Ten Companies You Wouldn't Expect That Collect Consumer Data
Do you worry about big companies collecting your personal data? This isn’t a new concern. In fact, it’s been over a decade since Edward Snowden’s release of materials detailing how companies like Facebook, Google, and Apple shared personal data with the NSA.
Since then data privacy regulations, such as the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), have emerged to protect consumers and give them more control over the personal data companies collect about them. While these privacy laws do provide a benefit to consumers, It’s also common to see people take matters into their own hands when it comes to protecting their personal information. Hacker News regularly sees first-page articles about individuals who go through the effort of self-hosting digital products like email to keep their personal information out of reach from companies that collect data.
Consumer-facing products and social media platforms like Gmail, Amazon, Facebook, Twitter, and Linkedin come to mind first when we think about business data collection. It’s easy to look past the companies that don’t have consumer-facing products but also collect all kinds of data with personal information such as names, addresses, phone numbers, bank account information, and purchase histories.
We don’t often think of B2B companies in terms of data privacy because these data collectors operate in the background relative to the customer experience. They sell services and all types of data to the data-driven B2C companies we’re more familiar with. Their services range from marketing SaaS tools, to data analytics products and Customer Relationship Managment (CRM) systems. B2C companies use these B2B services to better understand thier customer behavior and deliver their customer experience through product development, marketing campaigns, and more.
In this post, we’re going to highlight several of these big data companies — some you’ve heard of and some you might not have — to raise awareness about the huge number of B2B companies that collect customer data.
1. Adobe
When many people think of Adobe, they think of design tools like Photoshop and, of course, the ubiquitous Acrobat PDF reader. But Adobe also has a $6 billion marketing cloud business that has been one of the major drivers of their stock price. Hundreds of B2C companies, from Nike to Virgin Airlines, use the Adobe Marketing Cloud suite of products.
Every interaction you have with companies using Adobe Marketing Cloud, from visiting their websites to opening their emails to using their mobile apps, is captured as data that flows into their systems. All of the customer data helps Adobe build rich consumer profiles, which feed their marketing and advertising products (like Adobe Advertising Cloud).
2. Salesforce
Like Adobe, tens of thousands of companies use Salesforce’s CRM, marketing software, and other tools. We think of Salesforce as used mainly by B2B companies, but massive consumer-focused companies run all of their customer data through Salesforce, from airlines to online retailers.
If you’ve engaged in some sort of digital commerce in the past ten years, your data is almost certianly in the Salesforce ecosystem.
3. Acxiom and other consumer ID graph vendors
While you’ve heard Salesforce and Adobe’s names before, Acxiom is a much lesser-known brand, especially to your average consumer. Yet, this data broker probably has the most extensive collection of anonymous cookie data globally, along with mapping between PII (email, address, name, etc.) and cookies. They’ve built this massive dataset by working out data-sharing deals with thousands of publishers and content providers.
To make things worse from a privacy perspective, they have built their entire business model on sharing this data and their identity graph (PII → cookie mapping) with other businesses.
4. Xander and other ad networks
Publishers and other content producers use ad networks like Microsoft owned Xander (Previously AppNexus) to display ads on their websites. Effective ads that fetch higher premiums, require targeting, and targeted advertisment requires the publisher to share data about their audience to the ad networks. This includes information like age, location, and other demographic data and browsing history and content interests.
Ad networks also cookie their visitors to create a richer profile by combining data across publishers. Even though you’ve never heard of them, some of these ad networks rival Social Network and Search giants like Facebook and Google in terms of their scale and reach across the web.
5. Website providers
A massive number of small-to-medium-sized businesses, as well as some enterprises, run their websites on third-party platforms like Shopify (for eCommerce) and Squarespace or Wix (for marketing sites and landing pages).
These platforms have access to data about their users’ customers, from the pages they visit the products they browse and purchase. We know that these platforms collect consumer data because they provide analytics capabilities that rely on it. They don’t share this data between customers from what we can find, but they do use the consumer data they collect to improve their products’ experience. It’s not a stretch to imagine a future where these sites offer advertising products allowing their customers to target ‘anonymous’ users likely to buy based on purchase history with other customers.
6. Customer data platforms
Customer data platforms (CDPs) are all the hype in marketing technology right now. CDPs’ promise is to collect all customer data into one place, then use it to drive personalized digital experiences, from personalized content to advertising campaigns.
The largest of these platforms hosts a huge amount of consumer data from many companies.
7. Google Analytics and other analytics companies
Google Analytics is the most ubiquitous analytics tool globally, used by countless companies to analyze visitor behavior on their websites. While the data Google Analytics collects is theoretically anonymous, Google can tie it to actual individuals within their ecosystem, which drives big business for their advertising division.
8. Cloudflare and other CDNs
CDNs are a highly-distributed platform of edge caches that minimize web page loading time by reducing the distance between the server and the user. They also provide high-availability in the case of web servers going down.
Pretty much all moderate-to-high traffic websites use a CDN, with Cloudflare being the leader. All the traffic to those websites goes through their CDN, which means the CDNs can see end-user information like IP address, location, browser info, etc.
While most CDNs don’t install their own cookies and hence don’t track visitors across websites, the static visitor info they collect is also sensitive data that gets stored in the CDN.
9. Experian and other credit reporting companies
Unlike the companies listed above, credit reporting companies like Experian have consumer-facing products, but most of their revenue comes from selling their services to other businesses. These companies have been collecting consumer data even before the dawn of the internet.
What has changed with the internet is the scale and variety of consumer data they can collect, all the way from your entire credit card spend data to rental applications.
They claim to make good use of this data (via their credit scoring services), but a single company having access to that scale of consumer data is extremely risky, as recent hacks and data breaches have shown.
10. Verizon, Comcast, AT&T, and other ISPs
We think of Verizon, Comcast (Xfinity), AT&T, and others as the companies who provide us with phone and internet service, not necessarily companies who have access to and collect huge amounts of consumer data.
On the surface, they seem like simple tunnels for phone and internet, but they leverage that consumer data to power massive advertising businesses like Comcast’s Effectv.
Be responsible with your customer data
Customer data privacy is a big deal (and a core value of mine in founding RudderStack). That’s why we built RudderStack with a focus on privacy and security. My goal isn’t to call any of these companies evil. In fact, we use some of the tools mentioned above.
Rather, my goal is to help companies think critically about what customer data they store and where. In this age of the cloud, it’s incredibly easy to send copies of all your customer data to 10, 20, 30 tools. That too, without stopping to think about the implications of who is storing the data and how it might be accessed or used. While that isn’t evil, it is irresponsible, and no company should be irresponsible with their customer data.
Learn more about data security in our learning center, and visit our security page to learn more about how RudderStack is built to enable data privacy and security for every company.