According to The Washington Post, a teenager who was caught up in a sexting investigation has sued a Virginia prosecutor for civil rights violations. While the police were investigating sexting between two teenagers in 2014 they obtained a warrant to force the teenager to enable law enforcement to take photos of his genitalia. Fortunately, the public was notified of this ridiculous situation and the teenager was not required to take a photo of his erect penis for evidence.
This request created a major public uproar. It sounded like those requesting the photos had been fans of the the 1980's movie Porky's when physical education teacher Ms. Balbricker asked the high school principal if he would sanction a penis (tallywacker) lineup of several students so she could identify which student stuck his penis through a peep hole in the girl's bathroom. Ms. Balbricker claimed that she could identify the offending student's penis because it contained a distinctive mole. In the movie, the request for the penis line up was denied.
The detective who handled the case killed himself last year after being accused of molesting two young boys so this raises further doubts regarding the motive for photos of the teenager's erect penis.I initially wrote about the case in 2014 and stated, "My hope is that prosecutors and judges across the country realize that this is the wrong way to deal with sexting by teenagers."
The bottom line is that teenagers should be provided more education about these issues instead of outright punishment for these types of situations.
Copyright 2016 by Bradley S. Shear, Esq. All rights reserved.
Showing posts with label social media privacy lawyer. Show all posts
Showing posts with label social media privacy lawyer. Show all posts
Friday, May 27, 2016
Monday, November 30, 2015
Email Privacy Act: Much Needed Reform
In general, the government should be required to obtain a warrant in order to access the private password protected digital accounts of its citizens. Unfortunately, due to an outdated law, the Electronic Communications Privacy Act of 1986 (ECPA) this is not the case.
The ubiquitous nature of online communications has made updating the law to account for how technology has changed over the past 30 years a necessity to ensure that our 4th amendment rights in the virtual world equal our 4th amendment rights in the physical world. A Congressional hearing on the Email Privacy Act will be held this week to try to update the woefully out of date ECPA statute. Multiple efforts over the years have failed so I am cautiously optimistic that this effort and others such as the LEADS Act which complement this bill will be passed this term.
The Email Privacy Act has more than 300 cosponsors in the House of Representatives and it would close a glaring loophole in ECPA which enables the government to utilize a subpoena instead of a warrant to require digital service providers to provide their customer's digital communications if they are greater than 180 days old. When ECPA was enacted in 1986, this loophole wasn't concerning because our technology wasn't such that we could hold years of personal communications in an email account stored in the cloud around the world.
According to a recent poll by Vox Populi, 77% of 1000 registered voters said "a warrant should be required to access emails, photos and other private communications stored online." This super majority demonstrates the importance of this issue and that Congress should listen to the voters to rectify this glaring hole in our 4th amendment protections.
In order for the Email Privacy Act to became law, it is imperative to contact your local members of Congress to tell them about the importance of this issue. Absent public support, Congress doesn't act. Therefore, if you believe that our 4th amendment protections should extend to our digital activities please take a stand and urge your representatives and senators to support the much needed Email Privacy Act.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
The ubiquitous nature of online communications has made updating the law to account for how technology has changed over the past 30 years a necessity to ensure that our 4th amendment rights in the virtual world equal our 4th amendment rights in the physical world. A Congressional hearing on the Email Privacy Act will be held this week to try to update the woefully out of date ECPA statute. Multiple efforts over the years have failed so I am cautiously optimistic that this effort and others such as the LEADS Act which complement this bill will be passed this term.
The Email Privacy Act has more than 300 cosponsors in the House of Representatives and it would close a glaring loophole in ECPA which enables the government to utilize a subpoena instead of a warrant to require digital service providers to provide their customer's digital communications if they are greater than 180 days old. When ECPA was enacted in 1986, this loophole wasn't concerning because our technology wasn't such that we could hold years of personal communications in an email account stored in the cloud around the world.
According to a recent poll by Vox Populi, 77% of 1000 registered voters said "a warrant should be required to access emails, photos and other private communications stored online." This super majority demonstrates the importance of this issue and that Congress should listen to the voters to rectify this glaring hole in our 4th amendment protections.
In order for the Email Privacy Act to became law, it is imperative to contact your local members of Congress to tell them about the importance of this issue. Absent public support, Congress doesn't act. Therefore, if you believe that our 4th amendment protections should extend to our digital activities please take a stand and urge your representatives and senators to support the much needed Email Privacy Act.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, October 21, 2015
U.S. Must Pass Judicial Redress Act To Demonstrate International Privacy Leadership
The
recent invalidation of the U.S.-E.U. Safe Harbor Agreement by the European Union Court of Justice has demonstrated that the U.S. must enact privacy laws that protect
non-U.S. citizens from law enforcement over reach. The Snowden NSA revelations
that were first revealed in 2013 not only angered many American citizens and
civil rights advocates, but they also created a schism with Europe regarding government
surveillance and digital privacy.
For
the past 15 years, companies that do business across the Atlantic have relied
on the U.S.-E.U.Safe Harbor Agreement to transfer personal data from the E.U.
to the U.S. While this agreement was not perfect, it created a mechanism that
was consistent with E.U. data protection directives that enabled companies to process
and utilize personal digital data without running
afoul of E.U. privacy laws.
Austrian privacy advocate Max Schrems' challenge against Facebook regarding how it
handles the data it collects from E.U. users was the catalyst behind the demise of Safe Harbor. E.U.data protection authorities have given lawmakers in the U.S. and the E.U.
three months to negotiate a new treaty to replace the Safe Harbor’s data
privacy protocols. Under E.U. law,
personal information may be exported if it is provided the same protections
that are offered in the E.U.
U.S. digital privacy protections are generally stuck in the 1980’s and many of our laws did
not anticipate how technology would change over time. While privacy has been a fundamental human right in the E.U. since 1950, U.S. digital privacy rights have been
slow to evolve to catch up with how we are utilizing the many life changing services
and devices that are now being deployed.
Congress
is working on strengthening our digital privacy rights but the process has been
slow and arduous. Fortunately, yesterday’s
passage of the Judicial Redress Act in the U.S. House of Representatives which will enable foreign
citizens to have the same legal rights as U.S. citizens if law enforcement
violates their personal privacy rights is a step in the right direction. While the bill still must be passed in the
Senate and signed by the President to become law, this development demonstrates
that we are on the right track and hopefully this will help lead to a new U.S.-E.U. Safe Harbor data agreement.
This legislation and others such as ECPA reform, and the Law Enforcement Access To Data Stored Abroad Act (LEADS) are much needed bills that must be enacted to demonstrate that we will be a beacon for digital privacy rights. We can have both privacy and security while respecting fundamental human rights. However, we must showcase this leadership by enacting digital privacy laws that equally protect both U.S. and foreign citizens.
This legislation and others such as ECPA reform, and the Law Enforcement Access To Data Stored Abroad Act (LEADS) are much needed bills that must be enacted to demonstrate that we will be a beacon for digital privacy rights. We can have both privacy and security while respecting fundamental human rights. However, we must showcase this leadership by enacting digital privacy laws that equally protect both U.S. and foreign citizens.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, June 16, 2015
Facial Recognition Privacy Talks Collapse Due to Inadequate Consumer Safeguards
According to The New York Times, nine civil rights and other advocacy organizations announced today that they are withdrawing from "talks with trade
associations over how to write guidelines for the fair commercial use of
face recognition technology for consumers."
Why are these talks so important? Because every time you walk into a fast food restaurant instead of a health food store you will be tracked and this information will be sent to data brokers who will insert it into your digital dossier. You will be penalized for who you talk to in public (whether its a friend, business associate, or a stranger on the street) and this data will be tied to you forever. What stores you visit and when you visit them will be collected and available to interested parties.
Should private companies have the right to know if you attend weekly religious functions and what faith you practice based upon your comings and goings? What about whether you are seen visiting a bar or other gathering known for particular social or political characteristics? Do you want others to know whether you frequent casinos, liquor stores, cigar shops, or certain specialty retailers? Visiting these places and making purchases are perfectly legal. However, when each of these individual activities are taken together it can paint a picture of our lives. This is why John Hancock has created a new life insurance product that tracks your every move. These are just a few examples of why stronger privacy protections are needed for biometrics.
Privacy is a civil right. The potential for discrimination is high. The more data that is being collected about us the greater the risk of the information falling into the wrong hands. For example, the recent cyber attack on federal databases by Chinese hackers is a serious threat to national security and personal safety. The systems compromised housed information on federal workers, their families, and those who interact with them. The type of data contained in these files may be utilized for strategic national and economic security, blackmail, and who knows what else.
Absent participation by civil rights groups and privacy advocates, the facial recognition talks are worthless. Its time for more technology companies to take a public stand for greater privacy protections. The 4th amendment has protected us against unreasonable government searches and seizures for more than 200 years. Its time for us to demand that our government extend this principle to protect us against unreasonable data collection and usage by private companies.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Why are these talks so important? Because every time you walk into a fast food restaurant instead of a health food store you will be tracked and this information will be sent to data brokers who will insert it into your digital dossier. You will be penalized for who you talk to in public (whether its a friend, business associate, or a stranger on the street) and this data will be tied to you forever. What stores you visit and when you visit them will be collected and available to interested parties.
Should private companies have the right to know if you attend weekly religious functions and what faith you practice based upon your comings and goings? What about whether you are seen visiting a bar or other gathering known for particular social or political characteristics? Do you want others to know whether you frequent casinos, liquor stores, cigar shops, or certain specialty retailers? Visiting these places and making purchases are perfectly legal. However, when each of these individual activities are taken together it can paint a picture of our lives. This is why John Hancock has created a new life insurance product that tracks your every move. These are just a few examples of why stronger privacy protections are needed for biometrics.
Privacy is a civil right. The potential for discrimination is high. The more data that is being collected about us the greater the risk of the information falling into the wrong hands. For example, the recent cyber attack on federal databases by Chinese hackers is a serious threat to national security and personal safety. The systems compromised housed information on federal workers, their families, and those who interact with them. The type of data contained in these files may be utilized for strategic national and economic security, blackmail, and who knows what else.
Absent participation by civil rights groups and privacy advocates, the facial recognition talks are worthless. Its time for more technology companies to take a public stand for greater privacy protections. The 4th amendment has protected us against unreasonable government searches and seizures for more than 200 years. Its time for us to demand that our government extend this principle to protect us against unreasonable data collection and usage by private companies.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Saturday, May 23, 2015
Instagram Photos Show Slip and Fall Lawsuit Against NYC Is Frivolous
Taking photos and sharing them digitally is so easy. However, just because it is, that doesn't mean you should do so. In Silicon Valley, the term "frictionless sharing" was coined to describe the ability to make it as simple as possible to share your personal content with others via the Internet and apps.
Technology companies make billions of dollars per year in advertising revenue due to frictionless sharing. This capability is so important to the monetary viability of many digital companies that some of them recently spent millions of dollars lobbying Congress to weaken the Video Privacy Protection Act to make it easier for consumers to share their video viewing habits with others. While Silicon Valley may promote this change as providing more "consumer choice", others may believe this revision has diminished important privacy protections.
Just because you have the ability to take a photo or a video doesn't mean you should do so and share it digitally. Having the skills to understand when not to share is very important in the Social Media Age. In general, I advise many clients not share their personal content digitally unless it is in furtherance of their professional career.
The latest person who has not mastered the skill of when not to share appears to be Rev. Al Sharpton's daughter Dominique Sharpton. According to The New York Post's analysis of Ms. Sharpton's personal Instagram account she has "a lot of explaining to do." Ms. Sharpton is suing the City of New York for $5 million dollars because she allegedly injured her angle on a Soho sidewalk. I am highly skeptical of this claim because it appears that on her personal Instagram account she has posted photos of herself climbing mountains in the U.S. and overseas.
Ms. Sharpton's Instagram account photos do not appear to demonstrate that she has a $5 million dollar claim against the New York City. According to The New York Post, New York City has ordered Ms. Sharpton to preserve her photos because they appear to contradict the claims in her complaint against the City. If the photos on Ms. Sharpton's Instagram account are authenticated, the City of New York may take legal action against her because it appears that her legal complaint is deficient due to a "failure to state a claim."
The bottom line is be careful what you post because it may create tremendous legal liability for you and/or others.
UPDATE: According to The New York Post, Ms. Sharpton has made her social media accounts "private". In light of all of the media coverage regarding this matter, Ms. Sharpton's latest move further demonstrates her $5 million dollar legal claim against the City of New York appears to be frivolous.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Technology companies make billions of dollars per year in advertising revenue due to frictionless sharing. This capability is so important to the monetary viability of many digital companies that some of them recently spent millions of dollars lobbying Congress to weaken the Video Privacy Protection Act to make it easier for consumers to share their video viewing habits with others. While Silicon Valley may promote this change as providing more "consumer choice", others may believe this revision has diminished important privacy protections.
Just because you have the ability to take a photo or a video doesn't mean you should do so and share it digitally. Having the skills to understand when not to share is very important in the Social Media Age. In general, I advise many clients not share their personal content digitally unless it is in furtherance of their professional career.
The latest person who has not mastered the skill of when not to share appears to be Rev. Al Sharpton's daughter Dominique Sharpton. According to The New York Post's analysis of Ms. Sharpton's personal Instagram account she has "a lot of explaining to do." Ms. Sharpton is suing the City of New York for $5 million dollars because she allegedly injured her angle on a Soho sidewalk. I am highly skeptical of this claim because it appears that on her personal Instagram account she has posted photos of herself climbing mountains in the U.S. and overseas.
Ms. Sharpton's Instagram account photos do not appear to demonstrate that she has a $5 million dollar claim against the New York City. According to The New York Post, New York City has ordered Ms. Sharpton to preserve her photos because they appear to contradict the claims in her complaint against the City. If the photos on Ms. Sharpton's Instagram account are authenticated, the City of New York may take legal action against her because it appears that her legal complaint is deficient due to a "failure to state a claim."
The bottom line is be careful what you post because it may create tremendous legal liability for you and/or others.
UPDATE: According to The New York Post, Ms. Sharpton has made her social media accounts "private". In light of all of the media coverage regarding this matter, Ms. Sharpton's latest move further demonstrates her $5 million dollar legal claim against the City of New York appears to be frivolous.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, May 1, 2015
Facebook Threatens European Regulators Over Stronger Privacy Laws
In a very troubling development that shows Facebook's true colors, one of its corporate executives stated that if European regulators continue to scrutinize Facebook's data collection and utilization practices its citizens will not be provided certain features in a timely manner. This veiled threat to European regulators demonstrates that the EU is on the right track in questioning the data privacy policies and practices of Facebook and other Internet companies.
Manufacturers of cars and heavy machinery, pharmaceutical companies, banks, chemical companies, etc.. are required to follow appropriate safety regulations in Europe and around the world. Data collection and usage laws are nothing more than safety regulations and it is time for Facebook and the entire digital ecosystem to get on board with regulations that will enhance user trust of their platforms.
An Austrian class action lawsuit about Facebook's data usage practices, the ongoing Netherlands privacy regulator investigation into Facebook's activities, and the possibility that Europe will enact stronger data protection laws that will provide greater regulatory tools to protect citizens from some of Facebook's troubling data collection and usage practices appears to worry the company. These developments demonstrate the importance of baking privacy into your platform's design and the need for Facebook to change its data collection and usage practices and its policies.
The bottom line is that data privacy is a safety issue. My hope is that U.S. lawmakers and regulators soon follow Europe's lead in understanding that unfettered data collection and usage is a clear and present danger to its citizens and that more robust privacy laws are a must in the Big Data Age.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Manufacturers of cars and heavy machinery, pharmaceutical companies, banks, chemical companies, etc.. are required to follow appropriate safety regulations in Europe and around the world. Data collection and usage laws are nothing more than safety regulations and it is time for Facebook and the entire digital ecosystem to get on board with regulations that will enhance user trust of their platforms.
An Austrian class action lawsuit about Facebook's data usage practices, the ongoing Netherlands privacy regulator investigation into Facebook's activities, and the possibility that Europe will enact stronger data protection laws that will provide greater regulatory tools to protect citizens from some of Facebook's troubling data collection and usage practices appears to worry the company. These developments demonstrate the importance of baking privacy into your platform's design and the need for Facebook to change its data collection and usage practices and its policies.
The bottom line is that data privacy is a safety issue. My hope is that U.S. lawmakers and regulators soon follow Europe's lead in understanding that unfettered data collection and usage is a clear and present danger to its citizens and that more robust privacy laws are a must in the Big Data Age.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, April 15, 2015
European Commission: Google's Conduct Infringes on Antitrust Rules
The European
Commission (EC) has sent a Statement of
Objections (i.e. a formal complaint) against Google for violating European
antitrust laws. In particular, the EC alleges Google
“has
abused its dominant position in the markets for general internet search
services in the European Economic Area (EEA) by systematically favouring its
own comparison shopping product in its general search results pages. The Commission's preliminary view is that
such conduct infringes EU antitrust rules because it stifles competition and
harms consumers.”
According to the EC’s press release, it has also “formally opened a separate antitrust investigation into Google's conduct [regarding] the mobile operating system Android. The investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”
According to the EC’s press release, it has also “formally opened a separate antitrust investigation into Google's conduct [regarding] the mobile operating system Android. The investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”
These announcements have come after an
almost five
year investigation into Google’s European business practices. The EC has tried three times
to settle this matter to no avail. New EC
Competition Commissioner Margrethe Vestager, reinvigorated the investigation last year when her office requested additional information from
various Internet vendors of online services to determine if consumers have been
harmed by Google’s behavior and to figure out if Google has utilized its
dominant market position to illegally hinder competition.
The EC’s investigation
appears to have picked up momentum after The Wall Street Journal
recently obtained a confidential 2012 U.S. Federal Trade Commission (FTC) report where key staff recommended suing Google for antitrust
violations after finding real harm to consumers and innovation. While the FTC report focused on Google’s U.S.
behavior, the company most likely acted in a similar fashion in the European
Union where it controls more than 90%
of the Internet search market.
Since the EC opened its antitrust
investigation into Google, the company has paid 100s of millions of dollars in fines
and settlements due to illegal behavior. For example, in 2011 it paid a $500 million fine
for knowingly accepting illegal advertisements from Canadian pharmacies. Subsequently, it has paid multiple million
dollar fines in the United States
and in Europe for
privacy violations in connection with its Street View data collection project, the
deceptive privacy practices in Google's roll out of its Buzz social network, its
2012 privacy policy change, and the Safari hack incident.
Illegally abusing market position in
Internet search (and/or other areas) is intertwined with data collection,
usage, and privacy issues because in order to receive the most relevant search
results to a search query a search engine must be able to access and process
voluminous amounts of data very quickly.
For years, 90% to 96% of
Google’s revenue has come from advertising which means it is dependent upon being
able to obtain massive amounts of personal information at a low cost to feed
its behavioral advertising machine.
Data dominance also appears to be a growing
concern of the EC. For
example, Commissioner Vestager recently stated that she’s
studying the U.S.’s “stringent approach to dealing with personal data as a means
to payment” in its review of deals. This
appears to signal that regulators are beginning to understand that personal and
corporate data issues are intertwined with antitrust matters.
The
EC’s announcement that it has also opened up an investigation into whether
Google has entered into anti-competitive agreements and/or abused its dominant
position in regards to its Android operating system demonstrates that it wants
to ensure that consumers are not harmed and that innovation is not stifled by
illegal market activities in the growing mobile space. Last year, The Wall Street Journal and The
Information reported that Google’s confidential Android agreements have been
“increasing the number of Google apps that must be pre-installed on [each
Android] device to as many as 20, placing more Google apps on the home screen
or in a prominent icon folder and making Google Search more prominent.”
Google’s
Android contract requirements are very troubling when comparing them to Microsoft’s pre-2002 agreements
with PC vendors which “required
PC manufacturers to bundle and promote the Internet Explorer Web browser and
other software in prominent locations on the computer screen.” Therefore,
it doesn’t surprise me that the EC is investigating whether Google’s Android agreements violate antitrust law.
This enforcement action and
the announcement of another investigation into Google’s other market activities demonstrates
the need for users of its services to carefully read their contracts with Google and
be familiar with their terms of service and troubling world-wide privacy
policy. Google's terms and privacy policy allows for unfettered data mining and profiling of consumer,
education, corporate, and government data. Multiple European Data Protection Authorities have already fined Google for its privacy practices and
ordered Google to change it privacy policy; unfortunately that has had virtually
no effect on its market behavior.
Today’s European Commission
announcement is the first step in what may be a long drawn out legal process,
which in theory could lead to a fine up to $6.4 billion dollars
and require Google to change some of its business practices. As a long time Google user, my hope is that
Google soon begins to once again abide by its corporate motto by
not being “evil”.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, February 27, 2015
White House Releases Disappointing Consumer Privacy Draft Bill
Privacy in school, at home, and at work has become a very hot topic over the past several years due to the increased amount of our everyday activities that are being digitized. Earlier today, The White House released an administration discussion draft of the President's vision for enhanced consumer privacy protections. Unfortunately, the proposal appears to fall short.
According to Jeff Chester of the Center for Digital Democracy, the draft is "a big victory for the tech industry because it really sidelines the FTC and removes it as an effective force." Alvaro Bedoya, director of the Center on Privacy and Technology at Georgetown's law school believes that Obama's bill may preempt state laws, in favor of letting companies collect what they want as long as they maintain some level of transparency. These concerns are very real and demonstrates that The White House needs to rethink its approach.
The FTC also weighed in and stated, "[w]e are pleased that the Administration has made consumer privacy a priority, and this legislative proposal provides a good starting point for further discussion. However, we have concerns that the draft bill does not provide consumers with the strong and enforceable protections needed to safeguard their privacy. We look forward to working with Congress and the Administration to strengthen the proposal.”
I agree with above sentiments and hope this draft spurs a robust conversation on digital privacy and technology. Absent stronger privacy protections, digital platform users will be discriminated against based upon their age, race, religion, sex, sexual orientation, physical/mental impairments, etc....There needs to be not only mandatory industry transparency but also stronger regulation on data collection and utilization practices. Federal legislation should be a floor and not a ceiling for privacy protections and the FTC needs to be provided enhanced regulatory enforcement powers.
I want my children to grow up with the same expectation of privacy I had as a kid and I don't want them to fear that their emails, Internet searches, and digital activity will be utilized to create robust profiles about them which will affect their schooling, career prospects, and ability to obtain insurance, etc...
I fight for our digital privacy because it is the right thing to do. I encourage those who believe we have an expectation of privacy in the Digital Age to contact The White House and their federal and state lawmakers to tell them to make stronger digital privacy protections a priority this year.
Copyright 2015 by Shear Law, LLC All rights reserved.
According to Jeff Chester of the Center for Digital Democracy, the draft is "a big victory for the tech industry because it really sidelines the FTC and removes it as an effective force." Alvaro Bedoya, director of the Center on Privacy and Technology at Georgetown's law school believes that Obama's bill may preempt state laws, in favor of letting companies collect what they want as long as they maintain some level of transparency. These concerns are very real and demonstrates that The White House needs to rethink its approach.
The FTC also weighed in and stated, "[w]e are pleased that the Administration has made consumer privacy a priority, and this legislative proposal provides a good starting point for further discussion. However, we have concerns that the draft bill does not provide consumers with the strong and enforceable protections needed to safeguard their privacy. We look forward to working with Congress and the Administration to strengthen the proposal.”
I agree with above sentiments and hope this draft spurs a robust conversation on digital privacy and technology. Absent stronger privacy protections, digital platform users will be discriminated against based upon their age, race, religion, sex, sexual orientation, physical/mental impairments, etc....There needs to be not only mandatory industry transparency but also stronger regulation on data collection and utilization practices. Federal legislation should be a floor and not a ceiling for privacy protections and the FTC needs to be provided enhanced regulatory enforcement powers.
I want my children to grow up with the same expectation of privacy I had as a kid and I don't want them to fear that their emails, Internet searches, and digital activity will be utilized to create robust profiles about them which will affect their schooling, career prospects, and ability to obtain insurance, etc...
I fight for our digital privacy because it is the right thing to do. I encourage those who believe we have an expectation of privacy in the Digital Age to contact The White House and their federal and state lawmakers to tell them to make stronger digital privacy protections a priority this year.
Copyright 2015 by Shear Law, LLC All rights reserved.
Friday, December 26, 2014
Court: Police May Create Fake Social Media Profiles To Catch Criminals
According to CNN, a federal judge recently ruled that law enforcement officials may create fake social media profiles to obtain access to a suspect's social media account. The police may entice suspects to "friend" them and use the information gleaned from their Facebook, Instagram, etc... accounts against them in court.
This ruling is not surprising. The police have utilized moles and undercover agents to gain access to crime syndicates and gangs for years and this ruling appears to extend this practice to the Digital Age. As long as the "friending" is mutual, meaning that a suspect allows a "fake profile" to access their account the "search" may be deemed consensual.
Facebook has protested law enforcement's use of fake profiles in the past. For example, several months ago, Facebook sent a letter to the DEA to demand that it stop creating fake accounts on their platform. Facebook cares about this issue, not because of the privacy implications to its users, but because it may interfere with its ability to monetize the data being created on their platforms. A fake account is worthless to data brokers, advertisers, etc....
I don't encourage anyone who values their privacy to utilize Facebook to post personal information. Everything one posts to Facebook may end up in the hands of data brokers, law enforcement officials, etc... Facebook is an advertising platform and its users are the products it sells to marketers and data brokers. I don't trust Facebook with my personal information. Should you?
Copyright 2014 by Shear Law, LLC. All rights reserved.
This ruling is not surprising. The police have utilized moles and undercover agents to gain access to crime syndicates and gangs for years and this ruling appears to extend this practice to the Digital Age. As long as the "friending" is mutual, meaning that a suspect allows a "fake profile" to access their account the "search" may be deemed consensual.
Facebook has protested law enforcement's use of fake profiles in the past. For example, several months ago, Facebook sent a letter to the DEA to demand that it stop creating fake accounts on their platform. Facebook cares about this issue, not because of the privacy implications to its users, but because it may interfere with its ability to monetize the data being created on their platforms. A fake account is worthless to data brokers, advertisers, etc....
I don't encourage anyone who values their privacy to utilize Facebook to post personal information. Everything one posts to Facebook may end up in the hands of data brokers, law enforcement officials, etc... Facebook is an advertising platform and its users are the products it sells to marketers and data brokers. I don't trust Facebook with my personal information. Should you?
Copyright 2014 by Shear Law, LLC. All rights reserved.
Tuesday, December 23, 2014
FTC Warns Children's Apps Maker About Potential COPPA Violations
The FTC recently sent a letter to a Chinese based children's app maker alleging that it may be in violation of the Children's Online Privacy Protection Act (COPPA). According to the allegations, "it appears the child-directed applications marketed by
the company, BabyBus, appear to collect precise geolocation information
about users" without parental consent.
COPPA requires companies collecting personal information from children under 13 to post clear privacy policies and to notify parents and get their consent before collecting or sharing any information from children. While this app is not the only one that has allegedly violated COPPA and/or collected more information than needed to operate, it demonstrates a very troubling trend in apps: privacy by design continues to be an afterthought.
While I believe the FTC's letter is a positive development, it demonstrates the need for constant vigilance to protect our children's privacy. In general, it is none of the app's business where my children live, go to school, play, etc....
Copyright 2014 by Shear Law, LLC. All rights reserved.
COPPA requires companies collecting personal information from children under 13 to post clear privacy policies and to notify parents and get their consent before collecting or sharing any information from children. While this app is not the only one that has allegedly violated COPPA and/or collected more information than needed to operate, it demonstrates a very troubling trend in apps: privacy by design continues to be an afterthought.
While I believe the FTC's letter is a positive development, it demonstrates the need for constant vigilance to protect our children's privacy. In general, it is none of the app's business where my children live, go to school, play, etc....
Copyright 2014 by Shear Law, LLC. All rights reserved.
Tuesday, December 16, 2014
Netherlands Privacy Regulator To Investigate Facebook's Privacy Policy
The Netherlands privacy regulator has announced an investigation into Facebook's recently announced privacy policy change that is scheduled to go into effect on January 1, 2015. Facebook's new privacy policy states that it has the right to use the information provided by its users through their posts, messages, and other online interactions for commercial purposes. This change is not very surprising since Facebook makes most of its money via behavioral advertising.
Due to the agreements that Facebook has with data brokers and its tracking capabilities across the Internet and devices, I do not trust the company with my personal data or my children's personal information. I choose not to share my personal thoughts on Facebook because the information may be shared with not only data brokers and marketers, but also insurance companies, the government, etc... My personal thoughts, data points, etc... may then be utilized against me in ways I never intended.
It is a welcome trend that European data protection regulators are investigating Facebook and fining companies such as Google for violating the personal privacy of users. My hope is that the FTC and state attorney generals follow in their footsteps and require these companies and others to become more transparent about their digital collection and utilization practices and impose fines when they have made misrepresentations about their activities.
Facebook and Google are two of the most successful advertising companies in the world. However, both of these companies appear to perform similar functions as some telecommunications entities and data brokers. Should these companies and others with similar privacy policies and practices be regulated as such?
Copyright 2014 by Shear Law, LLC. All rights reserved.
Due to the agreements that Facebook has with data brokers and its tracking capabilities across the Internet and devices, I do not trust the company with my personal data or my children's personal information. I choose not to share my personal thoughts on Facebook because the information may be shared with not only data brokers and marketers, but also insurance companies, the government, etc... My personal thoughts, data points, etc... may then be utilized against me in ways I never intended.
It is a welcome trend that European data protection regulators are investigating Facebook and fining companies such as Google for violating the personal privacy of users. My hope is that the FTC and state attorney generals follow in their footsteps and require these companies and others to become more transparent about their digital collection and utilization practices and impose fines when they have made misrepresentations about their activities.
Facebook and Google are two of the most successful advertising companies in the world. However, both of these companies appear to perform similar functions as some telecommunications entities and data brokers. Should these companies and others with similar privacy policies and practices be regulated as such?
Copyright 2014 by Shear Law, LLC. All rights reserved.
Iowa Digital License App Has Major 4th Amendment Implications
Wouldn't it be great if we didn't have to carry around a wallet with a driver's license, credit cards, ATM cards, health insurance cards, etc...? As Apple famously trademarked and states in some of its commercials, "There's an app for that". For almost every interaction we have in the real world, software developers are creating apps to allegedly make our lives "easier" and more "frictionless".
In the tech world, "frictionless" may mean making it very easy to "share your personal thoughts, viewing habits, etc...without violating privacy laws", or making it very easy to "make online purchases." This is why so many companies are rushing to create apps for users. Unfortunately, multiple FTC reports have found many apps lack proper disclosures which may in turn lead to data leakage which creates cyber safety challenges for users.
The latest app that aims to make our lives "easier" is an app that may replace a physical Iowa driver's license. At first glance, this sounds great. Since more and more people are using their smartphones to do every day tasks and these mini computers hold so much of our personal information why not utilize an app which would mean one less thing (physical driver's license) to carry around?
There are numerous questions that still need to be answered. If a person who uses the app is questioned by a police officer during a "routine traffic stop" or a "stop and frisk" and asked to show the driver's license app will a police officer be able to access other parts of the phone or will a password be needed? What happens if a text message, email, or phone call comes through at the moment the police officer is reviewing the app license? Will the police officer be able to see the sender of the message, or the contents of the communications, or the phone number of the caller? When downloading the app, will it request access to your contacts or want to see what other apps you have downloaded like Twitter?
According to the recent Supreme Court decision in Hein v. North Carolina, the police may stop a car based on a "reasonable" misunderstanding of the law. What if while reviewing a driver's license app a police officer "misunderstands the law" and searches your smartphone, or makes subtle threats about providing access to your smartphone?
The bottom line is that there are still many questions that need to be answered regarding this new app. As more and more of our lives become digital, it is imperative that app developers work closely with lawyers and regulators to ensure that privacy by design is part and parcel of the process. While we may not know all of the potential consequences of utilizing driver's license apps, it is important that we have a national conversation about these issues to ensure that our 4th amendment rights are properly protected in the Digital Age.
Copyright 2014 by Shear Law, LLC. All rights reserved.
In the tech world, "frictionless" may mean making it very easy to "share your personal thoughts, viewing habits, etc...without violating privacy laws", or making it very easy to "make online purchases." This is why so many companies are rushing to create apps for users. Unfortunately, multiple FTC reports have found many apps lack proper disclosures which may in turn lead to data leakage which creates cyber safety challenges for users.
The latest app that aims to make our lives "easier" is an app that may replace a physical Iowa driver's license. At first glance, this sounds great. Since more and more people are using their smartphones to do every day tasks and these mini computers hold so much of our personal information why not utilize an app which would mean one less thing (physical driver's license) to carry around?
There are numerous questions that still need to be answered. If a person who uses the app is questioned by a police officer during a "routine traffic stop" or a "stop and frisk" and asked to show the driver's license app will a police officer be able to access other parts of the phone or will a password be needed? What happens if a text message, email, or phone call comes through at the moment the police officer is reviewing the app license? Will the police officer be able to see the sender of the message, or the contents of the communications, or the phone number of the caller? When downloading the app, will it request access to your contacts or want to see what other apps you have downloaded like Twitter?
According to the recent Supreme Court decision in Hein v. North Carolina, the police may stop a car based on a "reasonable" misunderstanding of the law. What if while reviewing a driver's license app a police officer "misunderstands the law" and searches your smartphone, or makes subtle threats about providing access to your smartphone?
The bottom line is that there are still many questions that need to be answered regarding this new app. As more and more of our lives become digital, it is imperative that app developers work closely with lawyers and regulators to ensure that privacy by design is part and parcel of the process. While we may not know all of the potential consequences of utilizing driver's license apps, it is important that we have a national conversation about these issues to ensure that our 4th amendment rights are properly protected in the Digital Age.
Copyright 2014 by Shear Law, LLC. All rights reserved.
Wednesday, November 26, 2014
Twitter's App Graph Privacy Fail Whale: Will The FTC Investigate?
Wishing everyone a Happy and Healthy Thanksgiving! Before leaving the office for the Thanksgiving Holiday, I noticed that Twitter has made a troubling announcement about its privacy practices moving forward for its iOS and Andoid users. According to the Wall Street Journal, "Twitter
is now collecting information about the apps installed on users’
devices in order to better target and tailor advertising and other
content to them."
Twitter announced, "[t]o help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in."
Mashable has reported that, "[o]nce the update goes live, users are automatically opted-in to the tracking, though Twitter will notify users within the app once it starts and you can opt out at any time. Twitter notes that it is only tracking a list of the apps users have downloaded and is not accessing any data within those apps."
In general, most digital and social media platforms are not built with privacy by design in mind. For example, Facebook and Google are notorious for their very troubling privacy policies and practices which demonstrate that user privacy is an afterthought for these companies.
It is none of Twitter's business what apps I have uploaded on my mobile device. Period. End of story. Twitter has a right to monitor the apps I have connected to their platform; however, it has no right whatsoever to automatically know what apps I have downloaded onto my mobile device just because I have downloaded its app. Under no circumstances should this be opt-out. This is a very troubling issue that may lead more apps to do the same thing.
During the past couple of years, the FTC has published multiple reports on the troubling privacy practices of some mobile apps and ecosystems. Does Twitter even have the legal right to automatically opt-in users for this program? Since this was announced right before Thanksgiving, it leads me to believe that Twitter may be trying to bury this troubling matter right before a holiday weekend. Will the FTC soon open an investigation into this issue?
The bottom line is that Twitter and other digital companies should make their defaults opt-in. Opt-out defaults are a threat to personal privacy and safety. I am fully aware of the corporate monetary reasons for automatic opt-in. Wall Street has been disappointed with Twitter's revenue performance and recently punished its stock so this automatic opt-in to the App Graph may be an attempt to increase the corporate bottom line.
If Twitter and other social/digital media companies such as Facebook and Google want me to trust them with my personal and/or corporate data they need to make privacy a priority and not an afterthought.
Copyright 2014 by Shear Law, LLC. All rights reserved.
Twitter announced, "[t]o help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in."
Mashable has reported that, "[o]nce the update goes live, users are automatically opted-in to the tracking, though Twitter will notify users within the app once it starts and you can opt out at any time. Twitter notes that it is only tracking a list of the apps users have downloaded and is not accessing any data within those apps."
In general, most digital and social media platforms are not built with privacy by design in mind. For example, Facebook and Google are notorious for their very troubling privacy policies and practices which demonstrate that user privacy is an afterthought for these companies.
It is none of Twitter's business what apps I have uploaded on my mobile device. Period. End of story. Twitter has a right to monitor the apps I have connected to their platform; however, it has no right whatsoever to automatically know what apps I have downloaded onto my mobile device just because I have downloaded its app. Under no circumstances should this be opt-out. This is a very troubling issue that may lead more apps to do the same thing.
During the past couple of years, the FTC has published multiple reports on the troubling privacy practices of some mobile apps and ecosystems. Does Twitter even have the legal right to automatically opt-in users for this program? Since this was announced right before Thanksgiving, it leads me to believe that Twitter may be trying to bury this troubling matter right before a holiday weekend. Will the FTC soon open an investigation into this issue?
The bottom line is that Twitter and other digital companies should make their defaults opt-in. Opt-out defaults are a threat to personal privacy and safety. I am fully aware of the corporate monetary reasons for automatic opt-in. Wall Street has been disappointed with Twitter's revenue performance and recently punished its stock so this automatic opt-in to the App Graph may be an attempt to increase the corporate bottom line.
If Twitter and other social/digital media companies such as Facebook and Google want me to trust them with my personal and/or corporate data they need to make privacy a priority and not an afterthought.
Copyright 2014 by Shear Law, LLC. All rights reserved.
Thursday, October 16, 2014
Will The FTC Soon Investigate Whisper For Deceptive Privacy Promises?
Will the Federal Trade Commission soon investigate the app Whisper for false and misleading privacy promises? The Guardian recently reported some very troubling allegations about Whisper that if true lead me to believe that the app may soon be contacted by the Federal Trade Commission to fully explain the matter.
According to The Guardian, Whisper "is tracking the location of its users, including some who have specifically asked not to be followed." This may be a violation of Article 5 of the FTC Act regarding unfair and deceptive trade practices. Earlier this year, the FTC alleged that Snapchat, "deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure....According to the FTC’s complaint, Snapchat made multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked."
Whisper's actions after learning that The Guardian was about to publish its story are very disturbing. For example, according to The Guardian, after learning about the upcoming story Whisper rewrote its terms of service to "explicitly permit the company to establish the broad location of people who have disabled the app’s geo-location feature." In addition, The Guardian reported that Whisper recently changed its privacy policy from it “is committed to protecting your privacy and the security of personally identifying information” to “our goal is to provide you with a tool that allows you to express yourself while remaining anonymous to the community."
Whisper's terms of service and privacy policy govern its relationship with its users. Whisper's response to The Guardian's allegations do not appear to address why its terms of service and privacy policy were changed. Are these changes an acknowledgement that Whisper has been making unfair and deceptive privacy promises about its app?
Copyright 2014 by Shear Law, LLC. All rights reserved.
According to The Guardian, Whisper "is tracking the location of its users, including some who have specifically asked not to be followed." This may be a violation of Article 5 of the FTC Act regarding unfair and deceptive trade practices. Earlier this year, the FTC alleged that Snapchat, "deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure....According to the FTC’s complaint, Snapchat made multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked."
Whisper's actions after learning that The Guardian was about to publish its story are very disturbing. For example, according to The Guardian, after learning about the upcoming story Whisper rewrote its terms of service to "explicitly permit the company to establish the broad location of people who have disabled the app’s geo-location feature." In addition, The Guardian reported that Whisper recently changed its privacy policy from it “is committed to protecting your privacy and the security of personally identifying information” to “our goal is to provide you with a tool that allows you to express yourself while remaining anonymous to the community."
Whisper's terms of service and privacy policy govern its relationship with its users. Whisper's response to The Guardian's allegations do not appear to address why its terms of service and privacy policy were changed. Are these changes an acknowledgement that Whisper has been making unfair and deceptive privacy promises about its app?
Copyright 2014 by Shear Law, LLC. All rights reserved.
Tuesday, October 7, 2014
Significant Tech Players Absent from Student Privacy Pledge
According to The
New York Times, the enactment of a new California
student privacy law (SB 1177) that restricts
how "education technology companies can use the information they collect
about elementary through high school students" has led "a group of
leading industry players...[to] pledg[e] to adopt similar
data protections nationwide." Some
of the companies that have agreed to sign the pledge include: Amplify, Edmodo,
Houghton Miflin Harcourt, and Microsoft.
• Not sell student information
• Not behaviorally target advertising
• Use data for authorized education purposes only
• Not change privacy policies without notice and choice
• Enforce strict limits on data retention
• Support parental access to, and correction of errors in, their children’s information
• Provide comprehensive security standards
• Be transparent about collection and use of data
Apple, Pearson, Khan Academy, and Google's absence from this initiative is very concerning. Several weeks ago, Apple took a shot at Google regarding Google's privacy policies and data mining/profiling practices. This occurred soon after email evidence was uncovered that appear to indicate major improprieties during the contracting process that awarded both Apple and Pearson multi-million dollar educational technology contracts in the Los Angeles Unified School District.
Google's lack of transparency on student privacy issues and its refusal to participate in an industry backed student privacy initiative that was created by two organizations it supports should be of great concern to any parent whose school has adopted Google Apps For Education. According to Google's Apps For Education website, it has a massive footprint in the education space. More than 30 million students, faculty members, and staff utilize its platform.
Unfortunately for education users, their privacy is still governed by Google's standard Consumer Privacy Policy that allows for all emails and metadata collected to be data mined to create user profiles for non-educational commercial purposes. The Consumer Privacy Policy that covers Google's educational offerings is the same one that a German data protection authority (privacy regulator) recently ruled violates EU data protection (privacy) laws. Shouldn't U.S. school children be afforded the same privacy protections as German citizens?
As a parent, lawyer, and user of Apple, Pearson, Khan Academy, and Google's products/services, I am very troubled by their refusal to sign an industry created Pledge to better protect student privacy. If these companies are not willing to change their data collection and usage practices, their privacy policies, and agree to the sign the Pledge can we trust them with our children's most personal information?
The Pledge is a
positive step in the right direction. Representatives
Jared Polis of Colorado and Luke Messer of Indiana worked with the Future of
Privacy Forum and the Software & Information Industry Association on this important
bipartisan matter. According to Studentprivacypledge.org,
The Pledge will make clear that school service providers are accountable to:
• Not sell student information
• Not behaviorally target advertising
• Use data for authorized education purposes only
• Not change privacy policies without notice and choice
• Enforce strict limits on data retention
• Support parental access to, and correction of errors in, their children’s information
• Provide comprehensive security standards
• Be transparent about collection and use of data
This
initiative is an acknowledgement that some education technology providers are intentionally
putting student privacy and safety at risk due to invasive and non-transparent data
mining and student profiling practices. Education
Week and Politico's
in-depth investigative reports on the industry demonstrates the need for greater
accountability, transparency, and regulatory enforcement to protect our children.
Apple, Pearson, Khan Academy, and Google's absence from this initiative is very concerning. Several weeks ago, Apple took a shot at Google regarding Google's privacy policies and data mining/profiling practices. This occurred soon after email evidence was uncovered that appear to indicate major improprieties during the contracting process that awarded both Apple and Pearson multi-million dollar educational technology contracts in the Los Angeles Unified School District.
Politico's
student data mining report found that Khan Academy students allegedly trade
their privacy for free tutoring. Only
after Politico
"inquired about Khan Academy’s privacy policy, which gave it the right to
draw on students’ personal information to send them customized advertising,"
was the policy "completely rewritten."
Google's
refusal to sign the Pledge is most troubling because it may indicate it is still
scanning student emails for advertising purposes and it creates student
profiles for non-educational commercial purposes. Soon after Education Week reported that Google
was scanning student emails for advertising purposes, Google publicly
announced it would stop
the unethical and illegal practice; however, it refused to state whether it was
creating student profiles for commercial and/or other non-educational purposes.
When
Education
Week contacted Google last week about its position on California's new
student privacy law, Google declined to clarify whether it scans student email
messages sent using its Apps for Education
platform to build student user profiles that may be utilized for
non-educational commercial purposes. Google's
refusal to emphatically deny it scans student emails to create student user
profiles may indicate that it is violating the 2011
FTC-Google Buzz Agreement, and/or its 2013
multi-state Attorney Generals Street View Project Agreement.
As
The
New York Times stated, "although the pledge is not legally binding,
companies that violate their own public representations on privacy could be
subject to enforcement actions by the Federal Trade Commission." Google's refusal to sign the industry backed
Pledge appears to be an acknowledgement that if it signs the Pledge it will be
in violation of Article 5 of
the FTC Act regarding unfair and deceptive trade practices. In 2012, Google paid
a $22.5 million dollar record FTC fine for misleading users about its privacy
practices regarding the scandal known as the Apple
"Safari Hack" because it had violated its 2011 agreement not to mislead
consumers about its privacy promises.
Google's lack of transparency on student privacy issues and its refusal to participate in an industry backed student privacy initiative that was created by two organizations it supports should be of great concern to any parent whose school has adopted Google Apps For Education. According to Google's Apps For Education website, it has a massive footprint in the education space. More than 30 million students, faculty members, and staff utilize its platform.
Unfortunately for education users, their privacy is still governed by Google's standard Consumer Privacy Policy that allows for all emails and metadata collected to be data mined to create user profiles for non-educational commercial purposes. The Consumer Privacy Policy that covers Google's educational offerings is the same one that a German data protection authority (privacy regulator) recently ruled violates EU data protection (privacy) laws. Shouldn't U.S. school children be afforded the same privacy protections as German citizens?
When will Google come clean and be transparent about its past and present student data collection practices? Some questions that Google still needs to answer include:
•How long was (is) Google scanning
student emails for advertising and/or other non-educational commercial purposes?
•Were the parents or legal guardians of students who had their emails
scanned for advertising/commercial profiling purposes provided notice and did the parents or legal
guardians respond by giving written consent to allow their children's personal
information to be utilized for advertising and/or other non-educational commercial
purposes?
•How many students had their
emails scanned for advertising and/or non-educational commercial purposes?
•Has Google deleted all the emails and associated metadata that was scanned
for advertising and/or other non-educational commercial purposes? If so, when?
•Is Google data mining students to create user profiles? If so, why and how many students is it profiling?
As a parent, lawyer, and user of Apple, Pearson, Khan Academy, and Google's products/services, I am very troubled by their refusal to sign an industry created Pledge to better protect student privacy. If these companies are not willing to change their data collection and usage practices, their privacy policies, and agree to the sign the Pledge can we trust them with our children's most personal information?
Copyright 2014 by Shear Law, LLC All rights reserved.
Tuesday, September 30, 2014
New California Law Bans Google From Data Mining and Profiling Students For Profit
California has enacted the Student
Online Personal Information Protection Act (SOPIPA or SB 1177) that better protects the personal privacy of students.
According to the bill's Legislative Counsel's Digest, "[t]his bill would prohibit an operator of an
Internet Web site, online service, online application, or mobile application
from knowingly engaging in targeted advertising to students or their parents or
legal guardians, using covered information to amass a profile about a K–12
student, selling a student’s information, or disclosing covered
information..."
One of new law's staunchest supporters is Common Sense Media's CEO and founder James Steyer. On October 14, 2013 Common Sense Media sent an open letter and publicly sounded the alarm regarding the need to better safeguard the personal privacy of our children's school created digital data. According to The New York Times, the organization sent a letter to 16 educational technology vendors to start a conversation on how to better protect student privacy. The New York Times reported that Google declined to comment on Common Sense Media's public call for stronger privacy safeguards for students.
Google's troubling behavior and policy reversal appears to have been the spark that ensured SB 1177 was passed by the state legislature and signed into law. In addition, Google's unfair and deceptive trade practices demonstrate the need for greater accountability and enforcement to ensure that our children's personal privacy and safety are not compromised for corporate profit. While the enactment of SB 1177 is a positive development, it is time for students, parents, school administrators, lawmakers, privacy advocates, and regulators to start holding Google accountable for its illegal student data mining and usage.
Copyright 2014 by Shear Law, LLC All rights reserved.
One of new law's staunchest supporters is Common Sense Media's CEO and founder James Steyer. On October 14, 2013 Common Sense Media sent an open letter and publicly sounded the alarm regarding the need to better safeguard the personal privacy of our children's school created digital data. According to The New York Times, the organization sent a letter to 16 educational technology vendors to start a conversation on how to better protect student privacy. The New York Times reported that Google declined to comment on Common Sense Media's public call for stronger privacy safeguards for students.
Google's
refusal to comment on Common Sense Media's open letter to the educational
technology industry followed an earlier sidestep to the Rhode
Island School of Design's questions
about its privacy protections for students who utilize Google's Apps For
Education service by allegedly equating "not serving ads" to "no student
data mining". While Google may not
be serving behavioral based ads to students through its school offerings at
this point, this does not mean it is not data mining personal student information
for other non-educational purposes.
Common
Sense Media's concerns about a lack of
strong privacy protections for students were validated with the release of
Fordham University Law School's Privacy
and Cloud Computing Study. According to the Huffington
Post, the Fordham Study "found that only one-fourth of [school] districts
tell parents about these services [new cloud based technologies] and one-fifth
of districts don't have policies explicitly governing their use [of the data
collected]. Many contracts between districts and technology vendors don't have
privacy policies, and less than 7 percent of the contracts restrict vendors
from selling student information. The agreements rarely address security,
according to the Fordham research."
These findings were very disturbing and further confirmed the importance
of Common Sense Media's call to strengthen student privacy laws.
Education
Week's March 2014 investigative report
regarding the federal Google Gmail wiretap lawsuit uncovered that Google
"scans and indexes" student emails for advertising purposes. At that time, Google refused to answer
whether it was building user profiles of students based upon its access to
their school work. This troubling
admission and refusal to be fully transparent about its student data collection
and usage practices set off such a huge firestorm that on April
30, 2014, Google announced it would
allegedly discontinue the practice of scanning student emails for
advertising purposes.
In
response to Google's alleged policy change, privacy law scholar Prof. Joel
Reidenberg of Fordham told Education
Week, Google's measure is "a positive step,"....... [however] "he
identified two "significant problems" with it: Google can
change this policy at any time, and, the scanning disclaimer is associated with
advertising purposes only. There may be other commercial uses that they are
exploiting student data for,...."... "such as selling information to
textbook publishers, or test-preparation services." Prof. Reidenberg's statements were prescient
because subsequently Politico
investigated the educational technology industry and validated his concerns
that student data may be utilized by vendors for "other commercial
uses".
More
than 93%
of Google's 2013 $55 billion dollars in revenue was derived from advertising. While this is slightly lower than 2009's
97% figure, it demonstrates that Google's primary business for years has
been data acquisition and mining to create user profiles for advertising
purposes. Google's advertising business
has propelled it to become the 2nd
most valuable company in the world.
While becoming the most valuable advertising/data mining company in the history
of the world, Google has on multiple occasions intentionally cut corners and violated
the personal privacy and safety of its users.
During the past several years, privacy regulators around the world have fined
Google tens of millions of dollars for its illegal practices.
The
2011 FTC-Google
Buzz Agreement banned Google from making future privacy misrepresentations. Unfortunately for users, Google wasted no
time in breaching this agreement because in 2012 it paid
a $22.5 million dollar record fine for misleading users about its privacy practices
regarding the scandal known as the Apple
"Safari Hack". In 2013,
Google entered into a
multi-million dollar privacy violation settlement with 38 states regarding
its Street View Project's data collection practices. In Septemberof 2014, Germany's
Hamburg data protection (privacy) regulator ruled that "Google is ordered to take the necessary
technical and organizational measures to guarantee that their users can
decide on their own if and to what extend their data is used for
profiling."
When Education Week contacted Google regarding its position on SB 1177, "Google...declined
to clarify whether it scans student email messages sent using its wildly
popular Apps for Education tool suite in order to build profiles that might be
used for commercial purposes other than targeted advertising...." Google's refusal to emphatically deny it scans
student emails to create user profiles for non-educational purposes may
indicate that it is violating the 2011 FTC-Google Buzz
Agreement, and/or its 2013 multi-state Attorney
Generals Street View Project Agreement.
While
the EU generally appears to be moving in the right direction regarding enforcing its data protection laws against Google, the company so far has not been held accountable in the United States for violating the personal privacy of millions
of students who utilize its school provided services. When will Google be required by a regulatory
authority or a court of law to answer the following questions relating to its
student data collection and usage practices?:
1. How long has Google been scanning the
emails of students for advertising/potential advertising purposes (List dates)
and which school and how many students by school were affected by this
practice?
2. Has Google deleted the information it collected under the policy of scanning student emails for advertising/potential advertising purposes? If so, when?
2. Has Google deleted the information it collected under the policy of scanning student emails for advertising/potential advertising purposes? If so, when?
3. Why was
Google scanning student emails for advertising/potential advertising purposes?
4. Does
Google scan student emails or other student content for any purpose other than
virus checking/spam filtering? If yes,
for what other purposes?
5. Does Google
create user profiles and/or combine multiple data points on students for any
purpose other than to deliver school contracted services? If yes, what data points is Google collecting,
why is it collecting these data points, and when will Google delete these data
points?
Google's troubling behavior and policy reversal appears to have been the spark that ensured SB 1177 was passed by the state legislature and signed into law. In addition, Google's unfair and deceptive trade practices demonstrate the need for greater accountability and enforcement to ensure that our children's personal privacy and safety are not compromised for corporate profit. While the enactment of SB 1177 is a positive development, it is time for students, parents, school administrators, lawmakers, privacy advocates, and regulators to start holding Google accountable for its illegal student data mining and usage.
Copyright 2014 by Shear Law, LLC All rights reserved.
Subscribe to:
Posts (Atom)