealthEngine and others done anything illegal?

 

Is Public Apathy Fuelling the Problem?

 

It could just be that the public doesn’t care or at least that they don’t care enough to make their voices heard on the issue.

After all, they are receiving a free service. It could be that the public considers the corporate use of personal data to be a fair price to pay for such a service. Or it could be that people understand that businesses must make money and that selling on details is just another revenue stream.

Take Facebook, for example. In the wake of the Cambridge Analytica scandal, Facebook seemed to suffer no adverse effects and actually experienced an increase in user numbers and usage rates.

But perhaps the Facebook case is anomalous. Other data breaches and scandals – such as those involving eBay in 2014 and Yahoo in 2016 – did indeed result in a loss of business and in users voting with their digital feet and logging off such platforms.

 

What Is the Impact on Business?

 

So, in most cases, there is an impact on business. This impact can be wide-ranging. It is terrible for the brand – HealthEngine has gone from being perceived as kind and helpful to sneaky and underhand, almost overnight – and therefore it is terrible for advertiser brands too. This will certainly have an impact on the bottom line.

As we have seen from the cases of eBay and Yahoo, such breaches and such nefarious management of user data does have an impact on trust too. It remains to be seen, however, whether this impact will be enough to make unethical referrers change their ways.

 

A Change in Regulation or a Change in Behaviour?

 

So what comes next? Should companies be legally obliged to reveal the sources of their business leads? Should markets be made to make this known to the lead upon contact? Or is it up to users to say ‘no, you cannot use our data in this way anymore’?

The resolution is likely to be a mixture of the two. With regulators playing catch up with the rapid development of the digital economy, it is understandable that it will take time to truly legislate against unethical referrals. However, users must remain informed, responsible, and savvy when it comes to controlling their own data.

While the public continues to grapple with these questions in the still-evolving online landscape, we are working on our own answer: a peer-to-peer ethical referral product which we hope will provide some clarity to the debate and allow businesses to achieve leads without violating the privacy of users.

 

Image courtesy of Bryce Johnson, Flickr