> cookie tracking data has NEVER been associated with any leak or data breach that resulted in personal harm.
This is a very specific statement. It may be true. But, even if we accept for the sake of argument that it is, it's not quite the same statement as, "Mass personal data collection has never resulted in personal harm," which, while seeming quite similar, also happens to be false.
But "[m]ass personal data collection" is a huge superset of "cookie tracking data"; the former encompasses all credit card information database breaches (such as Sony's), along with all government and healthcare database 'leaks'.
We could limit it to "for marketing purposes" (which is what I meant, though I failed to specify it) and still find plenty of clear-cut examples of harm. This isn't breaking news. I took a class in graduate school that was largely devoted to studying examples of them and discussing their ethical and policy implications, and that was years and years ago.
I'm trying to differentiate between data that is anonymized (cookies), and data that is not. I'm unaware of any data leak of anonymized data that resulted in any harm, but if I'm wrong I'd love to hear about it.
How about intentional publishing of "anonymized" data? It's intentional, so it should be even less potentially harmful than an unintentional leak, right?
That's just one of many apparently "anonymized" datasets that has been trivially deanonymized by researchers/hackers/internet-stalkers; so there's plenty of harm to be done.
Fun fact: one of the top 5 digital advertising platforms "anonymizes" user identifiers with a simple hash algorithm and "salts" all of the hashes with the same "salt". Can you guess the "salt"? Hint: it is commonly found on a dinner table and is used to season food.
I can't say I'm at all surprised. I've had similar conversations in a non-advertising field with non-technical managers where their attitude basically boiled down to "What do we care?" when it came to problems that would cost someone else money.
I also can't see attitudes like that changing until companies that collect data are seriously held to account for any leaks/abuses of the data that they collect.
Potential penalties would probably have to include criminal charges, in much the same way that individuals and companies can be held criminally liable for mishandling toxic waste.
I think you are right - this was a brain dump of some things I've been thinking about, specifically on how the fight against cookie tracking is making centralization worse and companies like Facebook more powerful. This article generically criticizes both, but I think there's actually a tradeoff here, and not making the distinction may lead to bad policies
This is a very specific statement. It may be true. But, even if we accept for the sake of argument that it is, it's not quite the same statement as, "Mass personal data collection has never resulted in personal harm," which, while seeming quite similar, also happens to be false.