In 2010 Mark Zuckerberg (in)famously announced that “Privacy was no longer the social norm.” That was when Facebook reset (relaxed) the privacy settings for all of their users. So the Internet sat up and took notice when yesterday Mark Zuckerberg said “I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it.”
It all started with a seemingly innocent Google blog post earlier this month, in which Google announced that their ‘Hey Google’ Google Assistant was ready to go live on Nest Secure Nest Guard home security devices. Then people started having that ‘waaaait a minute…’ moment: this meant that there had to be a microphone in that Nest Guard device.
More than 25million people in the U.S. have installed an Echo, Echo Dot, or Echo Look in their home or office. And still, very few understand that every time you tell Alexa to do something, Amazon is recording, storing, and using your voice commands. Here’s exactly what and how Amazon is recording, storing, and using what you say, and how to delete those recordings.
The Association of National Advertisers (ANA) admitted this week that it had suffered a data breach last August through October (2018), about which it learned last October (2018), but which it only advised those affected this week (the last week of January, 2019). Consider these dates when also considering the fact that just last month (December 2018, two months after ANA knew about the data breach) ANA was pushing back, hard, against legislation regarding more stringent requirements for – wait for it – notification of data breaches.
In the past 24 hours it was revealed, and then admitted by Apple, that a bug in the FaceTime app was allowing FaceTime callers to listen in on the audio of what was going on around the recipient’s device before the recipient picked up the call. And if the recipient pressed the button to reject the call, instead of ending the call it would start broadcasting video from the recipient’s device as well!
Facebook has, perhaps unintentionally, revealed that they are analyzing all of your images, taking note of the content of those images, and using what they find to further their reach.
Facebook has announced that up to 1500 third-party Facebook apps had access to user photos that they were not supposed to be able to access – including unpublished photos. The self-inflicted privacy hole was due to a ‘bug’ in the Facebook photo API which, Facebook says, granted the apps unpermitted access to the photos of as many as 6.8 million Facebook users for 12 days in September of 2018.
Hot on the heels of California passing their California Consumer Protection Act (CCPA) which is actually a consumer data protection law, and on the slightly more distant heels of the passage and enactment of the General Data Protection Regulation (GDPR), Colorado has both passed and enacted the Colorado Consumer Data Protection Act (CCDPA).
Two weeks ago California passed AB 375, now Title 1.81.5 of the California Code, and known as the California Consumer Privacy Act of 2018 (AB stands for Assembly Bill, meaning it was first introduced in the Assembly; SB would mean it had been introduced in the Senate). Also now known as the CCPA, the original sponsors of AB375 were California Assemblyman Edwin Chau, and California Senators Bob Hertzberg and Bill Dodd, Democrats all. The CCP is the California equivalent of GDPR.
In a fairly stunning win for mobile phone privacy, the Supreme Court has ruled that law enforcement agencies must obtain a warrant before they can demand and receive from mobile carriers and mobile providers access to the cell phone location data (known as ‘cell site location information’, or CSLI for short) of a given cellular phone. In the case of Carpenter v. United States, the Supreme Court held that tracking a cell phone is barely different than putting an ankle bracelet on an individual and monitoring their movements, and so overturned related case law that has been around for (up to) decades.
One of the things that Facebook did right was not allowing people to see whether you are logged into Facebook. Unfortunately, they completely undid that when they rolled out Facebook Messenger, and the newest versions of Facebook Messenger turn out to be a stalker’s dream.
GDPR offers a panoply of rights for individuals. Even if you are not a business owner or a corporate officer or manager, by now you have probably heard the term ‘GDPR’, or the phrase ‘General Data Protection Regulation’, which is what ‘GDPR’ stands for. As an individual you may have thought “Whatever the heck GDPR is, it doesn’t affect or apply to me.” But you would be wrong. The good news is that, as an individual, you are the protected entity covered by the ‘Protection’ in General Data Protection Regulation!
I was recently interviewed, in my capacity as an Internet law and policy attorney, and head of the Institute for Social Internet Public Policy, for an article sponsored by RSA about the impact that GDPR (the EU’s General Data Protection Rules), which goes into effect in the European Union in May 2018, is going to impact, well, everything. And, in particular, about how it will impact U.S. based businesses, because, trust me, it will.