“There’s no such thing as a free lunch,” said Nobel Prize-winning economist Milton Friedman in 1975. Updating this phrase today would go something like, “There’s no such thing as a free anything.” More specifically, when a business offers you something free, you’re really paying for it with a loss of privacy. Worse, the free item often is more hassle than it’s worth. Here we look at two “free” services—one prevalent for a decade and one a hot trend.
In 2001, grocery stores began issuing reward cards to customers, and today they are prevalent in the industry. Typically, holders of a reward card are entitled to reduced prices or additional coupon savings. However, to get a reward card, you must disclose personal information about yourself. For example, to apply for a free Ralphs reward card, you must supply your name, address, and email, and you are asked for your phone number, gender, marital status, and number of people in your household. Once you receive the card and use it, Ralphs can track exactly what you purchase, along with your credit card or checking account information.
Unless shoppers opt out, Ralphs may contact you by mail, phone, or email to bother you with promotions or “other information of interest.” Regardless of your preference, the grocery store may share your personal information pursuant to court orders, subpoenas, or “similar directive” carrying the force of law. This may seem reasonable, but many subpoenas, interrogatories, and depositions do not require prior court approval, which means that there is no judicial overview (unless the grocery store contests the request in court). The grocery store may also share your personal information when investigating fraud or theft. While this may be reasonable, there is no limit on this disclosure—information is shared as “deem[ed] necessary or appropriate without restriction.” Finally, the store shares your personal information for marketing purposes.
Ironically, grocery reward cards may not save the consumer any money because of padding. If the normal price of eggs would be $2.99/dozen, then the store could raise the price to $3.99 but let cardholders have a dollar off.
Stores point out that they use cardholder information to better tailor prices and services. For example, if a store notices that its customers have increased their purchases of organic eggs, the store may decide to offer more organic egg choices to consumers. While this use of cardholder data may be of some benefit, it can be done anonymously—i.e., by reviewing aggregated cardholder purchasing data without tying the information to a specific individual. In other words, if 10 percent more cardholders are buying organic eggs, this conveys sufficient information, rather than the fact that you’re a single male with no children who buys organic eggs every Tuesday.
You may want to consider cutting up your grocery cards. They provide personal information about you and may actually cost you more than no card at all.
Smart Phone Apps
Many apps are free and provide convenient services. But they’re not free—you are paying with your personal information.
Apps that scan quick response codes are a recent trend in smart phones. By scanning a code on the product packaging, the phone user can download information about the product. For example, if you buy some white rice, there’s likely a barcode on the packaging, and may be a message like “Scan here to retrieve great rice recipes.” You scan the barcode and get fifty rice recipes. It’s a great tool for finding out more information about a product you’ve purchased (or may be considering purchasing).
However, the cost in privacy is high for these apps, which are free or cost a couple dollars. One example is the QR Barcode Scanner for Android, which has been downloaded 24 million times. According to this product’s “permissions” web page, if you download and use this app, it has access to a lot of information about you. First, using GPS or a network-based system, the app may track your location. Second, the app may read the calendar events on your smart phone, and “may share or save your calendar data, regardless of confidentiality or sensitivity.” It gets worse. The app may also use the smart phone’s camera to take photos or videos “at any time without your confirmation.” It also views your contact data, including calling and emailing frequency to your contacts, your call log, and may modify or delete data about your contacts.
Let’s review these privacy permissions. By downloading this app, I’m allowing it to track my location, take pictures without my confirmation, and monitor and change my contact information. This is ridiculous, but millions of people are using it.
Nosy apps are not limited to barcode readers. Check the “permissions” of any Android app and often you’ll be astounded at the immense amount of data, unrelated to the purported purpose of the app, that you’ve consented to share. There’s little you can do if there’s an app you want that invades privacy. The best you can do is compare the permissions of competing apps and choose the less intrusive one.
Everywhere you turn, someone is trying to access your personal information. If you’re offered a free service, check out the privacy terms and then decide if the privacy cost of the free service is worth the benefits. If not, forego the proffered service or seek out a less intrusive alternative.