Hot on the heels of California passing their California Consumer Protection Act (CCPA) which is actually a consumer data protection law, and on the slightly more distant heels of the passage and enactment of the General Data Protection Regulation (GDPR), Colorado has both passed and enacted the Colorado Consumer Data Protection Act (CCDPA).

If your child, or someone you know, received a My Friend Cayla doll, a Furby Connect doll, a Q50 children’s smartwatch, or a Sphero BB-8 droid (or quite likely one of a number of other toys or devices aimed at children, and that connect to the Internet via Bluetooth), that device – and thus the child who plays with it or uses it – is at risk of being hacked, personal data stolen, and even a hacker talking to the child, all because of unsecure Bluetooth connections.

I was recently interviewed, in my capacity as an Internet law and policy attorney, and head of the Institute for Social Internet Public Policy, for an article sponsored by RSA about the impact that GDPR (the EU’s General Data Protection Rules), which goes into effect in the European Union in May 2018, is going to impact, well, everything. And, in particular, about how it will impact U.S. based businesses, because, trust me, it will.

We here at the Internet Patrol are thrilled to have been voted a “top security blog” by Credit Donkey, which, while focusing primarily on making personal finance “donkey-proof” (by which they mean fun and easy to understand), also covers the online security sector.

Last week several “news” sites reported that Samsung Smart Televisions were always listening and sharing everything you say with a third-party. As recently as this morning, other services were repeating this allegation. This is because Samsung’s Smart TV privacy policy included, at the time, this statement: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

Peter Deacon had been a Pandora user for years, using Pandora’s free service. Then Pandora shared his private information, including his full name, his music preferences, and what he listened to, both on Facebook, and for anyone searching the Internet, Not cool, he thought, and sued for breach of privacy. But the Michigan high court ruled last week that because he doesn’t pay for the Pandora account, he is not a ‘customer’, and so not entitled to privacy protection.

In a stunning decision, a Federal court has held that a user has no expectation of privacy for their personal computer if they have connected that computer to the Internet. While the case and holding is fairly complex, this part of the holding boils down to this: in this day and age we know that computers that are connected to the Internet can be hacked, and knowing this, we are not entitled to an expectation of privacy on our personal computers.

If you are trying to share something from a website by posting it to your Facebook timeline through that site’s Facebook Like, Share, or Recommend button, and you can’t figure out how to change the privacy setting for that share from ‘Only Me’ to ‘Friends’ or ‘Public’, here’s how to do it. After all, if you’re sharing it, you probably want others to see it!

You know that old adage, that something is only as strong as its weakest link? Well, private Facebook groups are only as private as the admins keep them. Which means that all it takes is for one admin to accidentally (or intentionally) make the group public for a period of time, during which people who aren’t members of the closed Facebook group can see both the members, and what they posted. So how safe is it to rely on the private, closed status of a Facebook group? Not very, it turns out.

Today Google rolled out a new feature for their Google Adwords advertisers (the businesses you see advertising in the “Ads by Google”): “give us the email addresses on your mailing list and we’ll target ads to them.” Google calls this “Customer Match”. We call it “email privacy fiasco”. Here’s why.

As we mentioned in our “what’s new in iOS 9” article, the “improvements” that Apple added to Siri in iOS 9 may be a privacy nightmare (even more than previously).

Few people aren’t aware of at least one of the Hillary Clinton, Sony Pictures, or American Egg Board email scandals. But what should we learn from them, and has anybody actually learned from them?

There is another rash of the Facebook privacy notice disclaimer hoax going around Facebook. This is the disclaimer where the Facebook user takes a stand and says that Facebook cannot use their content. Bullpuckey, of course they can use your content – you agreed to that when you signed up for a Facebook account.

A Federal court has denied Facebook’s motion to dismiss a class action lawsuit, brought on behalf of users whose privacy Facebook breached when it scanned the content of their private Facebook messages to other users, for advertising purposes.

Some are calling it Ubergate. Still others call it the reason they will no longer use the Uber service (fortunately there are alternatives to Uber, like Lyft in the U.S., and Hailo in the UK and Ireland). First there was Uber’s ‘Rides of Glory’ (i.e. rides of shame), then came the alleged threat of an “opposition research plan” against journalists to spend $1 million to dig up information on “your personal lives, your families.” And thus #Ubergate was born.