The secret ecosystem of my personal data is being prepared

Recently in the last public service internet note, I posted…

The secret ecosystem of personal data is being unfolded

Ian thinks: People are having fun with this right now, wonder how many people will actually request their data? I put my request in a few days ago, will you?

I sent my requests off a few days following my GDPR dating data template. I’ve had quite a few replies from Sift in the last few weeks.

Starting with this one a day after my formal GDPR request

Thank you for reaching out to Sift. Due to recent press coverage, we are experiencing a high volume of data access requests. We are scaling our operations to accommodate all requests and appreciate your patience. Please expect a followup email to help us verify your identity so that your data does not fall into the wrong hands. Separately, we’ve answered a few commonly asked questions below.

What does Sift do?
Sift provides fraud prevention services to online businesses, e.g. e-commerce. Our goal is to make the internet a safer place so that businesses and their users (like you) don’t have to worry about fraud. You can learn more about our mission here.

We only use your data to provide fraud prevention services to our customers – we do not sell, share, or use your data for any other purpose. For more details about how our service works and what types of data we process, please see our Service Privacy Notice.

How may I access the data that Sift processes about me?
In order to process your data access request, we need to verify your identity to ensure that we are sharing your data with you and not a fraudster impersonating you. As unlikely as that sounds, it happens more often than you’d expect. Please expect a followup email with instructions on how to verify your identity.

How soon will Sift process my request?
Once we verify your identity, we will honor all requests under the European Union (EU) General Data Protection Regulation (GDPR) within ninety (90) days per Article 12(3) of the GDPR for verified EU citizens only. Please note we are extending this period by sixty (60) days due to the high volume of requests.

All other requests, including those from the United States, will take more time. We thank you for your patience as we must give priority to those requests for which our timely response is legally required.

Can you provide my score?
If you have requested your “Sift Score” or other type of consumer score, we’d like to clarify that Sift does not have a “Sift Score” for you (or any user) because we don’t score users; we score user interactions on a specific website for a specific type of fraud. We calculate the likelihood of whether actions you have taken on a Sift customer site are associated with specific types of fraud. The actions we analyze depends on the particular Sift product our customer uses.

However, these interactions do not add up into a single Sift Score about you. A single score is not an effective way of assessing fraud. Instead, the best way to predict fraud and provide users like you the best possible experience is to analyze each specific interaction. For more information on scores, please read our blog post here.

And then a few days later…

Thank you for contacting Sift support! We received your email and typically respond within one business day for questions related to Sift’s suite of products. In the meantime, you can browse our Help Center for answers to some common questions: https://support.sift.com/hc/en-us

Best,

The Sift Support Team

Finally I got the email to verify my identity, which needed to be done within 14 days of the email with a unique link. Which I needed to type in my phone number for the service to then send another unique link to my phone.

Verification is done via a 3rd party service called Berbix inc, and required me to scan my driving license or passport then a selfie and the site tells you to strike a pose and take a selfie (prove its not just a photo). Its all done on the phone using chrome browser rather than an app (thankfully). I had a read of their privacy policy of course and Sift’s.

Now I’m looking forward to seeing what they send me back…

Author: Ianforrester

Senior firestarter at BBC R&D, emergent technology expert and serial social geek event organiser. Can be found at cubicgarden@mas.to, cubicgarden@twit.social and cubicgarden@blacktwitter.io