The US telco data-selling scandal: Is it happening here?

Spark, Vodafone and 2degrees front up.
Vodafone and other NZ telcos say they don't sell data about people's location (pictured: outgoing Vodafone NZ boss Russell Stanners)

US telcos Verizon, AT&T and Sprint say they will stop selling the locations of individual customers to two "middlemen" firms, accused of mishandling the information.

The middlemen or data brokers, LocationSmart and Zumigo, have been onselling the data to businesses for location-based marketing and prevention of credit card fraud, among other uses.

The data-selling arrangements came to light after one of LocationSmart's clients, a prison phone provider, created a website that let law-enforcement agencies find the location of any cellphone user without obtaining a court order, the Wall Street Journal reports.

Is it happening here? NBR took a roll call. Our three mobile network operators replied as follows.

Vodafone: "Vodafone does not sell any customer data."

2degrees: "It's a no from us."

Spark: "Neither Spark nor Qrious sells any data that can be used to identify individuals – or share any such data with third parties other than as may be legally required from time to time by law enforcement authorities." (Qrious is Spark's big data/data analysis division.)

Every move you make
That's all reassuring. 

But it's also important to note most people are still being tracked by one or more apps installed on phones, which is in keeping with the Privacy Act if they have opted in.

Prime candidates are mapping apps, like Google Maps and Apple Maps, whose direction features won't work unless people share their location, which can, in turn, be used for marketing and advertising purposes.

But they should also check their settings in apps like Twitter, LinkedIn, Facebook and Instagram if they don't want to share your whereabouts. Some people do, and find very useful to see what friends or colleagues are at, say, the same concert or conference. But they should make sure they are not sharing by mistake (easy to do, given every service constantly changes its policy; see a guide to Facebook settings here, a blog post detailing LinkedIn's "Discover Members Nearby" feature seems to have been taken offline – I'm following up with its owner, Microsoft, what happened there).

Another is Uber, which of course has to know people's location for the pickup address.

In 2016, the ride-sharing company really pushed the line, giving its customers the option to share their location "never" (rendering the service unusable) or "always" (meaning Uber could track them even when they weren't actively hailing a ride; a measure Uber said would boost performance). Uber dropped the always-follow feature in August last year. 

Privacy Commissioner John Edwards earlier noted to NBR that the world is dealing with a fluid, fast-moving situation where various social networks and app makers are constantly pushing the boundaries.

New, tighter, privacy legislation is making its way through Parliament. Mr Edwards is broadly supportive of its provisions but says that in its current form it lacks teeth for enforcement.

All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.