Menu
Many of us remember using Brightest Flashlight Free, a very popular Android app that did a little bit more than what it disclosed to its users. According to the Federal Trade Commission (FTC), the app was sharing GPS location and ID data without the consent of its users.
As a result, Goldenshores Technologies, LLC, the company behind the app had to settle with the FTC. This settlement prohibits Goldenshores Technologies, LLC from misrepresenting how information of their users/consumers is collected and shared.
What can be learned from this unfortunate incident is always have a privacy policy and do not collect information about consumers without their consent. Your privacy policy should state exactly what information is being collected and how that information is being used. This, however, assumes that companies always know how marketing and analytics tags that they put on their websites collect and distribute visitor information. Let’s consider an example.
I recently visited a popular site – Pandora.com. After I scanned their website with Tag Inspector, I noticed something quite complex and puzzling. Below is a vast map of tags and platforms that in some shape or form collect data and information about users and their sessions while they navigate the site. Here is a copy of the report (this will also give you a chance to view the image below in much higher resolution).
I am not concerned with all these platforms, but with such immense complexity, is it really feasible for an organization like Pandora.com to always be aware of how data from their users and consumers is being collected and/or passed onto the Internet?
I took my study a step further. Over two days, I tracked all the websites that I visited. Beyond info that I expected – Google Analytics on 20 websites, Doubleclick and Facebook Social Plugin on 19 websites, I found this:
I am not going into greater detail outlining every tool, tag, beacon that fired. In short, 280+ tags fired and in some shape or form my information was being collected. There are two types of tags that you can see on pandora.com chart:
I trust all the websites that I visited, but there are two questions that concern me:
Pandora has a well written Privacy Policy, and here is an excerpt regarding their use of beacons and tracking pixels:
Pandora, its third party advertising partners, and tracking-utility partners employ a technology known as “beacons” or “tracking pixels” (each, a “Beacon”). A Beacon is a small one-pixel-by-one-pixel clear image that is embedded in HTML content, and is about the size of a period at the end of a sentence. When HTML content containing a Beacon is rendered, the Beacon transmits anonymous, non-personally identifiable information to a server, such as a numeric count, unique identifier, or IP address. Pandora and its advertising partners use Beacons to help us better manage content on our Service. For example, we may place a Beacon in HTML-based emails to let us know which emails recipients have opened, or on a webpage to count the number of unique visitors to that page. The use of a Beacon allows us to gauge the effectiveness of certain communications and of our marketing campaigns.
I am just curious about who their advertising partners are? Are all the tags or beacons that fired make up their advertising partner network? Does the policy include use of 3rd party or piggybacking tags collecting data as well since these tags are not “embedded in HTML content” directly? I don’t mind when my data is collected in such a way. However, others might. At the very least, I want to be sure that each site I visit is aware of all the beacons that it uses. Otherwise, it might become a slippery slope when one of the beacons does something of which the website operator is unaware.
If you are interested in uncovering what tags are firing and what tags are piggybacking off of other tags, run a scan on TagInspector.com and find out for yourself. This is a sure way to know that your Privacy Policy is in tact with the actual tag deployment. Better safe than sorry.