Biz & IT —

App changes its privacy policy ten days after Facebook acquisition

Moves says it won't "commingle" data with Facebook, which means little.

A snippet of the types of timelines Moves collects and can now share with Facebook.
A snippet of the types of timelines Moves collects and can now share with Facebook.
Moves

Mere days after the fitness-tracking app Moves assured users about their privacy after its acquisition by Facebook, the company has changed its privacy policy to allow itself to share data with third parties. The Wall Street Journal reported the changes late Monday, which were pushed as an app update to Moves users.

Moves uses a smartphone's accelerometer (or the M7 processor in the case of the iPhone 5S) to passively track a user's walking, cycling, running, or driving activity. Users can log other information like calorie counts or activities manually, and Moves integrates with a handful of other life-logging apps like Momento or OptimizeMe to create detailed timelines of where a person goes and how they get there—for instance, their trips to a local coffee shop.

Moves' privacy policy at the time it was acquired stated strictly that it did not share data with third parties, with three exceptions: sharing with the user's consent, sharing under legal obligations, and sharing if the business is acquired by a third party. Technically, Moves already had its users' permission under this privacy policy to share data with Facebook.

And yet the official Moves Twitter account tweeted following the acquisition that it would not "commingle" its data with Facebook's user data. Moves then changed its privacy policy to state that it would share not only user data but also personally identifying data with "affiliates… including but not limited to Facebook." To confuse things further, Facebook repeated the same line about how the two companies would not "commingle" user data to the Journal Monday.

The Facebook spokeswoman continued by saying that Facebook does plan to share the Moves data. Presumably, all of this means that Facebook will give Moves data to third parties like marketers and advertisers but will not bundle it themselves with Facebook's own data. However, Facebook's data on its users who use Moves is also for sale to the same marketers and advertisers. Many companies that collect this data are skilled at cross-referencing it themselves.

The change of privacy course is one that users dread, but rarely one that comes to pass so quickly and messily. Instagram left the matter of privacy alone when it was acquired, while WhatsApp took such a strong stance against ever collecting data, let alone sharing it with Facebook, that its founder reiterated in a second blog post for good measure.

Moves, by contrast, has found an innocent soundbite to repeat publicly that belies the fact of what is going on in the legal language of its privacy policy. More importantly, it belies the possibility of what can be done with its data by saying Facebook won't be the one doing what its users dread. Data brokers like Acxiom and Datalogix as well as credit agencies like Experian and TransUnion trade in consumer data, some of it bought from "third parties" like social media companies. In their databases, data brokers can "commingle" this information all they like, even partially or wholly undoing any anonymizing that has been done.

Moves provides an unusual kind of user data in that it tracks movement as well as health- and fitness-oriented information. Much in the way that the Nest thermostats and smoke detectors can get valuable information for Google—and by extension property insurance companies—data from Moves could easily catch the eye of insurers and lucrative businesses in the weight-loss or fitness industries. Soon, that data will be only a monetary exchange away.

Listing image by Moves

Channel Ars Technica