The Accidental Data Controller

It happened a few months back.

Facebook (that hideous, grunt-cheering, dumb-arse cesspit of a privacy clusterfuck–but let me try and remain objective) started to put some rather strange suggestions for new “friends” up on the top right. People who weren’t unknown to me, exactly, but whose electronic link to me could only have been derived in one way.

From email addresses.

These were people who I may once, ever, have emailed. Or who had emailed me, maybe just the once.

And this latter angle got me worried.

Because I know I have never, ever pressed that “find my friends by pillaging my address book” button. Not in Facebook; not in any other service.

And anyway, some of those names weren’t in my address book anyway. But mine must have been in someone else’s… And I started to whiff a potentially horrible thing. However, this being Facebook, and Facebook being full of horrible things, I tucked it into a mental back drawer and let it go. That time.

Then, last week, I got another email invite to some new whizzy networking service. The invite came from someone I’ve got a lot of time for, so I figured there’d be no harm in signing up and having a quick look around.

The first thing I was greeted with on entering the new service was the message: “Ah – it looks like you already know Rich D—-; why don’t you connect to him on here?”

And that, dear reader, brought the whole sorry mess tumbling out of that back drawer in my head.

This service was entirely greenfield territory to me. I had shared absolutely nothing with it, other than my name and email address (by virtue of using it as the basis of my registration).

So the only way this matching could have occurred would be if Rich had clicked on the “Pillage Me!” button, and passed his entire address book to the new service, there to be held in limbo until such time as happy little matches like me popped up to trigger this unwelcome welcome.

I know I’ve agonised on this blog before about what makes personal data personal. About how uniqueness, utility and linkability all have a big bearing on just how “personal” a piece of data is (and how much we should therefore be bothered by its loss or misappropriation).

Just having one bit of data floating about would be concerning enough, but–and this is a big but: what if that address book pillaging also took not just the raw email address itself, but also the associated name (or indeed any other fields)?

Anon@freetibetbyforce.com may just be an address to a dead-drop online account, but if it’s ever been associated with a real name, manually entered, in someone’s address book…(you see where I’m going here?)…the consequences could be pretty horrendous. Obviously this is an extreme example–but it makes the point–third parties are sharing your email address and perhaps related personal data in vast quantities, without really realising they are doing so, with services that hold it…where? how securely? for how long? IN ORDER TO MATCH YOU UP ON SOME LAME SKILLS NETWORK SITE?

When companies first started this sort of indiscriminate hoarding and sharing of personal data, we created the Data Protection Act as a countermeasure. Clearly, it’s getting hopelessly out of date and was never designed for this sort of scenario.

But humour me, and assume we should still adhere to its principles.

That would mean that you, me, anyone with an address book, could (or should?) be required to register as a Data Controller–mindful of the fact that our own address books have powerful, valuable content and with one click we become complicit in a process that spreads it way beyond the bounds of any purpose we could sensibly be said to have consented to.

I think this is hugely important, as no matter how careful we are with our own information, we are entirely reliant on the caution of others not to compromise it.

It’s an interesting one. Exam question for the Information Commissioner’s Office then: how big does your address book have to be before you need to register it under the Data Protection Act?

Category: Other

Tagged: , , ,

13 Responses

  1. Martin says:

    To answer your exam question, I don’t think the size of database is the issue. All that matters is what you use it for.

    According to the ICO website, you do not have to register as a data controller under the DPA if you are “only processing personal information for personal, family or household affairs (including recreational purposes)”. Key word: “only”.

  2. LPG says:

    All of which are reasons I’ve kept my registration current even though I don’t currently have a business need.

  3. Darcy Christ says:

    Bruce Schneier calls this incidental data from the taxonomy of social networking data:


    Sounds like you need less data promiscuous friends!

  4. prclarke says:

    Yes Martin, you’re absolutely right, it’s purpose, not size, that makes the difference.

    However, as such a broad definition would quickly bring down the whole registration system, the question was couched in a way that provokes the question – just how massive a distribution of data in one hit needs to happen before someone actually cares about the issue?

  5. prclarke says:

    Darcy – that’s part of the problem – these people aren’t “friends”, just people who have me in their address books. Obviously that’s uncontrollable, which is why I thought of the remedies of data control obligations in the first place.

    And this raises another interesting point. I definitely have a couple of people in my contacts list (for call screening, usually) who I would very much want not to know are in my address book. History, baggage, all part of the rich tapestry of being human etc. etc.

    So there are real complications here in terms of even the existence of an entry being distributed.

  6. Darcy says:

    I think this is just a foreshadow of the future. Everyone who we have ever had contact with, will glean some information about us and will share it with these large data harvesters – it’s the currency of the future and I suspect we will all sell it freely.

    We may find our only privacy comes in the form of private thoughts which we never share with anyone. But our public selves, including everyone we have ever met, will become quite known.

    Another interesting aspect of this is that if we know someone’s unique id (their email address), we can potentially learn information about them which they might not want to share.

  7. Hi Paul

    Partly agreeing with everyone here: the size of a data set doesn’t matter, It’s how that dataset is. Densely linked data can be dangerous when some of the nodes are people

    And densely linked data can be used for purposes never envisaged when the data was first collected

    See also the unsolicited rel=me :-/

  8. Hmm, good point Paul and this article is well worth a read on the subject http://www.usatoday.com/tech/news/story/2011-11-15/facebook-privacy-tracking-data/51225112/1?csp=ip.

    I see a few alarming parallels – as yet another plea is issued for some country to swallow the bitter pill of austerity measures (Italy this time but there’ll be others), as politicians a go-go talk about stuff like Northern Rock’s purchase as a substantial loss to the tax payer etc etc, we’re waking up to the fact that those that created this austerity by screwing around with the markets aren’t having to suck up too much austerity themselves, while we’ve all been well and truly shafted.

    How long is it going to be before people realize that their lives run the risk of being rolled over by a similar misuse, this time not about money but about data?

  9. I realised I’d done something similar too recently. Like you I’ve never clicked the “here, have my contacts list” but what I did do was Sync my contacts on my iPhone. That seems to have done the trick and now people I emailed once or twice several years ago are showing up in Facebook as “you might know this one”.

    When I realised that games and apps that my friends downloaded and used on Facebook were handing over my info I was very careful to block them all but it troubles me to think that I’m actually the weakest link here and that they may be getting the same messages suggesting me.

    I tend to avoid pressing the like button too much on Facebook, or admitting that I’ll go to an event – why grease the skids ;)

  10. […] was originally going to be a comment on Paul Clarke’s post about privacy and social networks — you might want to read that […]

  11. I was going to post a comment on this but it got huge, so I made it into a post instead: http://harrymetcalfe.com/2011/11/459/

    tl;dr – lots of bits of our private lives are going to get sucked into the public domain whatever we might think about it, so if you can’t beat ’em, join ’em

  12. Joe Devon says:

    Google is even worse. They are doing this with gmail to feed Plus. Facebook has to put in an effort to get your contacts. You trusted Google with this data when you signed up for gmail.

    I actually blogged about this recently and a gmail community manager responded:


  13. […] is partly an extended comment on Paul Clarke’s excellent Accidental Data Controller post. And partly a whine that, even though we’ve been talking about social graphs, and very […]

Leave a Reply

Flickr Photos

Kitchen fox

Garden fox

Garden fox

Greenwich 21 Jan

Greenwich 21 Jan

Greenwich 21 Jan





More Photos