Slashdot Mirror

← Back to Stories (view on slashdot.org)

When a Company Gets Sold, Your Data May Be Sold, Too

Posted by Soulskill on from the what's-yours-is-ours-and-what's-ours-is-somebody-else's dept.

An anonymous reader writes: A new report points out that many of the top internet sites have language in their privacy policies saying that your private data might be transferred in the event of an acquisition, bankruptcy sale, or other transaction. They effectively say, "We won't ever sell your information, unless things go bad for us." 85 of the top 100 websites in the U.S. (ranked by Alexa), had this sort of language, including Amazon, Apple, Facebook, Google, Hulu, and LinkedIn. (RadioShack did this recently.) "The potential ramifications of the fire sale provisions became clear two years ago when True.com, a dating site based in Plano, Tex., that was going through a bankruptcy proceeding, tried to sell its customer database on 43 million members to a dating site based in Canada. The profiles included consumers' names, birth dates, sexual orientation, race, religion, criminal convictions, photos, videos, contact information and more. Because the site's privacy policy had promised never to sell or share members' personal details without their permission, Texas was able to intervene to stop the sale of customer data, including intimate details on about two million Texans." But with this new language, users no longer enjoy that sort of protection. Only 17 of the top 100 sites even say they will notify customers of the data transfer. Only a handful allow users to opt out.

7 of 92 comments (clear)

  1. File this under "no big surprise:" by grimmjeeper · · Score: 4, Insightful

    Reason #43385634 why I try to minimize my exposure by refusing to give as much personal information as I can as often as I can. Paying in cash for day-to-day transactions helps out a lot too.

  2. How is this new? by gstoddart · · Score: 5, Insightful

    This has been known for years. Those privacy promises do not survive bankruptcy, and your personal information they promised never to sell becomes another asset to be disposed of.

    This has been happening for years. Don't want your personal information sold, don't provide it to them.

    Even their privacy policies which say they'll never sell it will have legal language which says "unless we change our mind".

    The promises by corporations to play nicely aren't legally binding and can be changed on a whim. I'm pretty sure we've seen other examples of this over the last decade.

    Unless there are actual laws preventing this, any promises are pretty much worthless.

    Some countries have enacted privacy laws, but I'm pretty sure the US never would -- because that would limit corporations.

    This might finally becoming plain to everybody else, but the vast majority of people here should already know this.

    --
    Lost at C:>. Found at C.
  3. Well... duh. by mlts · · Score: 3, Insightful

    This has been an issue with any Internet business, be it a cloud provider, dating service, or someone who services vend-a-goat machines. When they go bankrupt, no contracts are honored, and the data falls to the buyer of the company or the physical servers, and can be used, without restriction, by the new party. For example, if a cloud computing service goes bankrupt, the next owner of the physical servers can make a multi-terabyte torrent of the contents, there is nothing the former clients can do about the data legally.

    The only real solution to this is having part of the bankruptcy law changed to mandate supervised destruction of all data as part of the handover of servers.

  4. That's normal business transaction by SpaghettiPattern · · Score: 4, Insightful

    When you sell a business as a whole, you sell its inventory, credits, debits and running contracts. If you want to do that differently than you have to stipulate. But then the business's value will be different. Private customer information is as much inventory as is the fish tank in the hall.

    --

    I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
  5. There is no privacy when you don't control data by sinij · · Score: 1, Insightful

    Surprise! There is no guarantee to privacy when you don't control your data.

    The same goes for any cloud application.

  6. Sale of a company by jklovanc · · Score: 3, Insightful

    Clauses like this allow data to be transferred to the new company running the business. Many of these agreements state that the company the purchases the data will be bound by the privacy provision of the rest of the privacy policy. For example many privacy agreement state that personal data will not be used for marketing. The new owner would also be bound by that policy. Here is Google's policy;

    If Google is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

    Without this provision it would be much more difficult to sell a company or merge with another company. I am sure that the value of Google with it's user base is much more than the value of Google with no users.

  7. Re:Help me I'm a blindly trusting Millenial! by Qzukk · · Score: 4, Insightful

    Or require that the entity purchasing an asset out of bankruptcy also inherits the contracts binding that asset. If my landlord goes bankrupt I don't get to say "Woo! Free house!" and ignore the terms of my contract with the landlord, why should whoever takes over after the landlord not be bound by the terms of the contract either?

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.