We have long known that in this ubiquitous digital age, our privacy was under serious threat. Our personal data is happily wandering through the mysteries of big data and the least of our behaviour on the web is analyzed by data scientists of all kinds. But the investigation carried out by our colleagueNumerama reveals that our fears about the preservation of our intimacy were far below reality. Indeed, ten million French people would be tracked in the slightest of their movements. You went to a restaurant last night? Someone knows and will sell this information to commercial organizations that want to know more and more about you.
Qhat would you say if someone was able to know your every move? Yesterday, you left your house at 7.45 p.m., you took the ring road and went out the Porte d'Italie. You looked (for a long time) for a parking space and then went to spend 32 minutes in the aisles of a shop selling cultural products. You then walked along the boulevard for a few minutes and sat down on the terrace of a restaurant. The movements of your evening can be visualized on a map of Paris because an algorithm follows your position every three minutes. In reality, the algorithm follows the position of your smartphone. But it just so happens that you have it, like many of your fellow travellers, always in your pocket or within reach. Even when your device is turned off, you are being tracked. There's no respite for digital spies.
But what is the point of knowing the details of my movements? I'm a very ordinary person, I'm not a celebrity, no paparazzi has bothered me so far. Wrong! You forget that you are a very important person: you are a consumer. And many commercial companies are very interested in your little stop at the department store and your agapes at restaurants. For them it is the way to link the real and the digital world, to send you some well-chosen information and prescriptions. You have just joined the FNAC (the algorithm knows it)? As soon as your smartphone displays a notification, a discount, a good plan. Magical but terribly effective. At last, the Grail of "drive to store" is on its way to being reached!
To succeed in this bet of tracking you in real time, many companies have spent millions of neurons and dollars. One has succeeded. And it's French! Her name is Teemo (formerly databerries). It is in full "hypergrowth" because its algorithms are all the rage with the big names in commerce and the media. But, you might say, you've never downloaded any of this company's applications onto your smartphone. You didn't even know about it until today. Indeed, but on the other hand, you know the Figaro, Leaderprice, Monoprix, l'Equipe, Volkswagen... You are a customer and certainly have one of their applications in your smartphone.
That's where the trick lies. These major brands (there are more than fifty of them today) have an advertising agreement with Teemo. Nothing could be more normal. What is less normal is that the startup asked them to insert lines of code (an SDK) in their application. This code acts like a Trojan horse and, once installed without your knowledge, takes control of your smartphone's geolocation system. From then on, Teemo can, hidden behind the advertiser's or media application, spy on your movements at will and resell the data collected to its advertisers so that they can better target their ads.
But it's illegal! You'll scream, offended. The answer is not obvious because the department seems to be taking advantage of a legal vagueness, a black hole in the law into which it has sunk.
The experts interviewed by Numerama aren't very comfortable with that question. The CNIL (Commission Nationale Informatique et Libertés) has taken an interest in the Teemo case but no action has yet been taken. The startup argues that the applicable terms and conditions of use are those of the publishers who use its service. And for most of them, the issue of geolocation and the protection of this type of data is shrouded in a great artistic vagueness. The use of these data seems "debatable" in the eyes of many experts and in particular the CNIL, but no action can be taken for lack of texts. Numerama sums up the situation by saying: " Despite CNIL controls, Teemo showed that it was still possible to surf on legislative loopholes and a little technological vagueness to "recover the cash before it is illegal". ». Although there is an RGDP (General Personal Data Regulations), this text only covers personal data and not geolocation.
What to do in the face of the law's vagueness? Waiting for the texts to change? Web companies have got us used to this game of cat and mouse with regulations. Technology is moving faster than the legislator. Public opinion remains. Only the consumer can protect himself and has a fatal weapon at his disposal: touching the companies that play this little game with their wallets by refusing to be customers. By agreeing to host spy codes on their applications, they surrender to the authorities. de facto legally complicit.
Apple, very concerned about the abusive use of its smartphones, has announced that it wants to change the procedures of these next smartphones so that tracking your location is no longer possible without your explicit consent. In the meantime, the spies in your private life are having a field day.