Privacy

Consumer Privacy: Cuebiq’s Outlook on Data Sharing

By Gerald Smith / 5 minutes

← Resource Center Home

This year, we find ourselves firmly in the information age where data sharing is a common and expected practice across all sectors and facets of our lives — from banking to health care, government, marketing, and more. Literally every aspect of our current and expected future world involves the collection and sharing of data. As such, most, if not all, technology companies, like Cuebiq, collect, process, and share data as a part of their products and services.

Cuebiq’s approach to privacy is grounded in four key pillars: consent, transparency, control, and accountability. In this blog I won’t go into deep detail on our approach to named consent, but in summary, our users are provided a clear consent option to share their data with Cuebiq (as a “named” entity) for an express list of purposes — and users have the option to say “yes” or “no” to that consent request. To learn more about our approach to consent and all of the core privacy pillars at Cuebiq, please visit our Privacy Center and Privacy Policy. In this blog I would like to review our data-sharing practices and the transparency, control, and accountability we bring to support those efforts.

In many of our data-sharing activities we only share a hashed or obfuscated device ID, but in some cases we may also share an anonymous “advertising ID” provided by Apple and Google’s mobile operating systems. The user has full control of this Mobile Advertising ID with the ability to opt out of its being shared, to “rotate the ID” and be assigned a new ID going forward, or to zero-out the ID altogether (iOS only). Cuebiq also offers additional pathways for user opt-out control, beyond OS settings, and offers all users the option to get a copy of the data collected about them in portable form and to request that all of their data be deleted — at any time, from anywhere in the world.

Some of the key elements of our data sharing approach include:

  • Transparency: Cuebiq only shares location information where an anonymous advertising ID may be present with a select list of partners. We make this list public and we’re the only company in our space that is fully transparent about our data partners. Our partner page is easily accessible and we allow anyone to subscribe to receive email notifications anytime this page is updated.  
    • As you can see from our list of partners, Cuebiq does not enter commercial contracts with government agencies or law enforcement for these types of data products. We do work with government agencies with highly aggregated data in our “Index” based products, which analyze how users move in mass with the lowest level of granularity being Census Block Group (600 to 3000 people in each group). 
  • Limitations on Use: Cuebiq was among the first in our industry to develop and publicly post our Sensitive Points of Interest (SPOI) Policy, with which we, and any partner using our data, must comply. We prohibit the use of our data for purposes we feel are not ethical or are not proportionate to the consent we have received from users.  
    • For example, we do not allow our data to be used for any kind of analysis, even aggregated, around a number of location types, including government buildings or social demonstrations.
  • Strict Contracts and Compliance Audits: All of our partners not only agree to strict contractual terms that prohibit any attempt to merge our data with personally identifiable information, but we also require that they undergo an annual third-party audit of their compliance with those terms. We have created a dedicated Compliance team focused on these efforts. 
  • Privacy-Enhancing Technologies (PETs): It’s important to note that Cuebiq’s location-data sharing is generally limited only to visits to commercial whitelisted POIs (Points of Interest — like stores or restaurants) with no additional location data, or it undergoes differential-privacy processing to obfuscate the suspected home location of the device and eliminate potentially sensitive POIs not already removed by our location blacklist. Bundled with our Sensitive POI Policy, as well as location whitelists and blacklists, differential privacy is another emerging technique we leverage to more strongly anonymize data.

As Cuebiq’s Chief Privacy Officer I can’t overstate how proud I am of our commitment to privacy and our thoughtful and layered approach to handling sensitive data like precise geolocation data. I hope this blog provides a good picture into the depth and commitment to privacy we’ve architected into everything we do at Cuebiq.

Please check out our Privacy Center and Privacy Policy and don’t hesitate to reach out to us if you have any questions at [email protected].

#workbench
About the Author

Gerald Smith, VP, Privacy

Gerald has been building and leading global privacy and risk-management programs in the financial, automotive, and tech sectors for over a decade. He received his bachelor’s in Economics from the University of North Carolina and his law degree from Chapman University. He is an IAPP Fellow of Information Privacy.