On June 11, 2019, Facebook announced ‘Study,’ its market research app for Android users in US and India, which pays users who allow it to monitor how they use the applications on their phone.
The Study app will collect data on the apps installed on a participant’s phone, the amount of time spent using those apps, the participant’s country, device and network type and app activity names, which may show Facebook the names of app features the participants are using. It promises not to collect user IDs, passwords, or any of the participant’s content, such as photos, videos or messages and has assured that the information will neither be sold to third parties nor used to target ads. Facebook says it also won’t add the data collected to the user’s Facebook account if they have one. Read more about it here.
It’s clear that this is a voluntary, opt-in program, which monetarily compensates users in exchange for them giving up some of their privacy. A Facebook spokesperson told TNM that the payments will be made on a monthly basis through PayPal, but the amount and the rate were not disclosed. “Our partner, Applause, will handle all compensation,” Facebook said.
And while experts point out that Facebook is certainly not the first company that wants to do market research by collecting user data, the new proposal raises some pertinent questions about privacy and consent.
Not illegal, but what’s the end goal?
“It is clear that market research apps invade people’s privacy,” states Pranesh Prakash, a fellow at the Centre for Internet and Society. “However, asking people to opt-in for market research is not uncommon. And if consent is given, it is legal. There is nothing wrong with people participating in this as long as they are aware.”
That being said, Pranesh also points out that in many cases, market research such as this has led to useful insights about user behaviour and can contribute to public policy as well. However, in Facebook’s case, it is likely that the findings will be used internally and will not be made public.
When asked about the purpose of this data collection, Facebook said it was to make better products.
“Like many companies, we use market research to help us understand trends and build better products. This information is incredibly important to us because knowing how people use apps helps us prioritise and build better experiences for people,” a Facebook spokesperson said, adding that they are maintaining complete transparency.
No strong data privacy laws in India
While there is a requirement for participants to consent to share data with Study app, what makes Indian users vulnerable is that the country does not strong data privacy laws. The Data Privacy Bill 2018, modelled on the General Data Protection Regulations (GDPR) of the European Union, is yet to become a law and is riddled with loopholes in its present form.
Nitish Chandan, a cyber-security specialist, points out that though the Supreme Court deemed privacy a fundamental right of Indian citizens last year, the jurisprudence itself has not evolved – no major company or entity has been punished so far for a data breach.
“Had the Data Protection Bill been passed, there would have been a clear mandate for companies who want to process personal data as well as purpose limitation, meaning they can only process data for certain purposes and not others,” Nitish says.
And while the data collection is legal because consent is obtained, Nitish points out a strong data protection law would have barred from it being used for unethical purposes such as mass profiling. The Data Protection Bill for instance, under section 33 (1), bars large-scale profiling or any processing which carries the risk of “significant harm to data principles” unless the data fiduciary undertakes a data protection impact assessment in India.
Further, while purpose limitation breaches can be picked up by watchdogs, common people are unlikely to realise this and read the fine print, Nitish adds.
What conditions is consent being sought in?
Nayantara R, Programme Manager–Freedom of Expression at the Internet Democracy Project, tells TNM that Facebook’s decision to launch Study raises some very important questions.
"With calls for informed consent while giving away data, something like Study seems to satisfy many requirements. The app will clearly state what data is collected when a user opens it, etc. But the problem is approaching consent in an individualised manner, without questioning if there are structural conditions that enable giving consent. A useful parallel to draw is conversations on consent in the context of sexual relations. We question the power dynamics and surrounding circumstances in the giving of consent there. The Study app is a good case to confront what is the kind of consent we are after," she explains.
Nayantara argues that consent has to be situated in the larger ecosystem of power play. The situation is made complex by the monetary incentive. If a person needs the money and therefore consents to give up their privacy to a large company – how freely is that consent given? And is it a fair trade?
“These questions don’t have easy answers but are the conversations that we need to start having,” Nayantara states. “This is not so much about whether Facebook's motives are bad. The more important question it raises is about the demands that civil society has been making: consent, compensation in exchange for the labour on platforms etc,” she observes.
The Facebook spokesperson’s response indicated that the company has been aware of these debates and demands: “We’ve learned that what people expect when they sign up to participate in market research has changed and we’ve built this app to match those expectations.”
Not Facebook’s first time collecting data
This is not the first time that Facebook has launched an app for market research – its now-defunct Research app, launched in 2016, was rolled back after an investigation by Tech Crunch that revealed the app had violated Apple’s policies. The app had asked users to download a VPN onto their devices, ‘trust’ it (requiring users to give it permission), and could, if it wanted, access personal information of users, including private messages on social media apps, chats from instant messaging apps (inclusive of photos and videos), emails, web browsing history and even the present location of the person, by tapping into another app using the location feature.
This app – that also paid users up to $20 per month in gift cards to share their data – came under even more fire because it didn’t just target adults. People from age 13 to age 35 were eligible to download this app. Investigations also revealed that Facebook had ended up collecting some non-targeted data as well.
Additionally, it also bought the Onavo Protect app in 2014, which projected itself as a privacy app providing free VPN to users and allowing them to minimise their data plan usage. However, the app was collecting information on users, providing Facebook with deep analytics about which apps the users were using. The app was eventually discontinued after the data snooping was discovered.
Facebook seems to have learnt from these experiences. “We’re offering transparency, compensating all participants and keeping people’s information safe and secure,” a company spokesperson said. However, Tech Crunch reported that Study – which is only for users above the age of 18 – too could give Facebook crucial insights into competitors and features it could invest in on its own platforms based on what was popular on other apps users are using.