NEW: Press «ACCEPT» to make your location data available for sale. Two lawyers tell NRK that the consent @huq_industries shared with the Danish Data Protection Authority is illegal under the #GDPR.
“I would never advice my client to use such a solution,” says one of the lawyers about the consent.
Huq has not responded to our repeated requests for comment.
Huq Industries is under investigation by the Danish DPA following a media report. Danish TV2 got access to the location data of from more than 60.000 phones.
We can now share that Huq on an earlier occasion intended to sell location data to NRK. We ended up buying data from another data broker (Tamoco) that sold us data from 140.000 phones. Tamoco is still under investigation by the UK Data Protection Authority (@ICOnews).
For those interested, this is how the data looks like on a map. This is from 11 apps that shared location data with Huq Industries (one color per app) shown on a map of parts of Oslo.
I got the data throug a subject access request:
The Markup has a nice summary of the industry as a whole. They have found that there is at least 47 companies within the location data industry: themarkup.org/privacy/2021/0…
You can check at Privacy Exodus if you have an app that cooperate with Huq Industries. The app scanner estimates that at least 103 apps have an SDK signature that belong to the company. exodus-privacy.eu.org
Thanks to Esther (@U039b) and Sean (@seanodiggity) for help with understanding mobile SDKs and getting more information about the app partners. Exodus Privacy and Pithus (beta.pithus.org) are also super helpful tools.
Work in the industry or have other tips? DMs open and Signal is in my bio.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
My Phone Was Spying on Me, so I Tracked Down the Surveillants
THREAD on the location data industry and how European personal data ended up at a U.S. government contractor.
There are 160 apps on my phone. What they’re actually doing, I don’t know. So I decided to figure it out by using the power of the GDPR - or the more lame name of subject access requests (SAR).
Long story short – I got a lot of data on my movements. Actually more than 75.000 data points on my precise location.
Uncovering the Disqus data machine pt.2: This figure shows the difference between the regular European experience of using a site with @disqus and the American one. (LONG THREAD)
My reporting on @disqus started with a tip - the consulting company @conzentio thought it was weird that the comment section widget from Disqus could share so much data. They had a fair point, and it turned out that it breached the #GDPR
The chart is actually lying - @LiveRamp refuses to receive data from Norwegians (451 status code) - so far fewer companies receive private information.
One might say that LiveRamp boosts the data sharing between companies. (They have not responded to my request for comment)
Uncovering the Disqus data machine: @disqus shared the personal data of tens of millions of users without them or the websites knowing about it. thread - 1/13
The company says that 2 billion unique users hit their platform each month, but the number could likely be far lower. Disqus would not disclose the % that have their data shared. 3/13