Absolutely not. Pseudo-anoymous can still be traced back with the right correlations.

It should just be illegal to use customer data unless they explicitly agree.

It's not even about harm. It's about having a right to privacy.

And this is not some computer games we're talking about. It's our whole lives.

Ad Tech measurement companies can absolutely attribute purchase behavior back to a specific individual. Having worked in this space, banks sell data with an "anonymous" ID that's correlated back to an identity graph provided by a company like LiveRamp. Usually this is then used to determine whether a specific individual who viewed a advertisement (as determined by probabalistic (ip address, session id, or similar) or deterministic data (device id, account login) about an individual) has actually been "converted" to make a purchase. These data sets are not "deidentified" or "anonymized" as many of them claim, and "data clean rooms" advertised by many ad tech vendors are a good privacy aid, but are not nearly sufficient to protect vulnerable populations.

Yes.

But perhaps go further?

> It should just be illegal to use customer data unless they explicitly agree.

Should you be able to use customers data for any purpose whatsoever except in the delivery of goods and services that define your business?

There are edge cases, of course. But it is not edge cases that matter.

Giving permission is problematic. How do you know if you have genuine permission?

Her in New Zealand I think (IANAL) that if the other side of a major contract (like a house purchase) does not get independent legal advice then it is very difficult to enforce the contract in any way other that buy/sell.

Other conditions, idiosyncratic ones, cannot be enforced.

Not every anonymization can be undone. It depends on how it's done.

And customers already explicitly agree. They just don't read the terms when they sign up or value having a credit card more than that level of privacy.

It's not like people have a choice. At least where I live a lot of places don't take cash anymore.

Then we all should vote for a new net neutrality because until internet is a utility, you agree to a terms of service that is hostile towards privacy.

All transactions on most crypto networks are pseudo anonymous and publicly accessible.

>You can go to SteamDB.info and learn a lot about millions of people based on what games they buy. It's a psuedo-anonymous per-user purchase history. Here's mine: https://steamdb.info/calculator/76561197975362423/?cc=us . You can look up basically anyone on Steam, and even do advanced math on all of it. It's been going on for at least a decade.

can't you opt out by making your profile private?

Sure, but if you game this out, it still comes down to whether or not your opinion is that this data should be public. That Steam's methodology happens to be opt-out sharing - in other words their opinion is it should be shared, because people don't change defaults - doesn't change that there haven't been any known major harms and many major benefits, especially in the opinions of game developers.

Never seen what gamedevs think of it, you remember what they think of this data?

Note that you can set this data to private - I can't see my steam data on this site...

Yes you can. This is just steamdb processing data that is already public.

> Would the EFF feel any differently if the data were pseudo-anonymous and open to everyone?

I think having data visibly public and open to everyone is a lot better than having it seemingly private and quietly selling it.

> Have there been consequences or harms? I mean maybe in some isolated case I can imagine it.

There have definitely been people getting outed against their will because they didn't realise their play history was visible. I'd be amazed if there wasn't at least one case where someone has been attacked as a result.

Good point. The sticky point is privacy protection. Would you be ok with every single transaction you make being public? Even if so, many would not be.

Selling/sharing depersonalized data is hard to find fault with.

Is it objectively true in general that default sharing transaction-level credit card data - in other words, I can see a (pseudo) anonymous "user ID" column in a table of transactions - benefits all of us more than default privacy? In my estimation yes, but this is a complex question.

My point is that the EFF spends no time investigating this in a serious way at all. We live the reality I'm describing with Steam, which is millions of people, it's been going on for a long time, it's conceivable that even broader categories of transaction data may be prisoner-dilemma-style valuable to share. I just wish the EFF would engage with that 1 iota. Otherwise they are just another opinion in a sea of brand-and-celebrity posters.

No, they’re taking a clip of every sale and if I want to pay by card (which is increasingly becoming the only medium) I must choose them or VISA who I assume are just as bad.

pseudo-anonymous can be de-anonymized. This would be terrible to be public.