Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Businesses

When a Company Gets Sold, Your Data May Be Sold, Too 92

An anonymous reader writes: A new report points out that many of the top internet sites have language in their privacy policies saying that your private data might be transferred in the event of an acquisition, bankruptcy sale, or other transaction. They effectively say, "We won't ever sell your information, unless things go bad for us." 85 of the top 100 websites in the U.S. (ranked by Alexa), had this sort of language, including Amazon, Apple, Facebook, Google, Hulu, and LinkedIn. (RadioShack did this recently.) "The potential ramifications of the fire sale provisions became clear two years ago when True.com, a dating site based in Plano, Tex., that was going through a bankruptcy proceeding, tried to sell its customer database on 43 million members to a dating site based in Canada. The profiles included consumers' names, birth dates, sexual orientation, race, religion, criminal convictions, photos, videos, contact information and more. Because the site's privacy policy had promised never to sell or share members' personal details without their permission, Texas was able to intervene to stop the sale of customer data, including intimate details on about two million Texans." But with this new language, users no longer enjoy that sort of protection. Only 17 of the top 100 sites even say they will notify customers of the data transfer. Only a handful allow users to opt out.
This discussion has been archived. No new comments can be posted.

When a Company Gets Sold, Your Data May Be Sold, Too

Comments Filter:
  • by grimmjeeper ( 2301232 ) on Monday June 29, 2015 @12:14PM (#50012717) Homepage
    Reason #43385634 why I try to minimize my exposure by refusing to give as much personal information as I can as often as I can. Paying in cash for day-to-day transactions helps out a lot too.
    • by Shoten ( 260439 ) on Monday June 29, 2015 @12:26PM (#50012855)

      Reason #43385634 why I try to minimize my exposure by refusing to give as much personal information as I can as often as I can. Paying in cash for day-to-day transactions helps out a lot too.

      No kidding.

      With regard to True, I once used their service, very briefly. And then, a year later, I started getting all kinds of spam to the email address I had created just for that one account. Mind you, I literally had given this email address to only one entity, ever...the True website. I ended up just re-creating the email account and blackholing it.

      So either they had a breach (and didn't report it) or they sold the email address in violation of their own agreement. Since there are criminal legal consequences to not reporting a breach of PII and there have been many studies that indicate that companies (especially ones that are failing) violate their own privacy terms, I think the latter is more likely.

      • Cue the "Why not both" girl...

    • Exactly that.

      It seems slashdot editors are short of news if this comes to first page.

      In other news, water is wet. News at 11.

    • Yeah, there a laws specifically forbidding this in the EU for a reason.

      • Given that many corporations are multinational and span continents, I bet your privacy isn't nearly as guaranteed as you might think.
        • by Z00L00K ( 682162 )

          I agree, and I more or less expect surprises.

        • This is why private data about EU citizens must be stored in the EU, or the company storing it outside needs to sign a special contract with the EU (which has some extra US law to back it, so it isn't just a normal contract).

        • by Maritz ( 1829006 )
          It's a hell of a lot better than nothing. Which is what you peeps have over there.
    • Comment removed based on user account deletion
      • It will take a lot for cash to go away. While the underground economy is driving a lot of the cash use, the privacy advocates will surely fight to keep it as well.
      • My guess is that most slashdotters would happily go along with doing away with cash.

        Your guess would be dead wrong, at least for this slashdotter.

      • That is exactly the reason you should use cash. The financial industry tries to shoehorn itself into every transaction you make. Society is by far better off without banks than without cash.
  • Everybody everybody! I need help! I trust the bad CORPORATIONS with all my personal details, and some of them went broke and sold me details to the big bad governments.

    Oh why why why did I trust crappy companies? Because all my peers were doing it? Is the Internet a gateway drug??

    • by bondsbw ( 888959 )

      The obvious solution is to just make sure they never go out of business. Too big to fail.

      The company gets to keep profiting off of you, and you get to keep providing them with data that will help further their profiting off of you. Win-win!

  • How is this new? (Score:5, Insightful)

    by gstoddart ( 321705 ) on Monday June 29, 2015 @12:19PM (#50012781) Homepage

    This has been known for years. Those privacy promises do not survive bankruptcy, and your personal information they promised never to sell becomes another asset to be disposed of.

    This has been happening for years. Don't want your personal information sold, don't provide it to them.

    Even their privacy policies which say they'll never sell it will have legal language which says "unless we change our mind".

    The promises by corporations to play nicely aren't legally binding and can be changed on a whim. I'm pretty sure we've seen other examples of this over the last decade.

    Unless there are actual laws preventing this, any promises are pretty much worthless.

    Some countries have enacted privacy laws, but I'm pretty sure the US never would -- because that would limit corporations.

    This might finally becoming plain to everybody else, but the vast majority of people here should already know this.

    • Agreed. Can we file this under:

      No Shit, Sherlock

      • Agreed. Can we file this under:

        No Shit, Sherlock

        Given that the editors can't even manage to file stories with "Ask Slashdot" in the title under the "Ask Slashdot" section (I'm looking at you Timothy!), I would have to say probably not.

      • The question is not, does it happen (we all know it does), but should it happen, and should we be quiet about it.

    • This article is valid and delivers more data to the subject.

      It's always a great thing to remind individuals of language within these site's terms of service. Due to the fact that I don't have time to find to comb through terms of service, this particular language was new to me. In general, most of us know that data on the internet isn't safe is a good assumption.

      I give a thumbs up to the author.

  • Well... duh. (Score:4, Insightful)

    by mlts ( 1038732 ) on Monday June 29, 2015 @12:21PM (#50012795)

    This has been an issue with any Internet business, be it a cloud provider, dating service, or someone who services vend-a-goat machines. When they go bankrupt, no contracts are honored, and the data falls to the buyer of the company or the physical servers, and can be used, without restriction, by the new party. For example, if a cloud computing service goes bankrupt, the next owner of the physical servers can make a multi-terabyte torrent of the contents, there is nothing the former clients can do about the data legally.

    The only real solution to this is having part of the bankruptcy law changed to mandate supervised destruction of all data as part of the handover of servers.

    • It has been true prior to the invention of the internet. Businesses have been keeping personal data on customers for thousands of years. That data is always part of the sale of the company. Companies buy each other to get the other companies customers. You can't purchase customers without transferring customer data. Management of a company can change at any time. So even if the name on the site doesn't change your data may wind up in the hands of new people.
  • by xxxJonBoyxxx ( 565205 ) on Monday June 29, 2015 @12:22PM (#50012809)

    * A clear sky is blue
    * The sun will rise tomorrow
    * A bear...

  • by SpaghettiPattern ( 609814 ) on Monday June 29, 2015 @12:23PM (#50012819)
    When you sell a business as a whole, you sell its inventory, credits, debits and running contracts. If you want to do that differently than you have to stipulate. But then the business's value will be different. Private customer information is as much inventory as is the fish tank in the hall.
    • Private customer information is as much inventory as is the fish tank in the hall.

      Except that the company never told people nobody else would ever have the fish tank in the hall.

  • by argStyopa ( 232550 ) on Monday June 29, 2015 @12:28PM (#50012867) Journal

    "..Because the site's privacy policy had promised never to sell or share members' personal details without their permission,..."

    Sounds like we could charge the corporate officers with 2 million counts of fraud at least.

    If we actually set a strong precedent of punishing site owners for their cavalier disregard for the promises made, I suspect this wouldn't be something we'd have much worry about.

    • by mlts ( 1038732 )

      They can easily change the agreement by updating the TOS and have a statement in said link that continued use of the site constitutes acceptance of the new terms. For a bankrupt company, that would be enough legal CYA to prevent any judge from ever piercing the corporate veil.

      • They can easily change the agreement by updating the TOS and have a statement in said link that continued use of the site constitutes acceptance of the new terms.

        This led me to wonder about the following scenario:

        - You sign up with SomeCompany.com and enter some personal information. They promise never to sell your information.
        - You stop using SomeCompany.com.
        - SomeCompany.com updates their TOS saying "We can now sell your info. Your continued use of this site is acceptance of this new TOS."
        - You still d

    • "..Because the site's privacy policy had promised never to sell or share members' personal details without their permission,..."

      Sounds like we could charge the corporate officers with 2 million counts of fraud at least.

      If we actually set a strong precedent of punishing site owners for their cavalier disregard for the promises made, I suspect this wouldn't be something we'd have much worry about.

      Who are you going to charge when the business has closed its doors and a bankruptcy court is discharging its assets to creditors?

      • If the corporate officers aren't DEAD, then they should still be culpable.

        In the particular context of data, it's their choice whether or not they retain that data in a way that it could be sold. If at the end of the day the site fails, the business fails, and they go into bankruptcy, it's entirely their choice to preserve that data and sell it to mitigate their losses OR to destroy it based on their previous commitment to do so.

        Now, I recognize that a bankruptcy court might frown on that as destruction of

  • by SecurityGuy ( 217807 ) on Monday June 29, 2015 @12:31PM (#50012903)

    Most also say they can chance the agreement at any time. An agreement that one party can change at any time doesn't really mean anything anyway.

  • ...and make no mention as to what happens to your data that they captured under their previous privacy policy.

  • Business Asset (Score:1, Flamebait)

    by Virtucon ( 127420 )

    It's a business asset and as such can be transferred and despite the terms of service and policies set forth, a bankruptcy judge can pretty much throw that away if it means getting revenue for creditors and bond holders. In a lot of cases, the value of customer data can be considered significant, why do you think WhatsApp was so valuable to Facetard?

    It's also boggling that people still think that terms and conditions actually protect them in any way, shape or form. They don't, they describe your "

  • Surprise! There is no guarantee to privacy when you don't control your data.

    The same goes for any cloud application.
  • Sale of a company (Score:4, Insightful)

    by jklovanc ( 1603149 ) on Monday June 29, 2015 @12:46PM (#50013045)

    Clauses like this allow data to be transferred to the new company running the business. Many of these agreements state that the company the purchases the data will be bound by the privacy provision of the rest of the privacy policy. For example many privacy agreement state that personal data will not be used for marketing. The new owner would also be bound by that policy. Here is Google's policy;

    If Google is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

    Without this provision it would be much more difficult to sell a company or merge with another company. I am sure that the value of Google with it's user base is much more than the value of Google with no users.

  • When a Company Gets Sold, Your Data May Be Sold, Too

    Duh. Are poster and editor new - to like everything?

  • Please don't confuse (Score:4, Interesting)

    by NotInHere ( 3654617 ) on Monday June 29, 2015 @12:55PM (#50013125)

    Your data = "data which you fully control", usually a part of the data on your HDD. Its getting less and less year after year.
    Data about you = "data you use as payment for 'free' services"

  • And why did you _every_ think it was otherwise.

    If you care, code your data. This is easy to do with small spelling variations. Some address correction systems get rid of them but you can get it through if you're creative. Then you can track the flow of your data. It's fun. But there is no privacy. Welcome to 1984 all over again.

  • When buying a company, part of what you're buying are their assets, both tangible and intangible. This is NOT exclusive to just modern internet companies. Go anywhere as far back in history as you'd like. When one company buys another, why would they NOT transfer over customer account records?

    Just imagine the inverse for a second... The company you're doing business with gets bought out, but are not allowed to transfer over their records. You walk into that business the next day, and before you can even do

    • by Anonymous Coward

      You expect them to pass along the customer records if they transfer a business unit to another company, for the reason you stated. You don't expect those records to be separately sold as an asset in-and-of-themselves.

    • by Maritz ( 1829006 )
      And of course, this is precisely the same thing as selling data to the highest bidder for any purpose they choose.
  • by daq man ( 170241 ) on Monday June 29, 2015 @01:22PM (#50013301)

    It's already too late for us early adopters. Our information is out there and can't be claimed back now.

    For example, up to a year ago I used a cloud storage service to store some files (fortunately encrypted) that I didn't want to lose, tax records and statements in PDF format. I found a better alternative so copied all of the files before deleting them and then asking the company to close the account. Fast forward a year and my "better alternative" announced that they were going out of business so I contacted the first company. I couldn't create a new account because it was keyed to my email address which was already in the system so they offered to reopen the old account. When I closed the account I still had several months left on the subscription and they kindly credited those to the reopened account. When I first logged in I was shocked to find that not only had they restored my physical address in the account info but also my credit card info. They also had helpfully restored all of the files that I had stored in the account. Remember, I deleted them before closing but they pulled them out of the backup from the day before I closed. That now has me thinking about both companies. The one that is still in business but doesn't delete backup copies and personal information of deleted accounts, and the one that went out of business that, presumably, had the same sort of info. Who now owns the databases with my credit card info and the backup tapes with my data?

    The only two things to learn from this story are, encrypt whatever and wherever you can, and chose companies that you think (hope) are in there for the long haul.

    • by PPH ( 736903 )

      It's already too late for us early adopters.

      I don't know about that. Google, Facebook and other services 'real names' policies are a relatively recent feature of on-line services. Back when I began setting acounts up, I used throw-away e-mail addresses, pseudonyms and other tactics which are increasingly discouraged. Having put my files and other info. out there encrypted, I feel relatively secure in knowing that all a service provider will have to sell is unintelligable binary blobs.

    • While you obviously see it as a privacy issue, and I agree it is, many people would probably see what you experienced as great service. The fact that you could close your account and then re-open it and not have to go through the trouble of re-uploading all the data and reconfiguring all your payment information would probably be seen as a great feature by many people.

      My cousin lost her phone, and upon getting a new one was very thankful that all her contacts got restored onto the new phone. She didn't car

      • by daq man ( 170241 )

        I agree with you. It was actually very useful to me too that they did such a diligent job of restoring everything. My point, and warning, was that, even though I deleted my files myself and then closed the account the files were still "out there" on backup tapes etc. I wasn't too concerned for myself because everything was encrypted twice (encrypted files on encrypted disk images, yes I'm paranoid but it was tax data). What occurred to me after reading this Slashdot article is that someone could store unenc

  • 85 of the top 100 websites

    So the 15 out of a 100 websites:
    -destroy your data upon merger/bankrupsy/...
    -don't collect any data about you
    -lie

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...