fbpx

Download free GDPR compliance checklist!

Tag Archives for " privacy policies "

Disaster apps share personal data in violation of their privacy policies

Madelyn Sanfilippo – professor in the School of Information Sciences at the University of Illinois at Urbana-Champaign – and a team of experts tracked the personal data sent by popular disaster apps and examined whether those practices conformed to their own privacy policies and government regulations.

The research team looked at 15 apps, selected based on their popularity or the fact that they were recommended in news articles or promoted by app markets. Researchers found that many of them ignore their own privacy policies, capture location data as the default setting as soon as the apps are launched and don’t identify all third parties that might receive personal data.

Source: Disaster apps share personal data in violation of their privacy policies

Zoom lied to users about end-to-end encryption for years, FTC says

Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.

The FTC complaint says that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, which were intended for health-care industry users of the video conferencing service. Zoom also claimed it offered end-to-end encryption in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers, the complaint said.

Source: Zoom lied to users about end-to-end encryption for years, FTC says | Ars Technica

14% of Android app privacy policies contain contradictions about data collection

An analysis of 11,430 Play Store apps found that 14.2% used a privacy policy with contradicting statements about user data collection practices.

Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names — which are clearly personally-idenfiable information. Self-contradictions can lead to the identification of deceptive statements, which are enforceable by the FTC and the DPAs (data protection authorities) of the EU.

Source: 14% of Android app privacy policies contain contradictions about data collection | ZDNet

Website privacy options aren’t much of a choice since they’re hard to find and use

Many sites offer the ability to ‘opt out’ of targeted advertisements, but doing so isn’t easy. Simplifying and standardizing opt-outs would help improve privacy on the web.

Privacy policy language is inconsistent and ambiguous. Key terms aren’t standardized across privacy policies on different sites. That makes it difficult for users to scan or search for key words or phrases that might help them understand their options.

Once someone does manage to opt-out, it’s not always clear what will happen. Even when the choices are clear, the pages are not always easy to use.

Full article: Website privacy options aren’t much of a choice since they’re hard to find and use

As Apple stakes out an aggressive pro-privacy stance, Google occupies middle ground

The ad industry has been bracing for more privacy-focused upheaval in the coming months, from lawmakers and data regulators or from privacy-zealous browsers. As Google has put forward alternative plans for a privacy-focused and ad-funded web, it has also been asking the industry for feedback. This is a markedly different approach to Apple’s muscular stance of ultimate user privacy by default.

Google, as a predominantly ad-funded business with a lot more skin in the game, is revealing itself to be much more collaborative with the industry as it’s forming its approach. , Google has been exploring what restricted third-party cookie use in Chrome would look like by releasing industry research on how it would impact publisher revenue, laying out proposals for building a more private web, and using machine learning to manage ad frequency.

Full article: As Apple stakes out an aggressive pro-privacy stance, Google occupies middle ground – Digiday

Data Protection Commission engaging with Revolut as a “matter of urgency”

The Irish Data Protection Commission (DPC) has said that it will be engaging with financial technology company Revolut as “a matter of urgency” over their new privacy policy and cookies policy changes Revolut announced this week.

Revolut’s new privacy policy means that users will have their data shared with social media and analytics companies for marketing purposes and also with credit bureaus, unless they actively opt-out.

Source: Data Protection Commission engaging with Revolut as a “matter of urgency” over privacy changes | JOE is the voice of Irish people at home and abroad

Apple is now presenting its privacy policy as if it were another product

Apple eleased a new privacy page that makes its privacy policy easier to read and understand. The new privacy page looks more like a product page than your standard screen of black and white text.

The new page brings in Apple’s design aesthetic, so it’s not just full of text. Most importantly, the update does make Apple’s privacy policies easier to read or skim. The policies themselves have not changed.

Source: Apple is now presenting its privacy policy as if it were another product | Engadget

Amazon announces privacy updates as its devices expand deeper into the home

Amazon will introduce a new privacy feature for the smart doorbells of its subsidiary Ring called “Home Mode”, which will prevent the doorbell cameras from recording footage when residents are home. Earlier this year, Amazon rolled out “privacy zones” which exclude selected areas in Ring’s field of vision from being recorded or viewed live.

The changes come as Amazon has faced scrutiny for recording customer conversations through Alexa and its public-private partnership with police forces through a smart doorbell company.

Source: Amazon announces privacy updates as its devices expand deeper into the home | Technology | The Guardian

OTA Analysis Finds Most Organizations Not Ready For New Privacy Regulations

The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, announced today the results of its latest report, “Are Organizations Ready for New Privacy Regulations?”.

OTA analyzed 29 variables in 1,200 privacy statements against common themes in three major privacy regulations: the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

Source: OTA Analysis Finds Most Organizations Not Ready For New Privacy Regulations | Internet Society

Terms, Conditions and Considerations Under the GDPR

With the recent major GDPR cases on Facebook and Google, DPOs at smaller companies are getting worried and challenged in ensuring terms and conditions and privacy notices are not mixed up.

With hundreds of policy templates to choose from one of the difficulties is writing a privacy policy that is not so long that no one can read it, nor so short that it doesn’t cover the bases, but striking the right balance between the unreadable and the unworkable is essential.

Full article: Terms, Conditions and Considerations Under the GDPR – CPO Magazine

1 2 3 10
>