Digital Safety Magnifying Glass

Agreeing to the Terms of Internet Data Privacy Laws

Internet Data Privacy Laws for Website Owners

You’re probably tired of having to “Agree to Terms” to check out websites.  Are you confused by the sudden increase of these kinds of popups on websites you’ve been visiting for years? New legislation is the reason for these boxes and notices.

Data privacy and security have become a priority for millions around the world.  Accordingly, people are seeing the value inherent in their personal data.  Because of this, users want greater control over where their data goes and who is handling it.  This concern is not a conflated sense of paranoia, though.  At least 16 high-profile data breaches were announced between January 2017 and April 2018 in the United States alone.  The world is growing ever more connected through exchanged personal data.  Because of this, parliaments and senates worldwide are considering ways to keep their citizens safe.

European Privacy Regulations: GDPR

Rewind to May of this year.  Your email inbox was full of emails from retailers and media agencies communicating their compliance with the EU’s GDPR (General Data Privacy Rule).  “That only applies to Europeans”, you probably thought.  “Why does this matter to me?”  The GDPR organizes and expands upon several prior data laws covering EU residents and companies.  However, the boundaries of enforcement extend to all corners of the globe.  Any firm or service that collects or handles the personal data of EU citizens is obliged to comply with this new standard, regardless of geographic boundary.

First, companies must seek the “freely given consent” before collecting data.  Secondly, it’s crucial to clearly answer the questions of “How”, “Where”,  and “Why” regarding data usage.  With this in mind, it’s essential for companies to assess the ways they store, handle and process data to ensure responsible compliance.  Services can’t follow in the footsteps of Equifax or Yahoo, who waited months to disclose news of massive intrusions.  Specifically, GDPR requires notification following a breach within 72 hours from detection.  Failing to abide these standards could result in massive penalties.  Organizations at fault could even face private lawsuits brought by affected users in courts unsympathetic to risky data practices.

Data Protections – Coming to a State Near You

Let’s shift focus toward more familiar shores.  As of July 2018, ten states are actively pursuing internet privacy regulations.  Eleven further states have enacted or expanded legislation covering the data privacy rights of individuals.  In particular, California stood out from the crowd of privacy movement states when it rolled out the California Consumer Privacy Act of 2018, or CaCPA.  Similar in nature to GDPR, this new standard enters enforcement effective January 1, 2020.

“[The CaCP is]…a step forward, and it should be appreciated as a step forward when it’s been a long time since there were any steps.” – Dr. Aleecia McDonald, Professor of Public Policy and Internet Privacy at Stanford’s Center for Internet and Society, as quoted in The New York Times.

This push for data privacy is likely to move swiftly.  Americans are increasingly appreciating the real-dollar value of their data and demanding companies – retailers, financial establishments and tech firms, especially – take steps to protect sensitive information.  There is even a push to bring the “Internet of Things” under privacy rules.  Such coverage would provide much needed protection against improper access or usage of the conversations you have within range of Alexa or other smart devices.

Your Business Liability

Companies hoping to avoid or ignore the need to revise data management and processing practices may be doing so at great risk.  As a matter of fact, some website hosting companies are already threatening to remove non-compliant websites.  No company is immune from this, either – Google and Facebook are facing $8.8 billion lawsuits for ignoring GDPR legislation.  Experts nationwide anticipate that a wave of similar rules will soon arrive in the United States.  In any case, if your business has a website and you store client information of any sort, you should give your liability and compliance priority.

Making your website GDPR compliant is fairly simple, though.  A phone call or email to your website development company can get the ball rolling down the road of website data compliance, safeguarding your customers and your business.

Awareness and action are essential, but the steps you can take now are simple:

  • Accountability: Have data management systems in place that you monitor closely.
  • Purposes and Limitations: Explain the following to customers: The type of information you are collecting, How you will use it, Who you share personal data with, and How long you store data.
  • Data Minimization: Think of it as rationing – don’t collect more data than you need or can safely store. Create a list of who has data access.
  • Data Accuracy: Keep records as current as possible.  Give users an easy way to request data erasure.
  • Security & Integrity: Privacy-by-design systems limit access to a select number of authorized people. Notify users of which third parties also have access to their data.
  • Storage Limits: Use software to encrypt and anonymize user information. Know where you store user data. Delete or discard data you no longer need or use.
  • Lawful, Fair & Transparent: Provide contact information for users to request the review or removal of their information from your data systems.


Technology news can sometimes seem murky or confusing.  We’d love to talk more if you have questions about digital data privacy laws, or want to know what steps to take to ensure your business and customers are protected.

[stylebox color=”red” icon=”delete” icon_size=”48″]Disclaimer: GDPR is broad in scope and compliance will vary greatly between organizations. This article should not be considered legal advice. This is informational only and aims to help bring you an awareness of GDPR. If you need legal advice after reading this article, please consult an attorney with your specific questions regarding GDPR. [/stylebox]

devices

Is Your Smart Phone Spying on You?

Is your smart phone spying on you? In short, yes. Follow the simple guide below to find out how to protect yourself.

Apple

smart phone spyingFrequent Locations

iPhones track your location data down to the minute.

Who uses this information:

  • Third party advertisement: If you visit a shoe store, you might receive shoe advertisements.
  • Apps: Apps may request permission to access your frequent locations. This may be useful for some things such as viewing local weather or calculating ETAs from your location.

smart phone spyingHow to stop it:

  • Settings > Privacy > Location Services > System Services > Frequent Locations
  • There is a toggle for turning on and off frequent Locations and Improve Maps
smart phone spyingIdentifier for Advertising (IDFA)

This allows developers and marketers to track your activity. They use this data for targeted advertising on apps and web pages.

smart phone spyingHow to stop it:

  • General > About > Advertising
  • There is a toggle to turn on Limit Ad Tracking

Microsoft

smart phone spyingWindows 10

The new updated Windows 10 tracks just about everything you do.

Here is a section of the Windows 10 terms:

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

smart phone spyingHow to stop it:

Many methods are available, with varying effectiveness:

  • InPrivate Mode – Setting you browser to InPrivate mode does not completely cover your tracks
  • Unchecking all tracking pages upon opening – This has been tested (even with a DisableWinTracking tool) and found it still tracked some information.

Google/Android

smart phone spyingVoice Commands

Every voice command you make on your android phone is logged.  These recordings should only be available to you but the idea of possibly having any personal information stored may be unnerving to some. Every Google device records and stores voice commands.

smart phone spyingHow to stop it:

  • Settings > Account > Google > Sign In > Personal Info & privacy > Activity Controls > Voice & Audio Activity
  • There is a toggle to turn this off. You can also delete all saved recordings.

smart phone spyingLocation Tracking

Just Like Apple, Android tracks your location. Google doesn’t limit their tracking to cell phones. They continue tracking you from your desktop computer, if you leave your Google account logged in.

Who uses this information:

  • Third party advertisement: If you visit a shoe store, you might receive shoe advertisements.
  • Apps: Apps may request permission to access your frequent locations. This may be useful for some things such as viewing local weather or calculating ETAs from your location.

smart phone spyingHow to stop it:

  • Settings > Account > Google > Sign In > Personal Info & privacy >Google Location History
  • The you can toggle this off and you can delete location history
smart phone spyingAndroid Advertising ID

Similar to Apple’s Identifier for Advertising, Google takes information from your search activity to use for targeted advertising. You see these within apps downloaded from Google Play.

smart phone spyingHow to stop it:

  • Settings > Account > Google > Sign In > Personal Info & privacy > Ads Services
  • This will take you to a web page to manage the ad settings. Then you can toggle it off.
  • You can also reset the ID which clears past data. This can be helpful if you still want to see ads tailored to you but not about something you recently searched about. You can even delete and add interests to better tailor the ads.

This will not stop the ads but will stop the targeted ads based on your search history.