In February of last year, the European Consumer Organisation, or BEUC, representing 45 consumer groups, accused Meta of taking users’ data to identify key psychological markers, such as their susceptibility to addiction and their emotional state, to share with advertisers. 

“With its illegal practices, Meta fuels the surveillance-based ads system which tracks consumers online and gathers vast amounts of personal data for the purpose of showing them adverts,” the BEUC said in a statement.

However, data aren’t just being collected to share with advertisers. They are now also being used to share with authorities. 

Here are three ways that consumers’ data are being collected and used that you might not know about.  

Electric vehicle charging stations

Las Vegas police and federal authorities relied on electric vehicle charging stations to track the movements of active-duty solider Matthew Alan Livelsberger, the man behind the Tesla Cybertruck explosion on New Year’s Day. Authorities were able to calculate the exact date and time that Livelsberger stopped at electric vehicle charging stations.

Electric vehicle charging stations are always online and run software that interacts with a consumer’s payment information and stores the driver’s identity. Stations have been subjected to hacking — in 2022, a Russian charging station was hacked to display lewd adult content.

“As EV charging becomes more widespread, they will become appealing targets to more sophisticated hacking groups,” Hooman Shahidi, the CEO of EVPassport, a charging network provider, told DarkReading.com. “Providers need to think of their products as critical infrastructure and a critical component of our national security.”

The charging stations are part of an Internet of Things, which consists of a network of devices connected to the internet and communicating with each other.

Elias Bou-Harb, a computer scientist with Louisiana State University, told DarkReading.com that there are many vulnerabilities in the charging stations that still need to be addressed.

“What is particularly alarming is that some well-known protective measures haven’t been implemented by most of the vendors and that few of them have taken steps to improve their security even after we identified these weaknesses,” she said.

Flashlight apps

Free apps that offer basic functions, such as a flashlight, have been found to collect personal data, just like Facebook and Instagram.

“Free flashlight apps are often of high cybersecurity risks,” Harold Li, vice president of ExpressVPN, told Reader’s Digest. “Many of these apps are free but ad-supported, and they often request permissions, such as audio recording and contact information, to apparently function properly. When users install these apps, they risk sharing their personal data with app developers who monetize the data by selling them to advertisers.”

He recommends that these free utility apps be removed entirely from phones.

Public Wi-Fi

Restaurants, coffee shops, and stores will often offer patrons access to connect to their Wi-Fi, but by joining the public network, they can gain access to patrons’ phone browsing history. This could be of interest to a retailer to see if one is checking the products and particularly what products of a competitor while inside the store.

Retailers also use consumers’ Wi-Fi access to generate heat maps, which tell them which parts of the store are getting the most traffic from customers.