Shock scale of how your passport details, kids’ voice recordings and baby due dates are traded by supermarkets and hotels

Medical details, kids' voice recordings and copies of passports are at risk when customers tick an online consent box.

Marriott International, Facebook, Asda, Paypal, BT and Tesco engaged in hidden data harvesting and sharing.

Big firms are able to use personal data to build a profile of customers for targeted adverts or to pass to other organisations, according to analysis by the Daily Mail.

Examples of this include:

  • Pregnant women's due dates sold by Asda to a mystery third-party company for marketing;
  • Kids' voices recorded on the YouTube Kids app are being harvested by Google to promote other apps;
PA:Press Association2
BT was found to have harvested user data
  • Copies of passports given to PayPal for account verifying have been snapped up by Microsoft for facial recognition products;
  • Viewers of BT TV are being profiled for advertisers according to profiles of their telly watching and phone call records;
  • Health details, ethnic origin and political views of Facebook users are being used by the social network for targeted adverts;

Last night, Parliament published emails that showed how Facebook accepted cash in exchange for access to its users' data.

The firm's staff discuss whitelisting companies including AirBnB, Tinder and Netflix – allowing them to retain access to Facebook user data if they bought enough ads.

Mark Zuckerberg, founder and CEO of Facebook, wrote in a private email that access to user data could be licensed to ad buyers.

But he adds: "If the revenue we get from those doesn’t add up to more than the fees you owe us, then you just pay us the fee directly."

Marriott International last week revealed hackers had broken into its database of 500 million guests, with the attackers having ‘some combination’ of passport numbers, names, addresses and bank card details.

The hotel group routinely stores the names and ages of guests’ kids, room service orders, social media accounts and employer details and shares this across its operations in 150 countries including Venezuela, Gabon and Libya.


"We want it to be easy for people to understand and control their data and make the privacy choices that are right for them." – Google


"We share very limited amounts of information with trusted companies" – PayPal


"We never sell our individual customers’ personal data, or share it with organisations so that they can use it for their own marketing purposes." – Tesco


"We take data protection very seriously and always handle personal data carefully and in line with data protection law." – Asda


"We do record what customers buy from us and their marketing preferences so that we can provide them with offers and coupons that are useful to them." – Morrisons


"We make our guests aware that we collect personal data. Because Marriott is a global organisation … some sharing of data across borders is essential." – Marriott


A BT spokesman said it used customer information to provide services but credit reports did not form part of their profiles.


Facebook declined to formally comment, but denied using sensitive data to target adverts at users.

By ticking an online ‘accept’ box, Marriott guests consented to giving up this data and to acknowledge having read the 5,600-word privacy policy which said that ‘no storage system is 100% secure’.

All of the firms analysed insist they keep customer details secure, according to new EU GDPR rules, and that information is encrypted.

But the Marriott hackers were able to access encrypted data, suggesting a new layer of security was needed.

There are also concerns over the companies hoarding profiles on their customers to target them with advertising and sell them more products.

Source: Read Full Article