Analysis Pollster Ipsos MORI is under fire for touting data on millions of EE customers - from their whereabouts to their browser history - to anyone with a chequebook, including London's Metropolitan Police.
The Met shelved the deal when the Sunday Times learned of the mass info flogging. But private companies have been buying the mobile network's subscriber stats, which include customer locations, calling habits and web-browsing history broken down by demographic.
This is all entirely legal as the data is supplied in anonymous blocks of 50 people grouped by activity and location: for example, 150 peope sent a text message at midnight from the capital's Shaftesbury Avenue, or 50 people visited Amazon's website from within a Coventry Tesco.
However, the monetisation of this information has still got privacy campaigners riled.
The Sunday Times is very excited that the customer records have been offered for sale, pointing out that 27 million customers are being tracked by EE every day. But the network operator is adamant that the data being flogged is anonymous, and it's hardly the only telco that has set up shop selling information about its customers.
All the mobile network operators track users, storing punters' location for two years, and logging details of calls and downloads. Mostly that's done for network planning purposes, such as working out where and when people tend to concentrate so as to surround them with phone masts. And police officers can, by law, request access to these databases to track suspects and the recently deceased. Now operators are trying to squeeze revenue from their big data, too.
Last year O2 owner Telefonica created a division specifically tasked with selling customer data, and Vodafone feeds anonymous information to satnav biz TomTom, so it shouldn't be surprising that EE has outsourced the task to Ipsos MORI.
Supermarkets and shopping centres are always interested in visitor numbers, and what customers are doing - such as what percentage of shoppers are checking price-comparison sites. Councils are interested in the flow of people around city centres, on foot and in cars, while the plod want to know how many people were in a riot and where they went to next.
Not as individuals, of course. Data that specifically identifies Brits is available to the police, through their Single Point of Contact and for a fee. The Sunday Times reckons the police were interested in correlating address and names to the EE data, and one can see why the cops would wish to do that, but for EE to facilitate that would be an illegal breach of privacy - so any such detailed data isn't handed over.
In a statement to The Register, the operator said:
The suggestion that we sell the personal information of our customers to third parties is misleading to say the least. The information is anonymised and aggregrated, and cannot be used to identify the personal information of individual customers. We would never breach the trust our customers place in us and we always act to comply fully with the Data Protection Act.
Anyone interested in exactly what data operators store should watch this animation from the German politician who successfully extracted all the information about himself from his network operator and put it into a map of his activities. His mobile internet use isn't included, but even so the picture is quite chilling for the privacy conscious among us.
Ipsis MORI wasn't trying to sell data on individuals, and what it was selling is an entirely legal commodity even if we're a little uncomfortable seeing it traded. Our personal habits are already a valuable commodity and mobile operators are late to the market. But they are coming, and bringing ever-more detailed information about us to anyone who's willing to pay for it. ®