Moneysupermaket, GCHQ, and Our Perplexing Attitude to Privacy

Moneysupermaket, GCHQ, and Our Perplexing Attitude to Privacy

GCHQ’s homepage, today. The reason for mentioning the UK’s signals-intelligence agency may not be immediately clear, but bear with me…

The announcement last week of annual financial results for a price-comparison website might not appear to have anything to do with signals-intelligence or national security. But a plan unveiled to accompany’s 2013 results – or, more specifically, the lack of any kind of public response to it – speaks to one of the key issues facing governments and their security agencies in the digital age.

Moneysupermarket is already Britain’s biggest price-comparison website, and in 2013, the company saw revenues rise 10 per cent to a shade over £250m. Growth so far this year is lower, but the FSTE 250-listed business needs shareholder sentiment to stay on the sunny side, so its chief executive, Peter Plumb, chose the release of the figures as the occasion to unveil a big new plan. Moneysupermarket thinks it can increase income and boost its business by interrogating its massive customer database and selling information about national spending plans and trends to the businesses it currently charges for referrals.

The sums may seem relatively modest – the firm reckons it will generate £10m from selling cutomer data to insurance companies during 2014 – but the theory is sound. Moneysupermarket claims its database includes information on upwards of a third of the population of the UK – information that goes beyond what can be acquired from public records, and digs down deep into the mindsets and motivations of an unprecedentedly broad swathe of the nation. They’re not proposing to sell identifiable personal data – what’s on offer isn’t names, email addresses or phone numbers, but the aggregated patterns that could help other businesses assess what marketing plans are working. Moneysupermarket isn’t going to tell them that Dave in Solihull has just been on the site looking at home-loan rates, but it thinks they’ll be keen to know how often ABC1s in the West Midlands think about remortgaging.

What’s striking here isn’t Moneysupermarket’s vision and imagination, or the fact that a market for such information is buoyant enough to be identified as an important new revenue stream by a successful internet company. It’s that aggregated metadata can be advertised and traded openly, with only passing mention made of anonymisation and privacy concerns, and that nobody seems to care.

For the past year, information-security and privacy have driven the public debate over the internet. The surveillance programmes outlined in information leaked by former Booz Allen Hamilton contractor Edward Snowden have ignited a firestorm around the globe, as privacy activists and those who believe the state has no business snooping on our web-browsing habits condemn GCHQ. The botched introduction of the NHS digital information-sharing programme has had questions over the anonymity of Britons’ health records asked in Parliament. Yet here’s a commercial entity, openly touting a comprehensive database, built by interrogating the most intimate and personal financial information gleaned from one in three people in the country – and nobody is batting an eyelid.

To be clear: Moneysupermarket  is doing nothing wrong. The terms and conditions and privacy policy site users have to agree to as the price of using the “free” service give the company the rights to aggregate, interrogate and monetise the information users submit. Users of the site have to opt in to these terms, though quite how informed such consent actually is remains open to question when end-user license agreements such as these typically run to thousands of words (the present T&Cs and privacy policy on Moneysupermarket’s website total a by-no-means-exceptional 10,217 words) and very few users will actually bother to read them in full signifying their acceptance of them. Yet there seems to be a continuing and widespread acceptance of a commercial entity taking this kind of information and selling it for profit, where significant numbers of people seem to have a problem with less intrusive information being used by security services to protect the population from crime and terrorism.

The only newspaper to report the Moneysupermarket data-sale concept was the Financial Times (subscription required, up to eight articles per month viewable for free once signed in); by contrast the Guardian, which has reported the Snowden leaks extensively and has also published a vast amount of comment and opinion on the issues they raise, last covered Moneysupermarket in January, when the company unveiled a new advertisement featuring the rapper Snoop Dogg. Something doesn’t add up.

The key difference, it appears, is that Moneysupermarket give people an online service for free. GCHQ, of course, also provide their services to the public without a charge at the point of delivery: but because their work is of necessity secret, and its principal benefits are that it prevents things from happening rather than trumpeting the savings to the end-user that a service such as Moneysupermarket’s is designed to deliver, to today’s web-enabled society where Facebook “like”s and comment-thread kudos are the only currencies that matter, the security agency and the success it conspicuously demonstrates every day something bad doesn’t happen seems not to count. They are perceived not just as organs of the state and therefore worthy of suspicion, but as an entity that acquires data without returning anything to the online milieu. (They don’t ask permission, of course, which is a key difference: though it’s debatable whether the permissions site-users give to companies like Moneysupermarket seem unlikely to be fully understood by the majority, so it’s difficult to argue that informed consent exists there either.) The free service gives Moneysupermarket cover and removes them from the discussion, because a voluntary transaction is deemed to have taken place (my data for your cheaper car-insurance quote); the lack of one makes GCHQ the enemy of privacy.

Much talk has been heard in recent months about what the security services can do to win public trust. Legislation and oversight are the repeated refrains, but here’s a simpler option which the Acumin blog offers the government (for free! Of course): GCHQ should develop and distribute a smartphone app. It doesn’t matter what it does, as long as it meets a need that as yet nobody realises they have but in the cool-obsessed, low-friction world of the digital enconomy they’ll soon wonder how they lived without. If they give it away, the public will feel they’re getting a bargain. If it’s branded credibly and promiently, users will become hard-wired to associate GCHQ with something cool and helpful in their day-to-day lives. And criticism will disappear as if someone’s highlighted it on their screen and hit the delete key.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy