Microsoft and Yahoo are selling political campaigns the ability to target voters online with tailored ads using names, Zip codes and other registration information that users provide when they sign up for free email and other services.
Facebook is inviting its 900 million users to vote on the company’s new privacy policy in an unusual online ballot process that began Friday and runs until June 8.
The Federal Communications Commission is out with a report on location-based services that outlines government and industry efforts to address the privacy issues surrounding those very services.
When Helen and Jay Stassen’s 21-year-old son, Benjamin, committed suicide 19 months ago, he did not leave a note. If it had been 20 years ago, the Stassens might have looked through diaries, letters or other personal items in an attempt to find clues as to why he decided to end his life. These days, however, young people tend not to keep things on paper; instead, their most intimate thoughts are likely to be online – in emails, social media posts and personal blogs.
The UK’s Information Commissioner’s Office (ICO) released a Draft Anonymisation Code of Practice yesterday. The draft is open for consultation until August 23 2012. The document, which considers both legal and technical aspects of anonymisation, “is intended to demonstrate that the effective anonymisation of personal data is possible, desirable and can help society to ensure the availability of rich data resources whilst protecting individuals’ privacy.”
The Code of Practice describes the application of the EU’s Data Protection Directive (DPD), the UK’s Freedom of Information Act (FOIA), and UK’s the Data Protection Act (DPA) to the world of data anonymisation. In doing so, the Code aims to clarify certain principles of data-disclosure in this complicated legal field. For example, the Code explains that if anonymised correctly, the disclosure of previously identifiable data falls outside the scope of the DPA. Further, The Code clarifies some of the circumstances under which data can be anonymised; “it is generally acceptable to anonymise personal data and to disclose it without the data subject’s consent [if certain criteria of anonymisation are met].” Finally, the code provides considerable ‘practical advice’ about various anonymisation techniques.
The code, which does not in itself have the force of law, endeavors to promote the uses of anonymisation and establishes the responsibilities and good practices that “any data controller who is involved in the production or publication of anonymised information” should adopt.
Future of Privacy Forum is currently working to frame the levels of technical de-identification with the legal and policy commitments that may be needed to ensure good data anonymisation practices. For more information about our project please contact Julian Flamant.
WASHINGTON, May 30, 2012 /PRNewswire via COMTEX/ — Insights Being Unveiled Today at Federal Trade Commission Workshop
As mobile technology evolves, solid privacy design is critical to ensure user understanding and build consumer trust. Today, Create with Context, an independent research and design firm, is releasing results of a wide-ranging study on users’ comprehension and expectations of mobile privacy.
This research is the result of an initiative called “Design for Trust,” which is funded in part by AOL, the Future of Privacy Forum, Yahoo!, Verizon and Visa Inc. The initiative aims to develop suggested design guidelines, best practices, and new innovative designs for trust and privacy in the digital world. The research findings are being unveiled today at a Federal Trade Commission workshop on Advertising and Privacy Disclosures in Online and Mobile Media. ( http://www.ftc.gov/opa/2012/05/dotcomdiscl_ma.shtm )
After conducting one-on-one observations with users and implementing technology tests such as eye tracking, Create with Context co-founder and CEO Ilana Westerman discovered key information about consumers and privacy:
Trust is most eroded when consumers feel companies are collecting data that doesn’t make sense for the product or service they provide. Conversely, consumer trust is enhanced when companies collect data that makes sense for the product or service they offer. Good privacy design helps ensure understanding, which grows consumer trust.
Consumers want transparency and have more trust in companies that give it to them. They want to know what is happening, but will not take the time to go to privacy policies to read about it. It has to be clear from just using the service.
Action-oriented tools make users feel like they are in control of their privacy. Tools like radio buttons that attract the eye make users feel like they are taking control of their privacy, leading to increased trust.
The less text consumers have to read in order to understand privacy practices, the more likely consumers are to understand what happens with data. This is particularly true for users of mobile devices.
Privacy is not just about compliance, it is about trust in a brand. As more data is being collected and utilized to bring personalized experiences, brand managers and marketers who design for trust will have healthier brands and reputations.
Based on the research findings, initial design concepts including a trust icon have been developed and are in testing. The design goal is to create greater transparency and control for consumers.
“To innovate we must first understand the context of use,” said Westerman. “What do consumers really care about, what do they know, what do they notice, how do they interact? Based on the context, we have identified foundational design guidelines and best practices that are concrete and actionable. Initial design concepts based on these guidelines tested positively, and by incorporating consumers into the iterative design process we can create trusted experiences.”
Jules Polonetsky, director and co-chair of the Future of Privacy Forum, says, “Companies that wish to use mobile data responsibly will need to understand the usability challenges posed by the mobile ecosystem. By bringing a top design expert into the process, we hope to provide guidance for user design that will advance consumer trust.”
“Yahoo! strongly supports the philosophy of ‘privacy by design,’ or intentionally considering privacy throughout the product lifecycle. This requires high level attention to ensure a consistent, quality approach that enhances a safe and trustworthy digital experience for our hundreds of millions of users,” echoes Leslie Dunlap, Yahoo!’s vice president of Privacy, Policy & Trust.
“Privacy by design is critical to our philosophy of responsible innovation,” said Russell Schrader, Chief Privacy Officer, Visa Inc. “This research will help industry develop useful and creative ways to offer value and privacy choices in the mobile environment.”
To learn more about the initiative and its principles, please visit http://web.archive.org/web/20160310143440/http://createwithcontext.com/insights-digital-trust-and-privacy.php .
SOURCE Create with Context
Copyright (C) 2012 PR Newswire. All rights reserved
As mobile technology evolves, solid privacy design is critical to ensure user understanding and build consumer trust. Today, Create with Context, an independent research and design firm, is releasing results of a wide-ranging study on users’ comprehension and expectations of mobile privacy.
The EU’s 2009 e-Privacy (“Cookie”) Directive is spreading across member states. To date, twenty out of twenty-seven member states have implemented some form of the cookie law. One of the countries currently grappling with cookie law is the UK with its Privacy and Electronic Communication Regulations (PECR), which were amended in 2011 and came into force on May 26 2012. The new cookie law, which combines the ‘consent principle’ from the Data Protection Directive (DPD) with the technical purview of the e-Privacy Directive, forces website operators to obtain “consent in order to store a cookie on a user or subscriber’s device.”
Previously, online actors in the UK were merely required to provide users and subscribers with the ability to opt-out of cookies, without having to provide much information about those cookies. Now, companies will have to provide clear and separate (from the existing privacy policy) information about cookies as well as solicit consent for their use. The new amendments have, however, led to debates about what constitutes “consent” and how to solicit it from online users.
Under PERC, online companies can rely on implied consent. This means that online companies are merely required to provide users with information about the cookies being used on the site, without requiring explicit action. Consent under PERC may diverge from the DPD, which seems to require that consent is communicated by the user, such as ticking a box. To be clear, continued use of a website after a user or subscriber is given information about the cookies used on that site can constitute implied consent. This is closer to an opt-out consent strategy.
Online companies in the UK have been working to implement their new cookie-consent strategies ahead of enforcement by the Information Commissioner’s office (ICO), which officially began this past weekend. While the responsibilities for online companies as set out in PERC have been criticized as being vague, the ICO and other actors have provided significant guidance on the matter. The ICO for example, has released its “Guidance on the Rules on the Use of Cookies and Similar Technologies,” which helps define “consent,” responsibilities that online companies now face, and “practical advice for those trying to comply.”
Despite the push to assist companies in implementing a cookie-consent strategy, many UK companies have found it difficult to contend with the new regulations. Difficulty stems from the legal subjectivity of PERC and technical obstacles, which include the large number of cookies used on most websites and the varying applications of each cookie (some of which are essential for website functionality).
The ICO, which has the ability to impose penalties as high as £500,000, has taken an openly lenient approach to enforcement because of the difficulties that UK companies are facing to ensure compliance. According to Dave Evans, group manager at the ICO, if a company can show that it has “taken some steps already” or that “they’ve got a realistic plan at the end of which they’ll be able to say they’ve achieved compliance” the ICO will not pursue monetary penalties.
It will be interesting to follow how UK companies work to comply with the new cookie law and develop their consent policies and cookie notices over the next few months.
–Julian Flamant
A bill was introduced at the Ohio State house this week that would prevent an employer from asking for access to see private interactions on Facebook and elsewhere online.
Since the advent of the Patriot Act, there has been the long-held assumption that the United States government is afforded much more access to cloud data than other governments.