Your Phone Isn’t Listening to You. It’s Just Tracking Your Every Move.

I have never shopped at J. Crew. However, according to my teenage sister I dress like I do, and apparently this makes me an object of ridicule. As I drove her to the mall recently, she repeatedly mocked my sense of style, and informed me multiple times that I “dressed like I loved J. Crew.” When we arrived at the mall, I turned my phone on and immediately saw my first-ever Instagram ad for J. Crew. The logical response was something many of us have wondered at some point: Is my phone eavesdropping on me?

Technology companies like Facebook and Instagram insist they’re not listening to their users’ private conversations to target advertisements. Apple and Amazon say that devices only listen after a trigger word, like “Hey Siri” or “Alexa.” While some remain skeptical of these claims, most evidence sides with the tech companies on this issue. A 2019 study from Northeastern University looked at over 17,000 apps on the Android operating system and did not find a single app that listened to consumers. Former industry employees also corroborate the tech companies’ denials that phones listen to people’s conversations.

The jury’s still out, but the consensus seems to be that technology companies are not recording and processing auditory data from their users without their knowledge.

But then again, they don’t have to.

Tech companies already have so much data about us that it’s neither necessary nor economically efficient to sort through audio data to target ads.

Most technology companies easily collect data on every action taken on their own platform, taking note of likes, comments, location, ad clicks and more. Companies may even note which phones are near you to determine your friends as they think you’ll like advertisements your friends like, and even go so far as to record your screen while you’re using their app. This information is in itself enough to enable these companies to place highly-targeted ads. To return to my J. Crew example, I opened Instagram while I was at a mall with a J. Crew and my location services were on. Instagram was able to place me near a J. Crew, so I was sent an ad to remind me to stop by the store.

However, most tech companies are not content with just the data they get on their own platforms. A company will often share their data with a third-party data company that has access to data from numerous other companies. This allows these third parties to combine your smartphone data, browsing history, social media, credit card transactions and more from many companies to build a “profile” of each consumer’s life and behavior. As the Norwegian Consumer Council outlined in their 2020 report Out of Control, this profile includes users’ location, interests, mood, contacts, anxieties, financial situation, habits, health, and more. Data companies then sell profiles back to tech companies so that they can use them to target ads with incredible precision and thus make more money from advertisers.

Although ostensibly used for nothing more nefarious than selling products, targeted advertising is by no means the uninvited but ultimately harmless intrusion on our privacy that many of us might think it is. These practices cause myriad harms, whether emotional – like pregnancy-related ads after the birth of a stillborn child – or physical, such as bombarding an alcoholic with ads for alcohol or advertising dieting plans to people with eating disorders. Recent years have also shown that targeted advertising can be discriminatory: in 2017, it emerged that Facebook was allowing advertisers to be able to exclude African Americans from seeing certain housing ads.

While there are some limits to targeted advertising, there is currently no comprehensive federal law governing these practices and ultimately, no regulation on whether companies could listen in on your conversations if they decided they wanted to. The U.S. government has largely trusted the tech industry to regulate itself, a plan which rarely works well. Changes may be on the horizon for the U.S., with President Biden’s recent Executive Order urging the Federal Trade Commission to take up the question of consumer data privacy.

Federal decisionmakers would do well to look to the European Union’s General Data Protection Regulation, currently the strongest consumer data standard worldwide. Some U.S. states have similarly pursued meaningful protections; California’s Consumer Privacy Act gives state residents the right to know about the personal information a business collects about them and how it is used and shared. It also gives consumers the option to opt out of personal information sharing, and the ability to sue companies that breach the law.

Tech companies listening to consumers should not cause so much concern, as other forms of data collection and sharing for targeted ads are more common and equally problematic. Until comprehensive data privacy legislation exists in the U.S., consumers can only try to protect their privacy as best as they can using the privacy options provided by the apps and devices we use. However, this is not enough. Consumers should never be left at the mercy of corporations with little incentive to behave in the interests of consumers. No one should have to even question whether their phone is listening to them or where their data is going. It is long overdue for the U.S. and the rest of the world to enact laws to keep tech companies in line and protect people from excessive data sharing and its harms.

Omid Armin via Unsplash, CC Unsplash License.