In the midst of the buzz about Automattic acquiring Tumblr, some of us took pains to point out that we literally can’t see anything on Tumblr blogs, nor would we want to – not at the cost of playing Verizon/Oath’s privacy head games.
If you don’t know what I’m on about, click on this link to view the 1349 x 19249 screen cap of the second of four privacy Zuckering screens which European users have to wade through in order to view the content on any Tumblr blog.
Click on the thread for more screen caps.
It's actually a lot worse than that. Here is the first thing any European user sees when trying to access any Tumblr blog, in this case, Matt's. Tumblr *does not allow access* unless the user consents to having their search, location, and browsing data accessed. pic.twitter.com/Z4Kh89dQhl
— Heather Burns (@WebDevLaw) August 13, 2019
The merger brings up two valid questions: will the privacy head game continue under new ownership, and what is being done with the personal data which – by nature of the transaction – will have been part of the acquisition? After all, removing the “huge block of legal language” – as Matt Mullenweg said in the New York Times – only removes the interface which gave users their choices and options. The data capture, storage, and transfers still take place when they’ve been baked into the way the site works.
And that brings up a third question: did they think to ask about these things at all? It’s entirely possible they did not, as both companies’ American bases mean that no one involved in either side of the transaction will have seen the privacy head game, much less been forced to play it just to see the content.
For my wonk job, I’m currently evaluating the ICO’s draft code of practice on data sharing, which is open for public consultation until 9 September. There is a section on due diligence when sharing data following mergers and acquisitions (see page 70 of the PDF draft.)
This guidance might be useful to keep at hand if you ever decide to acquire a privacy-invasive social network. As you do. Especially one that’s under investigation – which means that you will be too.
Here’s what the draft has to say:
And as with all of the steps that go into building a genuine and healthy regard for user privacy, document your due diligence or it didn’t happen. Because Helen’s going to want to see a copy of it, so she will.
We are people of enormous power and influence over the open web. As a tech policy and regulation specialist, I empower you to use that power wisely. I support digital professionals in understanding the political, legal, and regulatory issues which impact their work, assist them to participate constructively in the regulatory sphere, and represent them directly to governments. I advocate for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. I fight for edge cases, the little guys, and the big pictures. Let’s talk.