just saw another one of those “oh no tech companies are watching everything you do” scaremongering megaposts

hi, person who works at Large Tech Company here, I can’t speak for every company and its policies but I have a little bit of experience with handling user data and hopefully whoever is reading this feels a little bit more at ease knowing that:

[[MORE]]

1) the myth that we can just collect and store whatever data we want about you is false, we have a rigorous review process for every feature we implement (involving engineers, security, legal, privacy) where any user data we collect, ESPECIALLY if it’s personally identifying information, MUST have a business justification. why is Website collecting the list of stickers I’ve sent in my chat? there is definitely a reason for this! maybe it’s powering a machine learning algorithm to recommend you new stickers it thinks you might like! maybe it just simply keeps track of the ones you use most frequently so that they can present them to you at the top and save you the time of scrolling through your entire sticker picker! but if it doesn’t have an explicit business justification we’re not allowed to collect it MUCH LESS store it unanonymized and unaggregated!

2) the fact that any employee of X company can just access user data for whatever purpose is....also false. you wouldn’t refuse to use a bank or file your taxes because some employee of the bank or IRS could see your private financial records, because that would be illegal as fuck?? it’s the same for the engineers etc at whatever Big Tech Company you think is secretly spying on you?? as part of aforementioned review process I have to document every piece of data I plan to collect and whether or not it’s sufficiently anonymized (most commonly this is just for logging purposes like “X button was clicked” or “Y message was posted” which are anonymized and analyzed only in aggregate to determine usage statistics and understand user behavior to influence product development). I also am not allowed to perform ANY sort of data analysis (even to look at aggregate data) until I explicitly request access to the specific logs that the data was stored in, which again, MUST include a business justification. any time I directly look at a particular user’s logs (which I sometimes have to do to debug incoming error reports) the fact that I’ve accessed these records is recorded, so if I’ve just been doing this to snoop around, somebody will know. my job is for all intents and purposes extremely stable, but this is one of the few ways I could definitely get fired immediately. also, even if I’m looking at these logs, they’re often obfuscated etc. so that your actual user generated content isn’t visible to me, just metadata like any user/data ids, timestamps, generic description of what actions were performed, etc. an employee could theoretically breach user data with malicious intent if they tried really hard, but not more so than at other institutions you already trust with your personal data

3) the fact that all your personal data is stored indefinitely without your consent is also false. it’s true that often when you “delete” your data it’s not deleted immediately; this is often to comply with legal restrictions. however, it is often the case that things like ad preferences are configurable by the end user with immediate results (e.g., if you don’t like your google ad preferences, I’m pretty sure you can delete them? and/or turn customized ads off?) it’s also a requirement that we allow users to export their data so that they have access to it, exactly as OP was doing. finally, even if it’s a long time (days, months, years, etc.) we do eventually delete your data for real. even sometimes when you don’t want us to! like have you ever tried searching for a really old email you haven’t touched in like 10 years? you probably won’t find it bc we only keep it around for so long to give you an adequate opportunity to archive it yourself IF YOU WANT, but the accusation that tech companies are building a longitudinal profile of every user’s entire life is a ridiculous thing for us to waste valuable storage space on.

TL;DR not to be on corporate’s side but I don’t want y’all to freak out more than you have to about the data we collect?? whatever company you’re condemning is Very Afraid of Lawsuits and I guarantee other people have thought about this much more than some rando on the internet and with more legitimate/comprehensive knowledge of the situation and it’s not nearly as bad as you think it is