Posts Tagged: "online privacy"

With data privacy concerns at the forefront in the wake of the Cambridge Analytica data scandal, it seems that Amazon isn’t completely in the clear when it comes to the security of consumer data on their platforms. Recent reports indicate that Amazon’s Mechanical Turk online worker marketplace was another platform targeted by the data collecting quiz application developed by Aleksandr Kogan, the Cambridge app developer behind the Facebook scandal. Data privacy concerns have also surfaced surrounding Amazon Web Services cloud platforms including inadvertent breaches of web-monitoring data stored on Amazon cloud services by private companies and the Pentagon alike. Amazon servers also collect voice recordings from consumers using its Alexa digital personal assistant which are also at risk of falling into the wrong hands unless a consumer manually deletes recordings through the Alexa app.

Facebook users continue to be shocked at the amount and kind of data being collected by the social media platform, including recent reports about call and SMS text messaging data which Facebook has been collecting from Android mobile users. Along with the political heat Zuckerberg continues to take, Facebook itself could be on the hook for a record fine from the Federal Trade Commission if it’s found that the company’s data practices violate terms of a 2011 consent decree between Facebook and the FTC. With all of this focus on Facebook’s data collection practices, we decided to take a look at some of the social media technologies patented by Facebook at the U.S. Patent and Trademark Office, which may give readers a better idea of just how this American social media giant leverages user data.

Dystopian novels and science fiction often return to the subject of the loss of personal privacy which is often encouraged by the use of technology enabling constant, omnipresent surveillance. Perhaps the most famous example of this in the science fiction canon of the 20th century is George Orwell’s Nineteen Eighty-Four. First published in 1949, Orwell’s novel conceives of a world where government surveillance is so complete that the vast majority of citizens don’t mind being watched by two-way telescreens in their own apartments. Even the novel’s rebellious protagonist Winston Smith comes around at the end to fall prey to the same cult of personality that allows the government overseer — Big Brother — to remain in power… With concerns over the use of personal data fresh in the mainstream news, we’ll run a series of articles that will take a closer look at U.S. tech giants both in terms of the types of data they track and the purposes for which that data is used.

It has been a long time coming, but the General Data Protection Regulation (GDPR) is almost here. This new privacy regulation requires substantial changes to the collection and storage of data and will affect multiple disciplines, including the brand protection industry. One of the ‘victims’ of the new law is the WHOIS database. How will these changes affect its records?

Chinese toymaker VTech recently settled charges with the FTC in the first-ever case involving internet-connected toys. VTech became a victim of cyber attackers back in 2015, when hackers got access to the company’s online database and compromised accounts of over 11 million, which included data for about 6.37 million children… Today, the key to compliance when dealing with IoT is to “know thyself,” Bahar explained. In other words, take the time to understand what truly is in these smart components, not only from a technical perspective but a legal one. In addition, make sure to make good on your promises. If you tell consumers that you are protecting their data or their privacy in certain ways, make sure you are making good on that commitment.

This new e-Privacy Regulation, if adopted, will replace the current e-Privacy Directive and will establish, together with the General Data Protection Regulation, GDPR, a new privacy legal framework for electronic communications. The proposal aims to be lex specialis to the GDPR. Probably to ensure consistency with the new privacy legal framework for electronic communications, the entry into force provision of the leaked text has been amended to state expressly that the e-Privacy Regulation will come into force on the same date as the GDPR (25 May 2018). With many legislative hurdles still remaining before it is approved, this represents an ambitious timeline for EU legislators.

In creating a privacy and security plan, IOT companies should be mindful of regulatory enforcement for failure to fully comply with their own advertised practices. For example, companies should honor representations made to consumers regarding privacy and security practices, or risk regulatory scrutiny. If not, the FTC may bring an enforcement action, which it did against IOT company, TRENDnet, Inc. According to the FTC, TRENDnet failed to implement reasonable security practices, monitor security vulnerability reports from third parties, test and review potential security vulnerabilities, and implement reasonable guidance for its employees, and thus was in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a). The case settled, and the terms of the settlement prohibited TRENDnet from misrepresenting its privacy and security practices and required it to establish a comprehensive security risk program.

The FCC’s broadband privacy rules require ISPs to present their customers with a choice to opt in or opt out of providing consent to use certain categories of information which are deemed to be sensitive. Such sensitive information includes any data pertaining the the customer’s geo-location, health, finances, children, Social Security number, browsing history, app usage history or the content of electronic communications. Information related to a customer’s e-mail address or tier level of broadband service, however, is considered non-sensitive.

On the morning of Tuesday, July 12th, members of the U.S. Senate Committee on Commerce, Science, & Transportation convened for a hearing on a notice of proposed rulemaking recently issued by the Federal Communications Commission (FCC). The hearing, titled How Will the FCC’s Proposed Privacy Regulations Affect Consumers and Competition, did much to talk about the potential effects of the FCC’s increased oversight of broadband Internet service providers even as partisan viewpoints among committee members were exposed.

Much of the data security world has been abuzz since a blog post at the digital privacy website DataBreaches.net reported the disconcerting news that the personal information of 191 million voters participating in U.S. elections going back to the year 2000 was made available on the Internet by a party who is yet unknown. These records include voter information which is requested at the time of registration, which in many cases includes home addresses, date of birth, telephone number and state voter identification. Making these voter records available online violates confidentiality restrictions on accessing records put in place by California and other states.

Chinese legislators have attempted to enact anti-terror legislation purportedly designed to protect Chinese citizens against terrorist threats. In late December, China passed a law requiring both telecommunications and Internet companies operating in the country to provide decryption, technical interfaces and other assistance to public and state security organizations to conduct investigations of potential terrorist activities. The tech sector has misgivings about Chinese regulations that would force the handing over of sensitive data. Imagine a leak of encryption keys leading Chinese hackers to degrade performance of a foreign tech provider, all in the name of promoting indigenous innovation. That’s a pretty extreme scenario, but one that’s not completely unimaginable considering recent cybersecurity headlines.

In June, authorities in France served a formal notice to Google that it must delete certain links from it’s Google.com domain on a legal basis known as ‘the right to be forgotten.’ The right to be forgotten is implicated when an individual contacts a search engine company, such as Google, asking for a search result to be de-listed, essentially taking it out of their available search results. The provider assesses whether the privacy issue at stake has enough merit to de-list the link. If they don’t, the individual then has another avenue to take with a regulatory agency which may overturn the search engine provider’s decision.

Is Uber really a technology company? Essentially, Uber runs a car service and at first glance the company is no more a technology company than any other company that happens to have an app, such as your local grocery store. But as you dig deeper you start to see that Uber’s value is not in running a car service, but rather in mining all kinds of data from the devices of those using its service. In fact, Uber’s privacy policy, which governs the information users allow them to collect from their devices, is substantially longer than the document labeled “terms of service.”

The court ruled that the relevance of her photographs greatly outweighed Nucci’s minimal privacy interest. Nucci argued that she had a legitimate expectation of privacy in her photographs since her Facebook profile was set to “private.” However, the court was not convinced and explained that photographs posted on a social media site are neither privileged nor protected by any right of privacy, regardless of the privacy settings established by the user. After all, the court pointed out that the very nature of these social media sites is to share photographs with others, so a user cannot later claim a legitimate expectation of privacy.