Skip to Content

Worst companies for data privacy? You’ve got to see this list

At, we’re always on the lookout for new information that will help you protect your online privacy. The digital world is constantly changing, and making informed decisions about where you share your data is critical in this day and age. With so many platforms to socialize and do business with, knowing safe places from unsafe ones can mean the difference between browsing in peace versus facing down hackers, targeted advertising, or worse.

When choosing a platform or service to use on your device, you’ll want to feel secure the company running it has your best interests in mind. We all know how irresponsible Facebook has been thanks to its numerous data scandals. With how many headlines the company has made, it seems reasonable to believe that Facebook’s shenanigans are exceptions rather than the rule when it comes to privacy concerns.

Sadly, the opposite tends to be true. Many companies turn significant profits by harvesting your data, selling it to advertisers, agencies and research organizations. To learn more, we reached out to Osano, a company that specializes in privacy research and data security.

They’ve compiled a list of companies that rank the worst in terms of privacy policies, data usage and overall transparency for users. While you might recognize some companies on this list, some of the names might surprise you with how they’re using your data.

Seeing how companies rank on data responsibility and privacy

Osano was inspired to begin this project after watching congressional testimony from Mark Zuckerberg. They were shocked to see that otherwise educated and knowledgeable members of Congress were ignorant on the ins-and-outs of privacy policy.

Together, with 24 lawyers, Osano reads through the full terms, conditions and privacy policies of the platforms they rank and use the information they gather to build a score. The score is based on how well each company’s policies answer questions on Osano’s data privacy survey.

By having real lawyers read through these policies, Osano is able to answer its own survey questions with legal expertise and authority. This makes sure that the rankings published are accurate, informative and unbiased.

The goal of Osano, as they say, is not to sue anyone but provide information that can help businesses make better decisions. It also offers a number of business-to-business products that are designed to help companies monitor how vendors are using data.

The worst companies for data privacy

These companies ranked the worst in terms of privacy policy, data usage and user transparency. Not every company makes the same mistakes, however.

Some companies are less underhanded and more murky in how they present their policies. Others are honest about how they share data without making it obvious to users. Others, worst of all, make assumptions on your consent for a variety of surprising and scary data collections.

Capital One

Osano found that Capital One has an extensive privacy policy and terms of service, but the documents are so dense that ordinary users probably won’t read them. The Osano lawyers’ deep dive found some concerning clauses regarding social media.

According to the fine print, if you talk about Capital One on social media, it interprets this as your consent to its use of your social media data.

NBC News

The team found that the NBC News’ website uses a keyboard logger and mouse tracker. This means that your mouse movements and keystrokes are recorded by NBC for unknown purpose. It doesn’t specify exactly what it uses your data for, only that it’s fair game on NBC’s website.


This platform has noble intentions from the start by helping people crowdsource money for projects, bills and donations. However, its privacy policy has strange wording. When you invite other people to its service, GoFundMe makes the assumption that you and everyone in your devices’ address book has been informed of its privacy policy.


Snapchat falls into the category of “tricky wording.” When you sign up, Snapchat makes it seem like you’ll give permission to the service before any private information can be accessed. If you read deeper into the policy, however, the wording that’s used says that “Snapchat may get your consent,” leaving its actual position vague. It’s unknown if Snapchat saves user photos.

UK government

This isn’t a company, but the data practices here should draw attention. The EU recently passed a new law called General Data Protection Regulation.

It states that any company or organization in the EU needs to engage with users regarding their privacy rights, along with other data safety standards. Despite being a government website, the UK government’s home page doesn’t comply with these new regulations — regulations the UK themselves helped sponsor.


Based on its flippant attitude toward user data, Facebook gives the appearance of not caring about data privacy laws. In fact, it has regularly ignored California state regulations for tech companies handling user data — almost as if it feels like it’s too big to fail.

As we’ve discussed before on this site, Facebook’s issues revolve around targeted advertising and tracking. They connect with almost every major website and harvest your data to share with third-parties. These third-party entities can target you with advertisements and spam.

Delta Airlines

This one is strange. Delta Airlines has a long, detailed policy laying out your rights to privacy and transparency. If you read the fine print, however, you’ll find a disclaimer that says the privacy policy isn’t legally binding or enforceable. This calls into question whether such a document even counts as a privacy policy!


Just like GoFundMe, AT&T makes the assumption that account holders are liable for sharing its privacy policy with everyone on your phone plan. The company has also been caught, in the past, using browser tracking for targeted advertising purposes.


This is one of the most bizarre and spooky policies. AccuWeather says it has the right to collect health and biometric data from your phone and wearables, such as the Apple Watch. There’s no explanation why a weather tracking app would need that kind of information.

How to avoid being tracked online

Trustworthy tech?

As Osano has shown us, many tech companies take advantage of the fact that we don’t read the fine print. Not all companies are guilty of this, though.

Osano cites blogging platform Medium as an excellent example of responsible data use, getting a perfect score in the ranking. They make it easy for users to understand what data is stored and how it’s collected. Best of all, it gives full instructions on how users can erase personal information from the platform.

Osano’s full list can be found on its website by subscribing to its security newsletter. You can also check out our interview with Osano by listening to Komando On Demand in the link below.

In this free podcast, Osano CEO and co-founder Arlo Gilbert talks about the companies that are the best and worst at collecting and sharing your personal information.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook