Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#data’

4000

French Privacy Watchdog Raps WhatsApp Over Facebook Data Sharing

December 18, 2017

BRUSSELS (Reuters) – France’s data privacy watchdog may fine messaging app WhatsApp if it does not comply with an order to bring its sharing of user data with parent company Facebook into line with French privacy law.

The French data protection authority – CNIL – said on Monday it had told WhatsApp to comply with the order within one month, and pay particular attention to obtaining users’ consent. If Whatsapp does not comply it could sanction the company, the watchdog said.

The CNIL said WhatsApp did not have the legal basis to share user data with Facebook and had violated its obligation to cooperate with the French authority.

WhatsApp, bought by Facebook in 2014, said it would begin sharing some user data with the social media group in 2016, drawing warnings from European privacy watchdogs about getting the appropriate consent.

In October, European Union privacy regulators rapped WhatsApp for not resolving their concerns over the messaging service’s sharing of user data with Facebook a year after they first issued a warning.

The French regulator said that WhatsApp had not properly obtained users’ consent to begin sharing their phone numbers with Facebook for “business intelligence” purposes.

“The only way to refuse the data transfer for “business intelligence” purpose is to uninstall the application,” the CNIL said in a statement.

The regulator accepted that the transfer of user data for security purposes seemed to be essential to the functioning of the application. But the watchdog also said the same did not apply for “business intelligence” purposes which aim to improve the apps’ performance.

European data protection authorities can only impose small fines at the moment, but a new EU privacy law entering into force next year will increase fines to up to 4 percent of a company’s global turnover.

The CNIL said it had repeatedly asked WhatsApp to provide a sample of French users’ data transferred to Facebook but the company had explained it could not do so as it is located in the United States and “it considers that it is only subject to the legislation of this country.”

Tags: , , ,

hacker-coder-developer-software-programmer-alphanumeric-matrix

Privacy rules to create jobs, EU data chief says

October 26, 2017

EU lawmakers are gearing up to launch talks with members states on a bill that aims to keep online communications private.
On Thursday (26 October), the European Parliament will vote on whether to put forward an official position on the so-called e-privacy regulation.

Industry and centre-right MEPs argue that it will limit jobs and innovation by imposing too many restrictions.
But Giovanni Buttarelli, the European data protection supervisor, says it will also create new jobs in the privacy sector.

“We may create an unbelievable amount of new professions, jobs, opportunities for European Union small and medium size enterprises,” he told this website, earlier this week.

Earlier this year, a study by Pricewaterhouse Coopers said the EU continues to lag behind the US in terms of top global companies, many of which are geared towards technology.

Buttarelli says while this may be the case, the EU should continue in its efforts to be a global leader in privacy and data protection regulation.

“We will remain a little bit handicapped internationally in terms of technological development,” he said.

But he notes that privacy and data regulation sectors also offers new opportunities for European-based business in areas like ‘privacy by design’.

Such professions and jobs, he says, have little prospect of materialising in the United States where big tech companies dominate and tend to drive policy debate.

He also argues for a uniform level of protection across all platform.

“Interoperability, interactivity and interplay are also relevant for rights,” he said.

War on ‘cookie walls’
The reform of the 2002 e-privacy directive has major implications for both businesses and citizens, ahead of the launch of the EU’s data protection regulation next May.

The general data protection regulation deals with personal data, while e-privacy sets out rules on keeping telecom firms from prying into online chats and tracking users without their consent.

The Council, representing member states, has yet to formulate its stand.

But businesses and industry appear largely opposed, arguing that the e-privacy reforms, as proposed by MEPs in the civil liberties committee (Libe), are too restrictive.

The Libe wants, among other things, a ban on ‘cookie walls’, which block access to a website if the user does not agree to his or her data being used by the same site.

It also wants to make it easier for people to give or withdraw their consent by using browser settings instead of pop-up banners.

Left-leaning MEPs argue that the draft proposal would ensure high standards of privacy, confidentiality and security in electronic communications.

Meanwhile, some NGOs say it does not go far enough in protecting rights.

Tags: , ,

pr

Data-hucksters beware – online privacy is making a comeback

August 22, 2017

Next year, 25 May looks like being a significant date. That’s because it’s the day that the European Union’s general data protection regulation (GDPR) comes into force. This may not seem like a big deal to you, but it’s a date that is already keeping many corporate executives awake at night. And for those who are still sleeping soundly, perhaps it would be worth checking that their organisations are ready for what’s coming down the line.

First things first. Unlike much of the legislation that emerges from Brussels, the GDPR is a regulation rather than a directive. This means that it becomes law in all EU countries at the same time; a directive, in contrast, allows each country to decide how its requirements are to be incorporated in national laws.

Second, the purpose of the new regulation is to strengthen and rationalise data protection for all individuals within the EU. It also covers the export of personal data to outside the bloc. Its aims are to give control back to EU residents over their personal data and to simplify the regulatory environment for international business by unifying regulation, so that instead of having to deal with a range of data-protection issues in different jurisdictions, companies will effectively be able to obtain a “passport” for the entire region, much as financial services firms have been able to acquire.

Given that the use, abuse and exploitation of personal data has become the core business of the internet, anything that affects this is going to be a big deal. The GDPR extends EU data-protection law to all foreign companies that process the data of EU residents. So even if a company has no premises or presence within the EU, if it processes EU data it will be bound by the regulation. And the penalties for non-compliance or infringement are eye-watering, even by internet standards: fines up to €20m and/or 4% of global turnover.

Advertising Age concludes that the new regulation will ‘rip the global digital ecosystem apart’
The GDPR applies both to data “controllers” (who determine how and why personal data is processed) and “processors” (who handle the data on the controller’s behalf). The obligations on controllers are broadly similar to those imposed by current data-protection law. But if you’re a processor, then the regulation imposes specific legal obligations on you to maintain records of personal data and processing activities and you will have significantly more legal liability if you are responsible for a data breach. And any breach, no matter how small, has to be reported to the authorities within 72 hours.

More significantly, the GDPR extends the concept of “personal data” to bring it into line with the online world. The regulation stipulates, for example, that an online identifier, such as a device’s IP address, can now be personal data. So next year, a wide range of identifiers that had hitherto lain outside the law will be regarded as personal data, reflecting changes in technology and the way organisations collect information about people.

The regulation gives important new rights to citizens over the use of their personal information. They have the right, for example, to contest and fight decisions that have been made about them by algorithms processing their data. Valid consent has to be explicitly obtained for any data collected and for the uses to which it will be put. Consent for children’s data must be given by parents or guardians and data controllers must be able to prove that consent has been obtained.

Citizens will now have the right to request the deletion of personal information related to them – and companies will have to be able to prove that the offending data has been properly wiped (which may be more difficult than it sounds). And so on.

For many traditional companies – the ones that keep HR records, customer lists, contact details etc – the GDPR will probably make little practical difference, except for more onerous compliance requirements. But for organisations that have hitherto operated outside the reach of data-protection law, for example the hidden multitudes of data-hucksters, trackers, data-auctioneers and ad-targeters that operate behind the facade of websites, social media and Google, the GDPR represents an existential threat.

Facebook and Google should be OK, because they claim to have the “consent” of their users. But the data-broking crowd do not have that consent. As Advertising Age puts it: “Targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.” The new regulation will, it concludes, “rip the global digital ecosystem apart”.

Not before time, IMHO. In the meantime, three cheers for the EU. And – since you ask – the UK government has decided that the GDPR will apply here even after Brexit.

Tags: , , ,

SAN FRANCISCO - OCTOBER 24:  Dustin Moskovitz, co-founder of Facebook, delivers his keynote address at the CTIA WIRELESS I.T. & Entertainment 2007 conference October 24, 2007 in San Francisco, California. The confernence is showcasing the lastest in mobile technology and will run through October 25.  (Photo by Kimberly White/Getty Images)

Get Ready for the Next Big Privacy Backlash Against Facebook

May 22, 2017

DATA MINING IS such a prosaic part of our online lives that it’s hard to sustain consumer interest in it, much less outrage. The modern condition means constantly clicking against our better judgement. We go to bed anxious about the surveillance apparatus lurking just beneath our social media feeds, then wake up to mindlessly scroll, Like, Heart, Wow, and Fave another day.

But earlier this month, The Australian uncovered something that felt like a breach in the social contract: a leaked confidential document prepared by Facebook that revealed the company had offered advertisers the opportunity to target 6.4 million younger users, some only 14 years old, during moments of psychological vulnerability, such as when they felt “worthless,” “insecure,” “stressed,” “defeated,” “anxious,” and like a “failure.”

The 23-page document had been prepared for a potential advertiser and highlighted Facebook’s ability to micro-target ads down to “moments when young people need a confidence boost.” According to The Australian’s report, Facebook had been monitoring posts, photos, interactions, and internet activity in real time to track these emotional lows. (Facebook confirmed the existence of the report, but declined to respond to questions from WIRED about which types of posts were used to discern emotion.)

The day the story broke, Facebook quickly issued a public statement arguing that the premise of the article was “misleading” because “Facebook does not offer tools to target people based on their emotional state.” The social network also promised that the research on younger users “was never used to target ads.” The analysis on minors did not follow Facebook’s research review protocols, the company wrote, so Facebook would be “reviewing the details to correct the oversight,” implying that the analysis had not been sanctioned by headquarters in Menlo Park.

A spokesperson for Facebook tells WIRED that the research had been commissioned by an advertiser. But Facebook’s public statement did not make that clear or explain how the research on minors ended up in a presentation to potential advertisers.

The statement said only that the analysis had been conducted by “an Australian researcher.” But the leaked presentation obtained by The Australian was prepared by two Australian Facebook employees, both managers who connect Facebook to ad agencies.

Privacy advocates and social media researchers, some of whom signed a public letter to Mark Zuckerberg about the ethical implications of tracking minors, tell WIRED the leak arrived at a crucial time in their campaign for stricter guidelines around consumer surveillance. Between the political fallout of psychographic profiling on Facebook and recent fines against the social network for breaking European laws about data collection, they hope this controversy could have lasting implications on the way the $400 billion behemoth tracks sensitive data.

Welcome to the next phase of Facebook privacy backlash, where the big fear isn’t just what Facebook knows about its users but whether that knowledge can be weaponized in ways those users cannot see, and would never knowingly allow.

Dear Mark Zuckerberg
Five years ago, Facebook conducted a mass experiment in manipulating emotions on nearly 700,000 unsuspecting users. The company tweaked News Feeds to show random users more positive or negative content, to see if it made those users happy or sad. In that case, there was no leaked document, no smoking gun: The results were published openly in an academic journal in 2014. In response, there was an outcry over what seemed like social engineering; the company said it had been “unprepared for the reaction” and strengthened its research review process accordingly.

A spokesperson for Facebook tells WIRED that the research referenced in the newly surfaced document complied with Facebook’s privacy and data policies, such as anonymizing the data by removing any personally identifiable information, but it did not meet those enhanced research protocols, which are supposed to require additional review for studies of “sensitive groups,” like minors.

A week after the document was leaked, more than two dozen nonprofits from the US, Europe, Brazil, and Mexico wrote a blistering public letter to Zuckerberg arguing that Facebook should release the document because the health and ethical implications were “far too concerning to keep concealed.” Facebook has become a “powerful cultural and social force in the lives of young people,” they wrote, and the mega-corporation could not just chalk up the mistake to a deviation from its research protocols. Marketers “and others” could use this research to “take advantage of young people by tapping into unique developmental vulnerabilities for profit,” the letter warned. (WIRED reached out to The Australian’s media editor, Darren Davidson, who obtained the leaked document, to see if the paper has plans to publish it in full, but did not receive an immediate response.)

“We take the concerns raised by these organizations seriously,” a Facebook spokesperson said in response to questions from WIRED. “Last week we reached out to several of these groups to discuss the research, and together agreed to set a meeting. We look forward to working with them.”

Jeff Chester, executive director of the Center for Digital Democracy, one of the nonprofits that signed the letter, will be present at the Facebook meeting. “I’ll be interested to see how honest they are,” he tells WIRED. “Are they going to acknowledge all of the similar research that they already do? Or what it means for Facebook and Instagram users worldwide? Are they going to talk about the fact that they are continually expanding the ability of their platform to identify and track consumers on behalf of powerful advertisers?”

Chester keeps close tabs on Facebook’s increasingly sophisticated marketing capabilities, a toolkit that includes neuro-marketing and biometric research techniques that can be used to test bodily reactions to ads, like responses in the brain, heart, eye movement, or memory recall. Chester pointed to a recent report from Facebook IQ—a research division within the social network designed to help marketers—that used an EEG headset to measure social connections and feelings in virtual reality.

“When Facebook said this was aberration, we knew that was not true, because it squarely fits into what Facebook does all the time in terms of analyzing the emotional reactions of individuals,” including vulnerable groups like young people, black people, and Latinos, Chester says. “Facebook is one big sentiment-mining apparatus.”

If the users in question weren’t teenagers—or if the emotion wasn’t insecurity—Facebook’s public statement might have been sufficient; the uproar from privacy advocates may have been duly noted, then promptly forgotten.

Instead, as Kathryn Montgomery, a professor at American University and the director of the school’s communications studies division—who is married to Chester—tells WIRED, The Australian’s report served as “a flashpoint that enables you to glimpse Facebook’s inner workings, which in many ways is about monetization of moods.”

A New Advertising Age
This may sound like a lot of sturm und drang for making money off of teenage insecurity, a mass market practice that has been around since at least World War II. The entire advertising industry is, after all, premised on the ability to leverage a consumer’s emotional state. But it’s one thing to show makeup ads to people who follow Kylie Jenner on Instagram; it’s another to use computational advertising techniques to sell flat-tummy tea to 14 year olds at the exact moment they’re feeling their worst.

In fact, Montgomery and Chester have been fighting to protect young people’s digital privacy for decades. The couple helped pass the Children’s Online Privacy Protection Act (COPPA) in 1998, which restricts data collection and online marketing from targeting children under 13 years old. The legislation was created to prevent the first wave of dotcom companies from engaging in deceptive practices, such as using games and contests to collect information about children without parental permission. The same year COPPA passed, the FTC filed its first internet privacy complaint against GeoCities, for misleading both child and adult consumers about how it was using their personal information. Since then, companies big, small, and fictional have racked up fines.

For its part, Facebook has been open and cooperative in responding to concerns about minors in the past. After The Wall Street Journal reported in 2012 that Facebook was considering allowing children younger than 13 to open accounts, the company met with privacy advocates who helped convince the platform to continue barring children from the platform.

Facebook also understands that minors require additional protections. By default, it turns off location sharing for minors, and offers warnings before young people share a post publicly. Indeed, Facebook sometimes uses its tracking capabilities to safeguard users, such as newly released artificially intelligent suicide prevention tools that “help people in real time.”

“We do, of course, want to try to help people in our community who are at risk, including if their friends report to us that they may be considering self-harm, but that’s not related to the incorrect allegations that were made in The Australian’s piece,” a Facebook spokesperson tells WIRED.

Regardless, advances in ad targeting may require more default protections. Marketers want to pinpoint people in an “intimate, ongoing, interactive way,” says Chester. As people use more and more devices across different networks, companies that collect this information have amassed bank vaults of data on users’ locations, recent life events, affinity groups, or, theoretically, emotional states.

“This is the holy grail of advertising,” says Saleem Alhabash, an assistant professor at Michigan State University. A consumer has “a particular need or motivation at this particular moment in time, and you are giving them messages that feed exactly to what they’re feeling. The return on investment is huge.”

To that end, Alhabash believes companies should, for the most part, have the freedom to conduct business. “I do not think that advertising in general is manipulative.” he says. “Where it becomes manipulative is when certain parts of our personal information gets used against us to makes us crave and want things that we do not want.” (Alhabash worked on a study about how Facebook ads for alcohol can increase the desire to drink.)

Amid a swirl of recent concerns over how Facebook can influence our actions in the real world and the ways that micro-targeting can be weaponized—such as voter-suppression campaigns targeting African Americans—the leaked document seems like another sign that fears about the company have taken on a different shape.

“We’ve entered a new phase because of the controversy in promoting fake news, in disseminating hate speech, in Facebook’s outsized influence in campaigns that resulted in Brexit, the election of Trump, and other political developments,” Chester explains.

Europe Plays Hardball
Unfortunately for Facebook, the Australian ad targeting controversy cropped up just as European regulators have been cracking down on social networks, charging that they “aren’t taking complaints from their users seriously enough.” That’s the reason Germany’s justice minister cited in March when he proposed a law that would fine social media companies up to €50 million if they don’t respond quickly enough to reports of illegal content or hate speech.

This week, the focus has shifted to Facebook’s privacy violations. On Tuesday, data protection authorities (DPAs) from France, the Netherlands, Spain, Germany, and Belgium issued a joint statement detailing the results of national investigations into Facebook for privacy issues, including processing personal data for advertising purposes.

France and the Netherlands handed down what amounted to a slap on the wrist and a small fine, but this is just the preview. Europe’s strict privacy laws are about to get even stricter. It’s all part of a growing sense in the EU that it’s time to throw a bridle on Silicon Valley.

In 368 days (regulators have posted a handy countdown clock) the General Data Protection Regulation will go into effect for the European Union. Once the new rules are in place, companies will be forced to take privacy more seriously, if only because of the fines, David Martin, senior legal officer at the European Consumer Organization, tells WIRED by email. France fined Facebook €150,000 for unlawfully tracking internet users to display targeted advertising, the maximum it can currently impose. But once the new rules are in place, the fines could be as high as €20 million, or 4 percent of the company’s global revenue, whichever is higher, Martin says.

For companies like Google and Facebook, with market capitalizations in the hundreds of billions, compliance might be a bigger issue than fines. But American advocates hope that some of that momentum will be contagious, pressuring Silicon Valley’s oligarchy into creating stronger safeguards for sensitive data. Says Chester, “The feedback I got from my colleagues in Europe was, ‘Look, you guys have that letter. We have laws and rules that need to be enforced.’”

In the joint statement on Tuesday, the Dutch authorities reported that Facebook violated data protection laws for its 9.6 million users in the Netherlands by using sensitive personal data without the users’ explicit consent, including serving targeted ads based on users’ sexual preferences. Facebook changed its practices to comply, and the Dutch DPA said it will issue a sanction if it finds out the violations have not stopped.

In response to questions from WIRED about the sanctions, a different Facebook spokesman says that the company respectfully disagrees with the findings by the French and Dutch authorities. Facebook maintains that its practices have been compliant, but the spokesperson says that Facebook welcomes the dialogue.

“At Facebook, putting people in control of their privacy is at the heart of everything we do,” the spokesperson tells WIRED. “Over recent years, we’ve simplified our policies further to help people understand how we use information to make Facebook better. We’ve built teams of people who focus on the protection of privacy—from engineers to designers—and tools that give people choice and control.”

And yet the findings from the investigations don’t sound that far off from the leaked Australian document, which is partly what made the specter of preying on teen insecurity so unsettling.

It’s not a dystopian nightmare. It’s just a few clicks away from the status quo.

Tags: , , ,

imrs

The Senate just voted to undo landmark rules covering your Internet privacy

March 23, 2017

Senate lawmakers voted Thursday to repeal a historic set of rules aimed at protecting consumers’ online data from their own Internet providers, in a move that could make it easier for broadband companies to sell and share their customers’ usage information for advertising purposes.

The rules, which prohibit providers from abusing the data they gather on their customers as they browse the Web on cellphones and computers, were approved last year over objections from Republicans who argued the regulations went too far.

U.S. senators voted 50 to 48 to approve a joint resolution from Sen. Jeff Flake (R-Ariz.) that would prevent the Federal Communications Commission’s privacy rules from going into effect. The resolution also would bar the FCC from ever enacting similar consumer protections. It now heads to the House.
Industry groups welcomed the vote.

“Our industry remains committed to offering services that protect the privacy and security of the personal information of our customers,” said NCTA — The Internet and Television Association, a trade group representing major cable providers. “We support this step toward reversing the FCC’s misguided approach and look forward to restoring a consistent approach to online privacy protection that consumers want and deserve.”

Consumer and privacy groups condemned the resolution.

“It is extremely disappointing that the Senate voted today to sacrifice the privacy rights of Americans in the interest of protecting the profits of major Internet companies, including Comcast, AT&T, and Verizon,” Neema Singh Giuliani, legislative counsel for the American Civil Liberties Union, said in a statement.

The FCC didn’t immediately respond to a request for comment.

The agency’s rules are being debated as Internet providers — no longer satisfied with simply offering Web access — race to become online advertising giants as large as Google and Facebook. To deliver consumers from one website to another, Internet providers must see and understand which online destinations their customers wish to visit, whether that’s Netflix, WebMD or PornHub.
With that data, Internet providers would like to sell targeted advertising or even share that information with third-party marketers. But the FCC’s regulations place certain limits on the type of data Internet providers can share and under what circumstances. Under the rules, consumers may forbid their providers from sharing what the FCC deems “sensitive” information, such as app usage history and mobile location data.

Opponents of the regulation argue the FCC’s definition of sensitive information is far too broad and that it creates an imbalance between what’s expected of Internet providers and what’s allowed for Web companies such as Google. Separately from Congress, critics of the measure have petitioned the FCC to reconsider letting the rules go into effect, and the agency’s new Republican leadership has partly complied. In February, President Trump’s FCC chairman, Ajit Pai, put a hold on a slice of the rules that would have forced Internet providers to better safeguard their customer data from hackers.
The congressional resolution could render unnecessary any further action by the FCC to review the rules; Flake’s measure aims to nullify the FCC’s privacy rules altogether. Republicans argue that even if the FCC’s power to make rules on Internet privacy is curtailed, state attorneys general and the Federal Trade Commission could still hold Internet providers accountable for future privacy abuses.

But Democrats say that preemptive rules are necessary to protect consumers before their information gets out against their will.

“At a time when our personal data is more vulnerable than ever, it’s baffling that Senate Republicans would eliminate the few privacy protections Americans have today,” said Rep. Frank Pallone Jr. (N.J.), the ranking Democrat on the House Energy and Commerce Committee. Pallone added in a statement Thursday that he hoped his House Republican colleagues “will exercise better judgment” when it becomes their turn to vote on the resolution.

On Wednesday, Senate Democrats challenged the idea that the FTC could take responsibility for regulating Internet providers’ privacy practices.
“The Federal Trade Commission does not have the rulemaking authority in data security, even though commissioners at the FTC have asked Congress for such authority in the past,” said Sen. Bill Nelson (Fla.), the top Democrat on the Senate Commerce Committee.

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
private
Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows
November 12, 2018

Private blockchains, such as interbanking platforms set to share information on customers, could be...

Read more
apple
Apple launches privacy portal, initiatives
October 18, 2018

Apple (NASDAQ:AAPL) launches a new privacy website letting users find personal data the company has ...

Read more
private
Just Don’t Call It Privacy
September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads onl...

Read more
static2.politico.com
Privacy and security: no simple solution, warns Rachel Dixon
September 18, 2018

The tide is turning when it comes to privacy and security, with Australians gradually becoming more ...

Read more
emailtracking-ta
Are you privacy literate?
September 11, 2018

Online privacy is a new literacy that educators and students need to learn and practice. But what sh...

Read more