Suche
Beiträge, die mit Dataprotection getaggt sind
"Without federal legislative action, many US states are taking privacy matters into their own hands.
In 2025, eight new state privacy laws will take effect, making a total of 25 around the country. A number of other states—like Vermont and Massachusetts—are considering passing their own privacy bills next year, and such laws could, in theory, force national legislation, says Woodrow Hartzog, a technology law scholar at Boston University School of Law. “Right now, the statutes are all similar enough that the compliance cost is perhaps expensive but manageable,” he explains. But if one state passed a law that was different enough from the others, a national law could be the only way to resolve the conflict. Additionally, four states—California, Texas, Vermont, and Oregon—already have specific laws regulating data brokers, including the requirement that they register with the state.
Along with new laws, says Justin Brookman, the director of technology policy at Consumer Reports, comes the possibility that “we can put some more teeth on these laws.”
Brookman points to Texas, where some of the most aggressive enforcement action at the state level has taken place under its Republican attorney general, Ken Paxton. Even before the state’s new consumer privacy bill went into effect in July, Paxton announced the creation of a special task force focused on enforcing the state’s privacy laws. He has since targeted a number of data brokers—including National Public Data, which exposed millions of sensitive customer records in a data breach in August, as well as companies that sell to them, like Sirius XM."
https://www.technologyreview.com/2025/01/07/1109301/privacy-protection-data-brokers-personal-information/
#USA #Privacy #DataProtection #DataBrokers #DataBrokerage
In 2025, eight new state privacy laws will take effect, making a total of 25 around the country. A number of other states—like Vermont and Massachusetts—are considering passing their own privacy bills next year, and such laws could, in theory, force national legislation, says Woodrow Hartzog, a technology law scholar at Boston University School of Law. “Right now, the statutes are all similar enough that the compliance cost is perhaps expensive but manageable,” he explains. But if one state passed a law that was different enough from the others, a national law could be the only way to resolve the conflict. Additionally, four states—California, Texas, Vermont, and Oregon—already have specific laws regulating data brokers, including the requirement that they register with the state.
Along with new laws, says Justin Brookman, the director of technology policy at Consumer Reports, comes the possibility that “we can put some more teeth on these laws.”
Brookman points to Texas, where some of the most aggressive enforcement action at the state level has taken place under its Republican attorney general, Ken Paxton. Even before the state’s new consumer privacy bill went into effect in July, Paxton announced the creation of a special task force focused on enforcing the state’s privacy laws. He has since targeted a number of data brokers—including National Public Data, which exposed millions of sensitive customer records in a data breach in August, as well as companies that sell to them, like Sirius XM."
https://www.technologyreview.com/2025/01/07/1109301/privacy-protection-data-brokers-personal-information/
#USA #Privacy #DataProtection #DataBrokers #DataBrokerage
What’s next for our privacy?
The US still has no federal privacy law. But recent enforcement actions against data brokers may offer some new protections for Americans’ personal information.Eileen Guo (MIT Technology Review)
"Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.
The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.
“A location data broker like Gravy Analytics getting hacked is the nightmare scenario all privacy advocates have feared and warned about. The potential harms for individuals is haunting, and if all the bulk location data of Americans ends up being sold on underground markets, this will create countless deanonymization risks and tracking concerns for high risk individuals and organizations,” Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, and who has followed the location data industry closely, told 404 Media. “This may be the first major breach of a bulk location data provider, but it won't be the last.”"
https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
#CyberSecurity #USA #Venntel #DataBreaches #LocationData #Surveillance #Privacy #DataProtection
The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.
“A location data broker like Gravy Analytics getting hacked is the nightmare scenario all privacy advocates have feared and warned about. The potential harms for individuals is haunting, and if all the bulk location data of Americans ends up being sold on underground markets, this will create countless deanonymization risks and tracking concerns for high risk individuals and organizations,” Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, and who has followed the location data industry closely, told 404 Media. “This may be the first major breach of a bulk location data provider, but it won't be the last.”"
https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
#CyberSecurity #USA #Venntel #DataBreaches #LocationData #Surveillance #Privacy #DataProtection
Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data
Gravy Analytics has been one of the most important companies in the location data industry for years, collating smartphone location data from around the world selling some to the U.S. government. Hackers say they stole a mountain of data.Joseph Cox (404 Media)
"A global spy tool exposed the locations of billions of people to anyone willing to pay. A Catholic group bought location data about gay dating app users in an effort to out gay priests. A location data broker sold lists of people who attended political protests.
What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online.
Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of."
https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how
#Privacy #Surveillance #CyberSecurity #AdTargeting #DataProtection #DataBrokers #DataBrokerage #RTB
What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online.
Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of."
https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how
#Privacy #Surveillance #CyberSecurity #AdTargeting #DataProtection #DataBrokers #DataBrokerage #RTB
"In tumultuous times, we believe in being prepared, not scared. Sound digital security practice often involves forming and relying on good habits. Building these reflexes now will help keep you better protected. This is why we’ve distilled advice our trainers have shared with thousands of journalists over the years into the actionable, concrete steps below.
Before you dive in, know that there are many ways to shore up your safety and privacy. It’s OK to take them on slowly but surely, one at a time. If you run into any challenges, remember: the Digital Security Training team at Freedom of the Press Foundation (FPF) is here to help. Reach out here."
https://freedom.press/digisec/blog/journalists-digital-security-checklist/
#USA #PressFreedom #Journalism #CyberSecurity #Privacy #DataProtection
Before you dive in, know that there are many ways to shore up your safety and privacy. It’s OK to take them on slowly but surely, one at a time. If you run into any challenges, remember: the Digital Security Training team at Freedom of the Press Foundation (FPF) is here to help. Reach out here."
https://freedom.press/digisec/blog/journalists-digital-security-checklist/
#USA #PressFreedom #Journalism #CyberSecurity #Privacy #DataProtection
The 2025 journalist’s digital security checklist
Our digital security training team's checklist to help journalists secure their digital life.Freedom of the Press
"Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant.
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the assistant "obtained by Apple and/or were shared with third-parties as a result of an unintended Siri activation" between September 17, 2014, and December 31, 2024.
Eligible individuals can submit claims for up to five Siri devices – iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV – on which they claim to have experienced an accidental Siri activation during a conversation intended to be confidential or private. Class members who submit valid claims can receive $20 per device."
https://thehackernews.com/2025/01/apple-to-pay-siri-users-20-per-device.html
#Apple #Siri #Privacy #USA #DataProtection
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the assistant "obtained by Apple and/or were shared with third-parties as a result of an unintended Siri activation" between September 17, 2014, and December 31, 2024.
Eligible individuals can submit claims for up to five Siri devices – iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV – on which they claim to have experienced an accidental Siri activation during a conversation intended to be confidential or private. Class members who submit valid claims can receive $20 per device."
https://thehackernews.com/2025/01/apple-to-pay-siri-users-20-per-device.html
#Apple #Siri #Privacy #USA #DataProtection
"In the years to come, the federal government and many state governments might engage in surveillance and data gathering as they round up immigrants, punish people for seeking, providing, or assisting abortions, and attack gender-affirming health care. The government might use personal data in its effort to retaliate against those who stand in its way. Such efforts might be assisted by mobs of vigilantes who will use personal data to dox, threaten, embarrass, and harm anyone they don’t like — much like the way many people eagerly assisted totalitarian regimes in finding “undesirables” and rooting out and punishing dissenters.
Our best hope for protection is that legislators in Massachusetts and other states who are concerned about these risks take steps now to upgrade their privacy laws."
https://teachprivacy.com/privacy-in-authoritarian-times/
#Privacy #CyberSecurity #Surveillance #Authoritarianism #DataProtection
Our best hope for protection is that legislators in Massachusetts and other states who are concerned about these risks take steps now to upgrade their privacy laws."
https://teachprivacy.com/privacy-in-authoritarian-times/
#Privacy #CyberSecurity #Surveillance #Authoritarianism #DataProtection
Privacy in Authoritarian Times - TeachPrivacy
I just published an op-ed in the Boston Globe entitled "States can fight authoritarianism by shoring up privacy laws." Boston Globe (Dec. 23, 2024). It'sDaniel Solove (TeachPrivacy)
"Of course, this user never requested that my on-device experiences be "enriched" by phoning home to Cupertino. This choice was made by Apple, silently, without my consent.
From my own perspective, computing privacy is simple: if something happens entirely on my computer, then it's private, whereas if my computer sends data to the manufacturer of the computer, then it's not private, or at least not entirely private. Thus, the only way to guarantee computing privacy is to not send data off the device.
I don't understand most of the technical details of Apple's blog post. I have no way to personally evaluate the soundness of Apple's implementation of Enhanced Visual Search. One thing I do know, however, is that Apple computers are constantly full of privacy and security vulnerabilities, as proved by Apple's own security release notes. You don't even have to hypothesize lies, conspiracies, or malicious intentions on the part of Apple to be suspicious of their privacy claims. A software bug would be sufficient to make users vulnerable, and Apple can't guarantee that their software includes no bugs. (To the contrary, Apple's QA nowadays is atrocious.)
It ought to be up to the individual user to decide their own tolerance for the risk of privacy violations. In this specific case, I have no tolerance for risk, because I simply have no interest in the Enhanced Visual Search feature, even if it happened to work flawlessly. There's no benefit to outweigh the risk. By enabling the "feature" without asking, Apple disrespects users and their preferences. I never wanted my iPhone to phone home to Apple.
Remember this advertisement? "What happens on your iPhone, stays on your iPhone.""
https://lapcatsoftware.com/articles/2024/12/3.html
#Apple #ApplePhotos #Privacy #DataProtection #Encryption #iOS #iPhone
From my own perspective, computing privacy is simple: if something happens entirely on my computer, then it's private, whereas if my computer sends data to the manufacturer of the computer, then it's not private, or at least not entirely private. Thus, the only way to guarantee computing privacy is to not send data off the device.
I don't understand most of the technical details of Apple's blog post. I have no way to personally evaluate the soundness of Apple's implementation of Enhanced Visual Search. One thing I do know, however, is that Apple computers are constantly full of privacy and security vulnerabilities, as proved by Apple's own security release notes. You don't even have to hypothesize lies, conspiracies, or malicious intentions on the part of Apple to be suspicious of their privacy claims. A software bug would be sufficient to make users vulnerable, and Apple can't guarantee that their software includes no bugs. (To the contrary, Apple's QA nowadays is atrocious.)
It ought to be up to the individual user to decide their own tolerance for the risk of privacy violations. In this specific case, I have no tolerance for risk, because I simply have no interest in the Enhanced Visual Search feature, even if it happened to work flawlessly. There's no benefit to outweigh the risk. By enabling the "feature" without asking, Apple disrespects users and their preferences. I never wanted my iPhone to phone home to Apple.
Remember this advertisement? "What happens on your iPhone, stays on your iPhone.""
https://lapcatsoftware.com/articles/2024/12/3.html
#Apple #ApplePhotos #Privacy #DataProtection #Encryption #iOS #iPhone
"This article uses the case study of an insurance product linked to a health and wellbeing program—the Vitality scheme—as a lens to examine the limited regulation of collection and use of non-personal (de-identified/anonymised) information and the impacts it has on individuals, as well as society at large. Vitality is an incentive-based engagement program that mobilises online assessment tools, preventive health screening, and physical activity and wellness tracking through smart fitness technologies and apps. Vitality then uses the data generated through these activities, mainly in an aggregated, non-personal form, to make projections about changes in behaviour and future health outcomes, aiming at reducing risk in the context of health, life, and other insurance products. Non-personal data has been traditionally excluded from the scope of legal protections, and in particular privacy and data regimes, as it is thought not to contain information about specific, identifiable people, and thus its potential to affect individuals in any meaningful way has been understood to be minimal. However, digitalisation and ensuing ubiquitous data collection are proving these traditional assumptions wrong. We show how the response of the legal systems is limited in relation to non-personal information collection and use, and we argue that irrespective of the (possibly) beneficial nature of insurance innovation, the current lack of comprehensive regulation of non-personal data use potentially leads to individual, collective and societal data harms, as the example of the Vitality scheme illustrates."
https://www.sciencedirect.com/science/article/pii/S0267364924001614
#Australia #HealthInsurance #Anonymization #Privacy #DataProtection #GDPR #Insurance
https://www.sciencedirect.com/science/article/pii/S0267364924001614
#Australia #HealthInsurance #Anonymization #Privacy #DataProtection #GDPR #Insurance
"The findings, presented in November in Madrid at the Internet Measurement Conference (IMC 2024) and published in the Proceedings of the 2024 ACM on Internet Measurement Conference, highlight the frequency with which these screenshots are transmitted to the servers of the brands analyzed: Samsung and LG. Specifically, the research showed that Samsung TVs sent this information every minute, while LG devices did so every 15 seconds.
"This gives us an idea of the intensity of the monitoring and shows that smart TV platforms collect large volumes of data on users, regardless of how they consume content, whether through traditional TV viewing or devices connected via HDMI, like laptops or gaming consoles," Callejo emphasizes.
To test the ability of TVs to block ACR tracking, the research team experimented with various privacy settings on smart TVs. The results demonstrated that, while users can voluntarily block the transmission of this data to servers, the default setting is for TVs to perform ACR."
https://techxplore.com/news/2024-12-smart-tvs-viewing-external-screens.html
#TVs #SmartTVs #Surveillance #DataProtection #Privacy
"This gives us an idea of the intensity of the monitoring and shows that smart TV platforms collect large volumes of data on users, regardless of how they consume content, whether through traditional TV viewing or devices connected via HDMI, like laptops or gaming consoles," Callejo emphasizes.
To test the ability of TVs to block ACR tracking, the research team experimented with various privacy settings on smart TVs. The results demonstrated that, while users can voluntarily block the transmission of this data to servers, the default setting is for TVs to perform ACR."
https://techxplore.com/news/2024-12-smart-tvs-viewing-external-screens.html
#TVs #SmartTVs #Surveillance #DataProtection #Privacy
Smart TVs collect viewing data even when used as external screens, according to research
A team from Universidad Carlos III de Madrid (UC3M), in collaboration with University College London (England) and the University of California, Davis (U.S.), has found that smart TVs send viewing data to their servers.Carlos III University of Madrid (Tech Xplore)
"While I once hoped 2017 would be the year of privacy, 2024 closes on a troubling note, a likely decrease in privacy standards across the web. I was surprised by the recent Information Commissioner’s Office post, which criticized Google’s decision to introduce device fingerprinting for advertising purposes from February 2025. According to ICO, this change risks undermining user control and transparency in how personal data is collected and used. Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI.
I can confidently raise this question, having observed and analyzed this area for over 15 years from various perspectives. My background includes experience in web browser security and privacy, including in standardization. I served in the W3C Technical Architecture Group, and have authored scientific papers on privacy, tracking, and fingerprinting, as well as assessments of technologies like Web APIs. This includes the Privacy Sandbox’s Protected Audience API. I was looking forward to the architectural improvements of web privacy. In other words, I am deeply familiar with this context. The media so far have done a great job bringing attention to the issue, but they frame this development as a controversy between Google’s policy change and the UK ICO’s concerns. I believe that the general public and experts alike would benefit from a broader perspective."
https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/
#Google #Surveillance #AdTracking #Privacy #DataProtection
I can confidently raise this question, having observed and analyzed this area for over 15 years from various perspectives. My background includes experience in web browser security and privacy, including in standardization. I served in the W3C Technical Architecture Group, and have authored scientific papers on privacy, tracking, and fingerprinting, as well as assessments of technologies like Web APIs. This includes the Privacy Sandbox’s Protected Audience API. I was looking forward to the architectural improvements of web privacy. In other words, I am deeply familiar with this context. The media so far have done a great job bringing attention to the issue, but they frame this development as a controversy between Google’s policy change and the UK ICO’s concerns. I believe that the general public and experts alike would benefit from a broader perspective."
https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/
#Google #Surveillance #AdTracking #Privacy #DataProtection
"Microsoft’s Recall feature recently made its way back to Windows Insiders after having been pulled from test builds back in June, due to security and privacy concerns. The new version of Recall encrypts the screens it captures and, by default, it has a “Filter sensitive information,” setting enabled, which is supposed to prevent it from recording any app or website that is showing credit card numbers, social security numbers, or other important financial / personal info. In my tests, however, this filter only worked in some situations (on two e-commerce sites), leaving a gaping hole in the protection it promises.
When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as “Capital One Visa” right next to the numbers. Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that. Note that all info in these screenshots is made up, but I also tested with an actual credit card number of mine and the results were the same."
#Microsoft #MicrosoftRecall #DataProtection #Privacy
https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled
When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as “Capital One Visa” right next to the numbers. Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that. Note that all info in these screenshots is made up, but I also tested with an actual credit card number of mine and the results were the same."
#Microsoft #MicrosoftRecall #DataProtection #Privacy
https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled
Microsoft Recall screenshots credit cards and Social Security numbers, even with the "sensitive information" filter enabled
Despite promising to filter personal data out, Recall still captures it.Avram Piltch (Tom's Hardware)
"The UK’s data protection regulator has criticised Google over its decision to allow advertisers to use technology to track users which is harder to control or block.
The Information Commissioner’s Office (ICO) said Google’s decision was “irresponsible” and accused the company of a U-turn, having previously prohibited the use of so-called fingerprinting technology.
Fingerprinting involves collecting pieces of information about a device’s software and hardware which can be combined to uniquely identify a device and its user – and the ICO has warned that this technology is harder to wipe than clearing cookies or site data from a web browser, meaning users could continue to be identified by advertisers."
https://www.independent.co.uk/business/ico-criticises-google-over-irresponsible-advertising-tracking-change-b2667072.html
#UK #ICO #Google #AdTracking #FingerPrinting #DataProtection #Privacy
The Information Commissioner’s Office (ICO) said Google’s decision was “irresponsible” and accused the company of a U-turn, having previously prohibited the use of so-called fingerprinting technology.
Fingerprinting involves collecting pieces of information about a device’s software and hardware which can be combined to uniquely identify a device and its user – and the ICO has warned that this technology is harder to wipe than clearing cookies or site data from a web browser, meaning users could continue to be identified by advertisers."
https://www.independent.co.uk/business/ico-criticises-google-over-irresponsible-advertising-tracking-change-b2667072.html
#UK #ICO #Google #AdTracking #FingerPrinting #DataProtection #Privacy
ICO criticises Google over ‘irresponsible’ advertising tracking change
The UK’s data protection regulator has criticised the tech giant over its decision to allow advertisers to ‘fingerprint’ user devices for tracking.Martyn Landi (The Independent)
UK data regulator criticises Google for ‘irresponsible’ ad tracking change https://www.theguardian.com/technology/2024/dec/19/google-advertisers-digital-fingerprints-ico-uk-data-regulator #Dataprotection #Searchengines #Advertising #Technology #Regulators #Alphabet #Business #Internet #Privacy #Google #UKnews #Media
Quadrant has launched a FREE Dark Web report tool for small and medium-sized businesses! 🛡️ This innovative service provides critical insights into compromised credentials, helping organizations stay ahead of cyber threats. Early detection can prevent costly data breaches! 💼🔍 Check it out here: https://www.techradar.com/pro/This-free-tool-offers-SMBs-critical-insights-into-compromised-credential-found-on-the-dark-web #CyberSecurity #DarkWeb #SMBs #DataProtection
#newz
#newz
This free tool offers SMBs critical insights into compromised credentials found on the dark web
Offers actionable insights to keep SMBs protectedEfosa Udinmwen (TechRadar pro)
Ransomware defenses are at risk! 🛡️ TechRadar highlights how outdated backup tech, limited data encryption, and failed backups are weakening our defenses. It's time to upgrade and secure our data! 💾🔒 Read more here: https://www.techradar.com/pro/Ransomware-defenses-are-being-weakened-by-outdated-backup-technology-limited-backup-data-encryption-and-failed-data-backups #CyberSecurity #DataProtection #Ransomware #newz
Ransomware defenses are being weakened by outdated backup technology, limited backup data encryption, and failed data backups
Immutable storage solutions recommended to boost cybersecurityEfosa Udinmwen (TechRadar pro)
"Donald Trump has threatened to go after a lot of people—journalists, political rivals and undocumented immigrants to name a few—and starting next year, he’ll have the entire national security apparatus at his disposal. What’s the best way to keep your personal information secure from surveillance, not just by the government, but also data brokers, tech companies, and online scammers? Leah talks with WIRED business editor Louise Matsakis and security editor Andrew Couts about what to expect and practical tips for your phone, computer, and life."
https://www.wired.com/story/politics-lab-keeping-your-personal-data-safe/
#USA #Trump #DataProtection #Privacy #Surveillance #PoliceState
https://www.wired.com/story/politics-lab-keeping-your-personal-data-safe/
#USA #Trump #DataProtection #Privacy #Surveillance #PoliceState
"The Federal Trade Commission (FTC) announced sweeping action against some of the most important companies in the location data industry on Tuesday, including those that power surveillance tools used by a wide spread of U.S. law enforcement agencies and demanding they delete data related to certain sensitive areas like health clinics and places of worship.
Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself. Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics.
The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in “limited circumstances” involving national security or law enforcement."
#USA #FTC #LocationData #Venntel #Gravy #DataBrokers #DataBrokerage #DataProtection #Privacy #Surveillance
https://www.404media.co/ftc-bans-location-data-company-that-powers-the-surveillance-ecosystem/
Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself. Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics.
The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in “limited circumstances” involving national security or law enforcement."
#USA #FTC #LocationData #Venntel #Gravy #DataBrokers #DataBrokerage #DataProtection #Privacy #Surveillance
https://www.404media.co/ftc-bans-location-data-company-that-powers-the-surveillance-ecosystem/
FTC Bans Location Data Company That Powers the Surveillance Ecosystem
Venntel is a primary provider of location data to the government or other companies that sell to U.S. agencies. The FTC is banning Venntel from selling data related to health clinics, refugee shelters, and much more.Joseph Cox (404 Media)
"A new lawsuit filed by a current Apple employee accuses the company of spying on its workers via their personal iCloud accounts and non-work devices.
The suit, filed Sunday evening in California state court, alleges Apple employees are required to give up the right to personal privacy, and that the company says it can “engage in physical, video and electronic surveillance of them” even when they are at home and after they stop working for Apple.
Those requirements are part of a long list of Apple employment policies that the suit contends violate California law.
The plaintiff in the case, Amar Bhakta, has worked in advertising technology for Apple since 2020. According to the suit, Apple used its privacy policies to harm his employment prospects. For instance, it forbade Bhakta from participating in public speaking about digital advertising and forced him to remove information from his LinkedIn page about his job at Apple.
“For Apple employees, the Apple ecosystem is not a walled garden. It is a prison yard. A panopticon where employees, both on and off duty, are subject to Apple’s all-seeing eye,” the lawsuit says."
https://www.semafor.com/article/12/02/2024/employee-lawsuit-accuses-apple-of-spying-on-its-workers
#Apple #iCloud #WorkerSurveillance #Privacy #DataProtection
The suit, filed Sunday evening in California state court, alleges Apple employees are required to give up the right to personal privacy, and that the company says it can “engage in physical, video and electronic surveillance of them” even when they are at home and after they stop working for Apple.
Those requirements are part of a long list of Apple employment policies that the suit contends violate California law.
The plaintiff in the case, Amar Bhakta, has worked in advertising technology for Apple since 2020. According to the suit, Apple used its privacy policies to harm his employment prospects. For instance, it forbade Bhakta from participating in public speaking about digital advertising and forced him to remove information from his LinkedIn page about his job at Apple.
“For Apple employees, the Apple ecosystem is not a walled garden. It is a prison yard. A panopticon where employees, both on and off duty, are subject to Apple’s all-seeing eye,” the lawsuit says."
https://www.semafor.com/article/12/02/2024/employee-lawsuit-accuses-apple-of-spying-on-its-workers
#Apple #iCloud #WorkerSurveillance #Privacy #DataProtection
"Workers should have the right to know which of their data is being collected, who it's being shared by, and how it's being used. We all should have that right. That's what the actors' strike was partly motivated by: actors who were being ordered to wear mocap suits to produce data that could be used to produce a digital double of them, "training their replacement," but the replacement was a deepfake.
With a Trump administration on the horizon, the future of the FTC is in doubt. But the coalition for a new privacy law includes many of Trumpland's most powerful blocs – like Jan 6 rioters whose location was swept up by Google and handed over to the FBI. A strong privacy law would protect their Fourth Amendment rights – but also the rights of BLM protesters who experienced this far more often, and with far worse consequences, than the insurrectionists.
The "we do it with an app, so it's not illegal" ruse is wearing thinner by the day. When you have a boss for an app, your real boss gets an accountability sink, a convenient scapegoat that can be blamed for your misery.
The fact that this makes you worse at your job, that it loses your boss money, is no guarantee that you will be spared. Rich people make great marks, and they can remain irrational longer than you can remain solvent. Markets won't solve this one – but worker power can."
https://pluralistic.net/2024/11/26/hawtch-hawtch/#you-treasure-what-you-measure
#Work #WageSlavery #WorkerSurveillance #Bossware #Privacy #AI #DataProtection #FTC #USA
With a Trump administration on the horizon, the future of the FTC is in doubt. But the coalition for a new privacy law includes many of Trumpland's most powerful blocs – like Jan 6 rioters whose location was swept up by Google and handed over to the FBI. A strong privacy law would protect their Fourth Amendment rights – but also the rights of BLM protesters who experienced this far more often, and with far worse consequences, than the insurrectionists.
The "we do it with an app, so it's not illegal" ruse is wearing thinner by the day. When you have a boss for an app, your real boss gets an accountability sink, a convenient scapegoat that can be blamed for your misery.
The fact that this makes you worse at your job, that it loses your boss money, is no guarantee that you will be spared. Rich people make great marks, and they can remain irrational longer than you can remain solvent. Markets won't solve this one – but worker power can."
https://pluralistic.net/2024/11/26/hawtch-hawtch/#you-treasure-what-you-measure
#Work #WageSlavery #WorkerSurveillance #Bossware #Privacy #AI #DataProtection #FTC #USA
"Don’t judge a book by its cover – how a technology is named doesn’t tell you how it is used. This is the case with Data Clean Rooms (“DCRs”), which are not rooms, do not clean data, and have complicated implications for user privacy, despite their squeaky-clean name.
Data Clean Rooms are cloud data processing services that let companies exchange and analyze data, restrained by rules that limit data use. They are typically used when two companies want to exchange limited information about their customers. For example, a newspaper and a grocery store might use a DCR to evaluate the efficacy of an advertisement by identifying grocery sales made to newspaper subscribers. However, a close examination of DCRs yields an evergreen lesson: even if privacy enhancing technologies alone can’t protect privacy and even if they address some privacy risks, they can contribute to others.
In some cases, DCRs can add privacy protections to the handling of consumer data. In others, disclosure of consumer data via DCRs presents the same privacy risks as disclosure through other means like tracking pixels. DCRs, like other technologies that claim to protect privacy, can also be used to obfuscate privacy harms."
https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/11/data-clean-rooms-separating-fact-fiction
#USA #FTC #DataCleanRooms #DCRs #Privacy #DataProtection
Data Clean Rooms are cloud data processing services that let companies exchange and analyze data, restrained by rules that limit data use. They are typically used when two companies want to exchange limited information about their customers. For example, a newspaper and a grocery store might use a DCR to evaluate the efficacy of an advertisement by identifying grocery sales made to newspaper subscribers. However, a close examination of DCRs yields an evergreen lesson: even if privacy enhancing technologies alone can’t protect privacy and even if they address some privacy risks, they can contribute to others.
In some cases, DCRs can add privacy protections to the handling of consumer data. In others, disclosure of consumer data via DCRs presents the same privacy risks as disclosure through other means like tracking pixels. DCRs, like other technologies that claim to protect privacy, can also be used to obfuscate privacy harms."
https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/11/data-clean-rooms-separating-fact-fiction
#USA #FTC #DataCleanRooms #DCRs #Privacy #DataProtection
"Officials inside the Secret Service clashed over whether they needed a warrant to use location data harvested from ordinary apps installed on smartphones, with some arguing that citizens have agreed to be tracked with such data by accepting app terms of service, despite those apps often not saying their data may end up with the authorities, according to hundreds of pages of internal Secret Service emails obtained by 404 Media.
The emails provide deeper insight into the agency’s use of Locate X, a powerful surveillance capability that allows law enforcement officials to follow a phone, and person’s, precise movements over time at the click of a mouse. In 2023, a government oversight body found that the Secret Service, Customs and Border Protection, and Immigration and Customs Enforcement all used their access to such location data illegally. The Secret Service told 404 Media in an email last week it is no longer using the tool."
https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/
#USA #LocationData #Geolocation #Surveillance #Privacy #DataProtection #Intelligence #LocateX
The emails provide deeper insight into the agency’s use of Locate X, a powerful surveillance capability that allows law enforcement officials to follow a phone, and person’s, precise movements over time at the click of a mouse. In 2023, a government oversight body found that the Secret Service, Customs and Border Protection, and Immigration and Customs Enforcement all used their access to such location data illegally. The Secret Service told 404 Media in an email last week it is no longer using the tool."
https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/
#USA #LocationData #Geolocation #Surveillance #Privacy #DataProtection #Intelligence #LocateX
'FYI. A Warrant Isn’t Needed': Secret Service Says You Agreed To Be Tracked With Location Data
The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn't need a warrant.Joseph Cox (404 Media)
"On Monday Amazon confirmed a breach of employee data which was published on a crime-focused forum, according to a statement from Amazon to 404 Media.
The data includes the employees’ name, work contact information, and what location they work at, and has more than 2.8 million lines of data, according to the post on Breach Forums. The post says the source of the data was MOVEit, which is suite of cloud data management tools.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about [a] security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” an Amazon spokesperson told 404 Media in an email."
https://www.404media.co/amazon-confirms-breach-of-employee-data/
#Amazon #DataBreach #DataProtection #Privacy #Hacking #CyberSecurity
The data includes the employees’ name, work contact information, and what location they work at, and has more than 2.8 million lines of data, according to the post on Breach Forums. The post says the source of the data was MOVEit, which is suite of cloud data management tools.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about [a] security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” an Amazon spokesperson told 404 Media in an email."
https://www.404media.co/amazon-confirms-breach-of-employee-data/
#Amazon #DataBreach #DataProtection #Privacy #Hacking #CyberSecurity
Amazon Confirms Breach of Employee Data
The breach includes the employees’ name, work contact information, and what location they work at.Joseph Cox (404 Media)
"The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit “emergency” data requests.
The FBI’s public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone’s life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an “uptick” around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.
“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” reads the FBI’s advisory."
https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/
#USA #CyberSecurity #FBI #Hacking #Privacy #DataProtection #DataBreaches
The FBI’s public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone’s life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an “uptick” around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.
“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” reads the FBI’s advisory."
https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/
#USA #CyberSecurity #FBI #Hacking #Privacy #DataProtection #DataBreaches
FBI says hackers are sending fraudulent police data requests to tech giants to steal people's private information | TechCrunch
The warning is a rare admission from the FBI about the threat from fake emergency data requests submitted by hackers with access to police email accounts.Zack Whittaker (TechCrunch)
Weekly Update 📰
▶️ We published a new article: "The New German #Security Package: #Digital #Surveillance and #DataProtection". More in our #blog: https://www.vioffice.de/blog/sicherheitspaket-digitale-ueberwachung/ 🇬🇧🇩🇪
▶️ ViOffice Cloud for free! Use our full ViOffice #Cloud with up to 3GB storage including all functions (storage, chat, videocall, groupware, taskboard, polls and more) for free. Register at: https://cloud01.vioffice.de/apps/registration/ 🚀
▶️ We published a new article: "The New German #Security Package: #Digital #Surveillance and #DataProtection". More in our #blog: https://www.vioffice.de/blog/sicherheitspaket-digitale-ueberwachung/ 🇬🇧🇩🇪
▶️ ViOffice Cloud for free! Use our full ViOffice #Cloud with up to 3GB storage including all functions (storage, chat, videocall, groupware, taskboard, polls and more) for free. Register at: https://cloud01.vioffice.de/apps/registration/ 🚀
The new German Security Package: Digital Surveillance and Data Protection - ViOffice
The new German security package: far-reaching digital surveillance and possible intrusions into citizens' privacy.Pascal Langer (ViOffice)
From last month - 23andMe settles data breach lawsuit for $30 million
By Jonathan Stempel
https://www.reuters.com/technology/cybersecurity/23andme-settles-data-breach-lawsuit-30-million-2024-09-13/
#biotech #dataprotection #privacy #classaction #settlement
By Jonathan Stempel
https://www.reuters.com/technology/cybersecurity/23andme-settles-data-breach-lawsuit-30-million-2024-09-13/
#biotech #dataprotection #privacy #classaction #settlement
Changes in the UK Data Protection and Digital Information Bill will exacerbate the existing power imbalances that migrants, refugees and asylum seekers have over their data.
This will lead to significant harms and an expansion of the #DigitalHostileEnvironment.
Read our briefing for more ⬇️
#dataprotection #DPDIBill #privacy #migrants #GDPR #ukpolitics
https://www.openrightsgroup.org/publications/briefing-how-the-dpdi-bill-harms-migrants-data-rights/
This will lead to significant harms and an expansion of the #DigitalHostileEnvironment.
Read our briefing for more ⬇️
#dataprotection #DPDIBill #privacy #migrants #GDPR #ukpolitics
https://www.openrightsgroup.org/publications/briefing-how-the-dpdi-bill-harms-migrants-data-rights/
How the Data Grab Bill harms migrants’ data rights
Briefing on the Data Protection and Digital Information Bill If you are a migrant in the UK, asylum seeker, refugee or working on this issue, you should read this carefully.Open Rights Group
‘The Dutch Data Protection Authority (AP) is imposing a fine of €10 million on Uber. The fine is in response to the company's failure to disclose the full details of its retention periods for data concerning European drivers, or to name the non-European countries in which it shares this data. The DPA also found that Uber had obstructed its drivers’ efforts to exercise their right to privacy.’ https://autoriteitpersoonsgegevens.nl/en/current/uber-fined-eu10-million-for-infringement-of-privacy-regulations #uber #law #tech #gdpr #privacy #surveillance #dataprotection
Uber fined €10 million for infringement of privacy regulations
The Dutch Data Protection Authority (AP) is imposing a fine of €10 million on Uber Technologies, Inc. and Uber B.V.Autoriteit Persoonsgegevens
If the government has its way, we'll be vulnerable to our data being used against us and less able to do anything about it.
Here's what's wrong with the #DataGrabBill ⬇️
🦾 Take action: https://action.openrightsgroup.org/hands-off-our-data
#HandsOffOurData #DataGrab #GDPR #DPDI #DPDIBill #dataprotection #privacy #ukpolitics
Here's what's wrong with the #DataGrabBill ⬇️
🦾 Take action: https://action.openrightsgroup.org/hands-off-our-data
#HandsOffOurData #DataGrab #GDPR #DPDI #DPDIBill #dataprotection #privacy #ukpolitics
The outgoing Biometrics Commissioner has warned that regulation is falling behind advances in biometric surveillance.
The #DataGrabBill will gut the controls on the use of facial recognition and Automatic Number Plate Recognition, allowing for intrusive surveillance.
#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition #surveillance
https://www.bbc.co.uk/news/technology-64583997
The #DataGrabBill will gut the controls on the use of facial recognition and Automatic Number Plate Recognition, allowing for intrusive surveillance.
#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition #surveillance
https://www.bbc.co.uk/news/technology-64583997
Watchdog warns rules not keeping up with surveillance tech
The surveillance camera commissioner warns of an "explosion" of devices such as drones and body-worn video.By Chris Vallance (BBC News)
'As part of its bonfire of regulations' the #DataGrabBill will scrap the Biometrics and Surveillance Camera Commissioner in the UK.
The Bill moves the Commissioner's duties to the Information Commissioner's Office and removes the Surveillance Camera Code governing police and local authorities.
#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition
https://techmonitor.ai/policy/privacy-and-data-protection/police-cctv-code-of-conduct
The Bill moves the Commissioner's duties to the Information Commissioner's Office and removes the Surveillance Camera Code governing police and local authorities.
#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition
https://techmonitor.ai/policy/privacy-and-data-protection/police-cctv-code-of-conduct
Police CCTV guidelines set to be scrapped when data laws change
The Surveillance Camera Code of Conduct could be about to disappear, meaning the use of cameras would come under less scrutiny.Ryan Morrison (Tech Monitor)
Facial recognition is expanding in the UK with little oversight, despite privacy risks and biased algorithms.
The #DataGrabBill will only widen the regulatory gap over the use and rampant collection of biometric data for surveillance.
#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition
https://www.openrightsgroup.org/blog/uk-facial-recognition-no-consent-no-oversight/
The #DataGrabBill will only widen the regulatory gap over the use and rampant collection of biometric data for surveillance.
#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition
https://www.openrightsgroup.org/blog/uk-facial-recognition-no-consent-no-oversight/
UK Facial Recognition – No Oversight, No Consent
On 3 February 2023, the Wales cross-party group on digital rights and democracy – for which Open Rights Group serves as the secretariat – held its fourth session on surveillance and facial recognition technology in the UK.Open Rights Group