Hot on the heels of California passing their California Consumer Protection Act (CCPA) which is actually a consumer data protection law, and on the slightly more distant heels of the passage and enactment of the General Data Protection Regulation (GDPR), Colorado has both passed and enacted the Colorado Consumer Data Protection Act (CCDPA).
Two weeks ago California passed AB 375, now Title 1.81.5 of the California Code, and known as the California Consumer Privacy Act of 2018 (AB stands for Assembly Bill, meaning it was first introduced in the Assembly; SB would mean it had been introduced in the Senate). Also now known as the CCPA, the original sponsors of AB375 were California Assemblyman Edwin Chau, and California Senators Bob Hertzberg and Bill Dodd, Democrats all. The CCP is the California equivalent of GDPR.
In a fairly stunning win for mobile phone privacy, the Supreme Court has ruled that law enforcement agencies must obtain a warrant before they can demand and receive from mobile carriers and mobile providers access to the cell phone location data (known as ‘cell site location information’, or CSLI for short) of a given cellular phone. In the case of Carpenter v. United States, the Supreme Court held that tracking a cell phone is barely different than putting an ankle bracelet on an individual and monitoring their movements, and so overturned related case law that has been around for (up to) decades.
One of the things that Facebook did right was not allowing people to see whether you are logged into Facebook. Unfortunately, they completely undid that when they rolled out Facebook Messenger, and the newest versions of Facebook Messenger turn out to be a stalker’s dream.
GDPR offers a panoply of rights for individuals. Even if you are not a business owner or a corporate officer or manager, by now you have probably heard the term ‘GDPR’, or the phrase ‘General Data Protection Regulation’, which is what ‘GDPR’ stands for. As an individual you may have thought “Whatever the heck GDPR is, it doesn’t affect or apply to me.” But you would be wrong. The good news is that, as an individual, you are the protected entity covered by the ‘Protection’ in General Data Protection Regulation!
I was recently interviewed, in my capacity as an Internet law and policy attorney, and head of the Institute for Social Internet Public Policy, for an article sponsored by RSA about the impact that GDPR (the EU’s General Data Protection Rules), which goes into effect in the European Union in May 2018, is going to impact, well, everything. And, in particular, about how it will impact U.S. based businesses, because, trust me, it will.
Last week we started hearing about the Equifax data breach, although Equifax had actually known about the data breach at least a month earlier. (The full text of the Equifax statement about the cybersecurity data breach is reprinted below.) The most stunning thing about this breach is the breadth of it: the Personally Identifiable Information (PII), including names, social security numbers, and driver’s license numbers of 143 million U.S. citizens were exposed in this breach. Here is what you need to do, right now, to protect yourself.
iRobot, the company behind the Roomba vacuum, along with other cleaning robots, has sold 15 million of those little suckers worldwide. Part of the Roomba’s brilliance is mapping your house in order to be as effective and efficient as possible. However, many people are not aware of this mapping feature, and even those who are may not realize that the mapping data – i.e. the map of their home – is being sent back to iRobot HQ, and stored in the cloud. Nor have they likely realized that iRobot might like to share the map of their home with others. But that is exactly part of iRobot’s business strategy.
Last week several “news” sites reported that Samsung Smart Televisions were always listening and sharing everything you say with a third-party. As recently as this morning, other services were repeating this allegation. This is because Samsung’s Smart TV privacy policy included, at the time, this statement: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”
In our most recent article we wrote about the use of the Internet fingerprint and the proliferation of Internet fingerprinting – the technology through which Internet marketers and others can track you even if you don’t allow Internet cookies. In this article we will tell you about some ways that you can minimize your Internet fingerprint, if not defeat Internet fingerprinting altogether.
Face recognition on Facebook – there has been a lot written about the privacy invasion that is the facial recognition Facebook recently unleashed on its users, which pops up uninvited, urging tagging Facebook photos that you upload, tagging all of the Facebook users that it recognizes in your images. The photo facial recognition software that Facebook has foisted on you allows Facebook face recognition of anybody who has not opted out of it (and let’s face it, few people know how to opt out of it – in fact few people even know that the Facebook recognition photo tagger exists – until they run smack into it).
Now that the Impact Team hackers put the data of all 37 million Ashley Madison users online, you may be wondering how to check to see whether your email address is exposed in that data dump.
A new report by the UK’s top Independent Reviewer of Terrorism Legislation, David Anderson, says that bulk interception and acquisition of Internet and communications data is of ‘vital utility’ to security and intelligence agencies.