Every Streaming Company Not Named Apple Receives A Lousy Grade On Privacy
from the unimportant-afterthoughts dept
While streaming providers and hardware companies see significantly higher consumer satisfaction rates that traditional cable TV, their privacy practices still leave something to be desired. That’s according to a new breakdown of streaming service privacy policies by Common Sense Media, which doled out terrible grades to pretty much everybody not named Apple:
“Our privacy evaluations of the top 10 streaming apps indicate that all streaming apps (except Apple TV+) have privacy practices that put consumers’ privacy at considerable risk including selling data, sending third?party marketing communications, displaying targeted advertisements, tracking users across other sites and services, and creating advertising profiles for data brokers.”
Of course their privacy practices suck because being terrible on privacy is perfectly legal in a country that can’t manage to pass even a basic privacy law for the internet era. Not a law cracking down on the dodgy behavior by third party data brokers. Not a law that implements some basic transparency requirements so consumers know what’s being collected and who it’s being sold to. And not a basic law that implements something vaguely resembling real accountability for companies that can’t be bothered, time and time again, to properly secure their networks, devices, and servers from intrusion.
The firm took a deep dive into the data collection and sharing practices of 10 different streaming services and hardware vendors, from Netflix and Disney+ to Roku. They closely examined what data was being collected, how much of that collection was transparent to the end user, and where that data was sent. They also took a close look at device security using the Consumer Reports’ Digital Standard, a promising new metric that attempts to standardize security practices so they can be included in product reviews.
Some of the failures were downright ugly, like making no real exceptions for the data collection of children. Many of the issues revealed weren’t the end of the world, but they make it repeatedly clear that companies aren’t being transparent about what is collected, and often enjoy making opting out of data collection and monetization as cumbersome and annoying as possible:
“The Roku Streaming Stick+ set?up process did not
display notice of privacy settings or choices a user can make about sharing data. Only after the Roku device has completed setup can users navigate to
the “Settings” menu, and choose to opt in to the single privacy setting “Limit Ad Tracking” which is not enabled by default. This setting is worded in such a way that it may be misleading that opting in to limiting a worse practice is actually opting out of use of your data for that worse practice, which is not a
principle of privacy by design.”
There’s a consistent drumbeat of arguments that tend to focus on how it’s simply impossible for our Luddite Congress to pass a useful privacy law. But again, it wouldn’t be at that difficult to write a clear law, with input from major stakeholders, that simply mandates clear communication on what’s being collected and how to opt out of it. But we can’t even do that. Instead we’ve got complete apathy toward the privacy and security internet shit show on the federal level, which created a discordant wave of less than impressive and often convoluted state-level laws.