ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

ONLINE PRIVACY

Twitter Acquires Whisper Systems (November 29, 2011)

The online messaging company Twitter has acquired Whisper Systems, a technology company that developed a software suite to protect people's cellphone and text communications from being obtained by third parties, reports The Wall Street Journal. The move has some questioning what plans Twitter has for the company and others disappointed that Whisper Systems' current services--which have been used by activist groups to organize--have been temporarily shut down. Twitter said in a statement that Whisper Systems' founders will join the company, "bringing their technology and security expertise to Twitter's products and services." (Registration may be required to access this story.)  
Full Story

BIOMETRICS—AUSTRALIA

Facial Recognition Concerns Abound (November 23, 2011)

Law enforcement and privacy advocates are at odds over whether the development of facial recognition technology will prove to be "the most significant policing technology since DNA testing or the next privacy disaster waiting to happen," The Age reports. The feature explores the potential use of the technology by police to link suspects to crimes alongside advances that mean "the technology doesn't even need to have people looking into the camera for it to work." Privacy advocates are voicing many concerns, including that--unlike passwords and other personal information--facial recognition "is a form of biometric identifier" that cannot be "revoked" if a breach occurs.  
Full Story

PERSONAL PRIVACY—AUSTRALIA

Nightspot ID Scanning, BDR Raise Privacy Concerns (November 23, 2011)

The Herald Sun reports that privacy advocates are raising alarms about the practice by nightclubs, bars and other venues of storing personal information from scanned IDs for marketing purposes. Civil Liberties Victoria Director Tim Vines said, "By scanning and keeping records of your personal information, such as your age and gender, nightspots can then use this information to tailor promotional club events to an appropriate demographic." Privacy legislation in Victoria currently recommends that venues not collect personal data for future use. Meanwhile, a new online registry (BDR) designed to prevent banned drinkers from purchasing alcohol via online stores is raising privacy and security concerns. A representative from the Department of Justice said the site is secure and only accessible to legitimate retailers.   
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Roxon Proposes Legislation for e-Health System (November 23, 2011)

Health Minister Nicola Roxon has introduced to Parliament legislation for Australia's personally controlled e-health records system that would protect patient data under the Privacy Act and includes strong penalties for breaches. However, The Australian reports that differing state and territorial health and privacy laws would still apply, prompting Privacy Commissioner Timothy Pilgrim to ask for greater auditing and investigatory powers. The bill also gives the federal government certain exemptions--drawing criticism from some--but the bill states, "If the Crown in any of its capacities does not comply with its obligations under this bill, other remedies are potentially available," including being "investigated by the information commissioner under the Privacy Act." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Privacy-Focused Browser Extension Released (November 23, 2011)

PCWorld reports on a team of European and U.S.-based privacy researchers and product designers that has released "a browser-based implementation of Privicons, a project that aims to provide users with a simple method of expressing their expectations of privacy when sending e-mail." The "Privicons" are six icons matched with instructions such as "don't attribute" or "keep private" that users can add to their e-mails "to instruct recipients about how to handle a message or its content," the report states. Project proponents note it is based on user choice rather than the technological enforcement used for most e-mail privacy efforts. 
Full Story

PRIVACY LAW—NEW ZEALAND

Privacy Commissioner Publishes Annual Report (November 21, 2011)

New Zealand Privacy Commissioner Marie Shroff has released her annual report for 2011. The report details the office's activities throughout the year, which range from enquiry handling and complaint investigations to privacy education, policy work and collaborative efforts with global peers. The office fielded 7,000 enquiries, including 968 complaints, 80 percent of which were closed within six months of receipt, according to the commissioner's media release. Twenty-eight percent of complaints were closed by settlement or mediation. "We try to move parties towards settlement, helping them to avoid the expense and stress of tribunal proceedings," the report states.
Full Story

PRIVACY LAW—AUSTRALIA

Commissioner: Privacy Torts Too Limited (November 21, 2011)

Privacy Commissioner Timothy Pilgrim says he favors government-backed conciliation over litigation in cases of breached privacy, The Australian reports. In a submission to the government, Pilgrim outlines a framework where privacy complaints would first go to the Office of the Australian Information Commissioner (OAIC) and not the courts. If conciliation with the OAIC proved insurmountable or if a legal referral was needed, the case would then go to the courts for a solution. Earlier this year, Privacy Minister Brendan O'Connor submitted a proposal calling for the federal government to create a "statutory cause of action." Pilgrim's submission says, "If the cause of action is actionable directly to the courts, sections of the public who are not in a position to access the civil justice system may be unable to enforce their rights." (Registration may be required to access this story.) 
Full Story

BIOMETRICS—AUSTRALIA & U.S.

DNA, Fingerprint Agreement Signed (November 18, 2011)

The U.S. and Australia have signed a memorandum of understanding to "swap DNA and fingerprint data more easily in the fight against terrorism and transnational crime," AAP reports. Home Affairs Minister Brendan O'Connor said the agreement "reinforces our shared values regarding the protection and privacy of the citizens of both our countries while also denying safe haven to criminals." That sentiment was echoed by U.S. Ambassador to Australia Jeffrey Bleich, who added, "Not only will it enhance our nations' ability to investigate individuals who may pose a threat to our global security, but it will also safeguard the privacy and civil rights of all travellers."
Full Story

FINANCIAL PRIVACY—AUSTRALIA

Super Fund Breach Risk Growing with Online Access (November 18, 2011)

The Sydney Morning Herald reports that the October announcement of a data breach at fund management company First State Super has shone a light on the potential vulnerabilities in online member access systems of superannuation funds. The funds management industry argued for concessions from money-laundering and counterterrorism financing laws when they were formed, but as the industry changes in the way it engages with members, data breaches and identity theft become more likely, says industry expert Michael Rice. A 2011 Verizon study showed that most breaches were a result of hackers taking advantage of "weak or absent access controls at an organisational level."
Full Story

ONLINE PRIVACY—AUSTRALIA

Bank Considering “Currency” of Social Media, Web Interactions (November 18, 2011)

The Sydney Morning Herald reports on comments by Commonwealth Bank CIO Michael Harte that in the future, the bank may begin offering incentives for customers whose "social media and other online transactions" pass through the bank's Web portal. "If you share that personal data, you can create enormous value," Harte said, adding, "we're trying to understand in a very intimate way the relationship...so that we can create value...for commercial or private consumers." The report suggests the bank "may be on to something...There is no doubt that social media interactions are emerging as a powerful currency."
Full Story

ONLINE PRIVACY

Company Offers WiFi Opt-Out (November 16, 2011)
Google has agreed to provide a WiFi opt-out method for users who prefer to keep the names and locations of their wireless routers out of the company's database. The move comes after the company faced increased pressure from data protection authorities in the Netherlands, The New York Times reports.

ONLINE PRIVACY—U.S. & CHINA

Officials Discuss Privacy Concerns (November 16, 2011)

The Wall Street Journal reports that U.S. officials are urging China to address companies' online privacy and security concerns as multinational companies hope to include China in cloud computing services. As one U.S. official put it, the "U.S. and China will have to agree on a set of principles that will encourage American companies to use China-based servers." The remarks followed a visit by a U.S. delegation to discuss Internet freedom and other issues with Chinese regulators. The report points out that information stored in Chinese data centers could be vulnerable to government seizure, which prompts many companies to host such services outside the country. (Registration may be required to access this story.)  
Full Story

ONLINE PRIVACY

Should Consumers Worry? Experts Share Views (November 16, 2011)

The Wall Street Journal assembled a diverse panel of experts to discuss the degree to which individuals should worry about their online privacy, including topics such as social network privacy controls, online behavioral advertising and government surveillance. Panelists included Steptoe & Johnson Partner Stewart Baker, Microsoft Senior Researcher danah boyd, CUNY Graduate School of Journalism Prof. Jeff Jarvis and Open Society Institute Fellow Christopher Soghoian. "If we overregulate privacy managing only to the worst case," said Jarvis, "we could lose sight of the benefits of publicness, the value of sharing." Personal data collected by firms "is like toxic waste," said Soghoian, "eventually, there will be an accident that will be impossible to clean up, leaving those whose data has spewed all over the Internet to bear the full costs of the breach." (Registration may be required to access this story.) Editor's Note: Jeff Jarvis will deliver a keynote address at the IAPP Global Privacy Summit 2012.
Full Story

ONLINE PRIVACY

As Influence Grows, So Do Privacy Challenges (November 16, 2011)

A company that ranks users' online influence using their social media activity is facing criticism for creating "shadow profiles" of non-users without permission, reports the Financial Post. Klout searches publicly available information on the Internet to build its rankings--and in some cases inadvertently created profiles for minors. While some are criticizing the company, others say it is using the same practice as many other online companies: scour the Web for data and aggregate it. "They may not be creating a profile for me or assigning me a Klout rank, but it fundamentally amounts to the same thing," says GigaOm's Mathew Ingram. Klout's CEO says the company no longer automatically creates profiles and has made it easy for people to opt out of the service.  
Full Story

PRIVACY LAW

APEC Endorses Cross-Border Rules (November 15, 2011)

At a meeting in Hawaii this week, the Asia-Pacific Economic Cooperation (APEC) leaders endorsed the APEC Cross-Border Privacy Rules (CPBRs), reports Hunton & Williams' Privacy and Information Security Law Blog. Implementing the rules enables data flow across borders "while enhancing data privacy practices; facilitating regulatory cooperating, and enabling greater accountability through the use of common principles, coordinated legal approaches and accountability agents," said an APEC statement. Welcoming the approval of the rules, FTC Commissioner Edith Ramirez said they have the potential to "significantly benefit companies, consumers and privacy regulators." The APEC Data Privacy Subgroup will next begin developing the structure for CBPR implementation, the report states. 
Full Story

BIOMETRICS

Creepy or Cool? Facial Recognition Is on the Rise (November 14, 2011)
From digital billboards that target advertising based on the demographics of passersby to an app that scans bars determining the average age and gender of the crowd to Facebook's "Tag Suggestions" feature, facial recognition is looking like the wave of the future, The New York Times reports. While some see the trend as an opportunity to offer and receive relevant information, others are concerned about potentially more intrusive uses of the technology.

DATA LOSS—AUSTRALIA

News Site Experiences Second Breach (November 10, 2011)

After undergoing a similar breach in July, News Limited has suffered from a security breach whereby subscribers receive spam e-mails and may have had passwords exposed, The Sydney Morning Herald reports. Members were informed of the breach last week. The company recommends that users change their passwords, adding that it "may be an overreaction, and we apologise for the inconvenience, but we'd rather be overcautious when it comes to your privacy." The company has said that it is "further strengthening" its security to "minimise further risk."  
Full Story

DATA PROTECTION—AUSTRALIA & NEW ZEALAND

Studies: Breaches Turn Customers Away (November 10, 2011)

A multi-country study recently conducted by Unisys reveals that citizens of Australia and New Zealand would discontinue their patronage if a business experienced a privacy breach. The Australian reports that nine out of 10 Australians would discontinue their patronage and nearly 47 percent would take legal action. According to the article, the results are "out of step" with studies conducted by the Office of the Federal Privacy Commissioner. The Scoop reports that eight out of 10 New Zealanders would stop their patronage, while 36 percent said they would take legal action. A Unisys spokesman said, "New Zealanders are telling us that unauthorised access to their personal information will be viewed as a fundamental breach of trust with significant consequences." (Registration may be required to access this story.) 
Full Story

PRIVACY

Science Fiction Comes to Life with IoT (November 10, 2011)

Computerworld reports on the emergence of the Internet of Things (IoT)--"where anything with intelligence (including machines, roads and buildings) will have an online presence"--and ways in which classic science-fiction scenarios are coming true. A representative from Cisco predicts that there will be 50 billion connected devices by the year 2020. Social networks would act as the connective tissue between them. "In the coming years, anything that has an on-off switch will be on the network...I foresee it in just about every industry and stream of life," he says. The IoT brings with it concerns about security and privacy protection. A representative from the Massachusetts Institute of Technology said, "Basic e-mail is still getting hacked, and we've had that for 25 years."   
Full Story

DATA LOSS

Experts: CPO, Plans Needed To Avoid High-Cost Breaches (November 10, 2011)

"Having a good plan in place can seriously reduce the costs resulting from the breach as, in these kinds of situations, the longer things run without being dealt with in the proper fashion, the more costly it can get." That's the message from one of the cyber-risk experts sharing insights on guarding against high-cost data breaches in a Financial Times feature. Given the ever-increasing amount of personal data that companies hold about their customers, the report highlights safeguards that apply across jurisdictions and borders, including having a breach response plan and a dedicated chief privacy officer in place. (Registration may be required to access this story.) Editor's Note: The most recent edition of Inside 1 to 1: PRIVACY includes a report on avoiding become the subject of a U.S. FTC action or a target for lawsuits.  
Full Story

DATA PROTECTION

Carrots, Sticks and Big Data (November 10, 2011)

In The Mercury News, Larry Magid summarizes last week's 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. Magid observes that "there are tensions not only between regulators and those they regulate but among regulators themselves, who don't always agree on just whether they should be wielding sticks or dangling carrots." And he discusses the conversations about "big data," quoting Future of Privacy Forum Director Jules Polonetsky, CIPP, as saying there are concerns about how big databases will be used but that they also offer benefits. "We can learn a huge amount, and the question is, can we manage to not throw out the baby with the bath water."    Full Story

PRIVACY LAW—CHINA

New Amendment, Legislation Address PII Protection (November 9, 2011)

Two separate acts of legislation have been passed in China to address the protection of citizens' personal information, Hunton & Williams' Privacy and Information Security Law Blog reports. An amendment to the Law of the People's Republic of China on Resident Identity Cards provides additional provisions to protect the personal data contained on the cards. The amendment requires agencies and organizations that process the identity card data to keep the information confidential. Violations of the act could result in possible criminal sanctions, imprisonment, fines or civil liabilities. Meanwhile, the Regulation of Information Technology of Jiangsu Province has been passed to address the collection and use of personal information and includes legal responsibilities for violations.   
Full Story

PRIVACY LAW

Multinationals Struggle To Comply With Varied Laws (November 9, 2011)

Describing online privacy as "an issue of central importance for businesses in every industry," Financial Times explores the efforts of policymakers to strengthen existing privacy laws and introduce new ones as Internet technologies evolve ahead of legislation. "The rules differ widely from country to country, with varying degrees of enforcement," the report states, noting that from the sectoral privacy regulations of the U.S. to those "stricter laws" in place in such countries as the UK, Germany and Canada, "the large and growing body of different national privacy regimes means that multinational businesses operating in many markets, face an increasingly difficult task in complying with them all." (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Pilgrim: E-Health Regs Need Clarity, Consistency (November 7, 2011)

Australian Privacy Commissioner Timothy Pilgrim has submitted comments to the government's draft legislation for personally controlled e-health records (PCEHR), noting, "Individuals have an interest in clear and consistent privacy protections applying to health information in the PCEHR system, irrespective of where a person accesses it and how that person subsequently stores it." The Australian reports that Pilgrim outlined 22 changes and clarifications and is calling for stronger powers for the information commissioner to audit the system operator and investigate and manage complaints. The New South Wales Council for Civil Liberties is focusing on patients' ability to access and control their records, while the Australian Private Hospitals Association is urging the government to make sure all issues are addressed before launching the system. (Registration may be required to access this story.)
Full Story

DATA LOSS

Company Takes Down Websites After Breach (November 7, 2011)

Adidas has taken down some of its websites after it learned of a "sophisticated, criminal cyber attack" last week, The Inquirer reports. The company has said it does not believe consumer data was compromised, but as a precaution, it took the sites offline while it conducted a "thorough forensic review." The company has implemented more security measures and said, "nothing is more important to us than the privacy and security of our consumers' personal data." 
Full Story

PRIVACY LAW—AUSTRALIA

Pilgrim: Privacy Act Needs Media Definition (November 4, 2011)

Privacy Commissioner Timothy Pilgrim says that better media controls need to be built into the Privacy Act, reports The Australian. The Office of the Australian Information Commissioner (OAIC) receives few complaints about the media; however, Pilgrim says, "In the context of so much activity by non-professionals, it has become more difficult to define journalism for the purposes of regulation." The Australian Law Reform Commission has suggested including a "definition of journalism and news organisations to comply with standards that deal adequately with privacy issues," the report states. Pilgrim agrees, adding that the OAIC would support regulation that offered guidance on handling personal information and proper methods of information gathering, among other areas. (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Committee Recommends Allowing Database Merger (November 4, 2011)

In September, Privacy Commissioner Timothy Pilgrim ordered the Professional Services Review (PSR) to make changes, finding it had breached the Data Protection Act by merging Medicare claims and pharmaceutical benefits data; however, a Senate committee is now calling for changes to PSR legislation to allow the merger, reports The Australian. The Senate Committee, after an inquiry into PSR procedures, recommends Medicare publish its auditing methodology and improve communications regarding policy changes and that the commonwealth allow for greater flexibility in PSR legislation. While Medicare says it relies on data mining in order to discover fraud, some doctors claim "the processes were deficient and led to unjust outcomes." (Registration may be required to access this story.)
Full Story

CONSUMER PRIVACY—AUSTRALIA

OAIC Releases Inaugural Complaints Report (November 4, 2011)

The Office of the Australian Information Commissioner (OAIC) has released its first yearly report outlining the number of privacy complaints it received, against which organisations and how they were resolved. The financial sector continues to draw the most complaints, reports ZDNet, with the Australian government and debt collectors, credit and tenancy databases next in line. The report states that more than 56 percent of complaints were declined for various reasons, including the lack of a privacy issue, and commonly, when action was taken, respondents were asked to amend records, provide access to records, apologise and change procedures. The OAIC also received 56 voluntary data breach notifications--a 21-percent increase over last year, the report states.
Full Story

BEHAVIORAL TARGETING

Google Releases Opt-Out Feature for Users (November 3, 2011)

Google has released a new feature to explain why Google search and Gmail users have been targeted by advertisements and allow them to opt out of such ads from future search page results, reports The Wall Street Journal. "Why These Ads" is an effort to increase company transparency when it comes to behavioral advertising, the company's senior vice president of advertising wrote in a blog post. "Because ads should be just as useful as any other information on the Web, we try to make them as relevant as possible for you. Over the coming weeks, we're making improvements to provide greater transparency and choice regarding the ads you see on Google search and Gmail," the blog states. (Registration may be required to access this story.)  
Full Story

ONLINE PRIVACY

IAB Issues Guide on Data Uses (November 3, 2011)

The Interactive Advertising Bureau (IAB) has published a new guide to help media planners, publishers and data providers communicate about their data uses, MediaPost News reports. The "Data Segments and Techniques Lexicon" aims to give "relevant parties a common set of terms and collection methods around the use of data to create audience segments for online campaigns," the report states. The guide provides instruction on the use of data for behavioral targeting; defines terms such as first- and third-parties, and clarifies various categories of user data, such as "inferred," "predictive" and "descriptive" data.  
Full Story

SOCIAL NETWORKING

Impending “Timeline” Release Elicits Concerns (November 3, 2011)

USA TODAY reports on Facebook's impending overhaul of its members' profile pages with the unveiling of its new "Timeline" feature. The feature will display members' history on Facebook comprehensively, which has drawn criticism from privacy advocates. "Things, over time, get harder to find, and that is sometimes a good thing," said Marc Rotenberg of the Electronic Privacy Information Center (EPIC). In letters to the Federal Trade Commission, EPIC has voiced concerns that Facebook should "honor its past commitment to privacy settings," the report states. Facebook says users will have five days to hide aspects of their profiles that they don't want as part of their history. 
Full Story

PRIVACY LAW

Expert: Global Harmonization Needed for Cloud (November 2, 2011)

In an interview with BankInfoSecurity, Internet security expert Alastair MacWillson says that inconsistent data protection laws in various markets are proving to be a difficult challenge for large organizations using cloud-based services. "Much like any innovation," he says, "it takes a lot of people to talk about the opportunities and also the risks, and it takes a little bit longer for the technology guys to catch up." MacWillson discusses the interstate and international challenges organizations face, advantages provided by the cloud for cross-border security risk management and finding a balance between the risks and advantages of using the cloud.
Full Story

PRIVACY LAW—EU & AUSTRALIA

Government Signs Passenger Data Agreement (November 1, 2011)

The Australian reports that the government has signed a revised Passenger Name Record agreement with the EU. The European Parliament approved the agreement last week to permit the Australian Customs Service to retain data transferred from air carriers--including passport numbers and credit card details--for a maximum of 5.5 years for the purpose of detecting and combating crime. The agreement has elicited privacy concerns including from the Australian Privacy Foundation, which said the agreement intrudes on passengers' personal affairs without their knowledge and consent and proper safeguards have not been demonstrated. The agreement allows for six agencies besides customs to share the data.
Full Story

PERSONAL PRIVACY—AUSTRALIA

Arson Database Inflames Privacy Concerns (November 1, 2011)

Attorney General Robert McClelland announced, on Monday, that a national arson database is up and running, causing civil liberties groups to criticize the office's consultation practices, reports IT Wire. The National Arson Notification Capability adds warning flags to records in the National Police Reference System. It was originally proposed by a forum of police, fire and rescue representatives after fires broke out in Victoria in 2009. Australia Privacy Forum Chair Roger Clarke says while arson is a serious problem, questions remain about how the database will operate, what qualifies a citizen for registry in it, who will have access to it and how citizens get access to their records.
Full Story

DATA LOSS—HONG KONG

Department Finds Missing Data (November 1, 2011)

The Hong Kong Labour Department has announced that it has located personal data that went missing last week, 7th Space reports. An envelope containing the personal information of 56 individuals applying for employees' compensation was found in Tuen Mun Hospital still sealed and intact. The department said it would continue its investigation into the incident and has improved dispatch operations with hospitals. 
Full Story

ONLINE PRIVACY—CHINA

Gov’t Says Public WiFi Will Be Secure (October 31, 2011)

Three national telecom companies are developing a public WiFi network in Beijing. Expected to launch before the end of the year, the "My Beijing" network will be free during its initial three years, but some are concerned that the service will allow government access to personal information, reports The Next Web. Users will be authenticated by providing their cell phone number, and some say this will risk the privacy of Web browsing history and allow numbers to be recorded and sold to marketing companies. Government officials "insist that the phone number requirement is without ulterior motive," the report states.
Full Story

PRIVACY LAW—AUSTRALIA

APF Raises Concerns About e-Health Legislation (October 31, 2011)

Australian Privacy Foundation (APF) Chairwoman Juanita Fernando says the draft laws underpinning the operation of the government's e-health record system contain a loophole that allows authorities to conclude that a data breach was "not deliberate," reports The Australian. "Under this legislation, no government and no employee can be sued or prosecuted for any harm or damage arising from a breach," Fernando says. In addition to removing the loophole, Fernando says, "we ask for penalties to be provided in the context of unintentional breaches of community information." According to the report, the penalties should include compensation, the opportunity for class-action lawsuits and steps to mitigate future breaches. Fernando also says that the bills do not cover new technologies like cloud computing and mobile devices.
Full Story

DATA PROTECTION

Browser Found To Have Privacy Flaw (October 31, 2011)

Recent versions of a third-party Web browser reportedly have been found to have a privacy flaw, reports Ars Technica. The Android Police blog has reported that a breach of privacy occurs when every URL loaded in Dolphin HD is relayed as plain text to a remote server, the report states. Dolphin HD has released a statement explaining that when the URL is relayed, data is not collected or retained and says it has updated the browser to disable the feature and that it will be opt-in in the future.
Full Story