Earlier this year, Samsung was forced by the California Consumer Privacy Act (CCPA) to rethink its privacy policies and, as a result, a new toggle was added in Samsung Pay, as discovered by XDA-Developers. The toggle gives users the option of disabling the selling of personal data to Samsung Pay partners. It’s a most welcomed addition, but at the same time, it’s a worrying turn of events because it reveals that Samsung may have already sold your personal data before the CCPA came into effect.

Not only that but the company’s Customization Service, to which most Galaxy device owners have agreed, seems to contain similar, troubling caveats as the Samsung Pay policy.

What personal information may have been sold by Samsung?

According to Samsung’s updated Privacy Policy for Samsung Pay, the company may have sold the following categories of personal information over the 12-month period prior to the effective date of the CCPA. The categories Samsung refers to include cookies, beacons, mobile ad identifiers, pixel tags, internet protocol addresses and more.

Other categories include commercial information, Internet browsing history, search history, information regarding your interaction with websites and a whole lot more. You can hit this link and check Samsung’s official Privacy Policy for Samsung Pay for additional details.

The page also includes information on the disclosure of personal information for business purposes. Samsung doesn’t outright claim that it sold this kind of data, only that it may have disclosed it to vendors. The list includes identifiers ranging from real names to bank account numbers, credit card numbers, and other financial information, or audio, electronic, visual and similar information, whatever that may imply.

Samsung’s Customization Service may be doing similar things with your data

The aforementioned toggle in Samsung Pay was added after the CCPA was implemented, and it’s unclear whether the policy changes are valid for all Samsung Pay users around the world, or only for USA/California residents. Nevertheless, even if you live outside of the United States, Samsung may still share your personal data with third parties even if you don’t use the mobile payment platform.

Samsung’s Customization Service – to which most Galaxy users agree upon setting up a Samsung account – is designed to collect information about your use of Samsung’s services – and third-party websites and apps – across your devices in order to deliver customized services tailored to your interest.

The Customization Service policy sounds more benign than the updated privacy policy for Samsung Pay – especially for Android smartphone users who should be used to the idea that Google is collecting their information for its own ad-delivery purposes. However, unlike Google’s policy for Android, Samsung’s policy still claims that it shares information about your online activities.

It also states that where required by applicable law, we will obtain your consent for the processing of your personal information for direct marketing purposes. This may suggest that, in some countries with fewer/weaker privacy laws, Samsung may be processing your personal information without your consent.

You can opt out of Samsung’s Customization Service

Fortunately, if you’re not a fan of the idea that Samsung may be collecting your data, you can choose to disable Customization Services on your Samsung account, and there’s also a way to request the deletion of existing information that’s been previously collected and analyzed.

As mentioned above, Android smartphone users are generally aware that Google collects personal information for its own ad-delivery purposes. However, Samsung’s policies seem a bit more open for interpretation, as they reveal that personal data can and may have been shared with third parties. For some users, this might make a world of difference, while for others it may not mean much.

How do you feel about these recent events, or the issue of privacy, in general? Share your thoughts in the comment section.