Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.
Please contact us if you think we are missing some key stories.
In August 2013, a jury in the Portland, Oregon Federal District Court awarded Julie Miller $18.4 million in punitive damages when despite two years of complaints and filings Equifax failed to rectify errors in her credit report that blocked many aspects of her financial life. Miller had followed the
In 2013, 44 years after Acxiom went into business selling consumer data, the company opened a website, aboutthedata.com, to allow Americans to see the data the company holds about them and make it easier to opt out of tracking. However, using the site requires visitors to input a substantial amount
In 2012, when the French company Criteo filed with the Securities and Exchange Commission to go public, it cited its data assets and the accuracy of its algorithms as a crucial part of its valuation. The company said that every day it was presented with billions of opportunities to connect
In 2013, detailed personal information being sold by the fraudster-friendly underground service Superget.info was found to have been bought from CourtVentures, a public records aggregator bought by Experian in 2012. In late 2013, Superget.info's operator, 24-year-old Vietnamese national Ngô Minh
In Israel, the National Insurance Institutes sends out anti-fraud officers to spy on benefits claimants. Among the cases reported, a woman had her benefits allowances halved after a man entered her house pretending to be interested in buying the flat next door. The man, who was in fact a NII
In this 2013 piece, Virginia Eubanks discuss the move in Indiana from relying on caseworkers to automating the distribution of benefits and how through the use of performance metrics to speed up the decision-making process, the system ended up being incentivising the non-distribution of benefits
In August 2016, Oracle's MICROS division, one of the top three global point-of-sale vendors, was hacked by the Carbanak Gang, a Russian organised cybercrime group known for hacking into banks and retailers. In 2014 when Oracle acquired it, MICROS' systems were in use at more than 200,000 food and
In 2014, Acxiom's chief product and engineering officer, Phil Mui, described the system the company had been building to link individuals' activities across the many channels, devices, and applications they use. A single individual may accumulate four different personas via 24 cookies across six
Virginia Eubanks explains what we can draw from understanding the experience of surveillance of marginalised groups: it is a civil rights issue, technologies carry the bias of those who design them, people are resisting and why we need to move away from the privacy rights discourse. https://prospect
In 2014, DataKind sent two volunteers to work with GiveDirectly, an organisation that makes cash donations to poor households in Kenya and Uganda. In order to better identify villages with households that are in need, the volunteers developed an algorithm that classified village roofs in satellite
This article is an overview of some of the research documenting how people in vulnerable positions are the ones most affected by government surveillance. https://stateofopportunity.michiganradio.org/post/technology-opportunity-researcher-says-surveillance-separate-and-unequal Author: Kimberly
In 2014, NYC Planning Labs Chris Whong was sent and made public a complete a complete dump of historical trip and fare logs from New York City taxis in response to a Freedom of Information request. The more than 20GB of uncompressed data comprising more than 173 million individual trips included
Nearly 700,000 Facebook users were subjects of a research study where researchers changed randomly selected users' newsfeeds to be more positive or negative to study whether those users then displayed a more positive or negative affect in response. The experiment showed the power of Facebook's control over the News Feed and the algorithms that determine which of the possible pieces of content shows up at the top at any given moment.
In 2014, researchers at Princeton University outlined an attack that uses multiple third-party cookies to link traffic so that individual users can be identified and tracked from anywhere in the world. A nation-state wishing to surveil particular users outside its jurisdiction, for example, may have
In 2015, Turner Broadcasting, a semi-autonomous division of AT&T's Warner Media announced it would integrate offerings from Episilon, Krux, and Oracle into its data management platform, which powers its ads. Oracle and Epsilon help bring in offline and multichannel consumer data, while Krux bridges
In October 2015, Experian announced that a breach of its computer systems exposed the Social Security numbers and other data of approximately 15 million people who applied for financing from the mobile network operator T-Mobile USA, to which Experian supplied credit assessment services. Experian
Because banks often decline to give loans to those whose "thin" credit histories make it hard to assess the associated risk, in 2015 some financial technology startups began looking at the possibility of instead performing such assessments by using metadata collected by mobile phones or logged from
In 2016, Tapad launched a partnership with the location-based ad targeting firm Placed to provide a service measuring the impact of digital advertising on in-store sales. Tapad sends anonymous campaign data to Placed, which has a panel of more than 500,000 users who have opted in. Placed measures
In 2014, Tapad claimed its system for matching consumers across multiple devices protected privacy because it relied on probabilistic matching rather than a deterministic approach that builds on personally identifiable information. The deterministic approach relies on logins - for example, an