IAPP-GDPR Web Banners-300x250-FINAL

By Jennifer L. Saunders

Imagine taking a trip cross country or across the globe, only to lose your camera or have it stolen miles from home. Once the usual channels of recovery are exhausted, you’d probably never expect to hear about it again. Not so for privacy professional Fran Maier of TRUSTe, who received an unexpected message after the disappearance of her camera in Germany announcing her new pictures were available online.

Maier’s camera was equipped with an Eye-Fi card, which allows users to instantly upload or backup their photos. Logging into her account, Maier found geo-tagged photographs of an unknown family. Maier contacted the company but received a response indicating it would not be able to assist in contacting the family in possession of her camera and recommending she contact the authorities. Berlin police have since taken the case and notified Maier that they will attempt to identify the individuals through her copies of their photographs.

“Coincidentally, it would happen to a privacy person at a privacy conference listening to Paul Ohm talking about how little data it takes to find somebody,” Maier told Inside 1to1: Privacy, explaining that she is currently weighing the next step after contacting police and sharing her story with fellow privacy professionals.

Such features that pinpoint the areas where photos were taken down to the streets and neighborhoods, combined with photographs of individuals and the ability to connect via social networking sites with users spanning the globe, illustrate exactly what Ohm was discussing--just how easy it is to track down people’s identities, Maier said.

As Maier pointed out, her situation and similar scenarios raise a host of questions ranging from consumer privacy to company policies and even international law. While such wireless-enabled devices might provide some form of protection for consumers who have lost items or are victims of theft, there are other potential scenarios.

“All technology has unforeseen consequences,” said Peggy Eisenhauer, CIPP, founder of Privacy and Information Management Services, adding, “you can imagine all kinds of situations where this technology could ‘spill’ photos. People get new cameras all the time, and they hand down the old ones to kids, friends, parents, etc., or sell them on Craigslist or at yard sales. If the original owners don’t think to tell the recipient about these services, they would have no way to know.”

Beyond cameras, there are regularly privacy breaches involving computers, smartphones and other technology.

As Eisenhauer put it, “The reality is that any smart device--any device that has the capability of storing or transmitting data--should be formally decommissioned.”

Setting aside instances where accidental data breaches have occurred through discarded devices, the intentional access to private data made possible by technological advances is raising privacy concerns.

For example, while one incident several years ago ended with a laptop owner recovering her stolen computer by activating its Web cam, a recent case in Pennsylvania, resulted in a lawsuit against a school district after employees allegedly used a similar feature installed on the school-issued computers as a loss-prevention measure to photograph students without their knowledge or consent.

Eisenhauer and Maier both acknowledged that there can be nefarious uses for those smart devices.

“Every teen with a cell phone/camera is a potential player in the sexting/cyberbulling arena,” Eisenhauer noted. “It seems abundantly clear that kids do not understand the consequences of their use of these devices. But it’s not limited to consumers.  This issue exists in the corporate world, too. I have corporate clients that make new technologies available to workers, such as smart phones, collaboration tools/social media, but without real thought to whether the users are really capable of managing the tools.”

When it comes to online privacy, she noted, “new data collection/distribution threats emerge each day.”

For companies and individuals to protect themselves, she stressed, understanding the technology is essential.

“When you acquire a new technology, you should do a risk assessment. Part of that assessment has to be, ‘can the users actually understand the issues and manage the risks properly?’ If not, that user weakness has to be addressed as a risk of the system,” she said. “With regard to Fran’s camera, Fran is one of the few people that really can understand the risks/rewards of geotagging, Eye-Fi, etc., so it’s okay for her to have these tools. Frau X in Germany likely does not understand these things. In this case, the lack of understanding puts her at risk. It might imperil Fran or Eye-FI as well.”

With the “Internet of Things,” Maier noted, the information stored in cameras, computers or smartphones can be combined with location and identifying data, increasing not only the chances to find lost items, as in the case of her camera, but potentially for abuse.

“If I were advising a company in this area, I would tell them to try to build transparency into the model,” Eisenhauer said, using the example of automatic notices to be displayed by photo-sharing sites when images are transmitted. “If the camera user doesn’t understand the alert, she should be able to get more info about what’s happening. If the person has purchased or acquired the camera lawfully, she should be told to contact the account owner to have the service disabled/transferred.”

If the camera was found or taken, Eisenhauer suggests the company’s message should advise how to return it and alert the holder that the rightful owner has access to their photographs and locations.

In the case of her camera, Maier said, the family may have no idea their images are being transmitted or accessed, which raises questions of notification for companies that provide such services and, if a smart device is obtained without an individual’s knowledge that it was lost or stolen, potential issues if their photographs are shared.

There is confusion over how the law applies in cases like this, Maier said, especially when photos taken in Europe are being disseminated across borders through a server based in the U.S. or another non-EU country.

On the Web, “Photos are just proliferating,” Maier said, adding that with the sharing, cross-posting and archiving of images, the ability to tag photo locations and track cell phones, “These kinds of issues are going to multiply.”


If you want to comment on this post, you need to login.


Related Posts


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»