By now, we’re all familiar with the privacy trade-off inherent in using the Web, particularly with sites like Facebook or Twitter or Google. There is no free lunch; if you don’t pay for things they give you with money, you end up paying for them with your data.
In most cases, though, there are things you can do to obscure, withhold, or fictionalize your personal information. You don’t have to log into iGoogle to run a search; you don’t have to give Facebook your real name, no matter what Mark Zuckerberg tells you.
But ‘social deals’ sites like Groupon are a different story. They collect even more information than a Facebook or a Google, and there’s no anonymity option; you want the deals, you have to fork over your actual identity, along with your credit card info.
[See also: Caught naked on Facebook – again! ]
One key difference is that, unlike most Web sites, Groupon offers items of tangible value – usually radical discounts on stuff you might be interesting in buying or trying. And all they want in return is your soul. What’s wrong with that?
OK, just kidding. Groupon doesn’t want your soul. They just want your soul’s address, its credit card and contact information, age and gender, birthdate, and social media interactions. They want information about your soul’s friends, especially if you or your soul have bought Groupon deals for them as gifts.
Install the Groupon mobile app, and it may feed you deals based on where you happen to be standing at the moment. If, for example, you’re loitering outside a shiatsu parlor that works with Groupon, offers for half off on a foot massage may suddenly pop up on your phone.
Privacy geeks have been talking about this kind of thing for years. It’s now finally happening. The implications can get nasty quickly; as the laws now stand, any private entity that tracks your location can sell that data to anyone else, and must hand it over when ordered by a court.
… if you use a Groupon mobile application and your mobile device’s settings allow it, we may collect Mobile Location Information from your device. Our application may be designed to collect information even if you are not logged into the Groupon application or the Sites…, if the settings on your location-aware device allow us to receive Location Information, we will collect that automatically.
We will retain your information for as long as your account is active or as needed to provide you services and to maintain a record of your transactions for financial reporting purposes.
There’s more. Groupon has broadened its definition of “personal information” to include your habits and interests, a la Facebook, and it’s reserving the option to combine that information with other data it obtains about you from third parties. Can you say “data mining”? I knew that you could.
First, kudos to Groupon for even notifying its users of the privacy changes. Not all companies do. Many just leave it up to users to check the privacy policies periodically – and who, aside from privacy nerds like me, ever does that? (Though the conspiracy theorist inside me has to wonder why they chose to send the notifications out on a Saturday near midnight.)
As for the rest, though, a big fat raspberry. Groupon is tracking mobile users’ locations, unless they tell it not to, and apparently storing that information indefinitely. That’s never good. The potential for abuse is enormous.
I’ve asked Groupon to clarify what is and isn’t in its new policy, and will update this post if they reply.