Big brother brands report: which companies might access our personal data the most?
We analysed what personal data the world’s biggest brands access and can potentially track to discover which company knows the most about us.
What brands might use weird and wonderful pieces of information to target you? We thought we’d find out. By compiling some of the world’s most-used apps and the data they take from you, we’ve characterised the companies that can potentially use your identity the most.
We all do it — click ‘accept’ on a cookie pop-up without reading any of the information, just so we can see a website sooner. It’s almost become second nature, with those little boxes getting in the way of what we actually want to do.
But what do cookie pop-ups actually give websites access to? What data are we giving up everytime we click ‘accept’, and which businesses might take advantage of it most?
What data can companies actually collect?
The kind of data companies can collect ranges from the things you might expect — like your name, date of birth and email address — to the more obscure, like your pets, hobbies, height, weight and even what you like to get up to in the bedroom. They can also store your bank information, as well as links to your social media accounts and the data you share on them.
How they might use this data will differ depending on what kind of business they are, but often it will result in targeted advertising and website management.
The companies collecting your face, voice & environment
It’s not just personal data companies are after — some want to capture your personal appearance, using things like image and voice recognition to help you sign in. Of all the brands in the study that collect data, 6.25% of them had the option to store photos of your face, including the likes of AirBnB, Instagram, Facebook and TikTok.
Every time you use a TikTok or Instagram filter, they track your facial movements to build a picture of your likeness. While it might create some amusing results, it allows these companies to capture your image and collect your image.
Others go further than just a picture of your face, requesting access to your entire image library. They can use these images to tailor ads specifically to your interests, tracking images of sports, music, nights out and events you have attended to offer you a truly personalised experience.
If how you look isn’t enough, some brands even want to know how you sound. Voice recognition can be used to make it quicker for you to log into certain accounts, with 4.17% of the brands we reported storing your voice for later use.
Brands like Twitter, Spotify and Clubhouse all can do it, and while it might not seem too suspicious, if it gets into the wrong hands, it could be used to access very personal information.
What can brands do with image and voice data?
Voice and facial recognition is something many banks rely on when you call them. It makes logging into your account easier, saving you the need to remember your password or secret answer. However, with some brands collecting your likeness, voice, date of birth, address and email address, hackers would have enough information to access your bank without you even knowing.
They could use this to withdraw funds, make payments or even take out a new credit card in your name. They could also use your interests to create a believable new password, making themselves look just like you.
Your bank would have no suspicions, and the first thing you’d know about it would be when you next checked your account.
Who has access to the most data? Our UPDATED league table reveals the top brands who can track us the most!
If you’d like to compare what has changed since 2020, check the previous list image here.
Social media collects more data than anybody else
Facebook is, perhaps unsurprisingly, top of the list of data collectors. As a social network, it depends on you giving access to all your details so it can recommend friends to you, let people know it’s your birthday, suggest groups for you to join and, most importantly, advertise to you.
Ads are how Facebook makes the most of its money — around $16.6 billion to be precise, based on 2018 reports — so the more it knows about you, the more it can sell on. As well as the usual, such as your name, location, email address and date of birth, it also collects a whole load of things you might not be aware you gave away.
In fact, out of all the data a business can legally collect about you, Facebook collects 79.49%.
Instagram comes next in the list. The Facebook-owned app collects 69.23% of all available data, such as your hobbies, height, weight and sexual orientation. Like its parent company, Instagram can use this information for advertising and recommending accounts you should follow.
TikTok, which has launched many viral sensations over the past year, collects 46.15% of available data on you, including your facial recognition, voice data, and image library.
Your Google suite tracks X Y and Z
Of all the Google apps in the study, Maps might know the most about its users; tracking 23.08% of all available user data, including image recognition of your environment and obviously, your location.
YouTube can collect the same amount of data, but has a better idea of your hobbies and interests from your viewing history and preferred content.
Whilst the information both can access is still valuable, it pales into comparison to the social media giants of Instagram and Facebook.
Other Google applications such as Docs, Sheets and Gmail only collect 12.82% of available data, mainly consisting of your name, email and any languages you can speak or write in.
Your work apps know all they need to know
These are likely the apps most of us spend the majority of our time on, but thankfully our go-to workplace apps aren’t taking too much data.
Slack, Zoom and Google apps only take what they really need from you, including email addresses, the languages you write or speak in. Remember, they can also know your live location. Not good if you’re not really ‘working from home’.
Tinder uses your height, weight and PETS to get you dates
Dating app Tinder collects 61.54% of available data to help match you with your perfect partner. As well as your age, sexual orientation, height, interests and if you own a pet, it also stores your bank details, making it easier to upsell you its premium option. Tinder Plus gives you unlimited likes, and the chance to swipe back just in case you’ve missed the love of your life.
However, beyond trying to get you coupled up, Tinder also tracks how you use different social media platforms if you link your accounts. Tinder also collects information on how you interact with other users e.g. users you interact with, the exchanges between them and the amount of messages you send and receive.
If you see an ad for a very niche kind of toy pop up, now you know why.
Grindr collects almost as much information, with 58.97% stored as you look for love.
Retailers like Amazon use the LEAST amount of data to target you.
Despite being the biggest online retailer in the world, (and spending around $11 billion on advertising in 2019,) Amazon only collects a fraction of data compared to other businesses, 23.08%.
Beyond the obvious, like your name, email address, home address and bank details, it collects little else other than what it needs to run its business.
What it does do is track how you use its site. It monitors the products you look at, the things you buy and the reviews you leave, helping it promote new products to you that match your interests.
General retail came lowest on our list of data-loving companies. IKEA (23.08%), Nike (25.64%) and Depop (25.64) all store your name, email address and home address, along with your bank details to make online purchases easier, but only Nike and Depop store your height and weight to help them offer you more appropriate clothes.
Spotify uses your social media, interests & playlists to decide what you should listen to
Music streaming site, Spotify, collects 35.90% of your data, tapping into your social media profiles to understand your interests and hobbies. If you’ve ever been to a gig and shared a photo of it on Instagram just to find that band in your Spotify recommendations, now you know why.
It also knows the music you listen to, enabling the service to create playlists based on the kind of thing you like. Spotify’s end of year roundups include all the songs you’ve been listening to, and lets you look back on the last 12 months of hits (and occasional misses).
Likewise, Netflix knows the kind of shows you watch so it can recommend similar titles. It gives programmes a match rating, letting you see how likely you are to enjoy them depending on what you’ve seen before. The data it gathers is designed to give you a better user experience, meaning you’ll keep coming back again and again to see more of the shows it’s found for you.
Spotify and Netflix are good examples of data collection that people don’t mind. As with most sites, this information is used to learn about you to make your experience better, tailoring the platform to suit your needs.
100% of companies could store your email address
Of the companies we asked, 100% of them could request and store your email address, and will possibly use it to stay in touch or for future marketing. An email address is the basic data a company will request from you — any brand you’ve signed up for, social media you’re connected to, or shop you’ve bought from will have it on file.
They might never use it, or might use it to send you weekly emails that you’ll either find really interesting or send straight to your junk mail.
15% of companies know how much you weigh
A question you should never ask on a date is one 15.25% of businesses will ask when you first sign up. Brands such as Slimming World, Strava and Nike all want to know it for obvious reasons, but why Credit Karma and Instagram ask for it is anyone’s guess.
Can our data come back to haunt us?
Given the wealth of data we share with businesses, it’d be no surprise to see some things revealed about us that we’d rather were kept private. However, thanks to GDPR (and some very secure cybersecurity software) what companies can actually do with your data is quite limited. Beyond marketing to you and using your data to manage their website, business can’t do much more. You shouldn’t get cold calls from businesses you’ve never spoken to, for example, or find your details are sold. Your data is protected by the policies companies are forced to sign up to, and if they break these rules, they could face big fines.
Want to make your privacy extra protected?
Sharing any data comes with a risk. If you don't think this or that particular app's benefits are worth the trade, you may want to consider deleting the app for good. Here's a detailed guide on how to uninstall apps on a Mac.
However, if you want to make sure your data is extra secure, you'll need cybersecurity software to help protect against viruses, identity theft, and more.
We analysed 58 apps across various sectors to see which permissions they asked consumers for in their terms and conditions and privacy agreements. Each piece of information requested by any app was turned into a characteristic, totalling 45 data points. That allowed us to rank the data that companies can collect their customers across sectors, and attribute a percentage of data used by the app. While the information presented here is valid at the time of this report’s publication, the scope of personal data that applications process may change in the future.