Here is a spring 2018 update on a selection of privacy stories WPF has been quoted in over the past few months, many of them quoting our work on privacy. For more articles, see our full World Privacy Forum in the News page. In you missed our recent posts on ...
On December 14 Yahoo announced a serious security breach in which sophisticated data attackers grabbed users' answers to security questions, among other information such as names, email addresses, phone numbers, and birth dates. This breach is particularly worrisome because it culled sensitive information from 1 billion Yahoo customers, which makes ...
Many people have told us that they think opting out is confusing. We agree. Opting out can range from the not-too-difficult (the FTC’s Do Not Call list is a fairly simple opt out) to the challenging (the National Advertising Initiative opt out can be tricky). Our hope is that this list will clarify which opt out does what, and how to go about opting out.
If you are a Facebook user and you would like to opt out of having Nielsen Online tracking and measuring your online moves and habits, here’s how to do that ….
It sounds so innocent: the Tap Pet Hotel app for kids. But one mother complained to the FTC that her child tapped up $2,600 of in-app purchases up while using the app. Other parents complained about unauthorized purchases by children of up to $500 for apps like Dragon Story and ...
It is important to use SSL, or encrypted connections when you use web-based email. Yahoo does not automatically set SSL or secure mail connections by default. You have to set it manually until January 2014. These tips walk you through how to set Yahoo Mail to use secure connections.
The Washington Post published new revelations from Edward Snowden’s leaked documents that revealed that the NSA is scooping up millions of email and IM address books globally. This is a serious piece of snooping business, and it deserves immediate attention on a policy level. For people who are reading this and wondering what you can do today, right now, here are some immediate steps to take.
How unique are you? We played with a data privacy tool today here at WPF that showed us if the combination of our birthdate and zip code made us statistically unique. The more unique you are, the more identifiable you are in a sea of supposedly "anonymous" data. This tool was developed by Dr. LaTanya Sweeney at Harvard's Data Privacy Lab, and using it will tell you how easily you can be identified from records that may not even have your name on them.
Online privacy | Apple privacy -- Stanford University has released a study documenting how Google and other companies overrode Safari users' browser privacy settings. The WPF encourages Apple users to download the Firefox browser and use Firefox, if at all possible, instead of Safari. Firefox did not have the same problem, and it allows for additional privacy add-ons, such as AdBlock Plus which are helpful privacy-enhancing tools.
Search engine privacy -- WPF has updated its search engine privacy tips page to include more tips on how to segregate online activities. This has always been important, and it has become more important in light of Google's announcement that it will be sharing data across its business units.
Cloud computing involves the sharing or storage by users of their own information on remote servers owned or operated by others and accessed through the Internet or other connections. Cloud computing services exist in many variations, including data storage sites, video sites, tax preparation sites, personal health record websites, photography websites, social networking sites, and many more.
Privacy tip -- If you have a Facebook account and if you have ever been tagged in a photo of yourself on Facebook, we want to alert you to an important Facebook setting. Unless you have proactively changed your privacy settings, Facebook will use facial recognition tools to compare photos and make tag suggestions. When new photos that look like you have been uploaded, Facebook will suggest tags with your name. To opt out of this, in Facebook go to Account, then choose Privacy Settings from the drop down menu. Click the Customize Settings link, and then scroll down and look for the Suggest Photos of Me to Friends line. To opt out, click Edit Settings, then choose Disable on the drop down menu.
Some of the advertising that is done online comes with hooks. Using a variety of technologies, some largely unseen, online advertisers can track online activities, sometimes in profound ways that consumers are not expecting. Not all online advertising has "hooks" that are problematic or that raise privacy challenges. But a type of advertising called "behaviorally targeted advertising" often does. Behavioral advertising has two key components: tracking and targeting.
Comments on EASA --The World Privacy Forum submitted comments today on the European Advertising Standards Alliance's Best Practice Recommendation on Online Behavioural Advertising. Our comments focus upon three key areas: First, the EASA recommendation fails to recognize the protection of consumer privacy in Online Behavioral Advertising (OBA) as a key policy goal. Second, the recommendation's protections are narrow, creating illusory protections for user privacy, whether or not they opt out of OBA. Finally, we critique the oversight and compliance mechanisms, which are not likely to foster consumer confidence nor police the industry. Drawing upon the WPF's 2007 report, The NAI: Failing at Consumer Protection and at Self-Regulation, the comments argue that EASA's approach suffers from the same weaknesses as self-regulatory approaches deployed in the United States, and that European lawmakers should not replicate the failed American approach. Law students from the Samuelson Law, Technology & Public Policy Clinic helped draft the comments as part of an ongoing project on consumer privacy and OBA.
Health privacy -- The World Privacy Forum filed comments today about how medical records and other health information is intersecting with online advertising and online activities. The WPF comments were filed with the Department of Health and Human Services in response to its request for comments on personal health records, privacy, and social media.
Online privacy -- A press release issued by Connecticut's AG Richard Blumenthal revelaed that 38 states have joined a mulitstate investigation of Google's Street View wi fi sniffing program. Blumenthal stated in the release: “We are asking Google to identify specific individuals responsible for the snooping code and how Google was unaware that this code allowed the Street View cars to collect data broadcast over WiFi networks. Information we are awaiting includes how the spy software was included in Google’s Street View network and specific locations where unauthorized data collection occurred. We will take all appropriate steps -- including potential legal action if warranted -- to obtain complete, comprehensive answers.”
Digital Signage Privacy Principles -- The nation's leading consumer and privacy groups released a set of baseline consumer privacy principles to be included in digital signage networks. The principles were released at the Digital Signage Expo in Las Vegas, Nevada, where World Privacy Forum executive director Pam Dixon spoke about the principles to a large group of digital signage industry professionals.
FTC Privacy Roundtable -- Thursday, January 28, WPF Executive Director Pam Dixon will be speaking at the FTC's Privacy Roundtable about the privacy implications of digital signage networks and will be specifically discussing the new report: The One-Way Mirror Society: Privacy Implications of the New Digital Signage Networks. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate.
Genetic privacy -- The World Privacy Forum filed comments today with the Department of Labor requesting that the DOL expand its protections of how genetic information may be used by health insurance companies or group health plans. The World Privacy Forum urged the DOL to include genetic information posted on social networking sites in its consideration of the GINA regulations.
Online privacy and government web sites -- The World Privacy Forum filed comments with the Office of Management and Budget regarding its proposal to begin to allow the use of tracking cookies on government web sites. The proposal was published in the Federal Register, and outlined a three-tiered plan for how web tracking technologies might be used. The Forum's comments focused on methods of opt-out, data retention, secondary use, user authentication, new tracking technologies such as Flash cookies, and the need for new opt-out mechanisms. The Forum also urged the federal government to not allow third party tracking of consumers' use of government web sites, and to guard against any discrimination against consumers who do not want to be tracked.
Social networking and EU -- The Article 29 Working Party has adopted an important Opinion regarding social networking sites as of June 12. The opinion covers privacy, advertising, sensitive information, and other issues relating to online social networking. Regarding sensitive data, the Article 29 Working Party stated: "Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or data concerning health or sex life is considered sensitive. Sensitive personal data may only be published on the Internet with the explicit consent from the data subject or if the data subject has made the data manifestly public himself." Regarding use of sensitive data to target advertising, the Article 29 opinion stated: "The Working Party recommends not using sensitive data in behavioral advertising models, unless all legal requirements are met." The opinion also stated that the EU Data Protection Directive generally applies to the processing of personal data by social networking services, even when their headquarters are outside of the EEA, and that social networking service providers are considered data controllers under the Data Protection Directive.
Information about job search privacy issues.
It is important to circulate a resume when looking for work, but these days criminals and identity thieves are all too interested in finding and using resumes for all the wrong reasons. In the information economy, your resume has a street value. It's sad to say, but unfortunately your name, home address, telephone number, even your detailed work history can have value to identity thieves and fraudsters. It is also important to protect your resume from people and businesses who want to use it primarily to make a profit instead of primarily to help you find employment.
Job seekers who have safety concerns such as law enforcement professionals, victims of domestic violence, and other victims of crimes such as stalking may be especially at risk
European Privacy Seal -- Ixquick.com is the first search engine to receive formal EU privacy approval. The EuroPriSe (European Privacy Seal) was awarded to Ixquick after a lengthy certification process. Ixquick deletes its users\' IP addresses after 48 hours.