Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Meta Pixel. Show all posts

The Met Police passed victims' data to Facebook

 


Using its website to report crimes, such as sexual offences, domestic violence, and other crimes, the most powerful police force in the country gathered sensitive details about the people using the site. Observer reports that Facebook shared users' data to target advertising to them during their visit. 

As part of the analyses, the Metropolitan Police website included a tracking tool that recorded information about people's browsing activity and about the "secure" online reporting form they used to report crimes and crimes against them. 

Using a tracking tool called a Meta Pixel used on the police force's website, the police force sent the information, which included the type of offence being reported and the Facebook profile code of the user, to the social media giant. 

A week after The Observer published its findings on Meta Pixel tracking, the Met removed the tracker from its website. This was after The Observer raised concerns about its use. There is something wrong with this approach as it demonstrates a lack of respect for human rights and human dignity. Additionally, the report added that no personal data - such as the messages they sent to police when reporting a crime - was exchanged with the police based on the responses they provided. 

There was a suggestion that data transmission had been accidental. A tracking tool has been installed at Met to help serve ads to people who indicate they are interested in becoming a Met member. Several steps were taken to ensure that any Meta Pixels from pages that were not related to recruitment marketing campaigns on the Met's website, as well as any Pixels placed on pages that were not related to recruitment, were removed to avoid unnecessary concerns. 

When the Observer analysed police websites across England, Wales, Scotland and Northern Ireland, it found that the Met was using the pixel to track its visitors. The tool was found to be being used by four police forces, including the Metropolitan Police, during the testing last week. Additionally, there were three other police forces involved: Police Scotland, Norfolk Constabulary, and Suffolk Constabulary. 

As with the Met, Norfolk and Suffolk have also provided data about how people access sensitive web pages. This data was shared with the Met. As a result of this, Norfolk and Suffolk police have said they have been using the tracking tools “for recruitment purposes” when web visitors clicked links to report antisocial behaviour, domestic abuse, rape, hate crimes, and corruption, as well as when they clicked the “Tell us something anonymously” button. The tracking tools, Norfolk and Suffolk police have said, were used “for recruitment purposes”. 

There is criticism from victims' charities and privacy experts who have called this exchange of data a shocking violation of trust, one that could undermine the confidence of the public in the police. 

Dame Vera Baird, the former victims’ commissioner, said: "You think you are dealing with a public authority you can trust and you are dealing with Facebook and the wild world of advertising." 

Using advertising pixels in this context, said Mark Richards, a privacy researcher who focuses on online privacy, is like asking a person to report a crime while a stranger is present in the room. 

The Alan Turing Institute's director of ethics, Prof David Leslie, has said that the collection and sharing of the data feels "reckless", and that people appear to have been given "partially" or "misleading" information about how their data will be considered. 

The UK's privacy watchdog, the Information Commissioner's Office, said in a statement that the findings raised serious privacy concerns. These sites are for the convenience of crime victims, as well as their family members and witnesses. They would expect their information to be handled thoughtfully," the report said. There is already an investigation being conducted by it into the use of the Meta Pixel by NHS trusts on their websites, and according to it, the latest evidence will be taken into account. 

To reach people who have visited their websites in future marketing campaigns, businesses use Meta Pixel. This is a free tool offered by Facebook that gives them access to tracking information on people who have visited their sites. 

As part of their marketing arsenal, Facebook is pitching this tool as a way for organisations of all sizes to gain insight and insight into the performance and behaviour of their websites, as well as that of those who do not have Facebook accounts.

As the Meta Pixel collects unique identifiers, such as IP addresses and Facebook profile IDs, there does not seem to be any evidence that the company has attempted to identify people as victims of crimes or that they have targeted them with advertisements based on their status as victims or witnesses, even though this is the case. The details of interactions with the police are not included in the information shared with the company on the website. However, there is no hint that this information is shared with the company as part of the information shared. 

According to the Observer's investigation, many police websites share data with Google for advertising, in addition to Facebook. It is noteworthy that this information included that a person had visited a police website, but didn't appear to provide further information regarding the types of sensitive websites they visited or their use of online reporting tools or online forms. A police force and a military force are also believed to have shared data with Twitter to allow them to advertise their services. The ICO's chief digital privacy adviser, Stef Elliott, described the problems with Google advertising to the watchdog earlier this month following a report she made about the issue. Elliott described the problem as "systemic," according to her. 

A consent banner pops up after a web user clicks the "I agree" button on a police website, including the Met site after being shown a pop-up consent banner that asks for consent to share data. On the banner, you would normally see the words "We use cookies on this site to give you a better, more personalized experience," without ever mentioning advertising or saying that the data would be shared with third parties, like Facebook, for example. As the Met's privacy statement stated, data collected may be utilized for recruitment campaigns. However, the information collected may not be used by third parties for business purposes. However, the Met's privacy statement also mentioned advertising but said the information would only be used for recruitment campaigns and not for third-party use.

Consenting to Cookies is Not Sufficient

 


While most companies are spending a great deal of their time implementing cookie consent notices, it is becoming increasingly evident that the number and size of developments and lawsuits relating to privacy are on the rise. As a result, companies and their customers are rarely protected by these notices, which is not a surprise.  

It is undeniable that transparency is a worthwhile endeavor. But, the fact remains that companies can be vulnerable to several potential threats that are often beyond their direct control.   

For example, the recent lawsuits involving the Meta Pixel, which also affect many U.S. healthcare companies and are affecting many doctors, are an ideal example of this issue.    

The issue lies in the way websites are designed and built, which contributes to the problem. Except for a few of the biggest tech companies, all of the websites are built using third-party cloud services that are hosted on the web. Among the services offered here are CRM, analytics, form builders, and also trackers for advertisers that take advantage of these functions. Various third parties have a great deal of autonomy over these decisions. However, they are not regulated properly. 

Many kinds of pixels are available on the internet, and many of them serve some purpose. Usually, marketers use this type of data when they want to target advertisements to potential customers. In addition, they want to see how effective their ads are when it comes to reaching them. It is also imperative to note that, by using these trackers, highly specific and detailed personal data is also being collected. This data is being incorporated into existing data portfolios. 

Financial and Healthcare Data are Being Misused 

In most cases, the risks associated with visiting a healthcare website are much higher than when you are visiting any other website. Facebook is not a suitable place for you to share the medical conditions that you are researching with your friends who use that service. This data is not something that you want to be included in your social graph, and you do not want it added. Therefore, the crux of the issue in these lawsuits can be summarized this way: Protected Health Information (PHI) is protected by HIPAA (Health Insurance Portability and Accountability Act), which the actions described in the preceding sentence violate. Seeing digital advertising through the lens of healthcare can also shine a light on how troubling it can be when tracking is used. This is when viewed through the lens of advertising.   

As far as financial services are concerned, the same rules apply. A similar consequence may occur if an unauthorized party gains access to personally identifiable information (PII) or financial data, such as Social Security Numbers or credit card numbers, as well as other confidential data, and it is not handled correctly. This could have dire consequences. Privacy is crucial to safety. Details about your private life should be kept private for the right reasons. Modern advertising practices do not mesh well with these aspects of our lives, which are all significant.   

In addition to the Meta Pixel case, two other recent lawsuits provide us with a deeper understanding of how complex and broad the problem is, and how far it extends.  

Analyzing Sensitive Data From a Different Perspective 

In a recent lawsuit, Oracle was accused of trying to use the 4.5 billion records they currently hold as a proxy system for tracking sensitive consumer data. They have deliberately chosen not to share with any third parties. For comparison, the global population is 8 billion people. The concept of re-identification of de-identified data is far from an invention, but it serves as a clear example of why it matters so much to gather all these pieces of data, no matter how random they may seem. A person can infer most of the details of their life with almost astonishing accuracy. This is if they have access to enough data from Oracle, or whoever gets hold of the data. The data will end up being used in the same way in the end as this is a certainty. 

In a recent case, web testing tools were used to record the sessions of users on a website. This was so that they could see how well users navigated the site as they worked through the steps. As web developers and marketers, it is extremely common for them to use these tools to make their user interfaces more usable. 

In short, some companies are being accused of wiretapping under the Wiretap laws because they are using these tools to gather information. The reason for this is that these tools are capable of transmitting a considerable amount of information without the user's knowledge and the website owner's knowledge. It is inconceivable to believe that such a thing could happen. Even though this may seem like a minor issue, it is very clear once you look at it through the lens of sensitive data.