Online privacy | Apple privacy -- Stanford University has released a study documenting how Google and other companies overrode Safari users' browser privacy settings. The WPF encourages Apple users to download the Firefox browser and use Firefox, if at all possible, instead of Safari. Firefox did not have the same problem, and it allows for additional privacy add-ons, such as AdBlock Plus which are helpful privacy-enhancing tools.
Search engine privacy -- WPF has updated its search engine privacy tips page to include more tips on how to segregate online activities. This has always been important, and it has become more important in light of Google's announcement that it will be sharing data across its business units.
Facial recognition | Digital signage -- The World Privacy Forum filed extensive comments to the FTC today following up on Pam Dixon's testimony at a December 2011 FTC facial recognition privacy workshop. The WPF comments noted that "A walk-out opt-out is not a viable way of managing consumer consent in the area of facial recognition or detection technologies." The comments discussed the importance of recognizing the Face Print as a unique biometric, and also discussed the need for finding ways of consumer consent that are reasonable. Given the ubiquity of cameras in some retail and public spaces, just walking away will become less and less of an option for consumers going forward, the comments argued. The comments also included the WPF's ground breaking report, The One-Way Mirror Society, and the joint Consumer Privacy Principles for Digital Signage.These principles were signed by the nation's leading privacy and consumer groups.
01/30/2012 Consumer financial protection -- WPF filed comments with the Consumer Financial Protection Bureau today asking it to make its consumer complaints database available for research.
01/23/2012 GPS tracking | United States v. Jones -- The US Supreme Court unanimously ruled that police must get a warrant before using GPS devices to track criminal suspects. This case was narrow and dealt specifically with a GPS device physically attached to a suspect's vehicle. The concurring opinion of Justice Sotomayor points out that the subtler issues of digital era tracking were not dealt with in this case, for example, cell phone tracking, web site tracking, etc. She wrote: "More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U. S., at 742; United States v. Miller, 425 U. S. 435, 443 (1976)." She continued: "This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."
Stop SOPA & PIPA ---- The World Privacy Forum is deeply concerned about the profound, far-reaching privacy consequences of two bills, SOPA and PIPA. The bills have many negative aspects. In terms of the privacy impacts, one of the serious consequences is that the right to create and use anonymization ...
Facebook -- In response to the FTC's proposed settlement with Facebook over the company's multiple privacy violations, the World Privacy Forum has asked the FTC to make key changes. "We applaud the FTC for its work on the Facebook case," said executive director Pam Dixon. "We support many parts of the settlement. However, we urge the FTC to provide full redress for affected consumers by rolling back the privacy controls to the 2009 defaults, and we also urge the FTC to follow the 2004 Gateway Learning, Corp. precedent and require Facebook to disgorge profits they made from violating their privacy policy retroactively." The comment period is open to the public until December 30.
Facial recognition -- Pam Dixon of WPF testified at the FTC's Facial Recognition workshop, speaking on a panel about the policy implications of facial recognition technology. The World Privacy Forum's report on Digital Signage was mentioned several times at the hearing, as were the collaborative consumer protection principles the WPF led.
Common Rule | Health Privacy -- The World Privacy Forum filed extensive comments with the US Department of Health and Human Services about its proposed changes regarding the rules governing human subject medical research. In the comments, WPF noted that the HHS approach to privacy for research subjects was incomplete and did not use all Fair Information Practices. WPF strongly urged HHS to revise its proposal on a number of issues, including consent and the use of biospecimens in research. The World Privacy Forum is urging HHS to acknowledge that the realm of health data that is truly non-identifiable has shrunken remarkably, for example, biospecimens with DNA cannot be considered non-identifiable anymore. "In our comments, we are requesting that HHS give individuals the opportunity to make choices about the use of their own health data and specimens," said Executive director Pam Dixon. WPF also stated in its comments that "A central database with identifiable information about participants in human subjects research is a terrible idea." (See p. 21 of WPF comments.)
Self-regulation -- The World Privacy Forum has published a report on past self-regulatory efforts in the area of privacy, Many Failures: A brief history of privacy self-regulation. "Privacy self-regulation has been a Potemkin Village of consumer protection," says executive director Pam Dixon. "History shows a pattern of past self-regulatory efforts that have been erected quickly and have faded after regulatory threats fade." The report is authored by Robert Gellman and Pam Dixon. It includes details about programs such as the IRSG, the Privacy Leadership Initiative, the Privacy Alliance, and other programs. A key finding of this report is that the majority of the industry self-regulatory programs that were initiated failed in one or more substantive ways, and many disappeared entirely.
Internet and consumer privacy -- The World Privacy Forum's executive director Pam Dixon will testify about online consumer privacy before the House Committee on Energy and Commerce today.
TACD -- The Trans Atlantic Consumer Dialogue (TACD), which WPF is a member of, has sent a letter regarding Internet privacy to a Congressional subcommittee explaining that European privacy controls are not burdensome, but rather of key importance. The TACD is a forum of more than 80 US and European consumer groups and represents several hundred million consumers in North America and the United States.
Medical ID theft -- The World Privacy Forum has released a new map that reveals the geography of medical identity theft. This is the first map of its kind, and is based on the Federal Trade Commission Consumer Sentinel data. The map is interactive, and gives details on the cities where medical identity theft occurred over the course of a year. The World Privacy Forum published the first report on medical identity theft in 2006, coining the term in the report and bringing the crime to public attention. WPF continues to actively research this important privacy issue.
Medical privacy and HIPAA -- The World Privacy Forum today filed its comments on the proposed changes to the HIPAA privacy rule, supporting some proposed changes and suggesting additional changes to enhance patient choice. In particular, the WPF supports the new patient right to an access report that has been added (p. 4), and has requested that Health Information Exchanges also be required to provide accountings of disclosures to patients (p. 18). The WPF generally argued that HHS needs to look forward and allow changes in information technology to fully benefit patients by providing the facility for more accounting rather than less (pp. 2-3) . If the HIPAA rule gives patients a greater ability to monitor how their information is used and disclosed, patients will pay attention and requests for accounting of disclosures will become more common.
Online privacy -- Executive director Pam Dixon will be speaking about online privacy and consumers at the Digiday Data Management Summit on Monday, July 18.
HIPAA opened for comment -- The US Department of Health and Human Services has opened sections of the HIPAA rule for comments. All members of the public may comment on the proposed changes to the rule. Comments are due by August 1.
Privacy tip -- If you have a Facebook account and if you have ever been tagged in a photo of yourself on Facebook, we want to alert you to an important Facebook setting. Unless you have proactively changed your privacy settings, Facebook will use facial recognition tools to compare photos and make tag suggestions. When new photos that look like you have been uploaded, Facebook will suggest tags with your name. To opt out of this, in Facebook go to Account, then choose Privacy Settings from the drop down menu. Click the Customize Settings link, and then scroll down and look for the Suggest Photos of Me to Friends line. To opt out, click Edit Settings, then choose Disable on the drop down menu.
Medical ID theft update -- The World Privacy Forum is quoted in a Marketplace story regarding our most recent medical identity theft research. WPF wrote the first major research on medical ID theft and coined the term. Our consumer resources for detecting, preventing, and resolving the crime are located here.
US Department of Commerce | Cybersecurity -- The US Department of Commerce released a green paper on cybersecurity with recommendations for improving cybersecurity via self regulation, or voluntary codes of conduct. The report, Cybersecurity, Innovation, and the Internet Economy also contains a discussion of some privacy issues, such as the impact of data breach notification laws. Comments are due in 45 days.
Data breach -- The World Privacy Forum filed comments with the Federal Trade Commission regarding its consent decree against Ceridian regarding a substantial data breach. WPF has requested that the Commission present more facts in the case to the public, and has also requested more clarity about the FTC complaint process, noting that it is not a transparent process for the public.
Educational Privacy and FERPA -- The WPF filed detailed comments on the U.S. Department of Education\'s notice of proposed changes to the Family Educational Rights and Privacy Act. WPF has concerns that the increased sharing of student information that the proposed rule will allow will diminish student privacy in a significant and permanent way. WPF is urging the DOE to amend its proposed rule to establish increased privacy protections for sensitive student information held in databases and elsewhere.
California privacy -- The just-published California budget nixes the California Office of Privacy Protection, the first state-level privacy office in the United States and the source of crucial privacy assistance and information for Californians and California businesses. The World Privacy Forum is urging the Governor to reinstate funding for this critical office for Californians.
Important software update for Apple users -- We have revised our iPhone and iPad privacy tipsheet to reflect Apple's new software update for the iOS4 devices. We encourage all iOS4 device owners to update their software. Some device owners may also want to opt out of location sharing.
Update -- We have updated our tipsheet to reflect the new information that has been published regarding the Apple smart phone geolocation issue. Apple plans to make changes to its software to improve the privacy problems the tipsheet discusses.
Apple Privacy -- Some of Apple's products, including iOS 4 iPhones and iPads, have been tracking consumers' detailed location information and storing the data directly on the devices. This raises privacy concerns, as the data on the phones and iPads is unencrypted and may be accessed directly. This tipsheet explains iPhone and iPad iOS4 geolocation privacy issues, including who needs to be most concerned about them, and what to do. Health care providers, overseas human rights workers, members of law enforcement and victims of domestic violence are among those who have special considerations and sensitivities to this privacy issue.