ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

DATA RETENTION—AUSTRALIA

Berners-Lee Criticises Proposed Data Retention Plan (January 31, 2013)

World Wide Web inventor Tim Berners-Lee denounced proposed government legislation that would have Internet service providers store customers’ information for up to two years in an effort to fight crime. Berners-Lee acknowledged the importance of aiding law enforcement but stated that the retention of such data would result in Australians being trapped by their own information. He further likened that amount of data to “a time bomb” and questioned who would watch the watchers.
Full Story

DATA PROTECTION—AUSTRALIA

Opinion: How Much Data Should We Share? (January 31, 2013)

In an op-ed for The Courier-Mail, Terry Sweetman questions to what extent citizens should trust government with their personal information under proposed rules on data retention that would see data stored for up to two years. “Government is a creation of our democratic system, but it has bizarrely been allowed to transmogrify into Big Brother in its pursuit of information,” Sweetman writes, adding that even the best of systems can be hijacked by criminals.
Full Story

FINANCIAL PRIVACY—AUSTRALIA

Banks Concerned with Social Media Risks (January 31, 2013)

In an interview with The Australian Financial Review, Denis Curran, head of technology at National Australia Bank, expressed concern over banks’ attempts to expand their services to customers via Facebook. Specifically, Curran cited the social media firm’s privacy policy and the “uncontrolled way Facebook seems to announce their changes.” In an effort to optimise the customer information available to businesses on Facebook, some Australian banks are currently testing out services that allow users to conduct their bank business on the site, the report states.
Full Story

PRIVACY

Data Privacy Day Raises Awareness, EDPS Issues Statement (January 31, 2013)

The U.S.-based National Cyber Security Alliance (NCSA) officially kicked off Data Privacy Day events with a broadcast from George Washington University Law School featuring U.S. Federal Trade Commissioner Maureen Ohlhausen and privacy and security experts from industry and government. Observed in countries across the globe, “Data Privacy Day highlights a year-round effort for all of us to improve measures to protect our personal data,” said NCSA Executive Director Michael Kaiser, noting, “We want all digital citizens to feel like they have a choice in how their data is being collected, stored and consumed and that starts with being educated about the privacy policies of online companies and web properties. As society increasingly becomes more wired, it's imperative we understand how to best protect our data.” European Data Protection Supervisor Peter Hustinx issued a message in honour of the occasion reminding individuals that they “have the right to know what information is held about you on major government and industry databases. In some circumstances you can object to the processing of your personal information, and you’re entitled to complain if your rights to privacy and data protection are being infringed.”
Full Story

DATA PROTECTION—CHINA & U.S.

Bureau Passwords Hacked; Sen. Releases Cybersecurity Report (January 31, 2013)

The New York Times reports that Chinese hackers infiltrated the news bureau’s computer systems and acquired passwords of reporters and other employees. Security experts found that over a four-month period, hackers stole the corporate passwords of every Times employee in order to access the personal computers of 53 specific employees, but no customer data was breached, the report states. Meanwhile, Sen. Jay Rockefeller (D-WV) has released a staff memorandum detailing the comments his office received from companies regarding cybersecurity practices. Of nearly 300 respondents, more than 80 percent came from Fortune 100 firms. The memorandum is expected to inform future cybersecurity legislation. Last week, Rockefeller introduced the Cybersecurity and American Cyber Competitiveness Act of 2013. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

A How-To on Kick-Starting Your Company’s Privacy Program (January 30, 2013)

It’s not enough for a business to create a privacy policy and place it on its website, says Bob Siegel, CIPP/US, CIPP/IT, founder of Privacy Ref. Businesses must also define policies and practices, verify employees are complying and confirm third-party service providers are practicing adequate data protection. In this exclusive for The Privacy Advisor, Siegel identifies 10 steps companies should follow when kick-starting their organization’s privacy program. Editor's Note: For more tips and tools from the pros, visit the IAPP's Resource Center.
Full Story

SOCIAL NETWORKING

Facebook Unveils “Ask Our CPO” Feature (January 29, 2013)

As a replacement for its now defunct user voting policy and to “enable you to send us your questions, concerns and feedback about privacy,” Facebook has launched a new “Ask Our CPO” feature, TechCrunch reports. Facebook CPO Erin Egan answered three of the most common questions in a blog post. “We’ve built a comprehensive privacy program that helps us take a systematic approach to privacy,” she wrote in answer to whether the company thinks about privacy when designing new products. Egan also stated the company does not sell users’ private information to advertisers. “We use the things you do and share on Facebook, including demographics, likes and interests to show ads that are more relevant to you,” she wrote. Editor’s Note: As part of our Conversations in Privacy series, Egan will be joined by Facebook Associate General Counsel Edward Palmieri, CIPP/US, and Future of Privacy Forum Director Jules Polonetsky, CIPP/US, in the breakout session Facebook and Your Organization—What Every CPO Should Know at the IAPP Global Privacy Summit.
Full Story

ONLINE PRIVACY

Google, Twitter Push Awareness of Gov’t Access (January 29, 2013)

Monday marked the fourth annual Data Privacy Day, and saw two major tech companies observing it by working to increase public awareness of the ease at which governments worldwide can access online data, reports CNN. Twitter released its latest transparency report outlining government requests for data, including more detail this year, and Google followed up on its report released last week with calls for more stringent protections for users’ data. Google’s chief legal officer said, “We want to be sure we’re taking our responsibilities really seriously,” adding, “we are going to make sure that governments around the world follow standards and do this in a reasonable way that strikes the balance.”
Full Story

PRIVACY LAW—HONG KONG

Journalists Campaign Against Proposed Law (January 28, 2013)

A group of Hong Kong journalists have published a petition in five local newspapers against a proposed law that would limit access to information about company directors. The petition includes the signatures of 1,769 reporters, editors, media teachers and students. Hong Kong Journalists Association (HKJA) Chairwoman Mak Yin-ting warned if the bill becomes law, “the free flow of information will be suffocated.” The move to petition comes after the government said it would consult with the privacy commission over the proposed changes, according to South China Morning Post. In a full-page ad, the HKJA stated, “Allowing the public, including journalists, to examine the personal data of a director has long been a sound common practice, which has not been abused.”
Full Story

SOCIAL NETWORKING

Open Letter Seeks Skype Transparency (January 25, 2013)

A collection of privacy advocates, Internet activists, journalists and others have written an open letter asking for public disclosure of the privacy and security practices used by video communications service Skype, CNET News reports. The group—which includes the Electronic Frontier Foundation and Reporters Without Borders—is particularly concerned about government access to conversations, the report states. The letter asks Skype owner Microsoft to provide a “regularly updated Transparency Report.” Microsoft said it is reviewing the letter. Meanwhile, a newly introduced video-sharing service for Twitter experienced a privacy snag when it was discovered that users were logged in as the incorrect user. The service was temporarily taken down, and bugs have since been ironed out.
Full Story

PRIVACY—NEW SOUTH WALES

Gov’t Wants Domestic Abuse Central Database (January 24, 2013)

ABC News Australia reports that the New South Wales government “wants every case of domestic violence reported to police, health and other agencies to be recorded in a central database.” Pru Goward, the minister for Family and Community Services, said the database will improve the treatment of victims and the coordination of agencies. She said agencies will work better on behalf of victims if they all “have the same information about a victim and perpetrator, and the real risk to the victim.”
Full Story

PRIVACY LAW—TAIWAN

Privacy Law Creates Challenge for Charities (January 24, 2013)

The China Post reports some charity groups in Taoyuan have encountered difficulty giving money to low-income families for the Chinese New Year. Citing possible violations of the Personal Information Protection Act, the local government refused to give out lists of low-income residents. The Taoyuan County Government’s Social Welfare Bureau said, “not every low-income resident would like to disclose their personal information.” Going forward, as the county government verifies low-income household applications, it will ask residents for consent before disclosing information to charity groups.
Full Story

MOBILE PRIVACY—KOREA

iPhone Owners Drop Privacy Violation Suit (January 24, 2013)

iPhone owners in Korea have dropped a lawsuit that claimed Apple’s iPhone’s tracking mechanisms violated their privacy rights by obtaining location data without their consent. The 29 plaintiffs will now join a separate suit against Apple that includes 27,000 iPhone users and also alleges privacy violations. The plaintiffs in that class-action are seeking more than $25 million in compensation. In 2011, a Korean man won his suit against Apple, claiming his iPhone’s location log infringed upon privacy articles in the Korean Constitution.
Full Story

PRIVACY LAW—TAIWAN

Lawmaker: MOJ Misread Law, Hampered Citizens’ Rights (January 24, 2013)

Democratic Progressive Party Legislator Wu Yi-chen has asked the Ministry of Justice (MOJ) to withdraw its instructions regarding Taiwan’s new privacy law, claiming they have misquoted the law and “prohibited people from gathering their own evidence during a police investigation,” reports The China Post. The request stems from a traffic stop in which a man used a cellphone to record the investigation process but was stopped by the officers who said it may contravene the Personal Information Protection Act. The Kaohsiung police said according to the MOJ's instructions, if a person wants to collect their own evidence, they should acquire consent from police. Wu has given the MOJ 10 days to come up with clearer instructions.
Full Story

ONLINE PRIVACY

Google Report: Increase in Gov’t Requests for Data (January 24, 2013)

Governments around the world continue to make requests for users’ private data at an ever-increasing rate, The Guardian reports. “User data requests of all kinds have increased by more than 70 percent since 2009,” said Richard Salgado, legal director at Google. Google’s latest transparency report shows U.S. government requests up 136 percent, and explains the U.S. legal process for gathering electronic information. The report says that under the Electronic Communications Privacy Act, 68 percent of U.S. data requests require no subpoena or warrant.
Full Story

EMPLOYEE PRIVACY—NEW ZEALAND

Commissioner: Drug Tests May Be Illegal (January 24, 2013)

New Zealand Privacy Commissioner Marie Shroff says proposed welfare rules that require beneficiaries to take drug tests are potentially illegal, reports Stuff.co.nz. Shroff says a provision contained in the Social Security (Benefit Categories and Work Focus) Amendment Bill that would require job candidates to take drug tests upon employers’ requests could violate employees’ privacy. Currently, job candidates can decline to take a test without penalty. Job candidates “are not likely to challenge the legality of a drug test, as refusing to give consent would leave them at risk of having their benefit cut,” Shroff said.
Full Story

ONLINE PRIVACY

Panel Discusses Consumer, Industry “Privacy Gap” (January 24, 2013)

A panel featuring representatives from government, industry and advocacy met to discuss the “privacy gap” between businesses and consumers, ZDNet reports. The president of the Application Developers Alliance noted “effective communication” between consumers and companies about what data is collected, how it’s shared and whether a firm has experienced a data breach contribute to filling in the gap, the report states. Microsoft Chief Privacy Officer Brendon Lynch, CIPP/US, promoted baking privacy into product and system design from the beginning, adding, “often it’s a matter of choosing better default settings on behalf of users.” Microsoft has also commissioned a survey on consumer privacy expectations.
Full Story

ONLINE PRIVACY

Film Explores Evolution of Privacy Policies (January 23, 2013)

A new film exploring the changing legal and privacy rights of Internet users premiered at the Sundance Film Festival, CNET News reports. “Terms and Conditions May Apply” documents the evolution of online tech companies’ policies and how user anonymity has diminished as a result of government intervention—such as the USA PATRIOT Act—and advertisers, the report states. Film director Cullen Hoback argues that diminished online anonymity has put some users at greater risk, citing an example of a Facebook post that brought a SWAT team to a comedian’s house. Hoback also seeks out one firm’s original privacy policy, which reportedly included language promising anonymity to users. Now, Hoback says, privacy policies are “designed to be as uninviting as humanly possible.”
Full Story

PRIVACY LAW—CHINA

Gov’t To Enforce Privacy Protection Guideline (January 22, 2013)

Xinhuanet reports that a new privacy protection standard for companies collecting consumer information in China will go into effect on February 1. Published in November and the first of its kind in the nation, the “non-obligatory guideline” states that data collectors should obtain consent prior to the collection and processing of an individual’s sensitive personal information, according to the Ministry of Industry and Information Technology. The guideline categorizes personal data as “general” or “sensitive” and permits general data collection if an individual does not object, the report states. Organizations should have specific and clear purposes for collecting data and delete the information once it is no longer needed. Editor’s Note: The breakout session Complex, Nuanced and Evolving—Privacy Developments in Asia will be part of the IAPP Global Privacy Summit in Washington, DC, this March.
Full Story

DATA PROTECTION—AUSTRALIA

Commissioner Concerned with Microsoft Proposals (January 22, 2013)

Responding to a Microsoft report proposing changes to data privacy rules, The Office of the Australian Privacy Commissioner has expressed concerns. The Microsoft Global Privacy Report was released in November and suggests changing the provision within the Organisation for Economic Co-operation and Development’s privacy guideline forbidding personal data use without consent to allow for data use as long as it is not “fraudulent, unlawful, deceptive or discriminatory,” the report states. Privacy Commissioner Timothy Pilgrim says such use would extend beyond the Privacy Act. Microsoft’s report also suggests relaxing rules on companies’ obligations to respond to personal data deletion requests.
Full Story

SOCIAL NETWORKING

Expert: Graph Is “Watershed Moment” for Social Search (January 21, 2013)

Coming at a time when people are increasingly more cautious about posting information online, Facebook’s new search tool “Graph Search” has some experts wondering whether users will continue to share the information that will make it valuable, reports The New York Times. The tool mines users’ interests, photos, check-ins and “likes” and displays results ranked by the friends and brands that it thinks a user would trust the most. “This is a watershed moment,” said one University of Washington computer science professor, adding, “There have been other attempts at social search, but it’s the scale at which Facebook operates, especially once they fully index everything we’ve said or say or like.” (Registration may be required to access this story.)
Full Story

SURVEILLANCE

“Privacy Visor” Blocks Facial Recognition (January 21, 2013)

The integration of facial recognition into people’s lives, from surveillance cameras to social networks, has prompted Japanese researchers to develop a pair of high-tech glasses that block facial recognition cameras, reports Slate. The two professors set out to counter the “invasion of privacy caused by photographs taken in secret.” The prototype consists of a pair of goggles attached to a battery that use infrared light sources to create “noise” across key areas of the face. This is not the only recent invention aimed at thwarting surveillance technologies; a New York artist has come out with a line of “anti-surveillance” clothing.
Full Story

DATA LOSS—HONG KONG

Breach Exposes Students’ Data on Public Sites (January 18, 2013)

Privacy Commissioner for Personal Data Allan Chiang says a recent breach involving the personal data of more than 8,505 students is indicative of widespread negligence among webmasters, China Daily reports. Nine schools were involved in the breach, which exposed the students’ names, phone numbers and e-mail addresses. The schools say technicians are at fault for having mistakenly published the data on public websites. The data has been removed from the sites.
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Borrowers Trading Privacy For Loans (January 17, 2013)

The New Zealand Herald reports that some finance firms are requiring loan applicants to sign waivers allowing them to acquire personal data from government organisations and private companies. In the last year, the Ministry of Business, Innovation and Employment received 20 requests for taxpayers’ personal data, the report states. Financial organisations may also gather private information from telecommunications providers and from past and current employers. In one case, a firm posted a customer’s name, date of birth and address online in order to find him. Assistant Privacy Commissioner Mike Flahive said posting such personal data online appears to breach the Privacy Act and his department is investigating.
Full Story

DATA PROTECTION—HONG KONG

PCPD Defends Restricting Company Data, Acknowledges Concerns (January 17, 2013)

Privacy Commissioner for Personal Data Allan Chiang is defending his position after journalists called on the government to withdraw proposed changes that would make it more difficult to examine the backgrounds of company directors, reports China Daily. While Chiang called it unsatisfactory that company directors' information should be readily available, he also noted that the right to privacy is not absolute, adding, "If it is a matter of public interest, I don't see any reason not to grant (news activities) the exemption.” Wong Kwok-kin of the Hong Kong Federation of Trade Unions called the approval of the Companies Bill last July an "oversight" by lawmakers.
Full Story

DATA PROTECTION

Experts Discuss Privilege Management Tool (January 17, 2013)

CSO reports on a technology some say can “trump human weaknesses,” making data breaches due to human error less likely. “Least privilege management” operates on a need-to-know basis but allows access privileges to applications instead of individuals; however, it hasn’t been widely deployed among organizations, the report states. One expert said, “It’s nigh impossible to account for all types of user interaction with a system. But in interactions that are fairly small or focused, properly implemented least privilege would be a solid and nigh unusurpable control.” Another expert said the problem isn’t “unwitting employees but malicious attackers.”
Full Story

PRIVACY LAW—EU

EDPS Takes Position on EP Reports (January 15, 2013)
Commissioner Giovanni Buttarelli, deputy European Data Protection Supervisor (EDPS), spoke last week on the EDPS’ first official position on the recent report from MEP Jan Philipp Albrecht on the European Commission’s proposed update to the 1995 Data Protection Directive. Noting that in the EDPS’ view, “the data protection package is a huge and necessary step forward for data protection in Europe,” Buttarelli explained, “We appreciate any further contribution aimed to ensure a full comprehensiveness of the two legal instruments—the regulation and the directive—to increase the level of protection ensured by the directive as well as solutions aimed to improve some provisions of both legal instruments which need to be adjusted, clarified or fine-tuned.” Buttarelli also noted in his talking points for last week’s LIBE meeting that “we are in an important phase where there is no room for mistakes. This is why at the EDPS we will continue to follow all further developments and contribute to the debate also through additional, formal contributions, where necessary.” Editor's Note: The upcoming IAPP web conference Draft Report on New EU Data Protection Regulation—Strict Requirements Proposed will offer expert analysis on the draft report.

DATA PROTECTION

Insurance To Grow if Proposals Approved (January 15, 2013)

MEP Jan Philipp Albrecht’s recent report on the European Commission’s draft regulation suggests companies seeking to process data in countries outside of the European Economic Area that have not been designated as meeting EU standards should have to provide “financial indemnification” to individuals for data breaches, reports Out-Law.com. The need for insurance products “to transfer risk for the data processor or controller has grown,” said Pinsent Mason’s Ian Birdsey. “While a standard professional indemnity policy may have been considered adequate five years ago, both companies and insurers have appreciated the need for specialist insurance products dealing with the myriad data risks.”
Full Story

ONLINE PRIVACY

Firm Says It Decrypts HTTPS, But Doesn’t Access It (January 11, 2013)

Nokia has confirmed reports by a security researcher that it decrypts HTTPS data flowing through its Xpress Browser—including banking sessions and encrypted e-mail—but the company says it does not access the decrypted information, GigaOm reports. Security Researcher Gaurang Pandya said, “From the tests that were performed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information, which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature.” Nokia said it has “implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.”
Full Story

INFORMATION ACCESS—HONG KONG

Journalists Want Withdrawal of Proposed Changes (January 10, 2013)

Journalists in Hong Kong have called on the government to withdraw proposed law changes that would make it more difficult to examine the backgrounds of company directors, citing press freedom. Bloomberg reports the concerns center around limitations issued in November by Hong Kong’s Financial Services and Treasury Bureau that would keep residential addresses and full identification numbers of company directors private. “This is unquestionably a retrogressive development in the free flow of information,” said the Hong Kong Journalists Association. “The main objective of the current public inspection arrangement is to ensure that the interests of minority shareholders are protected, that is, the general interests of the public.”
Full Story

ONLINE PRIVACY

Changes Grant Data Access, Tech Giants Join Forces (January 10, 2013)

Foursquare users would be wise to study the application’s new privacy policy, effective January 28, ZDNet reports. The service will now show full names across its website instead of a mix of first name and last initial, and it will allow businesses to see an expanded list of users who have checked in. The window of time to access the list has also expanded. Meanwhile, Apple, Facebook and Microsoft have joined forces to launch ACT 4 Apps, an effort to educate app developers on privacy. The Association for Competitive Technology will facilitate the effort.
Full Story

PRIVACY LAW—EU

Albrecht Report Would Strengthen EC Proposal, Has Industry Concerned (January 9, 2013)
MEP Jan Philipp Albrecht has released a draft report on the European Commission’s proposed update to the 1995 Data Protection Directive supporting a robust framework and recommending more stringent measures, The New York Times reports, inciting mixed reactions from government and industry. The report, containing 350 proposed amendments to be discussed in plenary, would increase data subjects' rights—rewording the “right to be forgotten” as “a right to erasure and to be forgotten”—expand the proposal’s scope of non-EU-based controllers and expand the concept of “personal data.” The report suggests the “legitimate interest” provision—allowing companies to process personal data without consent if the reasons for doing so trump the individual’s right to privacy—should be used only in exceptional circumstances. While EU Justice Commissioner Viviane Reding welcomed the report, industry has reacted less favorably. Facebook’s head of EU Policy, Erika Mann, said that “some aspects of the report do not support a flourishing European Digital Single Market,” and the Industry Coalition for Data Protection said Albrecht’s report “missed an opportunity to reconcile effective privacy safeguards with rules protecting the conduct of business—both fundamental rights under the EU charter.” Monika Kuschewsky, CIPP/E, special counsel at Covington & Burling, told the Daily Dashboard those expecting a “conciliatory report searching for compromise and practical solutions will be disappointed” as the report’s amendments aim to strengthen individuals’ and authorities’ rights and “reinforce existing or impose additional obligations on companies.” Field Fisher Waterhouse’s Eduardo Ustaran, CIPP/E, expects “heated negotiations with the Council of the EU and other stakeholders.” (Registration may be required to access this story.) Editor’s Note: Look for more on this topic in an upcoming edition of The Privacy Advisor.

ONLINE PRIVACY

HTTPS Function Rolled Out by Yahoo (January 9, 2013)

A new option to enable HTTPS for full webmail sessions has been introduced by Yahoo, IDG News Service reports. Digital rights and privacy advocates have welcomed the new rollout. The Electronic Frontier Foundation, along with other advocates, sent a letter to Yahoo CEO Marissa Mayer last November asking for the secure function. The new interface features a “Turn on SSL” setting that users must manually switch on. In a blog post, AccessNow.org supported the decision and wrote, "Pending technical analysis of its implementation, we believe this decision by Yahoo responds to some of the concerns raised by civil society and security experts and signals a continuing strengthening of their services' privacy protections."
Full Story

CONSUMER PRIVACY—CHINA & U.S.

Firm Fined, Four Face Prison (January 9, 2013)

The Wall Street Journal reports that a Shanghai court has fined Dun & Bradstreet (D&B) Corp.’s Roadway Unit 1 million yaun ($160,648) and has sentenced four former employees for allegedly purchasing consumer data illegally. The New Jersey-based company has not contested the charges “in recognition of the fact that such consumer data collection practices contradict D&B’s core values regarding data integrity,” the company wrote in a statement. According to a China Central Television report last March, the company “improperly purchased data on more than 150 million Chinese citizens from insurance companies” and banks, among others. (Registration may be required to access this story.)
Full Story

TRAVELERS’ PRIVACY—HONG KONG

Customs Officials: Body Scanners Are Not Intrusive (January 7, 2013)

Customs officials say new body scanners to be installed at a cruise terminal and an airport are not intrusive and should not incite privacy concerns, South China Morning Post reports. Passengers deemed a “high security risk” will be asked to go through the scanners, which use millimeter wave technology to detect discrepancies in temperature between a body and an object. The scanners will reduce the need for physical searches, officials say, and “will not display body features or anatomical details of the person being screened and hence trigger no privacy concern.” Civil liberties advocates raised concerns last week when officials announced they would trial the scanners this year, the report states.
Full Story

CHILDREN’S PRIVACY—AUSTRALIA & U.S.

Report on Kids’ Apps Worries Regulators (January 3, 2013)

Following a report from the U.S. Federal Trade Commission last month indicating hundreds of popular children’s apps collect or share personal information without parental permission, The Sydney Morning Herald reports that a spokesman for Attorney General Nicola Roxon has said apps that breach children’s privacy are “completely unacceptable” and Roxon will ask Privacy Commissioner Timothy Pilgrim to “consider using his enforcement and investigative powers to see if any action can be taken.” Pilgrim said the FTC report made him “very concerned.” While the U.S. has laws forbidding website operators and app developers from collecting or sharing the personal information of children under 13 years old, Australia has no such law, the report states.
Full Story

BEHAVIOURAL TARGETING—AUSTRALIA

Concerns About Direct Marketing Tactics Proliferate (January 3, 2013)

As companies increasingly turn to direct marketing to sell products, privacy advocates are concerned about where the personal information required for such marketing ends up, ABC News reports. Such marketing tactics, which often involve consumers giving up details including names, addresses and ages, create large consumer databases. David Vaile of the Australian Privacy Foundation says privacy laws aren’t stringent enough for the digital age. “The problem is a lot of the consent is not really fully informed consent, in the sense that people don’t necessarily know what may further be done with this once it’s collected—it doesn’t necessarily stay with the collector,” he said.
Full Story

BEHAVIORAL TARGETING

Ad Industry Concerned With Firms’ Privacy Practices (January 3, 2013)

Ad Age reports on concerns within the advertising industry that Facebook and Amazon are not using the industry’s standardized ad privacy program while a majority of large media firms and ad networks comply or integrate with the Digital Advertising Alliance’s (DAA) Ad Choices program. Ad campaigns operated by Facebook and Amazon also raise privacy concerns, the report states. One industry executive said, “We need publishers to adopt the industry standard,” adding, “We cannot have everyone embrace it in their own flavor.” A TRUSTe representative said Facebook is “pushing the edge of what online advertising is doing” and added the two companies “may warrant a whole new category within the DAA’s program.”
Full Story

PRIVACY LAW—CHINA

China Adopts Online Privacy Rules (January 2, 2013)

Chinese lawmakers have approved rules to increase personal data protection online, China.org.cn reports. Adopted by officials on the Standing Committee of the National People’s Congress, the rules will reportedly help “promote social harmony and stability and safeguard national security.” One legislator said, "The decision uses the legal form to protect personal information security, set down the network identity management policy, clarify the duties of service providers and endow government watchdogs with necessary supervisory measures.” Some are concerned the identity management policy requiring Internet users to use their real names will hamper the anonymity of whistleblowers. Meanwhile, Baker & McKenzie analyzes Singapore’s recently passed Personal Data Protection Act.
Full Story

SOCIAL NETWORKING

Foursquare Changes Privacy Policy, Suit Filed Against Instagram (January 2, 2013)

Foursquare announced last week that it is changing its privacy policy effective January 28, PC Magazine reports. The service will now show full names across its website instead of a mix of first name and last initial, and it will allow businesses to see an expanded list of users who have checked in. A company e-mail stated, “This is great for helping store owners identify their customers and give them more personal service or offers.” Foursquare has also created “Privacy 101,” a stripped-down version of its privacy policy. Meanwhile, a class-action lawsuit has been filed against Instagram for its proposed privacy policy changes. According to the report, the lawsuit cites a breach of contract, among other claims.
Full Story