Now that my entire life is online, how do I protect my personal data?
by Astrid Rivera
For the past month or so I’ve been living my life exclusively indoors and online. This new normal means that everything has shifted to a virtual realm — working, connecting with family and friends, and even going to the gym. We’re all left with no choice but to use online services in order to live a normal-ish life.
So what can we do if we’re not comfortable with sharing every personal detail of our lives with the companies that provide those services? It turns out, we can fight back. Especially now that we have more free time.
Earlier this year California rolled out the California Consumer Privacy Act (CCPA), a law that allows you to request and/or delete any personal data a company has on you*. Even if you’re not in California, a lot of companies that collect data on you like Microsoft, for example, are extending these rights to all Americans.
I decided to see for myself how it works by trying to control my data and requesting it from half a dozen companies. Along the way I figured out where to go if you want to attempt your own data quest. It sounds simple enough but it turns out if you want to get what’s yours, you’ll have to work for it.
Uber & Uber Eats
I started my journey with a company I have a lot of history with, Uber. Previously I used Uber for rides, and now I use Uber Eats to support local businesses with food delivery. For some reason my login was giving me issues, so I had to go through a bunch of ‘forgot password and password was already used’ battles before actually logging in.
Then I had an option to opt-in or opt-out for selling my data (I opted out. If anyone is making money off of me, it should be me). Then I scrolled down to an FAQ section and under the How do California residents exercise these rights option, I found the option to Request an export of my data.
Uber then asked me why I’m requesting this data, which seemed kind of obvious. Ummm because I want to know what personal info you have on me? I clicked the “I’m just curious”option.
An email from Uber confirmed my data request and said that it would take a few days to process.
A few days later I actually received my data! It was a downloadable zip file that had both Rides and Eats information. It was A LOT to take in. With every file I opened, I found myself endlessly scrolling through every single ride and food order I had ever made. It wasn’t surprising that Uber knows what I’m doing when I’m on their app but the amount of detail they know surprised me a bit.
For example, they know the phone carrier I’m using, the model of my phone, exact location coordinates and more. I really wish it had every rating I’ve ever received but, alas, that’s not in there. In case you’re wondering, I’m a solid 4.8.
Here’s what was included in the zip drive:
The first time I tried requesting my data from Yelp, I had some difficulty. I followed the instructions and requested my data download directly from Yelp’s website. I got an email indicating I should get all of my data in two days but for some reason, I never actually received it.
I decided I would try requesting again, thinking maybe I made a mistake or it didn’t actually go through. Either way, I logged back into my account and went into my privacy settings. There’s a handy link to download a copy of your Yelp data, so I followed those instructions.
This time around I got my data back! Pretty quickly too, which was surprising. Here’s what it looks like:
Yelp knows where I’ve been, not just check-ins but they’re getting my phone’s location (which I’ve now turned off). They also save any direct messages, business that I follow or have bookmarked, places I’ve searched for, any waitlists I’ve joined, and my profile information. They have a pretty good idea of who I am and what places I usually frequent or want to go to.
Requesting my data from Airbnb required some work. I had to read so much legal jargon before finding clear instructions on how to email them. I started an email draft, but first I had to find my profile ID number. I used the app on my phone since it’s already logged in, but this profile ID number was nowhere to be found. I would have to sign in on my laptop, ugh.
I used my password manager to locate my username and password, logged in, and then went to my profile. I was looking for this ID number and couldn’t find it (again), only to realize they were looking for the numbers located in the URL after my name.
I finally emailed them, and a few days later I got this note:
So basically if you want your data from Airbnb, you have to send them a picture of your ID over email (not super secure!) and you have to request AGAIN. Not a top-rated experience, Airbnb. Next!
Now onto my favorite social media platform, Instagram. It was surprisingly easy to access my data from Instagram, which is owned by Facebook. Next time you’re on your profile, tap the Settings option, then hit Security, and you’ll get a screen that looks like this:
To look at my data, I hit Access Data and there it was: every comment, like, follow, post and basically everything I’ve ever done or looked at on Instagram. The most unexpected thing by far was they had everything I had ever searched for and even just typed in the search bar. Instagram is my prime social snooping spot so I can’t imagine if this data ever got out and my 5th grade crush found out I was looking at his profile. I quickly proceeded to the Clear Search History section and cleared it asap.
Facebook, as we all know, has its problems, and we’re all probably better off limiting its reach. But I was actually impressed at how easy they made it to view and download my data from Instagram.
I use Spotify daily so it’s one of the apps that has the most dirt on me. I checked out the Privacy Center, and found a lot of information that I didn’t want to sift through.
After scrolling for a while, I found a Contact Us option. I went through all the prompts and finally arrived at 1: Request your data. I clicked to request and then received an email noting that this process can take up to 30 days so sit tight. Cool.
A few days later, my data arrives via email in something that looks like code. (A coworker later told me it’s a database download. I’m obviously not a tech person). Spotify has all of my search terms, every single song I’ve ever listened to, every playlist I’ve ever created, who I follow and how I pay. Again, nothing mind blowing. We all expect Spotify to have this information.
But I can’t imagine if this was leaked and every song I’ve ever listened to in the past decade was on display for strangers to see. It’s pretty cringe-worthy. This is a sample of how my data looked:
Requesting my data from LinkedIn was also easier than I expected. I was able to quickly download everything into a zip file directly from the privacy settings. Like the others, it was a lot of information to go through.
LinkedIn had an interesting section that detailed how they target me for advertising. It had a full profile on who I am based on what computer I use, my locations, who I know and follow. They also had every communication I’ve ever sent, if I’m currently open to jobs or not, and a lot of information about who I was connected with.
LinkedIn had more than I realized they would have on me, so I’m going to keep playing around with settings to see what I’m able to delete from the platform.
* * *
My biggest takeaway from this experience is that it’s a pain to request your data, and once you get your copy, it’s hard to know what to do with it. Some companies do actually allow you to delete the data and remove yourself from future data collection, but it should be easier to get there.
Yet, whenever I was able to find the option to delete or remove my data, I took advantage of it. Using Firefox browsers on my computer and phone also provides a layer of privacy protection by automatically preventing many third-party trackers, meaning random companies won’t be able to follow me around the internet collecting information.
It might not be easy to hunt down your data or delete it but because of CCPA, you now have the power to do it. If you’re looking for a place to start, Common Sense Media has a tool at DoNotSell.Org that allows you to look up how to delete and/or request your data from a variety of companies. If you can’t find the company you’re looking for, try searching the company’s website for “California” to see if they have a CCPA section.
Tweet us @Firefox to let us know how your data request journey is going.
* * *
If you want to request your data back from any of the companies mentioned in this article, all the links are below:
More on CCPA:
It’s not going to be easy, but you can:
- Ask companies to access, delete and stop selling your data
- Have the State Attorney General on your side if companies don’t comply
Not in CA?:
- You can still request the above, and it’s possible some companies will comply.