Op-ed: LGBTQ dating apps lack privacy considerations

(Jun 20, 2019) In an op-ed for The New York Times' Privacy Project, New York Law School Professor Ari Ezra Waldman writes that LGBTQ dating apps lack safety as it relates to personal privacy and personal security. Waldman said the use of such apps by the LGBTQ community "amplifies the privacy concerns we face compared with the general population" and that personal security of individuals in the community is at stake because "it’s the law, or lack thereof, that contributes to app designs that put our privacy at... Read More

A data processing addendum for the CCPA?

(Jun 19, 2019) The digital advertising industry is undergoing a rapid regulatory transformation. The EU General Data Protection Regulation went into effect more than a year ago, and the California Consumer Privacy Act is right around the corner with a Jan. 1, 2020, effective date. Other jurisdictions are likely to follow. Industry lawyers created legal frameworks to comply with the GDPR but now need to determine what changes are needed to comply with the CCPA and, potentially, future privacy laws in other stat... Read More

Perspective: A data processing addendum for the CCPA?

(Jun 19, 2019) The digital advertising industry is undergoing a rapid regulatory transformation. The EU General Data Protection Regulation went into effect more than a year ago, and the California Consumer Privacy Act is right around the corner. Other jurisdictions are likely to follow. Industry lawyers created legal frameworks to comply with the GDPR but now need to determine what changes are needed to comply with the CCPA and, potentially, future privacy laws in other states. One important part of that asses... Read More

Survey: Human error remains a top cause of data breaches among businesses

(Jun 19, 2019) In a Shred-it survey done by Ipsos, 53% of C-suite executives and 28% of small business owners cite human error or accidental loss by an outside party as the leading causes of data breaches, Help Net Security reports. The survey also showed 47% of C-suites and 31% of SBOs believe the human error and accidental loss stem from someone within the affected organization. “For the second consecutive year, employee negligence and collaboration with external vendors [continue] to threaten the informatio... Read More

Former DHS chief: US data regulation to draw parallels with GDPR

(Jun 19, 2019) Speaking at the Gartner Security and Risk Management Summit, former Secretary of the U.S. Department of Homeland Security Michael Chertoff said that data regulation in the U.S. may mirror the EU General Data Protection Regulation in the way of giving users more control of their data. "The focus has to change from 'hide the data,' which [isn't] going to work, to 'controlling the data,'" Chertoff said of the overall scope for any proposed regulation. He added that tech companies "are starting to a... Read More

Tech talk: Deidentification versus anonymization

(Jun 18, 2019) Most people are not qualified to build their own anonymization, notes Humu Chief Privacy Officer Lea Kissner. Unlike cryptography, however, the research is at a far earlier stage, and the pre-built code is virtually unavailable. That has not stopped people from claiming certain datasets are anonymized and having them re-identified. Those datasets are generally deidentified rather than anonymized. In this latest installment of a series of Privacy Tech posts on privacy engineering and user-experie... Read More

Deidentification versus anonymization

(Jun 18, 2019) Anonymization is hard. Just like cryptography, most people are not qualified to build their own. Unlike cryptography, the research is far earlier stage, and the pre-built code is virtually unavailable. That hasn’t stopped people from claiming certain datasets (like this) are anonymized and (sadly) having them re-identified. Those datasets are generally deidentified rather than anonymized — the names and obvious identifiers are stripped out, but the rest of the data is left untouched. Deidentifi... Read More

IAF: Serving the public should be first objective with US privacy law

(Jun 18, 2019) In a blog post for the Information Accountability Foundation, Executive Director Martin Abrams writes about the IAF's "Fair and Open Use Act," which is the organization's model for U.S. privacy legislation that works toward "preventing data misuse and allowing innovative use of data that benefits people." Abrams claims that IAF's draft legislation "provides controls for individuals," but those controls are trumped by "the safe and fair processing of personal data to ensure data serves people." A... Read More

Op-ed: Consent and tracking shoppers via Bluetooth beacons

(Jun 17, 2019) In an op-ed for The New York Times’ Privacy Project, Yale Law School Information Society Project Visiting Fellow Michael Kwet writes about the various ways retail stores are tracking shoppers' physical movements via Bluetooth beacons. While this information helps companies target advertising to individual shoppers, “the process of 'informed consent' fails to protect user privacy” as shoppers have to know the beacons exist in the first place in order to provide informed consent. “Most of our conc... Read More

Op-ed: Confusing, vague privacy policies at the heart of struggle for user privacy

(Jun 13, 2019) In an op-ed for The New York Times’ Privacy Project, Kevin Litman-Navarro writes about unpopular findings from his study of 150 privacy policies put forth by major tech and media platforms. Litman-Navarro cited reading comprehension as a major issue he found as "the vast majority of these privacy policies exceed the college reading level," while the majority of Americans "struggle to comprehend dense, lengthy texts." The time it takes to read these policies was another glaring issue. Litman-Nava... Read More