In theory you’re already paying the merchant fee in the “price”. So merchant found a way to improve margins and credit card companies found a new revenue source
Or phrased less inflammatory manner: "Corporations can enter into contracts and engage in legal action just like people can". Even the much maligned Citizens United v. FEC basically boils down to "groups of people (corporations or labor unions) don't lose first amendment protections just because they decided to group up".
Except not everyone in a corporation has the right to speech. I'm prohibited by my employer to say anything on the company's behalf, but the C-suite and board are able to speak on my behalf. So, the company's leadership has a right to free speech, I don't.
You still have that right; you simply entered into a voluntary agreement with your employer not to exercise it in exchange for money. Happens all the time.
Let's bring back indentured servitude, you have a right to not be a slave but you should still be able to enter into a voluntary agreement not to exercise that right.
That’s a facetious reply and you know it. Agreeing not to say certain things is practically a universal requirement of employment, for example, to preserve trade secrets. And indentured servitude is illegal.
That's just life. Modern society obligates us to do things like feed, clothe, and house ourselves; they aren't just going to result because you exist. Getting a job is an sacrifice we make to fulfill those other basic obligations.
To discuss further would require us to go into the rabbit hole to debate whether capitalism is the right structure for society, but so far, everything else that's been tried has been worse.
>Except not everyone in a corporation has the right to speech. I'm prohibited by my employer to say anything on the company's behalf,
Yeah, that's how organizations typically work? You might have "freedom of movement", but that doesn't mean you can work in your CEO's office. Organizations also limit who has access to its bank accounts, but that doesn't mean it's suddenly illegitimate for companies to engage in transactions.
It makes me wonder, if everyone 'owned' their own data, I wonder if it could be used as a form of UBI. Everyone has data from using services, everyone owns it, everyone can sell it to make a living just doing whatever they are doing everyday.
This is only just a shower thought I had the other day though, there are probably many pitfalls when it comes to such an idea.
Unlikely. I'd think the most valuable data is generally the type that can be used to extract money from you. Targeted ads and such. So, your data's value would increase in proportion with your spending power.
I don't support UBI but that's a fascinating idea. Unfortunately the data is worth micropennies in the individual, so only worth something in aggregate, like a class action settlement where you end up with a cheque for $0.34 for damages which makes it not even worth your time, it'd only be good as the backdrop for a science fiction novel or as an experiment by a YouTube video by a well known creator to see how little money it would make. I would read the hell out of that book and watch that video tho!
Connecting information to that kind of personal gains sounds dangerous. There is probably non-negligible abuse potential, like college kids legally printing money at weird scale.
You will never generate enough money from information about your consumption to fund your consumption. Obviously there's other data, but you get the point.
UBI isn’t meant to fully fund consumption. It’s “basic” income such as rent or groceries. I will accept that consumption data doesn’t cover consumption and that the value is already priced in but I don’t accept that it has no value or that UBI is meant as complete income replacement.
Honestly the path to "UBI" is probably just socialized/subsidized basic needs.
Build masses of government housing, make a healthcare public option with sliding-scale costs, and you're 90% of the way there - food and decent low-end broadband are frankly already cheap enough for the government to cover with maybe some "Don't gouge Uncle Sam or else" clauses and that's about everything.
IDK, I think almost all interesting data has no obvious single owner, because it gets created as a side effect of an interaction between two or more parties.
Take the transaction information from example above. The record of you buying products X, Y, Z for total t=x+y+z at time T, with card C - both you and the store could argue they're entitled to it. It's about you and money you spent and products you received, but it's also about them and the money they received and the products that were taken off their inventory. Then the card issuer will interject saying, "hey, the customer uses a card we provide as a service, so we're at least entitled to know which card was use to pay, to whom, when, an what the total amount was!". Then both yours and stores' banks will chime in, and behind them, also the POS terminal provider.
Truth is, they all have a point. We like to think that paying for groceries with our watch is like a medieval peasant paying for fruit with metal coins at a town market. It's not. Electronic payments always involve multiple steps handled automatically, in the background, by half a dozen service providers linked by their own contracts and with their own legal reporting requirements, and each of them really do need to know at least some details about the payment they're participating in.
A simpler example: this comment. It's obviously mine. It's also a response to you, and it only makes sense in context of the whole subthread. Should anyone reply to it, they'll gain a stake in it, too - and then, arguably, everyone following this discussion have a right to read it, now and in the future. After I hit the "Reply" button, I can't in good conscience claim this comment is mine and only mine. This is why I'm personally against the practice of unilaterally mass-deleting of comments on open discussion boards, like e.g. plenty of people do on Reddit, forever ruining useful discussions for the public.
(It's also why I like HN's approach to GDPR, which is, you can get your account disassociated from your comments, and you can request potentially identifying content be removed, but the site won't just mass-delete your comments automatically.)
This is fairly easily answered through legislation like the GDPR which classes this data as personal data if it’s associated with an identified or identifiable person.
A legislative body writing something down doesn’t mean society has agreed to it.
If someone journals and writes down everyone they met with locations and dates, they will laugh you out of the room if you tell them they are violating GDPR.
This also leads to stupid shit like people not being sure if they can point a camera at their driveway to catch vehicle break-ins.
Finally, classifying something as “personal data” because it’s about me still doesn’t make it “my data”.
Health data in the US is strictly regulated, very personal, but is definitely not mine. I cannot remove things from it or prevent it from being shared between healthcare institutions.
Is there any documentation on this to read further? I.e. what the different levels contain and how much on average is the cost reduction for the merchant.
The cost reduction is very small, it’s applied to interchange fees. I’ve been directly responsible for implementing this functionality on payment gateways for multiple processors because it helps reduce fraud holds as well.
Separate question, what are your ethics around the surveillance of Americans' economic activities by private actors? What "rights" are relevant in this space and which do you subscribe to?
I'm not going to debate you about anything, I just don't get the chance to ask insiders any of these questions.
My ethics are “this is unequivocally wrong without consent”.
Thankfully my work was on payment products that serviced businesses and government entities, so I did not really have to deal with that moral quandary.
However it gets muddier in other spaces as well. There are types of cards, like HSA/FSA that require something similar to level 3 data called IIAS that is used to determine what parts of your purchase are eligible. In the parts of the systems I have worked with, this is covered by HIPAA, but I have no idea if there are “clever” methods to sneak that data out of the chain elsewhere.
That just sounds like a standard cross-merchant loyalty program? I don't think there are many examples in the US, but once you realize it's a loyalty program you really shouldn't be surprised that they're tracking your purchase history. That's basically the entire premise.
In Germany, the major cross-merchant loyalty program Payback gives you one or two rounds of extra consent choices about the tracking, and the type we see here is absolutely not mandatory for participating. It does of course let them give you more personalized and useful coupons, but one can participate while declining that permission.
So called loyalty programs should be illegal on multiple fronts,
- Privacy: There's obvious tracking of purchasing trends. This derails into selling user data to everyone that makes people increasingly easy to track.
- Customer-dependent pricing / Price-discrimination: This is awful for economy, in econ 101 you learn that business want to charge each customer as much as they are willing to pay, but this differentiated pricing is just getting their hands into everyone's pockets.The free market principles rely on perfect knowledge, and every step made to make pricing harder is an attack against self market regulation.
Price discrimination is not a priori bad. A fixed price with enough margin to support the business may be too high for price sensitive consumers. If you can charge more to less price sensitive consumers, you can, at the margin, make a little bit on these price sensitive consumers, and overall everyone is better off - more consumers are satisfied and their marginal willingness to consume a unit of the thing being sold is more equalized.
Yes, this is the reason why it's sort of illegal, but done anyways.
Honestly, beyond paying fewer fees on the bus as a kid, I'm pretty sure I'm being scammed everytime I experience price discrimination.
I feel it's easier to make it illegal and give away reasonable credits to all consumers. I wouldn't discriminate in credits either, I'd rather have public transportation being free for all than claim to save money that society needs to spend anyway.
It doesn't help that lying about the price at any point just makes accounting harder, and creates space for wrong, uncompetitive pricing, or awful deals that would hurt business and society in the longer term anyway.
pricing is all made up to begin with though. your can't take the cost to make an item, add a reasonable amount of profit and that's the "real" price. that's just not the reality of running a successful business. human psychology is far too complicated.
at the end of the day, prices are just a number you make up, and hopefully it's a big enough number that your stay in business. hopefully it's a big enough number that you get rich. but sometimes it's a fire sale and you just end up owing less money to your vendors.
> at the end of the day, prices are just a number you make up, and hopefully it's a big enough number that your stay in business.
The only requirement is to make up a single for all your customers that are getting the same thing back. It'll be made up and account for business factors like risks, profits, etc.
I don't think everyone is better off, at best the "less price sensitive" is unaffected. But then you have to have have some way of stopping arbitrage via the customers paying the lower price through some sort of identity checks or restrictions. I think that's an unavoidable negative outcome and it's not clear that it would always be outweighed by allowing more people to consume the product.
There are ways to adequately approximate that kind of price discrimination without detailed tracking though, like giving discounts to students, seniors, and people receiving various kinds of welfare benefit upon showing proof of status.
Yeah it isn’t as accurate as the privacy-invasive kind of tracking, since students and seniors can be wealthy and eligibility for welfare benefits doesn’t always consider assets or gifts from well-off family. But it’s accurate enough to give the economy most of the same benefit without the privacy downside.
I do think it’s fine for people to opt in to more tracking as a separate consent choice beyond merely participating in a loyalty program, for example to get more personalized and therefore more useful offers, but not as a condition of participation to merely receive at least standard offers and accumulate points. That’s how they generally work in Germany.
>I do think it’s fine for people to opt in to more tracking as a separate consent choice beyond merely participating in a loyalty program, for example to get more personalized and therefore more useful offers, but not as a condition of participation to merely receive at least standard offers and accumulate points. That’s how they generally work in Germany.
Sounds like that'll push retailers to switch from a system where they give points/discounts to everyone, to one where points/discounts are "targeted", which of course requires opting into tracking. Like I said before, the whole premise of loyalty programs is that you're being tracked in exchange for rewards. You really can't expect to have your cake (discounts) and eat it too (not being tracked).
my grandmother collected green stamps from the grocery store, which she saved for food discounts.. I don't think that there was any customer ID involved at all..
honestly, describing pervasive tracking of purchasing associated with govt ID as "normal" is .. its a sickness and parts of it are illegal now. It is not required or "normal" at all, from this view
> Sounds like that'll push retailers to switch from a system where they give points/discounts to everyone, to one where points/discounts are "targeted", which of course requires opting into tracking. Like I said before, the whole premise of loyalty programs is that you're being tracked in exchange for rewards. You really can't expect to have your cake (discounts) and eat it too (not being tracked).
As I said, in Germany you can indeed have your cake and eat it too in this regard, if you’re okay with the offers you receive being less targeted and therefore less appealing.
My understanding is that GDPR requires them to offer the option to decline the personalized targeting without being blocked from participation overall, and this is probably the same anywhere in the EU. But I don’t have personal experience with this in other EU countries and could be misunderstanding.
>As I said, in Germany you can indeed have your cake and eat it too in this regard, if you’re okay with the offers you receive being less targeted and therefore less appealing.
The "cake" in this case refers to the offers you had before GDPR came into effect and/or regulators started enforcing it. They might give opt-out people some token offers to appease regulators, but I doubt it'll be anywhere close to the offers they had before.
> They might give opt-out people some token offers to appease regulators
It’s not an opt-out situation. As per GDPR requirements, these programs have a specific opt-in prompt for personalized targeting, separate from the one which is for generally collecting and redeeming points as a member, and it’s not pre-chosen by default.
I think one can assume that many people will decline to opt in, especially in a culturally privacy-focused country like modern Germany and since not opting in is far behaviorally common than explicitly opting out, but also that many others will knowingly consent in exchange for the benefits. So I think they would generally want to give decent offers to both categories of people, since the non-consent group is large enough to matter. Of course the personalized ones would be better, otherwise nobody would want to give that consent.
Myself, I’ve consented to some but not all of the personalized targeting and information sharing from the loyalty programs I participate in here, after reading the descriptions of the requested consents in detail and making a conscious choice. In at least one case I converted a no to a yes after thinking about it longer. It’s good to have that transparency and control, and not to have the legalese surreptitiously remove your right to sue the store should that become necessary as is common in the US (forced arbitration is generally illegal here in B2C agreements).
As for the rest of your most recent comment, I wouldn’t know; I didn’t ever live in Europe before the GDPR.
It's the normal term, in that it has been normalized as such. But it is otherwise not accurate except in the barest, most monetaristically self-fulfilling-prophecy way.
I believe that's opt-in. At least it seemed to be when my landlord switched to Bilt.
There's a section of your Bilt profile that shows your other credit cards and whether you want them linked. It's pretty freaky to see them listed in the first place.
I definitely keep them off.
Bilt is ultimately a big points/reward program though, so you might get points for having them connected.
I still haven't figured out exactly what Bilt's business plan is, but the main part seems to be trying to get as much financial data on people as possible, and partnering with landlords to do so, and since it's how to pay your rent you can't unenroll completely. (Unless you maybe mail your landlord a paper check?)
It was initially opt in for me, then they made it mandatory.
(Sure, I could pay by check but consumer banking technology/US in the US already feels like is is lagging a decade behind other countries without voluntarily going further back. Paying by check every month would be quite inconvenient.)
I'd already decided to avoid bilt as much as possible, but reading this thread prompted me to try going a little further.
> Request to Know... The specific pieces of Personal Information we collected about you.
> You have the right to opt-out from having your Personal Information and Sensitive Personal Information sold to third parties. You also have the right to opt-out from having your Personal Information and Sensitive Personal Information shared with third parties for purposes of cross-contextual advertising
I’ve had to deal with Bilt [0]. In case you’re not aware, they have a “feature” called Instant Link that automatically pulls ALL of your personal and sensitive financial data from financial institutions, including your credit card accounts, balances, etc. They apparently do this via a partnership with a company called Method Financial [1].
It’s frankly the most intrusive thing I’ve ever encountered in any software I’ve ever used—I’m not sure how it’s even legal, but this is America where we have no real privacy rights.
Instead of giving you the option to opt in for them to get this level of access, they automatically enroll you into it when your account is created, pull your data, and then allow you to “opt out” afterward, which enables them to have access to your personal and sensitive financial data anyway. And since you literally must have an account with them if your building uses their services for rent payments, they’ve effectively rigged the system to force millions of folks to unknowingly give them access to their personal and sensitive financial data.
Anyway, in your Bilt privacy settings, there are some options you can disable (including Instant Link), and I recommend that you disable ALL of them, although given the dark practices of this company, I don’t even trust that those settings are actually honored.
Side note: Did you know about a company called Method Financial that somehow has real-time access to ALL of your personal and sensitive financial data? Did you know that this company you never heard of that has said access then sells that access to the highest bidder? Do you remember agreeing to any of that anywhere? Yeah, me neither (on all counts)…
Thanks for the heads up. Luckily I can go back to analog with certified funds to pay rent. I suspect, without evidence, this is due to the relatively strong tenant protections in Chicago.
You might want to discover about sophistication and pervasive facial recognition technology used by major retailers. Paid by cash? It can still be tracked to you. For "fraud prevention", of course.
>Paid by cash? It can still be tracked to you. For "fraud prevention", of course.
They can already track you through your phone and/or credit cards. Why bother setting up a massive facial recognition system for people paying with cash when they only account for 10% (or whatever) of overall shoppers, and have less disposable income than average?
Word of mouth: retailers in China have been using face recognition technologies to identify key customers so that they can be greater by name when delivered their favorite drink upon entering the premises.
The trouble with "word of mouth" is that you can't tell whether something is actually real, or vaporware that some account executive dreamed up to close a deal.
I agree, which is why I qualified it. I was working at a retailer, building it's cloud systems at the time. It was told to me by a colleague who claimed to be told that by a peer from China at a conference.
Facial recognition on a small corpus of known faces (what everyone experiences on Facebook, their phones, etc) is an easy problem.
Walmart picking up a face walking into a store and matching it against 30 million possibilities is going to return so many false positive matches it’s going to be completely useless.
Facial recognition is illegal where I live, both for gov't and commercial uses. Several major cities in the US have banned it (e.g., San Francisco, Boston, etc.).
I'm assuming you're using your Bilt card when this happens.
Your Bilt agreement stipulates how itemized transaction data (level 3 in payment terms, with level 2 being "enriched" with subtotals/tax and merchant information- which is what you typically see with your normal bank)
Card networks (Mastercard, VISA) have different fee structures that incentivize more detailed information like level 3 for lower processing fees for merchants - here's more details on levels https://na-gateway.mastercard.com/api/documentation/integrat...
What's most interesting to me about that is that they are willing to disclose that data to your email provider. Amazon, for example, is pretty cagey about what you've bought when sending emails, probably because they don't want Google to be able to use that information to target ads to you. (Not because they are Good and care about your privacy, but because they think they're going to beat Google at advertising. How's that going?)
So yeah, I don't get why they would do this. It gives their advertising competitors valuable data for free, and it pisses off customers by telling them that they're being tracked when they shop at Walgreens. Strange stuff.
Oh, here I thought it was because every time I want to remember info about an order, it forces me back to their platform, rather than simply searching my email like I do for every other item I've ever purchased.
Loyalty cards are one avenue for data brokers to get your purchase history. Credit cards can also sell your purchase data. Currently the only safe-ish way to be anonymous is with cash. That may disappear with pervasive face recognition and cell phone tracking.
What’s most strange to me is why this Bilt company would pay for that data feed and somehow think it provides some value to you. It’s obviously just creepy way of saying we know too much about you
Unfortunately the GDPR is largely toothless if a company without an EU presence chooses to ignore it.
I live in Ireland and my data is in the databases of several US data brokers. Thise conpanies can't be forced to to comply with the GDPR because they simply do not have an EU presence. You don't have to search far to find stories from people people who made complaints to their local Data Protection office about such issues only to be told there's nothing that can be done.
HN rants about it because it’s not a good solution. It identified a problem but caused an idiotic fallout (cookie banners) and failed to actually put in a framework to enforce that companies aren’t just lying.
> failed to actually put in a framework to enforce that companies aren’t just lying.
That's not true. I work in an European company and we were contacted by the agency to give a complete list of partners that we use, reasons for why it is justified, which routines we have for deleting old data etc.
I guess in theory we could have lied and made up data, but only an idiot would risk lying to the government. Everyone at my company took it seriusly and tried to provide as accurate data as possible. There were also several follow up questions that had to be answered.
The mindset of lying to the government to "protect" your employer seems so far fetched. Why should an employee lie to the government? If it turns out that the company was in violation of GDPR the worst case scenario for the company is a fine. If the government finds out you are lying, the employee faces jail time. The trade-off is simply not worth it.
Maybe it's easier to lie to the government in some countries, but not in my country. The government agencies actually checks and verifies your claims.
The lie doesn’t have to be intentional. All it takes is a really simple accidental debug logging flag to collect what amounts to a GDPR violation.
The point is that no effort was made to implement a technical solution to protect privacy. So it’s upsettingly trivial to violate the GDPR unknowingly and any company that is even a little unscrupulous (of which there are hundreds) can easily ignore the law.
> The point is that no effort was made to implement a technical solution to protect privacy.
And you want the government to do that?
Why haven't the companies who at every turn shout how privacy conscious they are haven't done that?
It's now been 8 years of GDPR. Why hasn't the world's largest advertising company incidentally owning the world's most popular browser implemented a technical solution for tracking and cookie banners in the browser? Oh wait...
Yes, it’s their job. Building codes have technical specifications and don’t allow people to opt out. Airspace is very tightly regulated with technical specifications.
> Why hasn't the world's largest advertising company incidentally owning the world's most popular browser implemented a technical solution for tracking and cookie banners in the browser? Oh wait...
Because the government is the thing that is supposed to produce useful regulations, not an advertising company.
GDPR is like trying to solve smog by passing a law that says people can opt out of smog by staying out of the city. No regulations to actually reduce smog.
This happened to me with square (block). I bought furniture, and they used square and required my email address for delivery. And then after that, anywhere I used square to pay for something using the same card, they would email me a receipt. I complained and they played dumb and never did anything.
This literally just happened to me last week. I emailed them to ask them how to stop this:
> I understand you want to opt out of all points and rewards and not be tracked.
>
> We're constantly working to make Bilt as rewarding as possible. Currently, we don't have an option to opt out of points or rewards. To prevent your transactions from being tracked, the most effective step is to unlink your card from your Bilt account.
>
> To unlink the card:
>
> Go to the Wallet tab > Scroll down to the Your Linked Cards section.
> Look for the card you would like to unlink and tap View all benefits.
> Click the ellipsis [:] on the top right, then tap Edit > Unlink.
Gah, I hate this service and will avoid renting on buildings that use it in the future.
Hopefully exclude? By whom? At some point, somebody has to decide it was sensitive, by what standards? Does Bilt decide to not use it after they were already sold the data? Does the aggregator after already been sold it by the harvesting seller? Does the harvesting app reduce the appeal of their data by deliberately excluding the data? Does the harvesting app care to spend the money on doing that?
That's what I do, but I assume some stores like Target also track you by Bluetooth, facial recognition, etc, and can correlate any past or future cash purchases if you use your credit card once for maybe a large innocuous purchase.
What if landlords could reach their grubby hands into the data firehose their tenants spew out? I can save 5% on some useless shit at X store, you say? Sign me up!
Bilt as a concept is the biggest pile of late stage enshittification horse shit I’ve ever seen.
My rent is paid through a company called Bilt.
I discovered that when I shop at Walgreens now, Bilt sends me an email containing the full receipt of what I bought like so:
Ostensibly (hopefully) it would exclude sensitive items, plan B, condoms, etc...I'm curious how this data flows from Walgreens to my rent company, but maybe I'd rather not know and just use cash/certified check from now on.