Yesterday’s Sunday Times carried an alarming story on its front page about the mobile phone data of 27 million EE customers being sold to IpsosMori, and in turn onto third parties including the Met Police.
The paper would clearly have not published without a sufficiently high standard of evidence and the Met police’s reaction – to suddenly announce it was abandoning the plans, despite high-level meetings in recent weeks – suggests a nerve has been touched.
The paper’s evidence is clearly damming. “Documents to promote the data reveal that it includes “gender, age, postcode, websites visited, time of day text is sent [and] location of customer when call is made”. They state that people’s mobile phone use and location can be tracked in real time with records of movements, calls and texts also available for the previous six months.”
We have already made Freedom of Information Act requests for these documents, and urge IpsosMori to publish them urgently to allay public concerns.
Everything Everywhere needs to come clean on what data it is releasing, and why it is storing this data where there is no business purpose.
Earlier this year, the two companies signed an agreement that will allow Ipsos MORI to analyse anonymised mobile phone usage data from the telco, which has 27 million customers, and offer insights to businesses and local authorities. However, as we have previously warned, the UK’s definition of “anonymised” is far from meaning that data cannot ever be re-identified.
This loophole in the definition of “personal data” stems from the Data Protection Act 1998, which failed to fully implement the Data Protection Directive. (EC95/46) By omitting the caveat that if data could be reasonably likely to be identifiable by “any other person” then it was not anonymised.
The data that Ipsos MORI would be able to analyse includes individuals user’s location to the nearest 100 metres. By removing user and account details we expect the company’s lawyers would argue this is “anonymised” – however, anonymity in large datasets is only as good as the other data it can be combined with, as this paper from the University of Texas warns. This follows from a paper last year highlighting how 80% of mobile users could be “precisely identified” by comparing their location data with their social graph – i.e. their Facebook friends. Cambridge Computer Lab also produced this excellent poster for an event on re-identification last year, while Natutre published a scientific report on how with the right data, 95% of people can be re-identified from a data set of 1.5m “anonymous” people.
This smacks of a shameless attempt to turn customers into cash-cows by selling of data about how they use the services is an affront to privacy and the principle that when people pay for a service, they should control the data about them. IpsosMori stated that “Ipsos MORI only receives anonymised data without any personally identifiable information on an individual customer. We do not have access to any names, personal address information, nor postcodes or phone numbers”
This data can paint an incredibly detailed picture of your life, and the idea that because names were omitted it is somehow acceptable to cash in is frankly offensive to EE customers whose privacy has been sold out on a spectacular scale.
This case highlights the huge amounts of data already held about us by companies, often with scant justification for it to be retained after the initial technical need. Customers are kept in the dark about how much information is collected, how long it is stored and how it can be used and the law needs urgently strengthening to give consumers proper control over this data and to ensure companies are not prepared to do shady deals like this.
We suspect EE is not the only company looking to cash in on our our private lives like this and are very concerned that were it not for the Sunday Times uncovering these plans customers may never have known what was going on.