What is the GDPR’s “Right to Object”?
The “Right to Object” is one of the eight data subject rights that organisations must uphold in order to comply with the General Data Protection Regulation (GDPR).
With data breaches and privacy scandals regularly making the news, there’s no shortage of apps with privacy issues. And while you might assume that most potentially dangerous apps come from smaller, unknown developers, some of the most egregious violations of data privacy have been committed by the most popular social media and technology services companies.
Here’s a round-up of six widely-used apps that were found to have major security and privacy issues.
As of 2020, Facebook has 2.6 billion monthly active users, making it the most popular social media app worldwide. But numbers don’t always mean you make the grade when it comes to privacy. Over the years, this company has earned an increasingly poor record for privacy and distrust amongst users.
From the Cambridge Analytica data scandal to numerous other data breaches, Facebook has historically demonstrated its inability to protect user privacy.
Hailed as the more private and secure alternative to Facebook Messenger, WhatsApp users have unfortunately had their private messages and data exposed due to multiple hackings and unchecked security vulnerabilities. These were committed under Facebook’s watch, after the social media giant acquired WhatsApp in 2014.
The messaging app had previously earned its strong reputation for privacy due to its end-to-end encryption of people’s messages. However, this key feature was undermined by revelations that Facebook could still read people’s messages prior to encryption and has the ability to bypass encryption anyway.
TikTok is a video-based social networking app created by Beijing-based tech company, ByteDance. The app is known for its popularity amongst younger Gen Z users who produce short-form comedy skits, dance challenges, and fun DIY tutorials.
While the app has managed to achieve a rapidly-growing user base in India and the US, many governments have moved to ban TikTok due to concerns around user privacy (particularly for the millions of young children and teens who use it) and national security. These concerns are based upon the sheer scale of photographic and video-based content that users upload of themselves, which could be used for facial recognition and identity theft.
Popular ride-sharing service Uber is no stranger to scandals. In October 2016, the company reported that the names and contact details of 57 million users had been accessed — a breach that they reportedly tried to cover up from regulatory authorities.
The abuse of personal data from Uber’s own team of drivers themselves has had real-life consequences for users. News reports of riders being attacked and robbed at home after finishing a ride are not uncommon.
In addition to these ongoing privacy issues, it was reported in 2017 that the app could track riders’ locations for up to five minutes after their ride had finished. While the company initially defended this hidden tracking as an added safety feature, they eventually removed it from the platform.
Another app dominated by the pop culture generation is Snapchat, a multimedia messaging app that was first released in 2011. To communicate, users send “Snaps” to each other in the form of a video clip or photo with text overlays and filters. These Snaps disappear automatically after they’ve been opened.
Due to its ephemeral nature, much of the content shared on Snapchat tends to be casual and/or explicit in nature. This naturally raises concerns for parents and schools around its usage by underage children as a sexting tool.
Besides the possibility that users could screenshot or record a person’s Snaps using another device, it was reported in 2019 that Snapchat employees were spying on people through an internal tool called SnapLion. Regardless of how the app has been built, there will always need to be a team of people to maintain it from the inside – and it hasn’t taken much for employees to be able to abuse all-access privileges.
Grindr is a location-based app for gay, bi, trans, and queer dating. Users can search for potential matches in their local area and filter people on their age, body type, relationship status, and other information on their profiles. By nature of how the app works and the health and safety measures it encourages users to take, Grindr also collects a range of sensitive personal data, such as medical information and when they last got tested.
More recently, Grindr has come under fire for reportedly breaching the GDPR by unlawfully collecting and using people’s personal data. As reported in Computer Weekly, Grindr allegedly shares highly detailed information such as a user’s age, location, sexual orientation, and device identifiers with advertisement networks. Sadly, such information combined with the app’s ability to pinpoint a user’s location has already been used by law enforcement in anti-homosexuality countries like Egypt to track and arrest users.
While it’s comforting to believe that tech companies and free-to-use services have our best interests at heart, it’s becoming more and more apparent how little care and responsibility is taken by big business to protect our data.
For most people, protecting privacy online isn’t as simple as deleting their account or removing every app from their phone. Many online services like Facebook and Uber are now deeply embedded in the way we live our lives.
If you’d like to learn more about how you can better protect individual privacy online, check out our other blog post on how users can avoid getting hacked or scammed on social media.