GDPR – a self-experiment: What Internet companies know about you
The new European Basic Regulation on Data Protection has now been in force for some time. But have you ever tried to access your private data at large companies such as Amazon or Facebook? We made the self-experiment and requested our data from Google, Amazon, WhatsApp, Facebook, Instagram and Apple.
How can you view your data according to GDPR?
The EU Data Protection Regulation gives you the right to control what happens to your data and what data is stored about you. In principle, data may only be stored for as long as necessary and only data that is absolutely necessary should be collected.
As a consumer, you also have the right to have a copy of the data sent to you. The request can be made informally, by post or electronically. You do not need a template or sample. The company should then reply within one month. And it must be possible, among other things, to have this data deleted. More detailed information can be found, for example, on the following website:
Many large companies have ready-made forms for the request for data access, which should make it easier for the user. This is how it looks in practice:
- Google: Simply go to https://takeout.google.com, enter your data and wait.
- Amazon: At Amazon, the path is more complicated. Under “Contact”, select “Other” as the reason and then the topic “Request data protection information”. And wait…
- WhatsApp: WhatsApp has an appropriate function directly in the app under “Settings”, “Account”, “Request account info”.
- Facebook: If you are logged in, under “Settings”, “General account settings” you will find the option “Download a copy of your Facebook data”.
- Instagram: Simply confirm your e-mail address at https://instagram.com/download/request/, then “Request download”. And wait…
- Apple: Log on to https://appleid.apple.com, select “Manage data and privacy” and then “Request copies of your data”.
Does that really work?
We dared to try it ourselves and requested the data from all the companies.
At Google we were positively surprised and the data was amazingly available for download within a few hours. Less positively we were surprised by the collecting frenzy of the Internet giant: We received thousands of pages with search terms. Incl. picture searches and searches in the map service. You get a location history and at least we wondered what was listed there. Very frightening are then purchases, which are listed: Hotel bookings, flights, purchases at Amazon and more. One wonders where all these data come from. And another little tip: don’t print out the data. There are really tons of data!
At Amazon, the request is more difficult. First you have to confirm by e-mail that you really want to make the request. Then further e-mails are exchanged and at some point there will probably be an announcement that all data will be sent via USB stick. We haven’t got that far yet. Some data can also be viewed directly online at Amazon, e.g. all stored data from Alexa or information on personalised advertising. But Amazon probably prefers to send the exciting stuff.
At WhatsApp you can download your personal data package after a few days. The data is surprisingly sparse: profile photo, your own number, the numbers of all contacts and the names of all chat groups you participate in. No chats, nothing.
On Facebook, the data can also be viewed within a few hours. All companies in the Facebook group are really exemplary in this respect. However, the collecting frenzy of Facebook itself is much more comprehensive than with WhatsApp and Instagram: It lists everything that Facebook believes might be of interest to the user. It also lists all uploaded photos, videos, news, and comments. In addition, every login to Facebook, with date, time and IP address. You get the uncomfortable feeling what would happen if someone would capture this data.
Instagram is also fast. After a few hours you get a file with all uploaded photos & videos, all searches, all your own comments and likes. Very exemplary.
Apple will send you an email with a download link after a few days. You get information about all the phones you’ve used so far, the Internet pages you’ve visited, the e-mail addresses you’ve written to, information about calls and various locations. There remains an uncomfortable feeling.
Conclusion: All companies react at least very quickly. Unfortunately, we haven’t received any data from Amazon yet. Some data collected by Apple, Facebook & Co. are at least doubtful. Why does Apple need all the email addresses and website views it has written to? How does Google find the purchases? We are wondering what the reason is for companies to collect this data…
And a little tip at the end:
Enter only the data you really need on the Internet. And, if possible, switch off automatic data collection, e.g. of whereabouts.