European Data Protection Digest

For most of history, Anonymous was a woman. Dare I say, be careful what you wish for, Virginia Wolf. Judging by the research my colleague Jed Bracy has been doing on “revenge porn,” women today might just face the exact opposite challenge. For those unfamiliar with revenge porn, it is the practice of posting online nude pictures of a person (surprisingly (not) women most of the times) out of revenge. The perpetrators are usually ex-boyfriends. You know how when we were young our exes would spread false rumours about us in school to get back at us? Same thing more or less—except that, instead of a rumour, in this case the exes disseminate pictures and their audience expands well beyond a school’s walls. Not to mention the right to be forgotten (or lack thereof) implications. It’s basically stalking on steroids.

As creepy as revenge porn is, in a recent blog post, Jed also brought to my attention this gem of a Facebook group that is WWEOT, Women Who Eat on Tubes (as in the London underground). So much has been written about this group (see this article from the The Guardian, for example) that I’d rather not waste another word about it. Interestingly, though, TFL’s enforcement director has been quoted as saying that, whilst taking photos on the Tube isn’t illegal (fair enough) they ask anyone doing so to ensure that they use common sense and respect for other passengers. Yes, common sense and respect are exactly the notions that spring to mind here.  

So let’s think—I am definitely not from the “selfie generation” and might be immune from revenge porn, but now I can’t even eat crisps on the Tube?

We have a saying here in Italy that goes something like this: The mother of the ignorant ones is always pregnant.

Rita Di Antonio
Managing Director
IAPP Europe

Top European Privacy and Data Protection News

DATA LOSS—UK

Breaches Affect Publisher, Councils, NHS Trust (November 27, 2013)

Across the UK, breaches have been making headlines and prompting orders and advice from the Information Commissioner’s Office (ICO). This roundup for The Privacy Advisor examines some of the most recent reports.A publication’s website is asking users to change their passwords. The ICO has warned companies to train temporary workers on proper data protection after four data breaches at an NHS Trust, and two councils have been ordered to take action after improper data protection policies.
Full Story

DATA PROTECTION—EU & U.S.

Commission Gives U.S. 13 Ways To Save Safe Harbor (November 27, 2013)
The European Commission has released its report on EU-U.S. data flows, including a critique of the widely-criticized Safe Harbor framework , which makes 13 recommendations to improve the data-transfer mechanism. The commission says U.S. authorities have until summer of 2014 to implement the recommendations, at which point it will revisit the review. In this exclusive for The Privacy Advisor, U.S. Federal Trade Commissioner Julie Brill said she’s pleased the commission has indicated its support for maintaining Safe Harbor as a data transfer mechanism. “I think some of the recommendations—increasing transparency and making alternate dispute resolution accessible and affordable—would be helpful.” Dutch MEP Sophie in ‘t Veld told The Privacy Advisor that while she’s pleased there’s progress, the report is long overdue. “Maybe we’re now finally entering the phase where we no longer tolerate that our own EU rules are being overruled by third countries’ laws,” she said. Covington & Burling’s Henriette Tielemans said the report indicates a “genuine willingness on the part of the commission” to save Safe Harbor.

GLOBAL INTEROPERABILITY—EU & U.S.

Safe Harbor Report Could Be the Start of Real Privacy Interoperability (November 27, 2013)

According to Field Fisher Waterhouse Partner Eduardo Ustaran, CIPP/E, the European Commission’s report on Safe Harbor lived up to expectations of being “critical” of the agreement but stopped short of “delivering a fatal blow to the scheme.” Ustaran writes for Privacy Perspectives that false claims of compliance with Safe Harbor “appear to be a greater concern than the potential vulnerability of Safe Harbor as a conduit to allow U.S. intelligence authorities to access data originating from the EU,” adding, “In other words, the European Commission is not really seeking to turn Safe Harbor into a data bunker…”
Full Story

INTERNET OF THINGS

Opinion: TV’s Rollout Shows Lack of PbD, Transparency (November 27, 2013)

The recent rollout of LG’s new smart television has garnered press attention arising from several privacy concerns about how the new appliance collects and shares user data. The company has since announced it will update its firmware to address some of the concerns, and in the meantime, according to the Center for Democracy & Technology Director of Consumer Privacy Justin Brookman, its privacy notice has changed several times—often in contradictory ways. Did the company miss an opportunity to prevent all this? What roles could privacy professionals play in preventing such backlash. In this installment for Privacy Perspectives, Brookman looks into LG’s collection practices while pointing out the appliance’s apparent lack of Privacy by Design and transparency, suggesting the incident could serve as a lesson for privacy pros within other companies set to roll out new technology and consumer products.
Full Story

INTERNATIONAL PRIVACY

UN Passes Internet Privacy Resolution (November 27, 2013)

The United Nations General Assembly’s Human Rights Committee has unanimously approved an unlawful surveillance resolution originally proposed by Brazil and Germany, the Associated Press reports. Though symbolic, the resolution looks to pass along privacy rights to people around the world. The U.S., along with the other “Five Eyes” nations, had tried to dilute some of the resolution’s language, the report states. Brazil’s UN ambassador said the resolution “established for the first time that human rights should prevail irrespective of the medium and therefore need to be protected online and offline.” Germany’s ambassador queried, “Is the human right to privacy still protected in our digital world? And should everything that is technologically feasible, be allowed?”
Full Story

SURVEILLANCE—GERMANY

Berlin Now Home to Privacy Activists, Leakers (November 27, 2013)

The Washington Post reports on Germany’s once-divided city of Berlin and how it has become a haven for privacy activists and whistleblowers attempting to avoid prosecution from countries such as the U.S. and UK. Documentary filmmaker and Edward Snowden conduit Laura Poitras has made Berlin home, as has former Wikileaks spokesman Jacob Appelbaum. One privacy activist said, “It’s a rather inviting social climate right now … Why be completely paranoid, go mad, have your house surveilled? There’s a reason people are coming here.” (Registration may be required to access this story.) Editor’s Note: Appelbaum will be part of a panel discussing the NSA disclosures at this year’s IAPP Europe Data Protection Congress in Brussels.
Full Story

ONLINE PRIVACY—EU

Complaints Over Google Terms of Service Filed in 14 Countries (November 27, 2013)

Privacy advocate Simon Davies has filed complaints with 14 European data protection authorities stating that Google’s new terms of service violate European data protection law, reports PCWorld. The main issue involves changes to the “shared endorsements” feature, which allows Google+ users’ names and photos to be used in advertising for products they follow on the service. “The general position is that the ground rules shouldn’t be changed halfway through the match. Google acquired the data under one condition, and I’m asserting that it cannot change the purpose of that data after the fact,” Davies said. Davies’ other challenges target the feature’s opt-out mechanism and changes in the way users are required to interact with YouTube.
Full Story

ONLINE PRIVACY

Will the Internet Become Private as a Standard? (November 27, 2013)

The Internet Engineering Task Force (IETF) has asked the architects of Tor, a privacy-protecting web-browsing tool, to discuss the idea of using their product to make private web browsing the Internet standard, Salon reports. “Collaborating with Tor would add an additional layer of security and privacy … that goes beyond encrypting your communications,” the report states. Andrew Lewman, executive director of Tor, says the idea is “worth exploring to see what is involved. It adds legitimacy; it adds validation of all the research we’ve done”; however, he adds, “The risks and concerns are that it would tie down developers in rehashing everything we’ve done, explaining why we made decisions we made. It also opens it up to being weakened.” Meanwhile, new app Aether is an encrypted network that lets people share content anonymously.
Full Story

PRIVACY LAW—UK

In Wake of Tribunal’s Breach Ruling, Expert Advocates Self-Reporting (November 27, 2013)

Out-Law.com reports that while Upper Tribunal Judge Nicholas Wikeley has ruled “it would be wrong for immunity from fines to automatically follow an act of self-reporting,” data protection law expert Kathryn Winn points out, "Organisations should not be discouraged from self-reporting data breaches to the ICO as a result of this ruling." Pinsent Masons’ Wynn explains, “The ICO has often considered self-reporting as a mitigating factor when determining the level of monetary penalty notices they issue and certainly take a stronger stance on enforcement where they first hear about data breaches through press reports or via complaints.”
Full Story

CLOUD COMPUTING—EU

ENISA Releases Cloud Deployment report (November 27, 2013)

The European Union Agency for Network and Information Security (ENISA) recently released its report “Good Practice Guide for securely deploying Governmental Clouds,”  analysing the state of government cloud deployment in 23 EU countries. The report classifies the countries as either “Early adopters”, “Well–Informed”, “Innovators” or “Hesitants” based on specific criteria and includes 10 tips for successfully rolling out governmental cloud services—including developing privacy-enhancement provisions. “This report provides the governments the necessary insights to successfully deploy cloud services,” said ENISA Executive Director Prof. Udo Helmbrecht.
Full Story

PRIVACY—UK

Residents “Worried” Over CMC Cold-Calls (November 27, 2013)

Consumer group Citizens Advice requested a ban on cold-calling by claims management companies (CMCs) in the wake of a survey that found 90 percent of respondents have been contacted in the last year, with 62 percent indicating they “had been ‘pestered’ by calls, e-mails and spam texts within a single week,” The Telegraph recently reported. A report from The Daily Mail this week notes an AXA study has found nearly half of respondents are “worried by nuisance calls from” CMCs, while attempts to “clamp down” on CMCs are not working “with one in five people cold called by phone or contacted via text message within the previous 24 hours, and a quarter during the past week alone.”
Full Story

PRIVACY LAW—EU & SWEDEN

Court of Human Rights Rules on Secret Videotaping (November 27, 2013)

The European Court of Human Rights has ruled in a case stemming from an incident in Sweden involving surreptitious videotaping that countries without laws prohibiting secret videotaping or photography violate privacy laws, Courthouse News Service reports. “Regarding the protection of the physical and psychological integrity of an individual from other persons, the court has previously held that the authorities' positive obligations may include a duty to maintain and apply in practice an adequate legal framework affording protection against acts of violence by private individuals," the court wrote.
Full Story

PRIVACY—EU & U.S.

When the NSA Meets Tor, Vodafone and the European Parliament (November 26, 2013)

“Imagine the NSA, European Parliament, Tor and Vodafone having a civilized conversation about privacy,” writes IAPP VP of Research Omer Tene. “Considering the ricochets from the Snowden affair are still reverberating on both sides of the Atlantic, this may seem implausible,” but, Tene adds, “you better believe it: The IAPP Europe Data Protection Congress 2013 is featuring a panel discussion among representatives from all of the above, which I look forward to moderating.” In this Privacy Perspectives post, Tene discusses the varying sides of the equation, bringing together what should be a robust and dynamic conversation.
Full Story

PRIVACY BIZ

EuroPriSe Seal To Change Hands January 1 (November 26, 2013)

The German data protection authority that operates the EuroPriSe privacy certification seal, the Independent Centre for Privacy Protection Schleswig-Holstein (ULD), announced this month that it is transferring operations to a new entity to be known as EuroPriSe GmbH as of January 1. This, said Thilo Weichert, head of ULD, will allow the program to grow in a way that was not possible as part of a regulatory body like ULD. Jurgen van Staden of 2B Advice explains the new organization will allow for extending certifications to a much larger group of methods, concepts, people, training sessions and websites “in accordance with the tried and tested certification structure EuroPriSe experts and customers have come to know.”
Full Story

TRAVELERS’ PRIVACY—UK

Air Passengers Allowed To Refuse Scanners as More Are Installed (November 26, 2013)

Security scanners are currently in use at 10 of the UK’s busiest airports and are being deployed at 11 more, according to Transport Secretary Patrick McLoughlin. At the same time, passengers are now being offered alternate options after refusing to go through the scanners, while previously they were simply not allowed to fly, reports Computerworld UK. "From today, passengers who opt out of being screened by a security scanner will be allowed a private search alternative. This is a method of screening which we consider is of an equivalent security value to a security scan,” McLoughlin said.
Full Story

SOCIAL NETWORKING

Viral Video Exposes Privacy Disconnect (November 25, 2013)

A video went viral last week in which the host, Jack Vale, decided he wanted to know “how easy it would be to get personal information from complete strangers.” Vale located nearby social media users by using his own location and identifying nearby users who publicly posted basic personal information. It turned out that identifying and gleaning additional personal data was relatively simple. This installment of Privacy Perspectives explores the experiment, looking at “what seems to be a common disconnect between our online and offline lives” and possible lessons for online businesses.
Full Story

PRIVACY LAW—EU

Cookie Monsters of Silicon Valley Come to Brussels (November 25, 2013)

In the world of online tracking, the cookie is kingbut there may be a regime change on the horizon. Cookies are under more regulatory scrutiny than ever, especially in Europe, but even as legislation seeks to make cookie use more privacy protective, the technology itself is on the way out. Instead, server-side tracking alternatives and embedded device identifiers, mainly in the hands of Internet giants like Google, Facebook, Microsoft and Apple, are poised to supplant cookies in the digital tracking market. Thus, it is important to analyze the effect of these changes in the techno-business landscape on the EU regulatory framework. IAPP Westin Research Fellow Kelsey Finch examines how this new technology is likely to be viewed and regulated in the European Union. (Editor’s Note: The IAPP Data Protection Congress will explore these issues Dec. 10 through 12, in Brussels.)
Full Story

PRIVACY LAW

Tracker Roundup: Wyndham Case, Safe Harbor and More (November 25, 2013)

In the U.S., FTC v. Wyndham will decide whether the company’s “failure to safeguard personal information caused substantial consumer injury” and whether the FTC even has the authority to regulate data security; the GAO is pushing for comprehensive federal law governing the collection, use and sale of personal data by businesses, and Sen. Al Franken (D-MN) is calling for regulation over biometric data before the horse leaves the barn. In the EU, the debate over Safe Harbor continues, with MEP Jan Philipp Albrecht and Justice Commissioner Viviane Reding saying EU residents need to be able take data privacy complaints to U.S. courts. The Office of the Australian Information Commissioner (OAIC) has released the final set of Australian Privacy Principles that cover access to and correction of personal information, and in Canada, Alberta needs to create a new Privacy Act and Bill C-30 is back in the news. All this and more in this week’s Privacy Tracker legislative roundup. (IAPP member login required.)
Full Story

SURVEILLANCE

Twitter Encrypts; Zuckerberg Says Gov’t “Continuing To Blow It” on Privacy (November 25, 2013)

Twitter has announced it has encrypted its services to protect user data from cyber criminals and intelligence agencies. Lawyers for Lavabit—which closed its e-mail services rather than share master encryption keys with the government—have filed a reply brief in a case that may determine whether a company must be compelled to turn over such keys. Lavabit Founder Ladar Levison recently spoke about his experience with The Privacy Advisor. Meanwhile, the NSA’s John Inglis said he is skeptical about the NSA sharing the vast troves of data it collects with other federal agencies such as the FBI or DEA—indicating he does not agree with a reform bill proposed by Sen. Diane Feinstein (D-CA). The Wall Street Journal reports that a federal judge appears to be “receptive to critics” of the NSA’s collection of phone metadata, but one federal lawyer has argued that Americans have “no expectation of privacy” in making phone calls. And on ABC’s This Week, Facebook CEO Mark Zuckerberg said the U.S. is “continuing to blow it” on privacy issues.
Full Story

DATA TRANSFER—EU & U.S.

Safe Harbour’s in Trouble—Unless You Ask the U.S. (November 21, 2013)

The U.S. Department of Commerce says Safe Harbour is still viable, and the Federal Trade Commission (FTC) says it has rigorously enforced compliance with the data-transfer mechanism. But privacy regulators and politicians from European countries—Germany in particular—seem hell-bent on putting an end to the agreement and are calling the U.S.’s bluff everywhere but on paper. So far. In this exclusive for The Privacy Advisor, Angelique Carson, CIPP/US, talks with FTC Commissioner Julie Brill, the U.S. Department of Commerce, Covington & Burling’s Henriette Tielemans and Wilson Sonsini Goodrich & Rosati’s Christopher Kuner, both in Brussels, about the impact of new accusations that as many as 400 companies are violating Safe Harbour and what to expect in the European Commission’s December report on the pact’s viability. “I can’t overstress the hostility toward it here,” Kuner said. Editor's Note: A panel including representatives from the Federal Trade Commission, Department of Commerce, European Commission and CNIL will speak about "Safe Harbour: Lessons Learned and Protocols" at the IAPP Data Protection Congress, 10-11 December, in Brussels.
Full Story

DATA PROTECTION—EU

Opinion: Data Community Must Influence Law (November 21, 2013)

“It is essential … that the information security community not only make the effort to be aware and prepare but also recognise and exert influence over” the eventual EU data protection legislation, writes Yves Le Roux of (ISC)2 for Computerworld. Pointing to the lack of technical feasibility of the right to be forgotten, Le Roux writes that privacy pros and others need to speak up about such elements of the law that may not be practicable, noting that the IAPP Europe Data Protection Congress provides an opportunity to do just that. (Editor’s Note: The IAPP Data Protection Congress runs 10-12 Dec. in Brussels.)
Full Story

PRIVACY LAW—UK

ICO: Company Illegally Obtained Data (November 21, 2013)

A private investigations company has been found guilty of illegally obtaining personal information, Financial Times reports. ICU Investigations and seven of its employees were the subject of a two-year investigation by the Information Commissioner’s Office, which found that ICU Investigations had tricked companies into revealing their customers’ personal data by impersonating the people they were trying to trace, obtaining data on almost 2,000 individuals between 2009 and 2010. (Registration may be required to access this story.)
Full Story

INFORMATION ACCESS—SWEDEN

Security Services Wants Access to Service Providers’ Systems (November 21, 2013)

Service providers in Sweden are speaking out against a plan that would automate access to their systems by Swedish Security Service, reports PCWorld. According to Security Service, the plan would decrease the risk of error and allow for better oversight, preventing misuse; however, providers are concerned that the automation would also make it difficult for them to protect customers’ privacy. “We have a role to play when it comes to crime prevention, and we are willing to accept that. But we don’t think that a completely automated process is appropriate. Our primary task is to protect the privacy of our customers, and we feel we can’t do that with an automated process,” said a TeliaSonera representative.
Full Story

RFID—UK

School’s Use of Tracking Raises Questions (November 21, 2013)

A vocational college’s use of an RFID tracking tag is raising privacy concerns, The Guardian reports. “In a trial of up to three years, ending in February 2013, pupils at West Cheshire College wore tags that allowed them to be tracked in detail throughout the college's three campuses. The tags used a new type of ultra-wideband active RFID that provides a far more detailed picture of student and staff movements than anything available before,” the report states. The report questions whether the trial invades students’ privacy, noting that the 2012 Protection of Freedoms Act, which requires schools to obtain parental consent before processing biometric information, does not cover RFID.
Full Story

SURVEILLANCE—GERMANY

Court: Google Rules Violate User Rights (November 21, 2013)

A German court has ruled that 25 provisions in Google’s data protection rules violate user rights and German law, Bloomberg reports. The Federation of German Consumer Organisations (VZBV) brought the case, arguing the clauses are too vaguely formulated. Google says it will appeal the ruling, stating it believes its “terms of service and privacy policy comply with all applicable laws.” VZBV has been targeting large corporations’ data practices, including Apple and Samsung, since 2012, winning judgments against their policies in Berlin courts. Meanwhile, a former UK Liberal Democrat leader has said the secret service’s mass surveillance of citizens is "out of control"; and Norway’s military intelligence chief has reportedly acknowledged the “country spies on millions of phone calls in conflict areas around the world and shares that data with allies” such as the U.S.
Full Story

CYBERSECURITY

Debunking Three Cyber Insurance Myths (November 21, 2013)

“In the past, cyber insurance was a polarizing issue in my discussions with privacy and risk professionals,” writes Experian Data Breach Resolution Vice President Michael Bruemmer, CIPP/US, “Some professionals were adamant about the benefits of cyber insurance, while others worried that the policies currently on the market didn’t meet its needs or were too costly.” In this post for Privacy Perspectives, Bruemmer debunks three of the most common myths associated with cyber insurance and examines why small- and medium-sized businesses are not off the radar of hackers and other cyber thieves.
Full Story

PRIVACY ENGINEERING

How To Do PbD in Predictive Analytics (November 21, 2013)

In a Q&A with DataInformed, IBM Fellow and Entity Analytics Group Chief Scientist Jeff Jonas discusses his involvement with Privacy by Design and how he integrated it into new predictive analytics software. Jonas has created technology that allows businesses to collect and analyze data from multiple sources in real time to help make “smart” decisions. He said, “One of my goals in the use of Privacy by Design in the G2 project was what kind of privacy features can I bake in that cost no more? In other words, they’re by default. They’re built in. In fact, a few of them, you can’t even turn them off. That way, someone’s not left there with a decision, ‘Yeah, we trust ourselves. I don’t have to pay extra for a privacy feature. I’d rather just buy more disk space.’”
Full Story

INTERNET OF THINGS

Are Smart TVs Watching Us? (November 21, 2013)

CNET UK reports on a UK blogger's allegations that “smart TVs are sending information on what channels you watch and the names of media files you stream over your network—even if you turn the setting off.” The report notes the blogger noticed ads on his Internet-connected TV and found an online instruction video where TV-maker LG “details how it can effectively target ads based on user data.” Asked for comment, LG responded, “Customer privacy is a top priority at LG Electronics and, as such, we take the issue very seriously. We are looking into reports that certain viewing information on LG Smart TVs was shared without consent.”
Full Story

BYOD

Where IBM Thinks BYOD Technology Is Headed (November 20, 2013)

When IBM announced last week it will soon acquire FiberLink, a maker of cloud-based mobile-device-management technology and the MaaS360 product, the news may have been interesting to privacy professionals on its own, drawing attention to a tech provider that will now have access to IBM’s much larger resources in attempting to solve a problem, in BYOD, with which many struggle. However, the buy is part of what IBM Director of Mobile Security Caleb Barlow called a “string of pearls” that includes the acquisition of Trustseer and the creation of a “cybersecurity software lab” in Israel, staffed with 200-plus researchers who will focus on mobile and application security and privacy. In this exclusive for The Privacy Advisor, Sam Pfeifle talks with Barlow about what IBM sees as the “Holy Grail” of mobile device management.
Full Story

PRIVACY LAW—EU & U.S.

Albrecht Weighs In Following Reding-Holder Chat (November 20, 2013)

After EU Justice Minister Viviane Reding was making positive noises about a deal with the U.S. on law enforcement access to data, MEP Jan Philip Albrecht told IDG News Service that there is a line in the sand the EU Parliament will not cross: “If a U.S. citizen has a problem with how his data has been treated in the EU, he can take it up with an EU court. We just want the same rights in the U.S. This should be possible. It would be very easy to fast-track change in the U.S.’s privacy act and simply add text to include EU citizens.”
Full Story

ONLINE PRIVACY—FRANCE

Ruling Could Set Precedent (November 20, 2013)

In light of a French court’s ruling that Google must remove images of a former Formula One racing mogul from its search algorithms, Wiley Rein’s David Weslow says if the decision is upheld on appeal, “there may be a precedent in France for forcing search engines or other types of Internet service providers to take affirmation actions to disable certain online content even where a ‘take down’ request has not been filed with that Internet service provider.” A recent poll about whether government should play an increasing role in protecting online privacy indicated 52 percent voted yes and 48 percent voted no, indicating “there is not overwhelming agreement” on what should be done, TechRepublic reports, adding tech companies and governments should be prepared to weigh in. Meanwhile, Google says it will voluntarily remove a Google Maps image related to a young boy’s murder.
Full Story

DATA TRANSFER—EU & U.S.

Safe Harbor’s in Trouble—Unless You Ask the U.S. (November 19, 2013)
The U.S. Department of Commerce says Safe Harbor is still viable, and the Federal Trade Commission (FTC) says it has rigorously enforced compliance with the data-transfer mechanism. But privacy regulators and politicians from European countries—Germany in particular—seem hell-bent on putting an end to the agreement and are calling the U.S.’s bluff everywhere but on paper. So far. In this exclusive for The Privacy Advisor, Angelique Carson, CIPP/US, talks with FTC Commissioner Julie Brill, the U.S. Department of Commerce, Covington & Burling’s Henriette Tielemans and Wilson Sonsini Goodrich & Rosati’s Christopher Kuner, both in Brussels, about the impact of new accusations that as many as 400 companies are violating Safe Harbor and what to expect in the European Commission’s December report on the pact’s viability. “I can’t overstress the hostility toward it here,” Kuner said. (Editor's Note: A panel including representatives from the Federal Trade Commission, Department of Commerce, European Commission and CNIL will speak about "Safe Harbour: Lessons Learned and Protocols" at the IAPP Data Protection Congress, Dec. 10-11, in Brussels.)

ONLINE PRIVACY

Hochman: What Are the Ethics of the Internet? (November 19, 2013)

In a piece for Internet Evolution, Jonathan Hochman explores the ethical limits on the Internet and what he sees as a major problem called “paid unpublishing.” In such cases, a website operator obtains embarrassing information, publishes it and then offers to remove it for a fee. A recent example of this can be seen with mugshot website operators. “Unless steps are taken now to confront paid unpublishing, we may increasingly find our secrets or mistakes for sale online by unscrupulous ‘entrepreneurs,’” Hochman writes, adding that ethical online media follows three principles: no paid unpublishing, avoiding conflicts of interest and supporting the right to respond.
Full Story

ONLINE PRIVACY—EU

EDPS: Telecoms Market Reform Plan Would Put Privacy At Risk (November 19, 2013)

New net neutrality laws would mean Internet users’ privacy rights would be at risk, according to the European Data Protection Supervisor (EDPS), Out-Law.com reports. The European Commission’s telecoms market reform plans would allow Internet service providers to engage in “wide-scale, preventive monitoring of communications content,” an affront to data privacy and protection as well as consumer trust in electronic communication services, the EDPS said.
Full Story

PRIVACY LAW

Alberta Privacy Law Ruled Unconstitutional, and More (November 18, 2013)

The Supreme Court of Canada, in a unanimous ruling, has determined that the Alberta privacy law is unconstitutional and has given the province one year to amend it; a federal judge in Vermont has ruled there can be no expectation of privacy when it comes to data exposed online via a peer-to-peer file-sharing network, and the New Zealand Parliament has voted down a bill that would have given the privacy commissioner increased powers. Meanwhile, the U.S. FTC has asserted its power over parental-consent methods; Brazil is calling for a crackdown on government surveillance, and Italy’s data protection authority and intelligence department have entered into a cooperation protocol. This week’s Privacy Tracker roundup has these stories and more. (IAPP member login required.)
Full Story

PERSONAL PRIVACY

The Secret Life of Webcams (November 18, 2013)

Webcams are on nearly every laptop and smartphone these days. They are great for video conferencing but can be used for nefarious purposes as well. One such case involves a young adult who hacked into a number of computers to take photos of young women and then used such photos to blackmail them. Moreover, the U.S. Federal Trade Commission recently settled with security company TRENDnet because it allegedly used lax security in protecting its cameras from being hacked and exploited. This Privacy Perspectives post explores these cases and looks at what can be done to prevent such nefarious use of these ubiquitous and potentially invasive features.
Full Story

PRIVACY IN POP CULTURE

The Circle Makes Us Square (November 15, 2013)

In his new novel, The Circle, Dave Eggers creates a world dominated by a search/social/commerce operation that is basically every cliché you’ve ever heard about Google, Facebook, Amazon, Yahoo and Twitter, all wrapped into one. In this exclusive for The Privacy Advisor, Publications Director Sam Pfeifle examines the world Eggers creates—a world devoid of privacy pros, where characters live by slogans like “secrets are lies,” “sharing is caring” and “privacy is theft.”
Full Story

PRIVACY

Brick-and-Mortars Catch Up on Tracking (November 15, 2013)

Reuters reports on brick-and-mortar retailers’ use of face scanners in an effort to improve such things as staffing, layout and marketing. Many businesses, aware of consumers’ reticence to be tracked, promise to only use the data in aggregate unless consumers give their consent. Shoppers are also increasingly asked to sign up for loyalty card programs that would allow the retailer to track them in exchange for discounts. “They are just trying to get real smart with data in the way the e-commerce guys are smart with data,” said the head of one tracking-device manufacturer. But the chief executive of a customer science company said, “Too much is happening without consumer consent.”
Full Story

PRIVACY—UK

Help ICO Update Guide on Privacy Policies (November 14, 2013)

The Information Commissioner's Office (ICO) is reviewing its existing privacy policies code of practice with a goal of producing new guidelines in the next year, Out-Law.com reports. The ICO’s Steve Wood said the current code “gives good practice advice and explains how organisations can make sure their privacy notice is as informative and readable as possible, as well as highlighting the benefits that an effective privacy notice can provide. Nevertheless, we believe the time is now right to undertake a review of our existing code.” The ICO is welcoming input. “We’re keen to get the balance right between clear, general guidance and making sure the guidance works for new technologies,” Wood said.
Full Story

PRIVACY LAW—EU

Right To Be Forgotten Remains “Hot Topic” (November 14, 2013)

Mondaq examines the “hot topic” of the right to be forgotten “in the context of imminent EU Data Protection Reform.” The report looks at the right in the context data subjects’ ability through a "right of erasure" to ask data controllers to “delete any personal data relating to them and ensure there is no further dissemination of such data.” This is potentially problematic for companies, the report states, highlighting one recent court case that “has the potential to open the floodgates and set a precedent to justify further requests by others objecting to videos posted about them on social media.” (Registration may be required to access this story.)
Full Story

SURVEILLANCE—EU & U.S.

Implications of NSA Revelations Continue To Make News (November 14, 2013)

The fallout from Edward Snowden’s surveillance revelations continues to make headlines. Dutch and Belgian data protection authorities are leading an investigation “into whether consumers’ personal data on the global SWIFT money-transfer network can be accessed by the U.S. National Security Agency (NSA) or other intelligence services,” Bloomberg reports. “We will investigate if the security of the networks and databases of SWIFT containing huge quantities of personal data related to bank transactions of, among others, European citizens, allow for or have allowed for unlawful access,” said Article 29 Working Party Chairman Jacob Kohnstamm. Meanwhile, the Cloud for Europe research project launched in Berlin on Thursday, and a recent study has indicated dragnet Internet surveillance by the NSA and the UK’s GCHQ violated European privacy law. Germany and Brazil have presented an Internet privacy resolution to the UN, and in the U.S., advocacy groups have sent a letter to the Federal Trade Commission calling for an investigation into Internet companies whose networks were accessed by the NSA. UK Information Commissioner Christopher Graham has voiced concerns about the scale of the NSA’s surveillance programs, and a Tech Dirt report questions the implications of the EU’s Data Retention Directive “in the ongoing debate over how to balance human rights with states' perceived surveillance needs.”
Full Story

BIG DATA—EU

Kroes: Sectors Must Work Together (November 14, 2013)

During a speech this week in Lithuania, European Commissioner Neelie Kroes spoke of the need for the public and private sector to work together “if Europe is to benefit fully from Big Data,” Research reports. “Put the data together, and the value of the whole is far more than the sum of its parts,” Kroes said, adding, “A European public-private partnership in Big Data could unite all the players who matter.” Kroes also said the EU needs “firm and modern data protection rules that safeguard this fundamental right … And we need digital tools to help people take control of their data, so that they know they can be confident to trust this technology.”
Full Story

EMPLOYEE PRIVACY—FRANCE

CNIL Warns Against Company’s Surveillance (November 14, 2013)

The Commission nationale de l'informatique et des libertés (CNIL) has issued a warning to a company that operates shopping centres regarding the use of surveillance equipment, Lexology reports. The CNIL has found that “the presence of 240 cameras, which monitored E. Leclerc’s 230 employees, was both excessive and disproportionate to the purpose they were trying to carry out,” the report states. The cameras were installed in such locations as locker rooms, offices and break rooms, allowing “the employees to be monitored continuously throughout the day,” the report states, noting the CNIL has given the company “three months to modify its monitoring policy.” (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—EU

Expert Examines “Privacy By Default” (November 14, 2013)

In a report for Lexology, McGuireWoods LLP's Paul Van den Bulck examines the concept of “privacy by default” or “the design of an information system whose technical architecture is, at its roots, intended to ensure the safety and confidentiality of personal data.” However, he cautions, the notion of privacy by default as a “winning racehorse” has its limits. Van den Bulck cites the Court of Justice of the European Union’s May decision in a case involving a Portuguese employer as indicating privacy by default as “proposed by the European Commission in the draft General Data Protection Regulation, even if adopted, is not absolute.” (Registration may be required to access this story.)
Full Story

PRIVACY BUSINESS

IBM To Acquire Fiberlink Communications (November 14, 2013)

IBM has announced its agreement to acquire mobile management and security company Fiberlink Communications. “In a mobile-first world, clients require a comprehensive mobile management and security offering. Oftentimes they integrate solutions on their own and take on unnecessary risk,” said IBM’s Robert LeBlanc. “To protect and enhance the complete mobile experience, it’s crucial to secure the app, user, content, data and the transaction. The acquisition of Fiberlink will enable us to offer these expanded capabilities to our clients, making it simple and quick to unlock the full potential of mobility.”
Full Story

PRIVACY RESOURCES

Where To Get Schooled in Privacy (November 13, 2013)

Prompted by a post to the IAPP Privacy List, our online Resource Center now includes a list of colleges and universities that offer courses in privacy. Currently featuring universities in the U.S., Canada and Europe, we have collected a preliminary list of offerings for those seeking higher education in privacy, but we need your help. Do you know of a school with a strong privacy focus? If so, send us an e-mail and let us know what we’re missing.
View Resource

PRIVACY LAW—ITALY

Garante, DIS Enter Cooperative Protocol (November 13, 2013)

The Garante, Italy’s data protection authority, and DIS, the country’s intelligence department, have entered into a cooperation protocol. “This is an extraordinary agreement entered into by very key sensitive functions of the Italian State and a great signal of transparency for the world in reply to all worrying news on Datagate we daily read on newspapers or on the Internet,” writes Panetta & Associati Managing Partner Rocco Panetta in this Global Privacy Dispatch for The Privacy Advisor. “At the same time this is a proof of evidence that a different model of cooperation on the ground of the intelligence services is possible. Citizens have to believe that another world is possible and their rights might be protected together with their security and safety.”
Full Story

DATA LOSS—EU & U.S.

Number Affected by Breach Continues To Rise (November 13, 2013)

More than 1.5 million Europeans have had personal information compromised by a security breach at Loyaltybuild, a company that manages customer loyalty programs across Europe, The Irish Times reports. The Garda has launched an investigation into the incident, which saw nearly 400,000 individuals’ credit card details exposed. Irish Data Protection Commissioner Billy Hawkes said the financial data was not encrypted. Another 150,000 individuals’ details have been “potentially compromised,” and the breach looks to be the result of an external criminal act, Hawkes said. Meanwhile, in the U.S., hundreds have been affected by a data breach dating back to 2001 in Indiana.
Full Story

SOCIAL NETWORKING—EU & U.S.

Facebook Discloses Gov’t Data Requests (November 13, 2013)

A recent hearing organized by the European Parliament’s civil liberties committee featured Richard Allan, director for public policy for Facebook in Europe, who discussed the number of demands for data by EU governments, The New York Times reports. Allan said Facebook received 8,500 requests from the EU on 10,000 user accounts during the first six months of 2013. By comparison, U.S. officials made 12,000 requests for data on as many as 21,000 user accounts. Meanwhile, CIO reports on the nuances of Facebook’s updated data use policy and statement of rights and responsibilities. And a new poll indicates four out of five people have changed the privacy settings on their social media accounts, most within the last six months. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Facebook Asks Adobe Users To Change Passwords (November 12, 2013)

Facebook is warning users who also use Adobe that if they are using the same e-mail and password combinations on both sites, they should change that, KrebsonSecurity reports. That’s after the recent breach at Adobe in which hackers stole nearly three million encrypted credit card records and users’ login credentials. “We actively look for situations where the accounts of people who use Facebook could be at risk—even if the threat is external to our service,” said a Facebook spokesman. “When we find these situations, we present messages like the one in the screenshot to help affected people secure their accounts.”
Full Story

PRIVACY LAW

Kazakhstan Joins the Crowd and Other Legislative Updates (November 11, 2013)

In the U.S., guidelines and court rulings have offered insight on everything from drone use to workplace audio recordings, while, internationally, questions still loom about the future of Safe Harbor and national leaders have presented an Internet privacy resolution to the UN. Kazakhstan’s privacy law is scheduled to come into effect this month, and Indonesia is looking into consolidating its sectoral coverage into an overarching law. Also in this week’s Privacy Tracker roundup is analysis of India’s privacy bill, California’s spate of privacy laws and insight from the FTC and the New Jersey Attorney General’s Office on how to avoid the wrath of regulators. (IAPP member login required.)
Full Story

GLOBAL INTEROPERABILITY—EU & U.S.

Trade Talks To Resume This Week Without Privacy (November 11, 2013)

Trade talks between the U.S. and EU are set to resume this week, but according to Euractiv, data protection and secrecy issues will not be on the docket. Instead, the parties are expected to discuss services, investment, energy and raw materials and regulatory issues. EU Justice Commissioner Viviane Reding has been vocal in the past about including data protection issues in the Transatlantic Trade and Investment Partnership. According to the report, the U.S. has been mounting pressure to keep the debate about including data protection in the talks open.
Full Story

PRIVACY LAW—ITALY

Garante Provides General Rules Following Outsourcing’s Growth (November 7, 2013)

Following the growth of the outsourcing of call center services outside the EU, the Italian Data Protection Authority, the Garante, is providing its general rules to protect the privacy of Italian citizens. Rocco Panetta highlights the details of these rules in The Privacy Advisor. “At the end of a complex investigation, the Garante stressed the rules to be applied to both companies and government agencies, whose customer care or call centers are located outside the EU,” Panetta writes.
Full Story

BIG DATA—GERMANY & U.S.

Startup Raises $5M in Venture Capital (November 7, 2013)

Predictive analytics startup RapidMiner has raised $5 million from Earlybird Venture Capital and Open Ocean and plans to set up a U.S. headquarters in Boston, MA, Venture Beat reports. “With three million product downloads, RapidMiner has rapidly become one of the leaders in the predictive analytics space,” said Monty Widenius, MySQL founder and partner at Open Ocean Capital, in a statement. “We plan to leverage our experience in building MySQL, and the MySQL community, to help the RapidMiner team advance its technology and grow its user community around the world.”
Full Story

SURVEILLANCE—UK

Privacy International Files Complaint with OECD (November 7, 2013)

Privacy International has filed a formal complaint with the Organisation for Economic Co-operation and Development (OECD), questioning the roles of ISPs in the UK’s Government Communications Headquarters (GCHQ) surveillance. Ars Technica reports "Privacy International hopes to use a ‘non-adversarial arena’ as part of the … OECD to compel answers” from ISP Level 3. Privacy International’s Eric King said, “It is unconscionable to think that the companies that carry our most personal information either refuse to stand up for us or remain silent when our rights are violated,” noting he hopes “the OECD will investigate what steps, if any, the companies took to defend the human rights of their customers.”
Full Story

PRIVACY LAW—EU

Group Accuses Commission of Allowing Too Much Corporate Input (November 7, 2013)

A report generated by the Alliance for Lobbying Transparency and Ethics Regulation (Alter-EU) has released a report examining the makeup of the Experts Groups established this year by the European Commission to provide input on policies and legislation. According to a PC World article, the report found that 52 percent of the “experts” came from “big business,” while just three percent came from “small businesses” and three percent from trade unions. “One of the extreme cases, according to Alter-EU,” writes Jennifer Baker, “is the Expert Group on data retention set up by the Home Affairs Department.” It has, claims Alter-EU, “no civil society representatives.”
Full Story

SURVEILLANCE—UK

Privacy Groups Concerned About Face-Scan Plans (November 7, 2013)

Privacy groups are concerned about Tesco’s plans to scan customers' faces in petrol stations to display customised ads, ComputerWeekly reports. OptimEyes screens, which are to be put into use at Tesco’s 450 stations, “are predicted to reach a weekly audience of more than five million adults,” the report states. Privacy groups are cautioning that the system should not be used without customer consent, however. “The only way the systems can be ethically deployed is if consumers opt in to have their image stored and their behaviour tracked, rather than there being no choice in the matter,” said Big Brother Watch’s Nick Pickles.
Full Story

DATA LOSS—IRELAND

Breach, DPA Violation Reported (November 7, 2013)

The Irish Times reports on a security breach that has forced Supervalu to contact thousands of customers who bought its “getaway breaks” after sensitive financial data was potentially compromised. The “getaway breaks” vouchers are a key loyalty reward programme run by U.S.-owned Loyaltybuild, the report states, citing a Supervalu statement indicating, “This review is necessary as Loyaltybuild has advised its client base in Ireland that its system may have been compromised by a third party.” Meanwhile, an energy company’s e-mail seeking donations and ultimately raising €150,000 for a St. Vincent de Paul charity event has been found in violation of Ireland’s Data Protection Act.
Full Story

ONLINE PRIVACY—UK & U.S.

ICO: Cookie Replacements Must Follow Rules (November 7, 2013)

The UK Information Commissioner’s Office (ICO) has acknowledged that it’s aware of initiatives to forego cookies for new tracking technologies and says these new technologies will need to abide by the same rules as cookies, Out-Law.com reports. Encouraging a Privacy by Design approach, an ICO spokesperson said companies must be upfront with customers and offer “users a clear choice as to the options available to them." Meanwhile, Mozilla’s plans to automatically block certain cookies in its browser are on hold after it announced plans to work with the Cookie Clearinghouse initiative at Stanford University on a “more nuanced approach.” The organization now says it’s unsure whether it will adopt the feature.
Full Story

ONLINE PRIVACY

Closed-Circle Feature Added to Google+ (November 7, 2013)

Google has added a new feature to Google+ to ensure private conversations remain private, Think Digit reports. The feature allows businesses to decide if their restricted community will be open to everyone at the company or more limited, the report states. System administrators can decide whether restricted communities will be the default, but communities open to third parties such as business partners and clients can also be created.
Full Story

SURVEILLANCE

U.S. Urges EU To Preserve Safe Harbor; International Reactions to Spying Programs Continue (November 7, 2013)

Across the globe, fallout from reports of U.S. National Security Agency (NSA) and other governmental surveillance programs continues. Politico reports on U.S. regulators urging their counterparts in the EU not to abandon the Safe Harbor Framework amidst “mounting European anger over NSA spying.” Separately “The CIA is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company’s vast database of phone records, which includes Americans’ international calls,” according to a report in The New York Times. NSA General Counsel Rajesh De has attempted to explain the agency’s telephone metadata collection program by saying, “It’s effectively the same standard as stop-and-frisk”—using “reasonable and articulable suspicion” to identify phone numbers to target. Meanwhile, Google has begun encrypting its internal network in an effort to halt broad surveillance, and Kaspersky has said it is designing products “to detect all malware”—even that sponsored by the NSA. In response to allegations of U.S. agencies spying on EU officials, Spiegel examines what the White House might have known and how the NSA sets its priorities, and Indonesia has backed a UN statement indicating “anger at U.S.-led data snooping,” while Australian websites faced cyber attacks “in protest at Canberra's reported involvement in the surveillance network.”
Full Story

ONLINE PRIVACY—FRANCE & U.S.

Court Rules Google Must Remove Images from Search Results (November 7, 2013)

A French court has ruled Google must remove compromising photos of a Formula One car racing chief from its Internet search results, The Economic Times reports. The ruling follows Max Mosley’s lawsuit aiming to force Google to filter images that were originally published in a British newspaper. Mosley claimed French law forbids taking and distributing images of someone in a private space without permission, while Google argued freedom of speech. Google says it will appeal the decision. “At this point in time, the pendulum is swinging toward individuals’ privacy and away from freedom of speech,” said one privacy analyst.
Full Story

PRIVACY RESOURCES

Employee Monitoring: What’s Allowed and What’s Not? (November 6, 2013)
Employers walk the line between protecting company resources and ensuring productivity and becoming big brother to their staff. Technology is available to monitor everything from computer use to hallways, but just because it’s out there, doesn’t mean it’s okay to use it. This IAPP Resource Center Close-Up aims to help you balance organizational security with employee privacy laws across the globe. You’ll find tools, articles and guidance on conducting background checks, accessing employee data and BYOD, plus learn about differing laws from region to region. (IAPP member login required.)

PRIVACY TECH

Hack the Trackers Taps Into the Post-Snowden Zeitgeist (November 5, 2013)

What do you get when you put a group of talented, self-motivated developers, tech-savvy judges and folks who built one of the Internet’s most-successful online privacy tools into the same room? This coming Saturday, you’ll get Hack the Trackers. Created by Ghostery, a privacy-enhancing browser service owned by Evidon, the hackathon aims to develop a new generation of online privacy tools by inviting developers to work together on open-sourced technology and then be judged by selected experts. In this exclusive for The Privacy Advisor, Jedidiah Bracy, CIPP/US, CIPP/E, talks with Evidon about how the event came to be and where they plan to take it.
Full Story

DATA PROTECTION—EU & U.S.

Reding Says Data Protection Outside of TTIP’s Scope, Calls for an EU NSA (November 5, 2013)

Despite a push from Germany to include data protection rules within the Transatlantic Trade and Investment Partnership in the wake of U.S. spying revelations, European Commission Vice President Viviane Reding says data protection is outside of the EU-U.S. pact’s scope, Financial Times reports. “The commission’s view and the position taken by all leaders at the recent European Council is clear: Let’s not mix up the phone tapping issue with the ongoing trade talks,” Reding said. Reding has also called for the EU to create its own intelligence agency by 2020 in order to “level the playing field” with the U.S. Meanwhile, U.S. Attorney General Eric Holder says the U.S. is taking note of Europe’s concerns. (Registration may be required to access this story.) Editor's Note: See the IAPP's Web Conference on "Applied Privacy in the EU" November 14.
Full Story

PRIVACY

Ten Steps to a Quality Privacy Program, Part Four: PIAs (November 4, 2013)
In part four of the series "Ten Steps to a Quality Privacy Program," Deidre Rodriguez, CIPP/US, explores privacy impact assessments, which she calls key to privacy by design—or default. While there are foundational concepts that must be addressed, each organization may need to approach PIAs differently according to its size and needs, writes Rodriguez in this exclusive for The Privacy Advisor.

PRIVACY LAW

Burden Lowered for Breach Compensation, Changes in China (November 4, 2013)

This week’s Privacy Tracker legislative roundup highlights a U.S. case that may have lightened the burden on plaintiffs in order to win compensation in breach cases, plus the introduction of bills inspired by the NSA’s surveillance techniques. China has amended its consumer protection law, and one Canadian provincial minister is trying to address a gap in privacy protection in the private sector by consolidating and adding laws. Meanwhile, Brazil is still considering a data protection law and the European Commission plans to push toward implementing the Data Protection Regulation by spring of 2014 despite attempts to delay it until 2015. (IAPP member login required.)
Full Story

BIG DATA

Business Lessons on Privacy and Data Mining (November 4, 2013)

Computerworld reports on the privacy issues surrounding data mining and how including ethical standards with mining can help bolster trust with consumers and help a company’s brand. One digital strategist said, “The values that you infuse into your data-handling practices can have some very real-world consequences.” The article provides a number of examples of companies getting into trouble because of their data-mining practices, but also provides another positive example. Data analytics firm Retention Science uses predictive algorithms and aggregated data to help better target consumers but refuses to share data across clients or third parties. The company also says its data scientists are not allowed to use or share collected data for their own research or publications. A representative from the company said it “works only with businesses that are fully committed to getting their consumers’ consent in advance to use their data.”
Full Story

ONLINE PRIVACY

Microsoft Updates Policy Ahead of Launch (November 4, 2013)

Ahead of the launch of the Xbox One this month, Microsoft has updated its privacy policy to clarify how data is collected and used within gaming functions. While Xbox One uses facial recognition to log in users, the data doesn’t leave the console and can be deleted at any time. However, users “should not expect any level of privacy” when it comes to live communication features like chat and video during live-hosted game sessions. Microsoft reserves the right to monitor those communications “to the extent permitted by law,” Ars Technica reports. Users are permitted to disable targeted ads and tracking through an opt-out page. Editor’s Note: For more on privacy concerns related to Kinect 2.0, see attorney David Tashroudian’s exclusive article, “Will Kinect 2.0 and COPPA Play Well Together?,” in The Privacy Advisor.
Full Story

PRIVACY—SWITZERLAND & EU

Cloud Provider Sets Up Swiss Shop, Germany Pushes for Privacy in TTIP (November 4, 2013)

Swiss cloud provider Swisscom decided to set up a home cloud in an effort to cut costs and make its systems more dynamic, according to head of IT services Andreas Koenig, but it also may become important to store data in countries with strict privacy laws, Reuters reports. While the company would be required to hand over data under a judge’s order, data protection and privacy “is a long tradition in Switzerland, and that’s why it’s pretty difficult to get something,” Koenig said. Meanwhile, officials in Brussels say Germany’s plan to push for tough data protection controls for the Transatlantic Trade and Investment Partnership is a “big surprise.”
Full Story

DATA COLLECTION

Facebook Testing More Robust Data Tracking (November 1, 2013)

The Wall Street Journal reports on new software being tested by Facebook to increase the site’s ability to collect great amounts of user information, including the tracking of a user’s cursor on screen. In an interview with The Journal, Facebook Analytics Chief Ken Rudin said the collected data could be added to the company’s data analytics warehouse. According to the report, Facebook can use the stored data “for an endless range of purposes—from product development to more precise targeting of advertising.” Currently, the company collects two types of data: behavioral and demographic. The new tests would expand Facebook’s ability to collect behavioral data, according to Rudin. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Advocates, Industry Still Doubting DNT Talks (November 1, 2013)

Privacy advocates and the ad industry agree on one thing: the Do-Not-Track (DNT) talks should end, but, The Hill reports, the co-chairmen of the World Wide Web Consortium DNT working group announced that talks will continue. Network Advertising Initiative President Marc Groman, CIPP/US, said the NAI “remains concerned about the lack of progress and transparency in the working group as well as recent stories of arbitrary decisions,” but added, “we will continue to engage to ensure that there is a voice for third parties and digital advertising, small- and medium-sized businesses, the long tail of the Internet and frankly the consumer.”
Full Story