When we click on the "Accept" button(s) for online service providers' terms and conditions, we typically don't bother to read all the fine print. We simply take it on faith that the provider will protect our privacy to at least some extent. Sadly, that's seldom the case - as demonstrated by PayPal, which offers a list of several hundred "third parties" with whom it shares information. The extent and use of that information may surprise you.
A few examples of reasons why PayPal shares it:
- "To allow payment processing settlement services, and fraud checking"
- "To allow telephone and email customer support and marketing services"
- "To calibrate and optimise speech recognition performance..." *
- "To support investigation of suspicious activities related to money laundering, terrorist financing, and/or violation of Global Sanctions and corresponding reporting to regulatory agencies"
- "To execute and measure retargeting campaigns in order to identify visitors and redirect them though personalised advertising campaigns"
- "To investigate (including, without limitation, to carry out asset and/or site inspections and/or business evaluations) and/or collect (and/or assist with the collection of) debt from potentially and actually insolvent customers"
* (This is what happens when a pre-recorded message on the customer support line tells you that "This call may be monitored or recorded for quality assurance purposes". The recording is provided to other companies to improve their speech recognition algorithms. It may also be used to develop a speaker recognition system that will allow your voice to be identified by an artificial intelligence system, even if you don't provide your name.)
PayPal will doubtless argue that such use is explicitly permitted in its terms of service, which we accept when signing up for the service; but many of us aren't aware of how far-reaching that has become. The quantity and quality of information shared is mind-boggling, when one considers that it represents an almost total invasion of our online privacy. A few examples:
- "Name, address, details of payment instruments, and details of payment transactions"
- "All information supplied when applying for a product or account functionality (including information obtained from social media accounts or online reputation data)" *
- "Recordings of a sample of customer support telephone calls, which may include any or all account information transmitted during the call"
- "Name, aliases, address, e-mail address, telephone numbers, time zone location, passport ID, nationality, date of birth, place of birth, gender, marital status, driver’s license ID, social security number or other government ID, transactional and account activity data, funding instrument (bank account, credit card number)"
- "Photo of customer and document images supplied by customer including all information they contain. Information from document’s embedded RF chip (when applicable)"
- "Anonymous ID generated by cookies, pixel tags or similar technologies embedded in webpages, ads and emails delivered to users"
* The underlined text indicates that PayPal is using third party data and/or programs to link users' accounts with their social media activity, in order to build up a more informative profile of them - and is then sharing that profile with others. If it contains errors or erroneous linkages, or things we'd rather not have linked to our business personas (for example, those photographs of us, drunken and topless, taken on our summer break at college, and posted online by a "friend" who identified us in the pictures), that's too bad. It still gets shared. That can have direct and immediate consequences when we, say, apply for a job. Do we really want our prospective employer to find out about them? If they look up our personal data, including running a credit check for which PayPal has supplied information, they might.
Many will argue that all of those uses of our data have a legitimate corporate purpose, and therefore are justified. My problem is, their sharing is routine - i.e. we never know how many times our data has been shared, or with whom, or for what reason. After a while, our information might reside on literally hundreds, perhaps thousands of computer systems in companies and organizations with whom we've never had any direct business relationship. PayPal might be exemplary in its data security, but what about those other organizations? Are they as scrupulous? I doubt it - and, if that's the case, is it any wonder how easy hackers find it to steal our personal data, and use it to defraud us?
This makes me angry. There's nothing I can do about it, because PayPal is only one example. Almost every organization with whom we do business online will use our data for similar purposes. However, I long for an earlier age when we had more rights to privacy. I resent my data being scattered around like so much grass-seed. Who knows in what unwanted places it might take root?