USPS Joins Many Others – Shares Customer Data with Meta and Others Without Permission
We see this problem too often. It is because web site operators don’t really understand the impact of their actions in many cases.
More importantly, this may impact you and your web site.
Okay, lets talk about what the Postal Service did. Magazine publisher Tech Crunch discovered that the USPS was sharing customers’ information with companies like Meta (Facebook), LinkedIn and Snapchat. The USPS was trying to understand how people use their services or so they say. I suspect they are telling the truth.
The problem comes from a technology variously called beacons or tracking pixels. This technology, visually too small for the human eye to see, sends a message back to the beacon owner – in this case, for example, Meta – when the user visits a page that has a beacon it. For many companies, that is every page on their web site.
In many states you legally have to disclose that you are doing this and also in many states you have to get user’s permission to do that.
It appears that the USPS did not do either of these things.
If the user is not logged into the web site there is not much sensitive data at risk. It may still be illegal, but the risk is low.
BUT, if you are logged into the web site there may be a whole lot of information that is returned to the advertiser about the user. That is happened to the USPS.
The service in question is called informed delivery and if you sign up for it, the postal service will tell you all about mail that is about to be delivered to you including, images of mail pieces and tracking numbers of packages.
In the USPS case, it also included postal addresses of the customers.
The postal service has more than 60 million customers who use the service.
To their credit, the postal service says they fixed the problem as soon as it was reported.
They also said that they were unaware that the information was being sent to Meta and others.
I have no reason to doubt either of these statements.
Earlier this year a number of hospitals got in trouble with the feds for the same thing. Health & Human Services did not take kindly to the hospitals sharing medical information with Meta so that they could send you ads matching your illnesses.
Meta says that they tell people not to do this and that in some cases, as a result of many lawsuits, they try to filter out sensitive data. Maybe. I am less confident of that claim.
For readers of this blog, if you use tracking systems like Google or Meta or others, be careful what data you are sending. At least in some states, if you don’t have users’ informed permission, you are breaking the law.
If you need help, please contact us.
Credit: Tech Crunch