How much privacy are you prepared to give up to listen to Pandora? Without knowing it, you are giving up a lot.
Earlier this week the Wall Street Journal broke the story that federal prosecutors were investigating whether smartphone apps have been illegally collecting information about handset users without proper disclosures.
In the midst of going public, Pandora mentioned the subpoena in a revised SEC filing. Pandora noted that it received a subpoena in the matter and believed other app providers had also.
It turns out the issue is a little more serious than first reported, in part because Pandora may have violated the law, but also because the gathering of user information is central to Pandora’s pitch to advertisers.
Information Week quotes Tyler Shields of Veracode as calling the data collection Orwellian:
How much personal information does a user trade for access to a "free" smartphone application? It depends on the application, but the type of data collected can seem "Orwellian," according to Tyler Shields, a senior researcher for application security testing firm Veracode.
"Your personal information is being transmitted to advertising agencies in mass quantities,"
According to a story in The Register:
Veracode, found that Pandora's app tracked users' age, sex, zip code and precise geographic location, which in many cases was updated in a continuous loop.
The app then sent the information to servers operated by advertising services including comScore. Other information that was shared included the phone's device ID and the user's birth date.
While attempting to minimize the significance of the subpoena, Pandora also admits that the gathering of its Orwellian data was critical to its success:
Restrictions on our ability to collect, access, and harness listener data, or to use or disclose listener data or any profiles that we develop using such data, would in turn limit our ability to stream personalized music content to our listeners and offer targeted advertising opportunities to our advertising customers, each of which are critical to the success of our business.
The claim that Pandora needs to spy on its users to personalize its music streams seems somewhat disingenuous. The user’s seed songs combined with Music Genome Project data, and “thumbs up” ought to be enough to personalize a stream.
Claiming that Pandora needs the user’s location, phone ID, age, and sex to enhance the user’s experience seems a bit of a stretch.
However, from the standpoint of selling advertising the benefits are obvious.
Most advertisers are willing to pay dearly to have such detailed personal information. The only reason advertisers don’t know more about their customers is that failing to gain the consent of customers and gathering it without their knowledge is illegal. Hence the investigation.
Maybe the RAB can develop a marketing campaign surrounding Pandora’s undisclosed spying on its users. How about: Real Radio Stations Respect Your Privacy.
Rob & Kim, you are welcome to share as much personal information as you wish to this site, Pandora, or any other of your choosing. But if a website or service is sharing personal information with third parties, wouldn't you like to know? Don't you think a person has a right to know?
Posted by: Richard Harker | April 11, 2011 at 02:01 PM
Rob- I totally agree. And did not this blog just ask us for information before we could post. Everyone wants something.
Posted by: Kim B | April 09, 2011 at 11:11 AM
You don't think people assumed that when they were giving Pandora that information when they signed up?
Most people concerned about privacy just give them fake information. The phone UID is really only the sketchy part, as ad networks can use information from their various partners to aggregate even more information based on that.
Posted by: Rob H | April 08, 2011 at 06:03 PM