Big-Tech Data Collection: What They Know & How to Protect Your Information Online in 2024

By Samuel Chapman

Last update: March 18, 2024

If you’re interested in keeping your data private, the world’s five largest tech companies — Google, Facebook, Amazon, Microsoft and Apple — are not on your side. Big-tech data collection is a huge issue for modern society, and this article will explain why, what Big Tech knows about you, and how you can protect your personal information.

Talking about this is already going against the grain. The Big Five would like you to believe the story of how they made their money goes something like this.

First, a kind-hearted visionary with a monosyllabic name — Mark or Jeff or Biff — dreamed of a new technology that would change the world. Despite them offering the technology free of charge, everyone was so happy with it that they decided to give billions of dollars to Bort or Crump or whoever.

In reality, while some of the Big 5 do make money by selling goods and services, a huge portion of their revenue comes from things that would be grounds for a lawsuit if you did them to your neighbors.

1. Best to prevent data collection
   

   Overall Rating 9.5 / 10

   Get 49% Off ExpressVPN
2. 

   Overall Rating 9.2 / 10

   Visit NordVPN
3. 

   Overall Rating 8.9 / 10

   Visit Surfshark

Gathering data on you isn’t just a hobby for Big Tech. It’s literally the main revenue source for some companies, including Google and Facebook. (No, I’m not calling it Meta. Nobody will ever call it Meta.) They’ve each assembled incredibly sophisticated technology dedicated solely to violating your online privacy.

But it has an Achilles’ heel: knowledge. The more you stay informed about how companies collect data, the better equipped you’ll be to protect yourself. In this article, I’ll be your Jedi master for the privacy wars.

• What data does Big Tech collect?

  The Big Five tech companies (Google, Facebook, Apple, Amazon, and Microsoft) collect reams of textual, video and audio information on their users, including their names, addresses, browsing activity and even facial recognition data.

• What does Big Tech do with data?

  Big Five companies use consumer data in some innocuous ways, like registering user accounts and conducting UX research. But they also make money by using information about you to sell space to advertisers. Corporations may also share your data with third-party companies that don’t have strong privacy policies.

• Does Big Tech sell your information?

  Tech companies don’t always literally exchange your data for cash. More often, they use your data to craft profiles that entice advertisers to pay them for ad space.

Big-Tech Data Collection: Where We Are Now

This whole mess stems from a simple truth of the market: There is an enormous amount of money to be made from knowing where people are paying attention.

Everybody is trying to get you to look at their thing and away from the other guy’s thing. Some industries want to command your attention, so you’ll exchange money for their goods and services. 

But other industries don’t have a clear way to monetize, particularly Facebook, Google and social media in general. They figured out pretty quickly that trying to charge admission to a social feed was a nonstarter.

These companies turned to the old broadcast TV model of generating revenue through ad sales. They quickly had a positive feedback loop on their hands. 

People didn’t want to pay to use Facebook or Twitter, but they were happy to leave their personal data unguarded on the platform. Social media giants didn’t have to rely on ad sales alone — they could also sell data that other businesses could use to target ads.

The Reality of Targeting

Big Tech wants you to think that targeted ads are actually a good thing; you get to see ads about things you care about, rather than random ads that might not interest you at all! Don’t let them fool you.

“Targeting” is rarely a good thing. Nobody ever gets targeted for a free kitten giveaway. The practice of targeting ads does nothing to buck the trend. Using your age, location, prior habits and other indicators (see the “What Big Tech Companies Know About You” section), corporations decide what types of ads will work best on you and when.

That’s exactly as sinister as it sounds. Payday lenders and other predatory businesses set up in low-income neighborhoods. For-profit universities prey on people who don’t know any better. All that targeting can now happen online.

It’s only getting worse. In 2018, 23andMe reached a deal to sell customers’ genetic data to a pharmaceutical company. We’re not far from a future where corporations analyze your genetic makeup to determine which ads will trigger you to buy on a molecular level.

Some companies are even in the business of buying data they can’t get through their own networks. Google once made a backroom deal with MasterCard to buy consumer spending records, snagging a wealth of data that wasn’t previously online in any form.

I could go on forever, but this all gets back to the same point. As long as there’s money to be made, Big Tech will never stop harvesting data on its own. 

Google alone made $61 billion from ad revenues in Q4 2021. That’s not a typo. It made that much in three months. If you believe the leaders of Google will turn off that money spigot out of the goodness of their hearts, I’ve got a bridge in the metaverse to sell you.

There are only two ways the data collection boom ends. Either government regulations pass, similar to the European Union’s General Data Protection Regulation (GDPR), or individual consumers get wise and start protecting their own data.

Data Collection and AI

In 2024, there’s another reason a tech company might harvest data on you: to sell it to AI companies that use it to train large language models. Google’s recent deal with Reddit underscores that nobody is safe. If you run a website, I wrote some tips on how to block LLM crawlers from scraping it for data.

What Are the Big 5 Tech Companies?

The five largest tech companies, and the ones we’ll be concerned with today, are Google, Amazon, Apple, Facebook and Microsoft.

Google and Facebook are the biggest players in the information sharing economy. However, just because Amazon, Apple, and Microsoft all have other ways to monetize, don’t assume they aren’t doing anything shady. Amazon, for example, routinely steals seller data to undercut its own users with copycat products.

I’ll cover each company’s crimes against privacy in its dedicated section below.

What Big Tech Companies Know About You

I’ve been talking a lot about personal data, but what data is it exactly? The table below shows some of the key data collected by the Big Five tech companies. The table below is based on the companies’ own privacy policies.

Data Big Five Tech Companies Know About You

How Big Tech Uses Your Data

I’ve alluded to a few uses already, especially targeting ads, but here’s a more detailed (though incomplete) list. Some of the things tech companies claim to do with your data are fairly reasonable, such as:

• Authorizing accounts
• Targeting their own services, like news feeds and recommendation algorithms
• Preventing fraud and abuse

And a few of the things they prefer to hide in the depths of their privacy policies or not mention at all:

• Selling advertisers the right to access targeted customer segments
• Measuring how ads perform with individual IP addresses, then letting advertisers bid on access to those IP addresses in real time
• Passing or selling your data to other companies for purposes other than advertising
• Cloning your product to put you out of business with their own cheaper, worse version (not naming names here, but it rhymes with Blamazon)
• Allowing it to get stolen by hackers

It’s important to understand that when people and companies talk about “selling data,” they might be referring to either of the first two bullet points above: selling targeted access or real-time bidding management. I’ll explain both in the next two sections.

Selling Customer Access

This aspect of “selling data” encompasses the sales that happen on the Big Tech company platform itself, like promoted links on Google, targeted ads on Facebook and sponsored products on Amazon. For this part, the company doesn’t need to literally sell your data. Instead, they sell the right to contact specific individuals or segments with ads on behalf of the advertiser.

Companies either approach the tech giants with lists of people they want to target or focus on demographics instead. For example, Facebook might charge you $40 for the right to show an ad to women between 40 and 55 who have clicked on at least one newsfeed post about yogurt in the past month.

Tech giants like to hide behind this fact, so they can argue that they’re not technically selling your data to other businesses. Which is true — the advertiser never sees the specifics. But if I pushed a full coffee cup off your desk, you probably wouldn’t be convinced if I told you it was technically gravity’s fault.

Real-Time Bidding Management

Real-time bidding is the other way large tech companies can sell your data without literally selling your data.

Ad space on the internet doesn’t get filled in advance the way billboards and TV commercial breaks do. Through a rapid, mostly automated bidding process, advertising data brokers sell each space milliseconds before you see it.

Big Tech companies act as the auctioneers in real-time bidding. Google’s ad management system says, “I’ve got Visitor X loading Website Y. Visitor X has the following demographic profile. Who wants the slot?” Company Z’s automated system sees that Visitor X matches their desired customer identity, makes a bid and wins. That determines what ad the visitor sees.

Real-time bidding requires the broker to make customer data available to the bidders. Again, the bidders are technically not paying for the data but for the advertising spot represented by the data. That’s cold comfort for the customer (you), whose data the technology shares around either way.

Until this point, I’ve mostly been speaking about the Big Five as a unit. For the next part of the article, I’ll turn a spotlight on each of these businesses in turn, describing what information they collect and what they do with it.

Alphabet-Google Data Collection

Google is the most pervasive of the world’s tech giants, with just one of its various tentacles grasping onto 86.5% of the internet. So it’s a good thing it treats its responsibilities seriously and doesn’t take advantage of its many opportunities to spy on everybody for profit.

Just kidding! Google spies on everybody for profit. Constantly. It’s the only way it makes money.

Google is the poster child for everything wrong with big tech’s attitude toward privacy. From presiding over a commanding portion of the world’s real-time ad auctions to allowing third parties to literally read your emails, there’s very little Google hasn’t tried in its quest to be the world’s biggest information broker.

Information Google Collects

Google uses its flagship search engine and almost all its subsidiary apps to collect data. If you use Gmail, your email address is in Google’s system. The content of your emails may be as well. 

If you use Google Maps, Google knows where you are, though it can also figure out your general location from your IP address. Google knows your preferences through your shopping searches and chosen YouTube videos. The list goes on.

In fact, of the data I looked at for this article, there were only three things I had any reason to believe Google doesn’t collect and save:

• Your home address, though GPS can pinpoint it with enough detail that Google doesn’t need the house number.
• Android text messages or Google Hangouts chat logs, though lack of proof doesn’t mean Google isn’t reading them.
• Likes and interactions on social media other than YouTube, because nobody liked Google+ enough to give up valuable data.

Why Google Says It Collects This Data

Google claims it collects data to improve its services, communicate with users and provide personalized ads. There’s no direct mention in the privacy policy of the fact that these innocent-sounding “personalized ads” make up most of Google’s revenue.

Third-Party Sharing Policies

Google provides personal information to “affiliates and other trusted businesses” for processing purposes. Its privacy policy doesn’t state what information is transferred or who its affiliates are. Until you get a chance to read their privacy policies, don’t trust them.

Amazon Data Collection

Amazon is a diverse company with many revenue streams, including ruining The Wheel of Time, firing phallic-shaped rockets into space, and failing to realize Buy & Large were the villains in WALL-E. With all those, plus retail and Amazon Web Services, you’d think it would have enough ways to make money.

Nevertheless, Amazon is also involved in the targeted advertising game, using customer data to sell ad space on its e-commerce platform. When you search on Amazon, the sponsored products you see are determined by the same real-time bidding Google uses to place its ads.

Although Amazon swears it only uses anonymized data to place ads, the EU fined it over $850 million for using customer information without consent under GDPR jurisdiction. Amazon has said it will appeal the fine.

Information Amazon Collects

Because it can make money without snooping, Amazon collects slightly less personally identifiable information than some of the other big tech companies. However, the company still knows your general location, IP address, product browsing history, purchase history and financial information.

Why Amazon Says It Collects This Data

Don’t expect Amazon’s privacy policy to mention that little tidbit about spying on its own sellers to muscle them out of the market. Instead, it just says it uses personal information to deliver goods, improve its own services, personalize recommendations (with and without sponsorship), fulfill legal obligations and of course “display interest-based ads.”

Third-Party Sharing Policies

Amazon states that “third-party service providers have access to personal information needed to perform their functions, but may not use it for other purposes.” It’s not clear how Amazon enforces proper use of this information.

Apple Data Collection

Apple has a reputation as the one big tech company that gets user privacy right. Its quest to maintain that image has led it to get some things right, like blocking Facebook’s online activity trackers. Apple is also the only company on this list that doesn’t monetize user data by selling ad access.

But it’s not perfect by a long shot. For starters, Apple receives a staggering annual fee to keep Google as the default search engine on iOS; It’s hard to do billions of dollars in business with Google without condoning its rock-bottom data privacy standards. It also shares your data with third parties who may not be as strict as Apple in their own privacy policies.

Information Apple Collects

Apple collects and stores physical data like your location and home address, plus basic identifying data like your name and phone number. It also knows the IP address associated with your Apple account and any purchases you make through Apple or the App Store.

Why Apple Says It Collects This Data

Apple’s privacy policy states that it collects data “to power our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law.”

Third-Party Sharing Policies

Quoth the privacy policy: “Apple may share personal data with Apple-affiliated companies, service providers who act on our behalf, our partners, developers, and publishers, or others at your direction.” Third parties must give the data back or delete it when finished using it. Again, there’s no enforcement mechanism, but at least it looks like Apple has thought about this.

Meta-Facebook Data Collection

Other than Google, Facebook is the worst offender in unwanted data collection. Until November 2021, Facebook allowed advertisers to target based on sensitive categories like religion, ethnicity, political beliefs and health status. A sting operation revealed that Facebook approved targeted ads based on the phrase “Jew hater.”

Since Facebook makes most of its money from ads, it’ll exploit any advantage it can get away with. It’s well known for not background-checking political ads or the people who buy them, to the point where Mark Zuckerberg’s extreme punchability is the most bipartisan issue left in the U.S. Congress.

Then there’s the Cambridge Analytica incident, in which Facebook looked the other way while a consulting firm freely harvested personal information through a quiz app. When it’s not using your data for sinister purposes, it’s managing your data ineptly.

Information Facebook Collects

Under heavy scrutiny, Facebook finally removed the most sensitive customer categories, but I could find no indication that it doesn’t still have all the data it gathered on its users’ races, religions, income levels and political opinions.

Other than that, Facebook collects all the personal information it can get away with. It harvests data in every category except for purchases, but two:

1. Emails, because those have been folded into chat (which Facebook definitely reads)
2. Purchase history on Facebook Marketplace (note that I couldn’t find proof this data isn’t saved; I just couldn’t conclusively prove it is)

Oh, and Facebook also likes to collect data about you from other sites, so it can snoop on you even if you’ve never had a Facebook account. I don’t blame you if you’re ready to move to a remote Alaskan cabin at this point.

Why Facebook Says It Collects This Data

For the usual reasons: recommendations, running and improving its own features, communicating and of course, targeted advertising.

It’s no surprise Facebook and Google are the two worst offenders in leveraging customer data to sell ad space. They’re the two tech companies with few other ways to make money. As the saying goes, “if you’re not paying for the product, you are the product.”

Third-Party Sharing Policies

Facebook’s lax third-party data restrictions triggered the Cambridge Analytica scandal in the first place. Did it respond by creating tighter controls? Let’s check the privacy policy…

“Information collected by these third-party services is subject to their own terms and policies, not this one.”

In other words, Facebook has done nothing to close the enormous loophole that got it in trouble in the first place. I am frequently disappointed in big tech companies but never surprised.

Microsoft Data Collection

It’s hard to believe there was a time when Microsoft was considered the most evil tech company, possibly because of Bill Gates’s ill-advised habit of appearing as a gigantic Orwellian head. It hasn’t gotten as much attention in recent years due to other companies grabbing slices of the evil market.

As it turns out, Microsoft is better about data collection than some of the other Big Five companies, though not as progressive as its eternal rival Apple. When Windows 10 launched, the Electronic Freedom Foundation savaged Microsoft for harvesting rafts of user data, much of it through desktop assistant Cortana.

After years of complaints, Microsoft actually responded, making its data collection more transparent and giving users more freedom to choose. You can even apparently opt out of the targeted ads Windows 10 would otherwise include. Some users noted that the opt-out choices didn’t always seem to work, but this flaw appears to have been patched since 2018.

Information Microsoft Collects

Microsoft’s approach to gathering data is in a gray area. On the one hand, it’s the only Big Five company to collect data in all 15 of the areas I checked. On the other hand, with the one hiccup mentioned above, it’s better at honoring your requests to opt out than any other company but Apple. On average, Microsoft is solidly in the middle.

Why Microsoft Says It Collects This Data

Microsoft’s privacy statement declares it will collect data for four reasons: supporting its products, researching user needs to improve its products, personalizing recommendations and targeting advertisements.

Third-Party Sharing Policies

Microsoft shares data “among Microsoft-controlled affiliates and subsidiaries,” all of whom are presumably bound by its privacy rules. However, it warns users that some aspects of its products may take users to third-party sites with their own privacy policies, potentially opening it up to the same weakness that leaked Facebook data to Cambridge Analytica.

The Future of Big-Tech Data Collection

The biggest change that’s about to hit online ads is the coming death of cookies. Cookies are the trackers that (among other functions) allow ads to follow you across the internet, “retargeting” you with an ad to increase the chances it might work. 

Safari and Firefox already ban third-party advertising cookies, but they’ll be out for good when Chrome drops support in 2023.

This will likely consolidate the advertising market even more under the auspices of the Big Five. These companies are large enough to have their own in-house technology to replace cookies; any independent ad brokers will have to work with them or go under.

That said, the future isn’t entirely rosy for the Big Five. For one thing, momentum may be gathering in the United States for GDPR-like data privacy protections. 

California and Virginia have already passed strict consumer data protections. Another 20 states have their own laws in various stages. In a sharply divided nation, support for data privacy laws is astoundingly bipartisan, with 86% of Democrats and 81% of Republicans agreeing Congress should make it a priority.

And there may be trouble for everyone on the horizon. Author Tim Hwang has proposed that the internet faces a “subprime attention crisis.”

Hwang argues that the advertising economy that makes much of the internet free has overestimated the value of customer eyeballs (which makes sense — when was the last time you clicked on an online ad?). 

When the attention bubble bursts, it won’t just destroy the revenue streams of Google and Facebook, but also of every smaller company that depends on ads to monetize.

TL;DR: The future of big tech companies and data looks a lot like the future of the world itself. Maybe things will get better, maybe big corporations will keep ruining everything, or maybe we’re all screwed. Time will tell!

What You Can Do to Protect Your Data From Big Tech Companies

At long last, it’s time to talk about fighting back. Up until this point, I’ve been arming you with knowledge. Now I’m going to arm you with weapons.

Follow these tips to keep your data safe from the prying eyes of big tech companies:

• Use alternatives. If you don’t use Google or Facebook, they won’t have nearly as many chances to gather data on you. Instead of Google, try DuckDuckGo (a fully anonymous search engine) or Startpage (which uses the same search results as Google). Instead of Facebook, try going to a public park and shouting out random thoughts as they come into your head.
  
• Pay a service to delete your personal information. For an annual fee, services like LifeLock and Abine DeleteMe will dig through the basements and attics of the internet to scrub any of your personal information that may still be out there. Even if you can’t afford it every year, it’s a good way to get yourself back to zero before taking proactive measures.
  
• Use strong passwords and two-factor authentication. This won’t stop big tech from surveilling you, but it will protect you if any of the data they leave lying around gets sold on the dark web (I guarantee you it has). Check HaveIBeenPwned.com to see if a website you’re on has suffered consumer data breaches, then change the passwords on any affected. Enable two-factor authentication. If you can’t remember all those passwords, get a password manager app like LastPass.
  
• Mask your email address. The best app for this is Abine Blur. It lets you use a different email address for every website without creating dozens of burner accounts. Each time you enter your address, Blur changes it to an encrypted hash while still directing inbound emails to your inbox. This prevents tech companies from building an identity around your email address.
  
• Don’t give out your phone number. Your phone number can also be used to dig into your personal life, and it’s harder to hide. Where possible, just don’t enter it at all.
  
• Use a tracker blocker. These apps keep advertising cookies and other trackers from following you between websites. Most ad-block apps also block trackers. uBlock Origin, AdBlock and Windscribe ROBERT are all good choices.
  
• Use a VPN. A VPN masks your IP address, which — along with marking out your identity online — can be used to divine your physical location. It also encrypts your browsing requests and even hides you from your internet service provider (ISPs often sell your data to advertisers). The best VPNs include ExpressVPN, NordVPN and Surfshark.
  
• Avoid downloading from app stores. Apps frequently come bundled with software that harvests your information and feeds it back to the parent company. EFF recommends using the web versions of the apps instead to stay safe.

You can take almost all of the above measures without spending a dime. There are free ad blockers, free VPNs, free encrypted email accounts, free search engine alternatives and more. The only limit is how far you’re willing to go to defend your online privacy.

Conclusion: Big Tech Companies and Your Data

If you’ve read this whole article, you may have concluded that I’m not a fan of Big Tech. That’s entirely correct. The internet could have brought the world together and ushered in a new Age of Enlightenment. Instead, five monosyllabic-named men divided it into their own personal fiefdoms.

But if there’s one thing I’ll never lose faith in, it’s the power of people. Regular folks everywhere are making the choice to stand up for their own safety, security and privacy. Are you ready to be one of them?

As always, I’d love to see your thoughts in the comments. Thanks for reading!