1. The Norwegian Consumer Council says that the data sold by Tamoco is “without doubt” obtained illegally due to the lack of informed consent. The organization explicitly mentions that consumers cannot know to whom their personal data is shared when consenting. How do you respond to these claims?
This isn’t true. We source data directly from app publishers, their partners or SDK’s integrated in apps. They’re required to provide explicit consent from their users. Consents are managed by those publishers who provide assurances they comply with relevant laws and regulations.
2. You say that the claims about illegality from the Norwegian Consumer Council (NCC) isn’t true. Your comment doesn’t answer the central claim from the NCC, which is that consumers have no way of knowing to whom their personal data is shared. Is it your opinion that consumers understand the full ramifications of consenting?
Tamoco uses location data to power better products and experiences, both online and offline. All the while, any smartphone has the ability to both reset and opt-out of any data sharing altogether, even after they have consented. Apple and Android manage these reset and opt-out controls, and consumers can to submit free subject access requests to any company where they want to know how their data is being processed.
3. What precautions have you made to ensure that personal data is not misused?
We use standard mobile advertising identifiers IDFA (Android) or AAID (Apple) but it’s critical to understand these DO NOT identify individuals – only a device. Identifiers can easily be changed (in phone settings) meaning they’re not fixed to an individual.
We vet customers carefully demanding information on where data’s used. We sell data on a legitimate basis for a bonafide purpose. We do so in good faith that the buyer will respect laws and regulations. NRK was deceptive in pretending it was using our data for urban planning. When we challenged NRK over its use, it provided fake maps. In our view, NRK has breached its own code of ethics because the way Tamoco works is already widely in the public domain. NRK did not need to use deception.
NRK contravened the way in which the data was meant to be used and the reality is many large anonymised datasets sold by major firms can be taken apart and engineered in exactly the same way. (NRK has removed references to specific companies.
4. You say that it's "critical to understand these mobile identifiers DO NOT identify individuals". Through our reporting, we have documented the opposite. Our reporting documents that a person's mobility signature is unique. Without removing large clusters, including home and work locations in a person's movement pattern, finding the person behind the mobile identifier is done very easily. Can you elaborate how a mobile identifier does not identify the individual owning the mobile device?
A mobile advertising ID is an industry-standard, created by Apple and Google. It is used the world over, and users can turn them off or reset them. We refer to an individual as a specific, identifiable person. A series of latitude and longitude information, plus an anonymous advertising identifier cannot identify the individual unless other, invasive methods are applied, adding further datasets which Tamoco does not do and actively prohibits, or physically stalking as NRK did, which is illegal.
5. You also say that it's easy for users to change their mobile identifier. What steps does Tamoco take in order to make people aware of this possibility? And is it Tamoco's opinion that most people are aware of this possibility?
The mobile advertising ID can be reset or opted out of altogether. Apple and Google create these ID’s, and beyond writing blog posts and content on this process publicly, Tamoco is not in any position to change the visibility or increase the awareness of this option. We do believe that consumers should be fully informed and continue to do what we can in our limited capacity to put consumers at the heart of what we do.
- “We analyse, segment and categorise the data provided by our customers, clients and partners for the purposes of providing accurate and relevant content and advertising across devices and to analyse the effectiveness of these advertising campaigns. The data is also used to provide relevant advertising to mobile devices.”
We’ve always been fully transparent. We use location data for various functions across statistical analysis, research and machine learning on top of personalised advertising. Again, it’s important that people understand that many critical functions in ours lives depend on large datasets being analysed – such as urban planning.
In respect of this particular story, most phone users understand how location services in apps work. We agree there’s a debate to be had around whether all apps are clear on permissions but many NRK viewers will ask why any working in the armed forces did not think twice about using apps which clearly use location data.
7. The Norwegian Data Protection Authority is opening an investigation into Tamoco. They seek to work together with the UK Data Protection Authority (ICO). What is your comment?
We’ve launched our own internal investigation into data provided to us and will comply fully with any external investigations from Norwegian or British regulators. We have also been very open with the media around what we do.
8. In response to NRK’s first article, Tobias Judin of the Norwegian Data Protection Authority, described the sale of Norwegians location data as a “very severe” matter. How do you respond to this characterization?
Let’s be clear – NRK obtained data from us by deception, then decompiled and decrypted it for an illegal use. This is a very severe matter, but like any intermediary, while it’s fair to hold us to account for doing everything possible to ensure the quality of the product we sell, we sit between the party supplying data and the party using it. If the user is doing illegal things beyond our control, then it’s unfair to blame us if there are no reasonable steps we could have taken.
We employ our best efforts to ensure compliance with regulations as much as possible, however balanced reporting must consider the role of those parties who collect data and those who take it from us to use. NRK viewers may question why a national broadcaster used deception where it could have walked through the front door and asked questions.
We do take data privacy seriously, but the regulation and enforcement of these rules must be omnipresent for things to work as intended. While makes things easier for the media, you cannot simply apply rules to one party.
9. You write "Let’s be clear – NRK obtained data from us by deception, then decompiled and decrypted it for an illegal use." We're having some trouble understanding what you mean by "decompiled and decrypted", as the data in no way was encrypted in the first place. The data was sent in plain text, and could easily be imported directly into an industry standard geospatial analysis tool. Can you elaborate what you mean by "decompile and decrypt"?
This explanation shows that a dataset, in a pure form, does not identify individuals unless it is taken apart and blended with other information. Location data alone is not intelligible.
We understand “decrypt” as “make intelligible”. By “decompile”, we mean “deconstruct the data and layer in other data enabling individuals to be identified”.
10. The Minister of Regional Development and Digitalisation in Norway, Linda Hofstad Helleland, says that the sale of location data is ethically unacceptable. How do you respond to this claim?
Location data, like any other data set, has the possibility to be misused by bad actors, but has perfectly legitimate and ethically positive use cases which unfortunately go unreported by the media.
Dissemination, decoupling or decryption of this data is indeed unacceptable, and is not a process Tamoco has or ever will employ. NRK felt that for the purposes of their investigation they would themselves commit an ethically unacceptable act, including breaching their own journalistic code of ethics to prove a point that no responsible company in the industry would do. NRK used deceptive tactics to obtain data for a legitimate use case they actually had no intent of pursuing. It did this to create a story around their own misuse of data and it has attempted to give the impression they were able to ‘trick’ Tamoco - a company that has spoken publicly about its business and products for several years.
It is also very important to distinguish between location data types. We agree that there is limited rationale for persistent and invasive tracking; receiving 10,000 location points from a phone per day is excessive and unnecessary in 98% of use cases. It is also not something that Tamoco uses. However, measuring important points in a journey such as a visit to a shop or when someone starts or stops a journey is necessary and some would argue essential in the pursuit of building better products and services. In this regard, location data is an accurate and powerful signal for advertisers, researchers, analysts and more as an aggregated data set. It helps with such a wide range of applications from city planning to contact tracing, advertising to analytics.
11. You also point to our Code of Ethics several times, and claim that we've broken this code. Can you specify which code of ethics you are referencing and which parts?
On the code of ethics question, this is par below. Tamoco's view is that NRK did not need to use deception because a) the discussion around geo-location data is not new and Tamoco has constantly been in the press discussing it, which means it was not the only way you could have gotten the data b) NRK did not even try to ask us first to commence a conversation. Had you done so, we would have been open and responded, just as we had to other mainstream media, like the FT and Wired, and just as I have been with you.
3.10. Hidden cameras/microphones or false identity may only be used under special circumstances. The condition must be that such a method is the only possible way to uncover cases of essential importance to society.
12. You say that “We agree that there is limited rationale for persistent and invasive tracking; receiving 10,000 location points from a phone per day is excessive and unnecessary in 98% of use cases. It is also not something that Tamoco uses.”. In the data we received from Tamoco, at least 25 mobile phones had over 10.000 location points per day, and more than 7500 mobile phones had over 1000 location points per day. This seems to contradict your statement. How do you explain this?
Our statement explained that there are limited use cases for tracking mobile phones persistently. This is why both Apple and Google have limited all but the most relevant of apps from using what is known as “background” location, with most apps only providing “foreground” location, meaning that data is only collected while using the app. This suits Tamoco’s purposes fully as we only work with data against points of interest, such as shops, museums, and cafes.
Tamoco does not control what permissions app publishers ask users to consent to and as such if a user has consented to background location permission from, for example, a running app or a GPS car navigation app then the data being received will be in much higher volumes due to the use case. Tamoco still has clients which can benefit from this data, especially with use cases like urban planning and commuter patterns - the pretext NRK used to obtain the data.
13. Based on data from Tamoco and open sources like Facebook, NRK could identify several individuals, amongst them military personnel. What do you think about that?
The data is not able to, on its own, identify any individual person, nor should it be reverse engineered or decrypted in the pursuit of this kind of use. The work with firms around the world and focus on measuring data around consumer “points of interest” such as shops, attractions and destinations. We do not store any sensitive or restricted places in our database and thus do not measure these places, meaning that anyone who had access to the data would have to misuse it, and combine it with other data sources, in order to expose any potential correlations around these locations.