Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

3D's: Dating, Deception and Data Portability | Mozfest 2019


Published on

Exploring how to request your personal data under GDPR, what a sample of dating data looks like practically and what can be done with the data?
Given at Mozfest 2019...

  • Be the first to comment

  • Be the first to like this

3D's: Dating, Deception and Data Portability | Mozfest 2019

  1. 1. @cubicgarden | Ian Forrester @cubicgarden 3D's: Dating, Deception and Data Portability GDPRedition
  2. 2. Dating
  3. 3. @cubicgarden | Notes
  4. 4. I was once, a bit of a serial dater * * Compared to the typical number of dates people go on before committing to a relationship
  5. 5. I was once called, the wikipedia of online dating Northern Lass in The Guardian
  6. 6. Match, Guardian Soulmates, OkCupid, Plenty of Fish, Zoosk, Tinder, Woome, How about we, Badoo, Bumble, and more...
  7. 7., an operating business of IAC, had acquired OkCupid for $50 million in cash. Many Readers expressed worry that they would now have to pay for OkCupid's free dating services. Internet denizens have also pointed out that a popular OKCupid article from last year titled “Why You Should Never Pay For Online Dating” has been taken down from the company's blog. "I chose to take that down. Match didn't ask," Yagan says, denying that the other site was attempting to censor OkCupid @cubicgarden | | I want dataportability…!
  8. 8. Straight from drug dealing handbook?
  9. 9. @cubicgarden | Getting your data from Tinder is really hard Given the popularity of her story, and my overflowing inbox, I would say many agree. And indeed, you should expect more similar stories to be unearthed in the future because of the upcoming General Data Protection Regulation (GDPR). From May 2018, the new European-level regulation will come into force, claiming wider applicability – including on US-based companies, such as Tinder, processing the personal data of Europeans – and harmonising data protection and enforcement by “levelling up” protections for all European residents.
  10. 10. Dating sites are a mine of personal data @cubicgarden | |
  11. 11. General data protection regulation is your friend @cubicgarden | Dear {service} I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation. I am still concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information. I would like you to be aware at the outset, that I expect a reply to my request within one month as required under Article 12, failing which I will be forwarding my inquiry with a letter of complaint to the Information Commissioner’s Office. Please advise as to the following: Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases. … Please advise as to what training and awareness measures you have taken in order to ensure that employees and contractors are accessing and processing my personal data in conformity with the General Data Protection Regulation. Thank you, Ian
  12. 12. @cubicgarden GDPR data (OkCupid) UserData.html UserData.txtUserData.json
  13. 13. Snippet of OkCupid data @cubicgarden | { "answer_choices": { "1": "Split the bill", "2": "Pay the whole bill", "3": "Have them pay the whole bill", "4": "It doesn't matter to me" }, "prompt": "It’s your first date. Do you split the bill, pay the whole bill, have them pay the whole bill", "question_id": 21181, "user_acceptable_answers": [ "Split the bill" ], "user_answer": "Split the bill", "user_answered_publicly": "yes", "user_importance": "mandatory" },
  14. 14. @cubicgarden GDPR data (Plenty of Fish) UserData.pdf Profile_*.jpgUserData.json
  15. 15. "MaritalStatus": "Divorced", "WantChildren": "Undecided", "HaveChildren": "No", "Smoke": "No", "Drugs": "No", "Drink": "Socially", "Iama": "Male", "Creationdate": "2014-01-25T03:47:02", "Profession": "Produce", "Firstdate": "I'm pretty open about most things...", "Postalcode": "M1", "ImageLastupdate": "2018-01-01T07:22:00", "Religion": "NonReligious", "Showfav": true, "SchoolId": "BachelorsDegree", "FishId": "Geek", Snippet of Plenty of fish data @cubicgarden | "Imagecount": 7, "CarId": "No", "IncomeId": "From00To00", "MemberlevelId": "Basic", "Siblings": 0, "Birthorder": 0, "Intent": "WantRelationship", "Datekids": "Yes", "Datesmokers": "Yes", "EyesId": "Brown", "PetsId": "NoPets", "Secondlanguage": "NoSecondLanguage", "Firstname": "ian", "FirstnameShow": 1, "Latitude": 53.000000, "Longitude": -2.000000
  16. 16. Deception
  17. 17. Apps make money from attention & personal data @cubicgarden | Dating sites are a mine of personal data
  18. 18. @cubicgarden (POF) Elements of interest BasicSearchData - AdvancedSearchData - What is this? Images - attached What is missing? - Ranking, rating, etc...
  19. 19. @cubicgarden (OkCupid) Elements of interest login_history - Every single time logged in… geolocation_history - essays - ? messages - One side conversation photos - In links What is missing? - Ranking, rating, etc...
  20. 20. @cubicgarden | Dating deception
  21. 21. Data portability
  22. 22. @cubicgarden | What’s missing? “Whilst the right to data portability clearly has the potential to support innovation, there are a number of factors that may limit its effectiveness. Importantly, the right’s strength will depend heavily on the definition of personal data under GDPR. The Article 29 Data Protection Working Party indicates that data which is ‘entered’ by an individual or ‘generated’ through their use of a product or service will fall within that definition, whilst that which is ‘derived’ or ‘inferred’ from this data will not. A narrow definition of personal data will restrict the types of new products and service made possible by the right to data portability. In the peer-to-peer accommodation example, this could mean that a host on an accommodation platform could port basic profile information but not their reputational scores.
  23. 23. @cubicgarden | Data portability ● The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. ● It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. ● Doing this enables individuals to take advantage of applications and services that can use this data to find them a better deal or help them understand their spending habits.
  24. 24. @cubicgarden | Types of data portability Competitive Complementary Unrelated
  25. 25. @cubicgarden | Data portability services
  26. 26. @cubicgarden | Open Humans
  27. 27. @cubicgarden | Personal data exploratory
  28. 28. @cubicgarden | Imagine the influx of GDPR data?
  29. 29. @cubicgarden | | Data portability 2.0?
  30. 30. Group exercise
  31. 31. @cubicgarden | Imagine 3 different services for the data Competitive Complementary Unrelated ● Spend 10 mins thinking about what you could do with the dating data ● Then present back to the whole group in less than 3 mins
  32. 32. @cubicgarden Ian Forrester @cubicgarden Thank you for listening, questions?