Data Privacy

From WikiCorporates
Jump to navigation Jump to search

See also: Data sharingWikipedia-W.svg, Data Protection Act 1998Wikipedia-W.svg, Ppen dataWikipedia-W.svg > Open data in the United KingdomWikipedia-W.svg, Big dataWikipedia-W.svg, Data.gov.ukWikipedia-W.svg

Web Surfing Privately

  • Jul.13.2018: 'Data is a fingerprint': why you aren't as anonymous as you think online. So-called ‘anonymous’ data can be easily used to identify everything from our medical records to purchase histories. Seemingly innocuous “de-identified” pieces of information can be reverse-engineered to expose people’s identities. And it’s only getting worse as people spend more of their lives online, sprinkling digital breadcrumbs that can be traced back to them to violate their privacy in ways they never expected. Recently, a computational privacy researcher showed how the vast majority of the population can be identified from the behavioural patterns revealed by location data from mobile phones. In 2015, a researcher showed that it was possible to identify the owner of a credit card from among the millions of “anonymised” charges just by knowing a handful of that person’s purchases; De Montjoye was able to identify 94% of people by looking at just 3 transactions. De Montjoye proposes that instead of releasing large data sets, researchers and governments should develop interfaces that allow others to ask questions of the data without accessing the raw files. “The idea is to not lose control of the data and ensure subjects remain anonymous,” he said. Olivia Solon, The Guardian.
  • May.27.2018: Browsing porn in incognito mode isn't nearly as private as you think. ...Like the mafia calling in a “cleaning” crew, you discreetly dispose of the evidence and inspect your surroundings for any witnesses. You close the incognito tab, the proof of your activities disappearing into the ether of the internet. No one is the wiser. Except – that activity doesn’t really disappear. more... Dylan Curran, The Guardian.
  • Aug.08.2017: Why Online Privacy matters and 5 Ways to Reclaim It. It’s the most common argument against privacy: “If you’ve got nothing to hide, you’ve got nothing to fear.” It’s also the silliest argument against privacy. Privacy expert and author Daniel Solove has torn down this fallacy in his paper on the subject. But Solove’s essay is a complex take on a nuanced subject. Instead, the simple rhetoric of the “nothing to hide” argument is easier to repeat. But no matter how little you have to hide, the implications of online privacy breaches are major. These few resources explain the pitfalls clearly and concisely. Mihir Patkar, MakeUseOf.

WatchDogs

  • Jun.06.2018: IoT CloudPets in the doghouse after damning security audit: Now Amazon bans sales. Who put Mozilla in charge? Since the publication of its first internet health report last year, Mozilla has warmed to the role of privacy scold and community conscience. In its latest hectoring effort, the company on Tuesday declared, "Facebook must do better," in response to the social ad giant's continued data fumbling. In a statement provided to The Register, Mozilla's vice president of advocacy Ashley Boyd, explained why intervention was necessary. Security and privacy on the internet are fundamental, she said, but are increasingly violated. "Companies like Equifax are breached, exposing millions of customers’ personal details, but face limited consequences," said Boyd. "More recently, the Facebook-Cambridge Analytica scandal revealed how little control and visibility we often have of our own data." Boyd, who last November advised those buying holiday gifts to avoid privacy-violating toys, said the issue goes beyond CloudPets to the relationship between consumers and companies. Thomas Claburn, The Register.

Data Brokers

Experian, Equifax

  • Nov.08.2018: Credit firms accused over privacy laws. Credit reference agencies and data brokers holding billions of records on Britons are ignoring new privacy laws, campaigners claim. Privacy International (PI) has filed complaints with the Information Commissioner’s Office and European regulators against seven companies. They include the credit firms Experian and Equifax and businesses involved in data broking and advertising technology. PI said that the companies cited in its complaint rarely have their practices challenged because they are not household names. It accuses them of multiple violations of the general data protection regulation (GDPR) that came into force on May 25 and carries penalties of up to 4% of global turnover. Equifax was recently fined £500,000 under the previous rules for a data breach involving customers’ details. If it is found to be in breach of GDPR it could be fined more than £100 million. PI alleges that breaches by Equifax and Experian include insufficient transparency about where they acquire data and with whom they share it. Mark Bridge, The Times.

DNA


Student Data

  • The perfect storm: three bills that will destroy student data privacy in England. The Higher Education and Research Bill (HER Bill) will permit data to be used at the discretion of the Secretary of State, and denies all students their rights to decide who may use their personal data beyond the purposes for which they permit its sharing + future purposes be changed without limitation. When combined with the Digital Economy Bill, will pass personal data together with DWP and in connection with HMRC data expressly to the Student Loans Company. The HER BIill is being used as a man in the middle.
    The Technical and Further Education Bill (TFE Bill) Apprentice and FE student data will see potentially broader use under changed purposes of Part 3. The change is a generalisation of purposes. Combined with the Digital Economy Bill, it means the Secretary of State could agree to pass these data on to every other govt department, a range of public bodies, and some private organisations.
    The three bills are a perfect privacy storm. As other Europeans seek to strengthen the fundamental rights of their citizens to take back control of their personal data under the GDPR coming into force in May 2018, the UK government is pre-emptively undermining ours in these 3 bills. These bills share what Baroness Chakrabarti said of the HE Bill, “quite an achievement for a policy to combine both unnecessary authoritarianism with dangerous degrees of deregulation". Jen Persson's blog.


Big Data

  • Mar.14.2018: Big data for the people: it's time to take it back from our tech overlords. A small number of companies have become extraordinarily rich by harvesting our data. But that wealth belongs to the many. When you think about Big Data, you should think about manufacturing and retail and logistics and healthcare and insurance and jobs. Big Data is extractive. Extractive industries need to be closely regulated because they generate all sorts of externalities – costs that aren't borne by the company, but are passed on to society as a whole. The extractors reap profits, while the rest of us are left with the personal, social and environmental consequences. These range from the annihilation of privacy to algorithmic racism to a rapidly warming climate. To democratize Big Data, we need to change who benefits from its use. Ben Tarnoff, The Guardian.
  • Feb.01.2018: Data is the new lifeblood of capitalism – don't hand corporate America control. Data has become the world's most important resource. Now Silicon Valley giants want to keep govt from standing in the way of profits. The most recent example is Nafta; representatives from the US, Mexico, and Canada just concluded another round of talks on renegotiating the treaty. The Internet Association, a major lobby that represents Google, Facebook, and other tech giants, is one of the industry groups leading the effort to "modernize" Nafta by making it the gold standard for data deregulation. The tech and financial industries are pushing hard for international agreements that prohibit govts from regulating these flows. American companies are lobbying for changes that would deregulate data across the 3 countries. The corporate crusade against data governance is only getting started; if it succeeds, the world’s most important resource will be entrusted to the private sector and the profit motive, and the rest of us will have even less power to participate in the decisions that most affect our lives. Ben Tarnoff, The Guardian.

General Data Protection Regulation

  • Apr.05.2018: Our new EU #DataProtection rules enter into application on 25th May. Stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field. Twitter comment: But only for private companies; govts are still allowed to sell your data for a good price now they have the private companies out of the way. Europe.eu.
  • Feb.07.2018: Europe’s data protection chief signs off, with a warning. Europe’s fight to enforce new privacy rules is just getting started — and it could get nasty. That was the parting shot from Isabelle Falque-Pierrotin, Europe’s outgoing data privacy boss, as she stepped off the stage Wednesday after four years at the helm of the EU’s umbrella group of regulators. Her departure comes a few months before the EU starts enforcing its General Data Protection Regulation (GDPR), a sweeping overhaul of privacy rules already being felt around the world. "The big challenge for Europe is getting companies and national governments to comply." Under her leadership, authorities pushed back repeatedly against Silicon Valley firms whose business models were based on trading in personal data. Politico, Laurens Cerulus
  • Jan.31.2018: Europe’s new data protection rules export privacy standards worldwide. Europe wants to conquer the world all over again. It’s an EU legal juggernaut aimed at imposing ever tougher privacy rules on governments and companies from San Francisco to Seoul. When the region’s regulators roll out the changes — known as the General Data Protection Regulation, or GDPR — on May 25, it will represent the biggest overhaul of the world’s privacy rules in more than 20 years. The new regulations offer EU citizens sweeping new powers over how their data can be collected, used and stored, presenting global leaders outside the 28-country block with a stark choice: bring their domestic laws in line with the EU’s new rules, or risk being shut out of a market of 500 million well-heeled consumers. Politico, Mark Sott, Laurens Cerulus
  • Jan.29.2018: Missing from EU’s new privacy rules: The general public. For data protection rules to have the intended effect, people will need to care about their data. Right now, they don’t. The #General Data Protection Regulation (GDPR) gives EU citizens a stable of new powers, including the ability to stop companies from collecting their online data, taking their personal information with them when they sign up for a rival’s digital service or being informed within three days if their accounts have been hacked. But if the new standards are to have the effect that their drafters intended, people will need to start to care about their data. And right now, they don’t. Politico, Mark Scott
  • Jan.26.2018: Europe's GDPR Meets WHOIS Privacy: Which Way Forward? Europe's General Data Protection Regulation (GDPR) will come into effect in May.2018, and with it, a new set of tough penalties for companies that fail to adequately protect the personal data of European users. Amongst those affected are domain name registries and registrars, who are required by ICANN, the global domain name authority, to list the personal information of domain name registrants in publicly-accessible WHOIS directories. Electronic Frontier Foundation (EFF), '
  • WHOIS Data and Accuracy
  • Jan.17.2018: UK govt slammed for NHS data-sharing deal with Home Office. Flouts doctors' guidelines, doesn't properly balance public interests, MPs told. The UK health service's NHS Digital has been accused of operating to a "lower standard of confidentiality" than rest of NHS, in a heated hearing about a deal that requires patient info to be handed over for immigration enforcement. The Register, '

Data Protection Bill

  • Apr.25.2018: Freedom of the Press The UK is among the worst-ranked western nations for press freedom. Today the World Press Freedom Index 2018 placed the UK 40th among 180 countries, just ahead of Trinidad & Tobago and Burkina Faso. Britain is the nation that helped to create press freedom. That legacy is being betrayed. Journalists have been hauled before criminal courts on flimsy charges, only to be acquitted. A state-approved regulator has been established, which the majority of the British press refused on principle to join. And parliament is now considering turning the screws on journalists further. The Data Protection Bill is passing through parliament. Lords and MPs are threatening to re-table amendments that would lead to the demise of our free press. The amendments could kick-start another state-backed press inquiry, and may end journalists’ exemption from data-protection rules, which is crucial for protecting their sources. Financial penalties would be imposed unless they signed up to a state-approved press regulator. Put simply, these peers and parliamentarians want to muzzle our maverick press because it holds them, and other public bodies, to account. Signed: Jodie Ginsberg, ceo, Index on Censorship; Lionel Shriver, author and columnist; Rebecca Vincent, UK bureau director, Reporters Without Borders; Cheryll Simpson, UK bureau chief, Vice News; Christian May, editor, CityAM; John Spencer, trustee, CPU Media Trust; Ian Murray, executive director, Society of Editors; Lynne Anderson, deputy ceo, News Media Association; Brendan O’Neill, editor, Spiked The Times.
  • Apr.10.2018: UK.gov expected to quit controversial harvesting of pupil nationality data. ...there was a hotly debated exemption (PDF) in the Data Protection Bill – currently making its way through Parliament – that would remove a person's rights as a data subject if satisfying them prejudiced "effective immigration control". "The government freely admits that it will use the immigration exemption in the Data Protection Bill to help the Home Office access yet more school records for immigration enforcement. Until undocumented people are able to access vital frontline services without fear of being shopped to the Home Office, there will still be children in the UK robbed of their right to an education and worse." Activists are lobbying against the deal that allows NHS Digital to share non-clinical information on patients with the Home Office for immigration enforcement.Laim Byrne spoke against provisions in Amentment 156. See Mar.13.2018 [Public Bill Committee] debate, page 60. Rebecca Hill, The Register.
  • Mar.05.2018: Home Office warned over plans to block immigration data access for EU citizens. Plans to deny millions of people the right to access immigration data held on them by the Home Office] are illegal and will be challenged in court, the govt (Amber Rudd) has been told. the3million, a grassroots organisation representing EU citizens living in the UK, and the Open Rights Group (ORG), which campaigns on privacy rights and free speech online – argue that the clause in the bill breaches the govt's obligations under the EU’s General Data Protection Regulation (GDPR). The ORG said: "This is an attempt to disguise the Home Office's mistakes by making sure that their errors are never found. When people are wrongly told to leave, they would find it very hard to challenge. Data protection is a basic safeguard to make sure you can find out what organisations know about you, and why they make decisions. Sometimes, during criminal investigations, that isn’t appropriate, but immigrants aren’t criminals, nor should they be treated as such". Labour MEP Claude Moraes, who chairs the European Parliament's civil liberties, justice and home affairs committee, is opposing the bill. The Guardian, Owen Bowcott See also update The Guardian, and UK.gov told: Scrap immigration exemption from Data Protection Bill or we'll see you in court.
  • Feb.19.2018: The Tories claim the data protection bill will make us safer. That’s not true. There are two main failings in the data protection bill that’s working its way through parliament. The first is that, with the increasingly sophisticated techniques available to programmers, state agencies can use technology that automatically adjudicates on the rights of the individual. The other concern is that immigration status is currently exempt in the bill from any of these data protections. This could have widespread implications, and not only for migrants. The Guardian, Diane Abbott
  • Jan.09.2018: Data protection bill amended to protect security researchers. Exemption added after researchers said efforts to demonstrate inadequate anonymisation could fall foul of law. The Guardian, Alex Hern
  • Oct.30.2017: Algorithms, Henry VIII powers, dodgy 1-man-firms: Reg strokes claw over Data Protection Bill. The bill, introduced last month, aims to put the EU General Data Protection Regulation into UK legislation. since its introduction, a more significant cause for concern has been spotted in the bill text that has caused an outcry from privacy and civil liberty campaigners, including MedConfidential. This is a broad exemption that would remove a person's rights as a data subject – their ability to access information or ask how it is being used – if satisfying them would prejudice "effective immigration control", but this is not specifically defined. This is concerning because it isn't clear what the government wants to use this exemption for. As Liberty said, the clause could "strip migrants of the right to have their personal information processed lawfully, fairly and transparently when it is being processed for immigration control purposes, regardless of their immigration status". Data protection expert Chris Pounder noted that the clause could prevent asylum seekers gaining the information they need to appeal a Home Office decision on whether they have the right to remain - 13% of such appeals are successful. Given the existing exemptions available to the government, he said there is a "distinct possibility" that the powers granted here could "become an administrative device to disadvantage data subjects using the immigration appeals process". Meanwhile, the government is once again being accused of giving itself too much future power, with Henry VIII and delegated powers that effectively allow it to amend the primary legislation without asking parliament. When it comes to the amendments, the most damaging is broadly agreed to be the one that says "this Act does not apply to any organisation employing 5 employees or fewer", tabled by Lord Arbuthnot and Baroness Neville-Rolfe – a former digital minister who should almost certainly know better. NADPO - the National Association of Data Protection and FOI Officers - added that such an exclusion would be "open to abuse by miscreant companies that structure themselves so as to avoid being subject to the Act". There’s also an amendment that would change the status of colleges, schools and universities, meaning they weren’t classed as public authorities. The effect? That they wouldn’t be required to appoint a data protection officer and would probably be able to process data based on their legitimate interests, which they can’t do at the moment. Rebecca Hill, The Register.

Liberty Campaign: "Defend our Data Protection Rights". Buried in the draft law are a few words that could strip millions of us of our rights. It includes an ‘immigration exemption’ giving the govt the power to remove data protection rights from anyone whose details are processed for “effective immigration control”. Not only will this create a two-tier data rights regime giving migrants fewer privacy rights than British citizens, but it’s so vaguely drafted it could leave us all worse off.

Investigatory Powers Act 2016

See main article: Investigatory Powers Act 2016

Digital Economy Act 2017

  • https://en.wikipedia.org/wiki/Digital_Economy_Act_2017
  • Nov.30.2016: The Digital Economy bill had its third reading in the Commons on Monday night. Labour's Kevin Brennan was not happy at the lateness of the "stealth amendment" that will force UK ISPs to block porn sites that fail to provide age checks. H said: "We think there's a lot more scrutiny that will be required when there's more time available in the other place (the Lords, again)". But what caught my eye was John Whittingdale warning the move was "a dangerous road to go down". "I personally was not persuaded about the necessity of introducing ISP blocking. It does represent a considerable infringement of civil liberties of individuals who are wanting to access material..." He said much porn was "legal content". "Like it or not, the sites we are discussing are visited by millions and millions of people every day." HuffPost News, The Waugh Zone


The Right To Be Forgotten

  • Apr.13.2-18: Google loses landmark 'right to be forgotten' case. NT1, the claimant who lost, was convicted of conspiracy to account falsely in the late 1990s. NT1 was jailed for four years. The judge said NT1 continued to mislead the public. The judge was scathing about the claimant’s position since leaving prison. “He has not accepted his guilt, has misled the public and this court, and shows no remorse over any of these matters,” he said. “He remains in business, and the information serves the purpose of minimising the risk that he will continue to mislead, as he has in the past." Hugh Tomlinson QC, chairman of the press regulation campaign group Hacked Off, told the court the businessman was not a public figure and now made a living from commercial lending and funding a property developer. But Antony White QC, representing Google, said the business malpractice that gave rise to NT1’s conviction was “serious and sustained”. NT1’s conviction was now spent, Tomlinson continued, and the law was designed to allow for the rehabilitation of offenders so they could go on to lead normal lives. Granting an appeal in the case of NT1, the judge added: “It is quite likely that there will be more claims of this kind, and the fact that NT2 has succeeded is likely to reinforce that."
    NT2, the claimant who won, known as NT2, was convicted more than 10 years ago of conspiracy to intercept communications. NT2 was jailed for six months. Rhe judge said NT2 had shown remorse. NT2’s conviction did not concern actions taken by him in relation to “consumers, customers or investors”, but rather in relation to the invasion of privacy of third parties. NT2, in a separate hearing, also argued that his conviction was legally spent and he therefore had a right to be forgotten. Google resisted taking down search results linking to articles including reports on his financial affairs, his conviction and interviews given by him several years later containing his account of the circumstances surrounding his conviction. Jamie Grierson, Ben Quinn, The Guardian.
  • Mar.12.2018: 'Right to be forgotten': high court hears second Google case. A second businessman, known as NT2, who wants links to articles about his criminal past removed from search engine results has launched a high court fight. He was convicted more than 10 years ago of conspiracy to intercept communications. NT2 argues his conviction is legally spent and he has a right to be forgotten. Google disagrees and is resisting his request to take down the links to website articles, including several published by national newspapers and media. The articles included reports on the claimant’s financial affairs, his conviction and interviews given by the claimant several years later containing his account of the circumstances surrounding his conviction. Jamie Grierson, The Guardian.
  • Feb.27.2018: 'Right to be forgotten' claimant wants to rewrite history, says Google. A businessman who has launched a legal bid to erase online articles about his criminal conviction in the first "right to be forgotten" case in the English courts should not be allowed to rewrite history, lawyers for Google have said. The claimant, referred to only as NT1 for legal reasons, was convicted of conspiracy to account falsely in the late 1990s and wants the search engine to remove results that mention his case, including web pages published by a national newspaper. Representing NT1, Hugh Tomlinson QC, chairman of the press regulation campaign Hacked Off, told the high court that the presence of the articles caused "distress and upset". In 2014, the European Union’s court of justice ruled that "irrelevant" and outdated data should be erased on request. Since then, Google has received requests to remove at least 2.4m links from search results. Search engines can reject applications if they believe the public interest in accessing the information outweighs a right to privacy. Jamie Grierson, The Guardian.
  • Businessman sues Google to have his crime forgotten. The High Court case will be monitored by convicted criminals and others who want embarrassing stories erased from the web. Google said: "We work hard to comply with the right to be forgotten, but we take great care not to remove search results that are clearly in the public interest and will defend the public’s right to access lawful information". Matthew Moore, The Times.
  • The Fall of Lord Hardship. It would be tempting to see the story of Nazmul Virani as a simple if devastating one of Asian businessman makes good, Asian businessman turns crook. Last week at the Old Bailey he was jailed for two-and-a-half years for his part in the BCCI banking fraud. Yet to see Virani in such simplistic terms would be wrong. Just as his rise from penniless Ugandan refugee to symbol of Asian business success was too easily seen as representative of the Asian business miracle, so his fall could be easily pictured as pervasive Asian corruption. More useful is to see the Virani story as an illustration of a profound cultural divide that separates the British from the Asian. Virani's story illustrates how difficult it is for Asian businessmen to grasp the big difference between being a trader and an executive running a public company. The inheritance of Virani and businessmen like him is essentially that of buying and selling, where crossing the line between sharp practice and corrupt practice is no big deal. For them, the moral of Virani's story is that such a 19th-century attitude is incompatible with any properly run modern British business. Mihir Bose, The Independent.
  • Virani convicted over role at BCCI: Former Control Securities chief faces jail sentence for part in bank's activities. Nazmudin Virani was yesterday found guilty at the Old Bailey of helping the Bank of Credit & Commerce International (BCCI) to deceive its auditors over its disastrous finances. The charges brought by the Serious Fraud Office went to the heart of the British part of BCCI's fraudulent banking empire. Yesterday, Virani was convicted of six charges of providing false information to Price Waterhouse (PW), BCCI's auditor. He was convicted of one false accounting charge but cleared of conspiring to defraud BCCI and a count of theft. The court found that Virani signed a series of falsified documents stating that his own private companies owed a number of debts to BCCI between 1987–1990. These 'loans' were treated by the bank's auditor PW as assets; it affected the approach they took in assessing BCCI's true financial position. The device was a means of fooling the auditor and inflating the bank's profits. Virani's help enabled BCCI to deceive the Bank of England into renewing its banking licence, the court heard. In return, the prosecution alleged, Virani was granted huge loans by BCCI and given cash payments. David Steel, former Liberal leader, gave Virani a character reference in court. Virani is the third figure to be convicted in the UK in relation to the BCCI saga. In September 1993, Syed Akbar, former head of BCCI's treasury division, was jailed for six year after he admitted 16 charges of false accounting involving pounds 507.5m. In February 1994, Mohammed Abdul Baqi, a former oil company managing director, was fined pounds 120,000 plus pounds 50,000 costs for helping BCCI to exaggerate its profits and deceive the bank's auditors. (saved as "Virani-BCCI.pdf) John Willcock, The Independent.

Data Breaches

Smart Devices

  • Apr.20.2018: How to outsmart your smart home. Could your fridge be spying on you? And should you worry about Alexa listening to your conversations? We have an increasing number of devices that are susceptible to hackers. The average home has almost nine internet-connected devices; in the next 20 years that is likely to rise to 15 to 20. A smart home is one where your phone does more of the work. “Hackers are looking for vulnerabilities in people’s routers at home, and most of us have out-of-date software for our firewall,” Skilton says. He advises making sure that your router has the right software and security equipment; this is best installed by your internet provider, which can access your computer remotely (therein lies the problem) or send out an engineer. Without a secure router, hackers can shut down your internet supply or use it for spying. The next thing is to make sure that your technology has the correct security software installed. Make sure your passwords are hard to guess. A determined hacker can connect to your power circuit box remotely and can tell from the electricity usage whether you are in the house, says Skilton. Similarly, smart heating devices can be used to profile behaviour. “If someone hacked my Nest heating system they could look at my history and see I’m not usually at home during the day,” he says. Jessie Hewitson, The Times.

Connected Toys

  • Jun.06.2018: IoT CloudPets in the doghouse after damning security audit: Now Amazon bans sales. Amazon on Tuesday stopped selling CloudPets, a network-connected family of toys, in response to security and privacy concerns sounded by browser maker and internet community advocate Mozilla. The move follows similar actions taken by Walmart and Target last week. And other sellers of the toy are said to be considering similar action. A Mozilla spokesperson confirmed that browser-and-openness biz had shared CloudPets' vulnerabilities with Amazon. It also shared its findings with the Electronic Frontier Foundation which, along with other advocacy groups, planned to publish a letter on June 5 urging retailers to ditch the toys. Spiral Toys, the maker of CloudPets, did not immediately respond to inquiries. CloudPets and Spiral Toys have had issues in the past. Last year computer security researcher Paul Stone demonstrated how a CloudPet could be hacked to capture audio. That same year, the toy maker was found to be running an unsecured MongoDB database, from which hackers obtained at least 500,000 customer records. What's more, the toy has no firmware protection, which could allow an attacker with device access to create custom firmware. And CloudPets voice recordings are stored in a publicly accessible Amazon S3 bucket. Similar flaws have been identified in other connected toys, like Genesis Toys' Cayla doll and Mattel's Hello Barbie doll. To date, toy makers appear to have done little to repair their reputations. Just last month, researchers from Princeton University reported finding a handful of undisclosed vulnerabilities in connected toys that violated both the Children’s Online Privacy Protection Rule (COPPA) and the toys' stated privacy policies. Thomas Claburn, The Register.

Articles

  • Jun.04.2018: Shutting down ePrivacy: lobby bandwagon targets Council. Industry lobbyists who want to continue monetising users’ online data are battling against new ePrivacy regulations, targeting EU member states in the Council. And some member state governments are only too happy to help. Corporate Europe Observatory.
  • May19.2018: 'I felt exposed online': how to disappear from the internet. For most of us, the quality and convenience of what we receive in exchange for our secrets is enough that we willingly surrender. But now an increasing number of people are more closely counting the cost – to the point of trying to reclaim our right to be unknown. Disappearing via disinformation. "Reputation washing" has become big business - eg. Reputation Defender. Managing director Tony McChrystal began working in online privacy and reputation management before there was a name for the industry. In 2008, when he joined the company, then known as Reputation 24/7, as one of its first employees, it had just five clients. Today, the company is one of the largest in its field; McChrystal claims that the UK office receives 70 inquiries a day, mostly from individuals who want to become unknown on the internet. To date, the company has served more than a million clients worldwide, and last month it was bought by the Washington-based Stagwell Group for an undisclosed sum. In the early years, McChrystal’s clients were typically celebrities, footballers and CEOs: people who wanted specific pieces of professionally damaging information about them – an affair, a failed business deal – pushed down the search engine rankings. In recent years, however, he says that the company mainly works with the kind of “regular” people who might pay for their credit file report every month, and who want a similar reputation or privacy report. For around £600 a year, the company will give you a list of what personal or sensitive information is publicly available. “A lot of the time, they’re scared of identity theft, fraud or even – if their current address is out there – scared of their own personal safety.” In the past two years McChrystal has seen a marked increase in approaches from individuals who are not in danger or want a piece of damaging information covered up, but who simply want to reclaim their anonymity. In recent weeks, a grassroots movement has formed around the slogan Delete Facebook. The process of deleting one’s Facebook account is deliberately arcane. ... Simon Parkin, The Guardian.
  • Mar.31.2018: Facebook: Big Brothers of tech watch every stroke on your keyboard. Anger at Facebook’s failure to protect millions of users whose data was obtained by Cambridge Analytica has prompted many people to check for the first time what information tech companies hold on them. Many users have been surprised at the sheer volume of information retained. A series of posts on Twitter by Dylan Curran, a consultant, highlighted this week the “preposterous” scale of surveillance after he found that Google and Facebook stored 6.1GB of data — equivalent to more than 300,000 Word documents — tracking his daily life. The Times asked two regular users of Google and Facebook to download their own data to see what the companies stored on them. Mark Bridge, The Times.
  • Mar.29.2018: Are you ready? Here's all the data Facebook and Google have on you. The harvesting of our personal details goes far beyond what many of us could imagine. So I braced myself and had a look. Google knows where you’ve been. Google knows everything you’ve ever searched – and deleted. Google has an advertisement profile of you. Google knows all the apps you use. Google has all of your YouTube history. The data Google has on you can fill millions of Word documents. Facebook has reams and reams of data on you, too. Facebook stores everything from your stickers to your login location. They can access your webcam and microphone. Here are some of the different ways Google gets your data. Google knows which events you attended, and when. And Google has information you deleted. Google can know your workout routine. And they have years’ worth of photos. Google has every email you ever sent. And there is more. Dylan Curran, The Guardian.
  • Mar.27.2018: UK website age checks could create Facebook of porn, critics warn. Fears draft rules could threaten users’ privacy by letting one firm collect vast amounts of data. Draft rules for age verification on pornographic websites could put users’ privacy at risk and give the world’s biggest porn publisher a power similar to that of Facebook and Twitter, critics have said. The guidance, which comes after the govt passed a law last year forcing pornography sites to use age checks or face being blocked, states there is no legal requirement for sites to offer visitors a choice of age verification services. MindGeek, the company that controls most of the world’s online traffic for pornography, has introduced its own age verification service, which critics say could allow it to corner the market, allowing it to become the “Facebook of porn” and collect vast amounts of data on users’ porn viewing habits. Damien Gayle, The Guardian.
  • Mar.22.2018: Move swiftly so they stop breaking things! Seven things policy-makers can do about the Cambridge Analytica and Facebook scandal. The ongoing Facebook and Cambridge Analytica scandal is a wake-up call for UK policy-makers who too often encourage and promote digital industries over the protection people’s personal data. The scandal has shown that the public is concerned by companies’ exploitation of their data. The current lack of transparency into how companies are using people’s data is unacceptable and needs to be addressed. Reform should not be limited to the behaviour of individual companies. Consumers are confronted with an entire hidden ecosystem of companies that are harvesting and sharing data. From credit scoring and insurance quotations to targeted political communication, this data is being used for far-reaching purposes. Now is the time to identify the stringent safeguards that are needed to protect our data. Here are a few simple actions politicians must take. We urge you to send these recommendations to your Member of Parliament. Privacy International.
  • Mar.22.2018: The sad thing about the Cambridge Analytica story? It’s not surprising. That Facebook data was harnessed to influence elections shows why I've been calling for data protection reforms since 2012. It did not have to be this way. In 2002 the Labour govt saw the growth of new communications technologies and undertook a comprehensive, forward looking review of the issues they raised. The result was the 2003 Communications Act and a new regulator, OfCom, with the powers to ensure these issues were resolved in the public interest. That regulatory framework was given a 10 year life span – I know because I was Head of Technology at OfCom before entering Parliament. In 2012, the Conservative-LibDem coalition saw the growth of social media and big data and did – absolutely nothing. After ignoring concerns for years, the govt did get round to reviewing the security implications of the IoT but Digital, Culture, Media and Sport Secretary Matt Hancock's answer appears to be "leave it to the market". Similarly, Artificial Intelligence is a growing force in industry and society – but will only further the interest of the few unless regulated. required. Liam Byrne, Shadow Digital Minister, will be holding Matt Hancock to account as the Data Protection Bill is debated next week. In Jan.2017, I called for 2017 to be the year we made crucial changes to the Internet economy. 2018 needs to be the year we get a govt capable of making that happen. Chi Onwurah, MP for Newcastle upon Tyne Central, Shadow Minister for Industrial Strategy, The New Statesman.
  • Mar.15.2018: NHS must stop giving out patients' private details. Until last year it was accepted that non-clinical information given by patients, such as their address, could not be shared with agencies such as the police unless a serious criminal offence was suspected. It should concern us all that it has now emerged there has been widespread sharing of addresses by NHS Digital with the Home Office for immigration cases. Sharing dataa breaches the NHS's code of practice on confidentiality. These transfers of data have continued despite objections by the National Data Guardian, the General Medical Council and Public Health England ... What will be shared next and who will be affected? It would be a short step for NHS Digital to start complying with requests to check whether benefit claimants are cohabiting, for example. The Times, Sarah Wollaston
  • How can I find out if my details have been compromised? You can check whether your email has been leaked through haveibeenpwned.com, which monitors security breaches and password leaks. It was set up by Troy Hunt, an Australian web security expert, and is used by the UK's National Cybersecurity Centre. After entering your email address, the website will show you the list of services that you use that have been hacked; it then checks your email against the password databases of these services to show how you have been exposed.
  • Mar.20.2018: Aerostats, Biometrics, Chips, and Drones: UK Gathers Surveillance Industry to Solve Brexit Border Question. The annual showcase conference of 'Security and Policing' last week is closed to the media and the public. Here we take a look at what some of the possible so-called "solutions" to the Irish Border problem might be. Automatic Number Plate Recognition (ANPR), Radiofrequency Identification (RFID), Visual surveillance, Biometrics, Perimeter detection, Cell Site Analysis & IMSI Catchers, Mass Surveillance. Privacy International, '
  • Mar.10.2018: All your personal data for sale: only £5. Fraudsters are stealing Netflix and other login details to sell on the dark web. "Your entire personal identity can be bought for significantly less than the price of a new iPhone," says Simon Migliano, the head of research at top10vpn.com, a service that compares virtual private networks, which are used to browse the web with greater privacy and anonymity. The comparison service found that bidders on the Dark Web — hidden sites that are often used by criminals for illegal activity — can obtain a Paypal login for £280, access to online Amazon and Tesco accounts for little more than £5, and Deliveroo details for £3.74. What is the dark web? The “dark web” refers to websites that can only be accessed using special software. Many of the sites are accessed through Tor (The Onion Router), an encrypted network that masks the identity of who is browsing and what they’re looking for. The Times, Anna Temkin
  • Mar.04.2018: What price privacy when Apple gets into bed with China? Apple’s much-vaunted principles melt away under China's cybersecurity law, which allows the state to access your data. In the end, maximising shareholder value is all that counts. So if you're an Apple user in China, you have a simple choice: junk your i-Device, or accept that your autocratic rulers can access your data at their convenience. The Guardian, John Naughton
  • Feb.09.2018: Google patents creepy Big Brother-style system that uses cameras and sensors to watch your kids and tell them off when they've been misbehaving. Smart homes of the future could monitor naughtier members of the household. They could use cameras, microphones, motion sensors and thermal imaging. They would send a message to the parents and give children a verbal warning. The system could use this real-time information to decide when to discipline. In another patent Google described a device that would give advice to parents. Daily Mail Online, Phoebe Weston
  • Jan.27.2018: Private Internet Access Celebrates Data Privacy Day 2018. Today is Data Privacy Day, an initiative that seeks to raise awareness of the importance of respecting privacy, safeguarding data and enabling trust. It also brings privacy professionals together globally to celebrate the first international treaty on the protection of personal data, Convention 108, which was adopted on 28 January 1981. Privacy News Online, Christel Dahlskjaer
  • Jan.25.2018: Your Faceprint Tomorrow. The selling of facial recognition technology—and the staggering consequences. For years, Facial recognition technology has been one of the great bogeymen for civil liberties advocates. The ability to be recognized and tracked across public spaces represents an epochal shift in the nature of privacy, something akin to being fingerprinted everywhere one goes. Your faceprint is a singular piece of data, a unique user name and password combination that follows you through the world. That's a problem if, say, a biometric database gets hacked; the Indian govt's biometric database, which contains information like retina scans on 1.19bn people, has been hacked repeatedly, with ID information selling on WhatsApp for $5 to $10. You can change a hacked password, but not a face. It's time to ask who benefits. The Baffler, Jacob Silverman
  • 2016.05: Did Facebook censor conservative news?
  • Jan.08.2010: How Google collects data about you and the Internet. Google’s information-gathering channels. Google’s unstoppable data collection machine. Why does Google do this?. It’s not just Google. Accessing Google’s data vault. No free lunch. Pingdom.