Health privacy -- The World Privacy Forum filed comments today about how medical records and other health information is intersecting with online advertising and online activities. The WPF comments were filed with the Department of Health and Human Services in response to its request for comments on personal health records, privacy, and social media.
LifeLock -- The Federal Trade Commission began sending checks to almost a million consumers who were subscribers to the LifeLock ID theft protection service. LifeLock agreed to pay fines of $11 million to the FTC and $1 million to a group of state attorneys generals to settle charges that had been made against the company. Consumers with questions about this distribution may call 888-288-0783 or see the FTC's web page on this, http://www.ftc.gov/refunds.
Online privacy -- The FTC sent a letter to Google today expressing concern about the company's privacy practices, but at the same time, the FTC informed Google that it was dropping its investigation of the Street View WiFi case. The FTC wrote: "FTC staff has concerns about the internal policies and procedures that gave rise to this data collection. ... the company did not discover that it had been collecting payload data until it responded to a request for information from a data protection authority." The FTC told Google it should develop and implement procedures to properly collect, dispose of, and maintain information.
Resource | case file -- Amazon.com filed a lawsuit in April to fight the North Carolina Department of Revenue's request for detailed information on Amazon.com customers. The North Carolina tax department requested Amazon.com to hand over "all information for all sales to customers with a North Carolina shipping address" between 2003 to 2010. In the decision, Seattle, Washington U.S. District Court Judge Marsha J. Pechman wrote, "Citizens are entitled to receive information and ideas through books, films, and other expressive materials anonymously." She also stated that "The fear of government tracking and censoring one\'s reading, listening, and viewing choices chills the exercise of First Amendment rights." This is an important decision for privacy rights, and online privacy in particular.
Health privacy and HIPAA -- The World Privacy Forum filed two sets of detailed regulatory comments on recently proposed changes to HIPAA. The first comments focused on proposed changes to HIPAA in the area of marketing patient information. The proposed changes would be harmful to patient privacy, and are contrary to the law. WPF was joined in the marketing comments by the Center for Digital Democracy, Consumer Action, Consumer Federation of America, the Electronic Frontier Foundation, Privacy Activism, Privacy Rights Clearinghouse, and Privacy Times. The second set of comments WPF filed included the comments on marketing as well as on additional provisions that would be problematic if enacted.
Download Digital Signage Privacy Principles (PDF) or Read the Principle below ----- February 25, 2010 New forms of sophisticated digital signage networks are being deployed widely by retailers and others in both public and private spaces. Capabilities range from simple people-counting sensors mounted on doorways to sophisticated, largely invisible facial ...
FTC Privacy Roundtable -- Thursday, January 28, WPF Executive Director Pam Dixon will be speaking at the FTC's Privacy Roundtable about the privacy implications of digital signage networks and will be specifically discussing the new report: The One-Way Mirror Society: Privacy Implications of the New Digital Signage Networks. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate.
This 2010 WPF report, The One Way Mirror Society, explores new forms of sophisticated digital signage networks and their privacy implications in the US and other countries. Digital signage networks are being deployed widely by retailers and others in both public and private spaces. From simple people-counting sensors mounted on doorways to sophisticated facial recognition cameras mounted in flat video screens and end-cap displays, digital signage technologies are gathering increasing amounts of detailed information about consumers, their behaviors, and their characteristics.
The digital signage networks this report addresses are bi-directional. These networks give information to viewers while they capture information from viewers and send it back to a home base. In the digital signage industry, the new technologies are often compared to the interactive signs from the movie Minority Report. [1] In the movie, large-screen video billboards recognized individual consumers and delivered personalized advertisements to each person. The movie version of the digital signs and billboards relied on an iris scan to customize the ads. Today’s modern digital signs rely on advanced video analytics and sophisticated cameras and sensors.
The best way to understand the capabilities of digital signage today and how it is being used is to see the digital signage industry’s newly minted Recommended Code of Conduct for Consumer Tracking Methods (See Appendix A for complete document). This document on consumer tracking methods in digital signage was written and agreed upon entirely by industry members, without any participation by consumer representatives. The document reflects the advances in technology in this area and where the possibilities for abuse lay. The opening of the document reads:
Heat maps and path tracking technologies essentially generate maps of where consumers spend the most time standing and walking in stores. (Figure 2). One product, PathTracker, uses RFID chips for large store tracking, and video tracking technology for smaller stores or sub-areas within stores.
Facial recognition technology was initially developed for security purposes, but it has found a new use in digital signage for marketing and ad targeting purposes. Essentially, the process is that a camera captures an individual’s image, then checks it against algorithms that analyze at least 80 facial characteristics, such as distance between eyes, length of the face, width of the face, depth of eye sockets, and so forth. [48] Layers of algorithms are used to crunch the facial information into determinations about a person’s age bracket, gender, and ethnicity. The next efforts are going toward coding the facial expressions of shoppers to “capture their emotional reactions to in-store environments.” [49]
Few consumers are aware that watching a video screen or interacting with a kiosk may mean they are being recorded and having their behavior, gender, age, and ethnicity analyzed. As a result, there has not been a robust public discussion of how consumers feel about these technologies.
Security Camera Footage: Repurposing footage for marketing and profit Perhaps the most egregious repurposing of data is the use of security camera footage for store marketing purposes. From the industry literature, this appears to be an established business practice at this point. It is one that needs to be examined closely.
The industry view of privacy has been officially articulated in a Recommended Code of Conduct for Consumer Tracking Methods that has been provided to the World Privacy Forum. The code of conduct is contained in full in Appendix A.
There is no public awareness of the capabilities of digital signage, and that has to change before for any debate over regulation or legislation can start. Nevertheless, it is possible to identify from other privacy arenas the types of standards that should be considered for users of digital signage. Full recommendations will only be possible at a later stage. Here are some preliminary ideas.
New forms of sophisticated digital sign networks are being deployed widely by retailers and others in both public and private spaces. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate. The privacy problems inherent in digital networks are profound, and to date these issues have not been adequately addressed by anyone.
The following document is the recommended code of conduct for businesses engaging in consumer tracking. The document is entirely non-binding, and was created entirely by industry participants. The document is reproduced here in full with no changes. Best Practices: Recommended Code of Conduct for Consumer Tracking Methods
FTC Privacy Roundtable -- WPF executive director Pam Dixon will testify at the FTC Privacy Roundtable about information brokers and commercial data practices and they impact consumers. Dixon will be discussing the business models of data brokers, issues with smart grids, and opt-out problems, among other issues.
Genetic non-discrimination regulations (GINA) -- The World Privacy Forum filed comments on proposed regulations for implementing Title I of GINA, the Genetic Non-Discrimination Act. The WPF requested a change to the proposed regulations, asking the Department of Health and Human Services require immediate posting of revised notices of privacy practices on the web sites of affected health plans. Under the proposed regulations, written notice of revised privacy practices to individuals could be delayed due to the cost of postal mailing. The WPF noted that a revised privacy notice posted on a health plan's web site would not incur postal costs, and that regulated entities should take this minimum step to inform consumers of any changes regarding privacy practices affecting genetic non-discrimination.
Congressional testimony -- WPF executive director Pam Dixon testified at a joint subcommittee hearing focused on privacy and the collection and use of online and offline consumer information. Dixon's testimony focused on the new "modern permanent record" and how it is used and created. Dixon said "The merging of offline and online data is creating highly personalized, granular profiles of consumers that affect consumers’ opportunities in the marketplace and in their lives. Consumers are largely unaware of these profiles and their consequences, and they have insufficient legal rights to change things even if they did know." The testimony explored concrete examples of problematic consumer profiling activities.
FTC "Exploring Privacy" Roundtable Series -- The World Privacy Forum has been invited to speak at the Federal Trade Commission's first Privacy Roundtable, to be held December 7, 2009 in Washington DC.
A credit freeze (sometimes called a security freeze) lets you stop the disclosure of your credit report by a credit bureau. Currently, the three credit bureaus are allowing all consumers nationwide to set a security freeze for a fee. Some states have specific security freeze laws; a list of states with security freeze laws may be found below. However, even if you live in a state without a security freeze law, you can still set a security freeze.
Security freeze | Financial privacy | identity theft -- The World Privacy Forum has updated its credit freeze (security freeze) page to reflect changes in some state-level laws.
Self regulation -- The Interactive Advertising Bureau has released its self-regulatory guidelines for online advertisers. There are some bright spots in the new guidelines. In the area of sensitive information, especially regarding health privacy, the guidelines are weak and need improvement. The IAB definition of sensitive health information is weaker than the definition of sensitive information already adopted by industry in the formal NAI agreement. Additionally, the new IAB guidelines rely on weak accountability standards. WPF urges the IAB to re-examine the sensitive health definition, provide more accountability, and to include consumer input in a meaningful way into the drafting process.