Internet video is super popular, and rightly so: we love daily entertainment with social videos, series, movies, videos and live broadcasts of conferences. There’s also great content that you can learn from. Video is the best way to transfer knowledge and entertainment. And, apparently, your personal information.

Video and streaming have greatly enriched our lives. But did you know that often multiple parties are watching what you watch? And did you know that they analyse data about you, train AIs with it, and even share and resell that data?

That you like watching cat movies or sweet soap operas is fairly innocuous information. But sometimes what you watch, when, how often, and where, is very personal information. For example, when it comes to health, religion, beliefs, orientation, sexuality, life issues, and political preferences. 

To what extent do you have visibility into, and control over what happens to all this data about your viewing behaviour?

In this blog, we look at what data you share without knowing, what is done with that data, and how you can prevent this.

Advertising model

Basically, there is nothing wrong with offering video services for free and showing ads in return. It’s a way to have very low-threshold use of video services. The more precisely ads can be targeted to each viewer, the more relevant it is to the viewer, and the more valuable the ad is to the advertiser and to the platform. The only question is, how far are they allowed to go in collecting data about you, and then what are they allowed to do with it?

Excesses

There have been some pretty extreme excesses with data collection in the past. Google (and YouTube) and especially Facebook (and Instagram) have been taken to task on several occasions and have faced large fines for not adequately protecting data. The essence of the problem is that the core business of these companies is to collect personal data and make money from it. One of the most extreme examples was that elections were actively influenced because Facebook shared personal information on millions of users with a party that fired manipulative campaigns on them. To prevent such excesses, the EU passed a law that protects you: the GDPR.

Goal or means?

Watching videos is super fun. From many providers, their goal seems to be to entertain you. But their real goal is to collect as much personal information about you as possible and make money from this, through advertisers or through resale. The video platform is not a goal, but a means to find a large audience, collect all the data and make money from this data. Are you a customer, or are you a product?

Paid services

Are you paying for a video service? Then they know your credit card number or bank information, age, gender, address, phone number and e-mail address. In addition, they know exactly what you watch, how often, at what times, where and with what device.

Free, logged-in services

Do you have an account on a social or video service? Then they know your name, address, age, gender, phone number and e-mail address. Sometimes they also know your credit card or bank information. All your viewing behaviour is linked directly to you. Based on what you watch, they can very accurately build a fantastic profile. If you’re logged into Chrome, YouTube knows everything about you right away.

Anonymous services

You don’t pay or have an account, but you like to watch videos. Yet they know an awful lot about you, such as what city or town you live in, and what device you use. By linking this to publicly available demographic data, and to your viewing habits, they create a profile about you, and so they can particularly well estimate how old you are, what your purchasing power is, and what your areas of interest are.

Cookies

Even though you are anonymous, to keep track of how often you return and what other sites you visit, video platforms often place and read cookies, even from other websites and services. These crumb trails on your devices are collected en masse. By linking third-party datasets that know more about you, they also suddenly know who you really are. Fortunately, so-called third-party cookies are increasingly being blocked and restricted.

Trackers

In addition to cookies, trackers also exist. These are pieces of code that are loaded with a website or video player. Sometimes with a legitimate purpose, such as collecting performance statistics. But sometimes for the purpose of extremely seeing what you do, how your mouse moves over a site, how you navigate, where you scroll to, what you look at, and what you click on.

Profiling

The combination of your device, the version, the version of your operating system, your language, your browser, your screen resolution, installed plugins (even ad-blockers!), and even your fonts, is usually so unique that parties can instantaneously deduce who you are.

Service providers

Behind one video platform, there can be dozens other service providers that also collect personal information about you. From vendors that do distribution (often these are Content Delivery Networks), and clouds for processing and hosting services and applications, to software service providers that provide video players, analytics, portals, advertising and payment services. Typically, these vendors again use clouds and CDNs, and each may also use cookies and trackers and log your activities.

If you look at the source code of an average site, you will see how many third parties are behind a service. Sometimes this is not immediately obvious until you start retracing all the servers used.

All of these service providers autonomously collect viewing behaviour data behind the scenes. And their cloud or CDN service provider also stores logs, which include your viewing behaviour, and personal data such as your IP address. Note: they generate that data themselves, so suddenly it is also their property. Did you consent to share your data with them?

Ad networks

One of the least happy examples are ad networks. Even before you watch a video on, say, a news website, all the cookies on your device have already been read and shared with more than a dozen ad networks, bidding in real-time on you as a person. Your data has been sent and shared across the planet in a millisecond, profiled and targeted, and numerous cookies have been added and updated on your site. Technically ingenious but it really can’t be done anymore, ethically and legally. You probably didn’t know that when you conveniently clicked “ok” when asked for cookie permission. An additional problem is that people still regularly ignore the fact that you didn’t give permission to collect your personal information.

Consent, transparency, access and control?

Then ask yourself this question: have you given permission for all the above parties in this blog to collect this data? And can you see who is collecting what data from you? Can you ask them to delete this data? What assurances do they give that they will not further analyze this data, link it with other data sets, use it as AI training data, share it with third parties, or resell it?

Human Rights

European privacy laws are there for a reason. Privacy is a fundamental human right. Violating it can carry great risks. Like profiling, targeting and persecution for your political, sexual or religious preferences. Or how about identity fraud, theft, blackmail or other forms of crime due to data leaks?

Share your creativity, not your data

The promise of the Internet was that it is a global network through which everyone can share unlimited knowledge and creativity. In reality, it has become a spy web of trackers, cookies, logs, profiling, datasets and AIs that have only 1 goal: to identify you, profile you and make as much money from it as possible.

US Cloud Act

Well, there is another problem. Suppose all those parties handle your personal information nicely and carefully (they don’t, but suppose). Then we still have to deal with a pesky American law: The US CLOUD Act. This states in a nutshell that the US government can demand all the data that any US company and any US citizen can access. Even if this data is in the EU. 

In addition, the USA has no GDPR legislation that provides sufficient assurance that your personal data is protected. It is not transparent who has what data about you, and what they do with it, you cannot demand that this data be removed, nor can you easily go to court to sue them. Things that are well-regulated in the EU. 

Now the problem is that the lion’s share of service providers are American-owned: clouds, CDNs, video software providers, analytics … even if they have a European subsidiary or intermediary supplier, in most cases there is a link to the USA. And that makes all that data outlawed. And so do you.

What to do?

1. Learn and share

We hope to contribute to awareness with blogs like this one. That personal data is important and needs to be protected. And what is being done with it. Help us spread this information further so that more people click around less naively, and do not agree to all cookies without a second thought.

2. No consent

We understand that you really don’t feel like reading through endless, cumbersome privacy statements. Try it anyway; you’ll be shocked at what they want to know about you. But at least do this: when asked for cookies, just refuse them.

3. Use ad and tracker blockers with 3rd party data

Advertising based on 3rd party cookies and trackers is out of date. Partly because of our contextual advertising innovations, advertisers, broadcasters and publishers can make more money with ads without sacrificing your privacy. If parties are still guilty of these practices, don’t use their services, or use an ad or tracker blocker. At the same time, grant parties who do use privacy-friendly ad services their source of income: it is only fair.

4. VPN

Whenever possible, use a VPN to shield your IP address. This makes it much harder for parties to assess who you are and where you are.

5. Clear cookies

Clear all your cookies and browser history from time to time. Yes, you will have to log back into sites occasionally, but that is a small effort to protect your privacy.

6. Use 2 browsers

Use 1 browser for your business applications, and use a second browser for browsing and viewing fun content. From the 2nd browser, clear the cookies regularly. That way you can continue to work neatly in your business browser, and also safely navigate the web in the personal browser.

7. Avoid Chrome

Even Chrome’s private browsing feature collects data about your browsing habits. Chrome belongs to Google and since 3rd party cookies are no longer allowed, Google has deployed Chrome as a spy on your device, collecting your surfing activities for profiling purposes. Just throw it off, there are great alternatives, here are the most popular ones:

A) Safari. Do you have an Apple device? Safari prevents profiling, 3rd party cookies and tracking. If you have an iCloud subscription you can turn on private browsing, which means no one can see where you are and what your IP address is. Safari has a private browsing feature that, unlike Chrome, does promise what it does.

B) Firefox is also known for good privacy protection. You can run Firefox in multiple privacy levels and it has a good private mode.

C) Brave is Chrome but without the privacy problems. Give it a try!

8. Avoid notorious services

Pay a little attention to where you consume content and leave your data. Anyway, it is unhealthy to spend too much time like a zombie endlessly scrolling in your biased rabbit hole. Look around, do something with your friends and family, andget out and about. We love video, but it’s not the whole world, quite the opposite.

9. Be careful with apps

A lot of content is consumed through apps. But apps can read much more about you, for example (don’t be alarmed), how often you pick up your phone, what other apps you have installed, read your clipboard (for cutting and pasting), see your photos, see your contacts, scan your local network, recognize your wifi network, and see your live location. The data hunger with some parties is enormous. IOS generally gives better protection and control, but be aware and don’t just give permission for everything.

10. Ask your service provider about their privacy policy

Don’t get fobbed off with an unreadable privacy statement, or with privacy-washing, where they use pretty promises to disguise the fact that in reality, they are looking for all your data or using non-compliant service providers. We believe that your personal info should belong to you and no one else. And that you decide what they can do with it, for how long and for what purpose.

Sometimes data sharing is intentional, but often it happens out of ignorance or indifference. Let’s all change that. Thanks for reading this long blog, and remember: share your creativity, not your data.