Just curious, how do sites delete data from backups? If I were a member of a site for say 5 years, do they have some process to delete my information from a backup taken months (or years) ago? Or is it just delete from the db, so backups from now on don't contain the info?
It is a little disconcerting that a website that purports to enhance your cognitive abilities (implying they can can measure your current abilities) also won't agree to keep that data private.
But, alas, in today's market, this is completely unsurprising.
I did particularly like this line at the end (unrelated to the issue at hand, instead in a section questioning Lumosity's effectiveness):
"Disclaimer: I am not a neuroscientist. But I do know statistics."
A little tangential but an important fact nonetheless: there is zero evidence that doing 'puzzles' improves cognition.
In fact, there is a mountain of evidence (and growing every day) which shows that you can improve your brain health by getting up from your chair and doing any sort of physical activity.
Even getting up and lifting one leg leaving your to balance your weight on the other does more for your brain than sitting down and doing a mental puzzle or cross-word, etc.
I highly recommend reading "Brain that changes itself" by Norman Doidge. I have no idea how good lumosity games really are, but you can improve your cognition doing such "puzzles" if they are designed well.
>'Which basically translates to: We share all the data we want with whoever we want as long as it helps us. For instance, it clearly «assists» Lumosity to share the data on my skills to a paying recruitment agency or university.'
I think the most profitable use of this data wouldn't be selling to recruiters, but perhaps to note that Mary and Ben are 67, married and Mary's performance on the exercises suggests accelerating dementia.
Medical practices, particularly questionable ones [1] would froth at the mouth to have a lead on a guy who's ready to spend anything to have his wife back. Insurance companies probably wouldn't mind a peek either.
As Lumosity makes all claps clear in the TOS [2] they're not a medical service so I wouldn't imagine they'd be bound by any of the protections which apply to actual medical records.
I don't actually agree that it would be especially profitable to sell this data to recruiters. Either way, let's be careful about speculating about what they could probably get away with versus things they've actually done.
>'Either way, let's be careful about speculating about what they could probably get away with versus things they've actually done.'
I don't follow.
Once you have factual information about what has been done it's no longer speculation.
Lumosity isn't going to come out and tell the world exactly how they process and/or sell user data any more than Walmart or Google is.
In practice, such business process information is only ever revealed in court, so all we'll ever have is speculation and logic plus the typically vague, permissive privacy policy terms which gave shape to it.
Just trying to temper the mob mentality. Most businesses could (read: could probably get away with) selling your personal data. But that doesn't mean they do. There is no market for e.g. what types of stories you read on a news site. People also tend to overestimate the value of their data. Postal mailing addresses are worth a bit. Email addresses a lot less. Your luminosity score, I would imagine, is almost worthless to anyone besides luminosity and perhaps a direct competitor.
They have recently added the ability to completely delete PII (personally identifiable information) from their entire site, logs, etc, to conform to US COPPA (Children's Online Privacy Protection) laws. Since they store things like date of birth when you sign up, so that you can compare yourself to others in your age group, when they turned on the features to comply with COPPA, they had to encrypt and scrub a host of historical data to be in compliance. Emails, names, etc.
Now, it's possible that the "delete account" button disappears when you purchase (I don't know?), but that's why they have customer service who have that ability. It may just be a customer retention or security policy to require a human interfering to start the deletion process.
Additionally, at present, if you read their blogs, and the HCP site, you will see that they use your data, without PII, to be part of larger research studies to determine cognitive abilities of people of all walks of life. Researchers use the platform for studies, and can compare active participants against years of historical data in Lumosity's database.
Is this essentially gamification of getting (and selling) users private information?
Mental performance information is as private as it gets.
While this post is from years ago, it is very relevant today; Lumosity has been incessantly advertising through NPR and I was actually thinking looking into them.
I had hopes that perhaps this is for pay app and was considering how to handle app privacy. Clearly not going to happen.
Perhaps they just didn't take the time to make a proper Delete Account feature. With relational data, it can be non-trivial to scrub out all traces of a given entity. There are tricky decisions to make about what cascading effects such a delete should have. An easier approach is to "soft delete" by marking the account as inactive.
I had no idea Lumosity was that old. I assumed it was a recent fad in the past year or so... at least that's when I first heard of it because of all the ads.
this is a likely side effect of selling user data to data brokers or data co-ops, where companies sell individual user data to a larger user database that's accessible to all companies in the co-op or that pay for the data broker's services.
an interesting case of 'who owns what' in terms of user data. You created the data - does that mean you own it? does it mean you should have a right to delete all record of you or that data for a service?
