We all use some form of ‘free’ Internet service - or you almost certainly would not have found this blog. Every time we use an Internet search engine or send an e-mail we’re using a service owned by the service provider. The service provider has many computers, huge amounts of data storage and massive network bandwidth all buzzing away to assist us to find amusing videos of kittens or the latest rainfall statistics for the Gobi desert or to receive the latest update on what our colleagues have done since leaving the company we used to work for. So why do the service providers pay for these computers and other gear? Why don’t they charge us a fee to use their services? Who does actually pay for the service we receive?

In many cases of course the answer is that advertisers pay the service provider to promote information about their favoured products along with the results of the search we requested, or that marketeers buy information from the service provider about who or what sort of person is interested in what sort of topic. Effective advertising has become such a specialist skill that companies with products or services to sell will usually employ agencies and other experts to guide their efforts so that, often, there is a chain of organisations paying each other and each making some profit on the deal behind every search result we find or e-mail we send or receive. This should in no way be a surprise. For example, one very large service provider is completely open and honest that it is advertising revenue which funds its services.

The key point here is that the service providers are paid by the advertisers and marketeers; these are their customers - not us, we’re just the service consumers. If anything, we’re a resource that the service provider utilises to satisfy its real customers.

Again, we should not be surprised by this. We know the service providers must be paid somehow - many have grown into huge corporations - but what we seem to have glossed over here is that the service providers have harvested something valuable from us as we used their services. The concern here should be that it is possible to harvest something valuable from us without most of us even realising it.

So what are they harvesting? Information about us. The dream for marketeers and advertisers is to know exactly what we want to buy just when we’re ready to buy it and then show us their product at precisely the right moment or to know all our circumstances so they can present their product and say ‘this is ideal for you right now’.

Of course, no organisation can know everything about us so the next best thing is to know as much as possible. Age, sex and orientation, family arrangements, employment status and history, work type, address social status, social circle, shopping habits, holiday habits, wealth, religion, banking arrangements or health to name a few. But how could they possibly know this information? Easy - they either ask us and we tell them or they infer it from our habits. For example: A very famous search service provider is also a social media provider. To use the social media service we create an account and log in and in the process start providing personal information - we have to provide some personal information or our social circle will not be able to find us. Of course we probably don’t provide a completely detailed or even honest profile but from then on every time we search for anything the provider associates the fact with our account. This can build up to a huge quantity of data so the service provider summarizes it and over time attempts to build up an advertiser’s dream picture of us.

So which service providers are doing this? All of them. Our credit card companies are aware if we tend to visit slightly ‘posher’ restaurants around Feb 14th and again at certain specific times of the year. From this they infer we are in a relationship with someone and that there are events (probably birthdays or other anniversaries) we celebrate at around the same time every year. Our supermarket loyalty scheme will keep as detailed records as possible of our purchasing habits and use the information to try to assess the type of household we live in or to pick the right moment to tempt us away from the budget brands to the premium brands through which they can make better profits. Our social circle probably know where we went on holiday last year and may know when and where we’re going this year and our credit card company knows when we bought the tickets. So imagine what could be achieved if multiple service providers cross-referenced and compared notes about us?

Fortunately, in countries with well developed data protection legislation our service providers are subject to strict regulations intended to protect us from unfair exploitation of our personal information. Among the key regulations there are usually clauses that the service providers may not gather information for which they have no current purpose or use information previously gathered for one purpose for a different purpose. So is that OK then? Well no, not really. Again we seem to have glossed over the fact that this sort of thing is possible.

Service providers do tend to protect and guard the information they have accumulated as carefully as they know how. The information gives them an edge over their competitors and they don’t want to go to the expense and effort of accumulating it and then lose that edge. However, the information from different providers can be cross-referenced; countries usually reserve the right to requisition and search this data under certain circumstances. These searches are sometimes made to identify criminals or trace their current location or to pre-empt crimes. There are often heated debates about whether certain state agencies have exceeded their lawful powers or whether their powers of data search are adequate or excessive. Although it’s a good thing, this debate usually misses a key point - the data they are searching has already been acquired from us through the services we use. We should recognise that the data must exist in order to be found and that it is acquired and held by our various service providers - rarely by state agencies. If you don’t want your government to know too much about you make sure your supermarket and social media service providers don’t either.

One more point: There is much debate about what should and should not be permitted under the regulations concerning our personal data. This debate is a very good thing. Exploiting personal data is very powerful and much effort is spent acquiring it and using it within the terms of the regulations. Sometimes the regulations are adjusted either to increase protections for us or to increase the usefulness of the information - or even to make the same set of regulations apply across wider jurisdictions. However, there are some people or groups who don’t follow the regulations. Depending on which regulations they break we may label these people ‘criminals’.