A Quick Look at some Mobile Providers’ Customer Data Policies
The article in the Sunday Times described a deal for the sale of customer data between mobile operator EE and polling organisation Ipsos MORI, who in turn, the Sunday Times claimed, tried to sell the data to the Met Police. EE say that the data they sell has been aggregated and anonymised.
We’ve been asking people to write to their mobile operators to check how their information is used. You can do that using our tool. ORG is concerned about what information is being shared, who it is shared with, and for what purposes. Mobile providers should clarify how they are aggregating and anonymised the data, because there are well-documented risks that people can be re-identified from anonymised data. Customers are not being asked to opt-in or opt-out of their data being used like this.
It is not just EE that are looking to sell data about their customers to other companies.
For example, Telefonica (who own O2) say that their ‘Dynamic Insights’ team “collect mobile data, anonymised and aggregated, to understand how segments of the population collectively behave. We trace trends and the behaviours of crowds, not individuals. We use this insight to enlighten the space between organisations and their users, enabling them to improve their propositions, and businesses.”
They say that this data will help retailers, councils, and public safety bodies to understand the movements of large groups of people. Like EE, they stress that only anonymised and aggregated data is used:
“it is our belief is that in the field of analytics customer data can be used responsibly in two ways: either it must be anonymised and aggregated so that no individual can be identified, or the appropriate customer permissions must be in place. By using anonymised and aggregated data we seek to achieve best practice standards and subject ourselves to expert peer review to achieve this.”
Similarly, Vodafone set out how they are looking at “unleashing powerful insights with mobile analytics”. They say that this information “can be used to drive new business strategies, challenge preconceptions and help identify new marketing opportunities. Mobile analytics can provide powerful insights to inform your enterprise operations.”
Their privacy policy sets out that they “carry out research and statistical analysis to monitor how customers use our network, products and services on an anonymous or personal basis”.
Giffgaff say in their privacy policy that they “analyse markets and produce reports, perform research and statistical analysis and to monitor usage behaviour”, but it is not clear from their policies whether they share ‘anonymised’ data with third parties for the sort of research and marketing purposes described in the Sunday Times article.
Virgin Mobile’s privacy policy says that “We may also, subject to your consent, use your personal information to contact you with information about special offers and rewards. Additionally, we may, subject to your consent, disclose your personal information to other Virgin companies so that they can contact you with information about their products and services. But don’t worry, your details won’t be shared with companies outside the Virgin group for marketing purposes without your consent.”