This week, regulators published the findings from their annual global privacy sweep which reviewed the privacy practices of nearly 1,500 apps and websites aimed at children. The review found that 67 percent harvested personal information, while only 31 percent employed controls. The investigation was conducted by the Global Privacy Enforcement Network in May and involved 29 data protection regulators.
“The attitude shown by a number of these websites and apps suggested little regard for how anyone’s personal information should be handled, let alone that of children,” said Adam Stevens of the UK Information Commissioner’s Office.
The FTC posted a response on its blog on Sept. 3 written by a couple officials from the Bureau of Consumer Protection, Office of Technology Research and Investigation.
After the sweep, Alberta Canada’s privacy commissioner immediately spearheaded a privacy education program for all Canadian students in grades 7-8. Canadian Privacy Commissioner Daniel Therrien added that a small number of websites and apps “did not collect any personal information at all, demonstrating it is possible to have a successful, appealing and dynamic product that is also child friendly and worry-free for parents.”
Read more “Regulators Find Apps & Websites Aimed at Children Show Lack of Privacy Controls”
At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. This month on the blog we covered data breaches, ‘Right to be Forgotten,’ and the new IoT Trust Framework, among other topics. This was the second month of our new series featuring the leading players in the Privacy Ecosystem. Check out the list below for some of the most popular blog posts this month: New IoT Trust Framework Addresses Privacy Risks & Guidelines On Aug. … Continue reading End of Month Recap: What You May Have Missed [August]
Thirteen companies settled with the FTC yesterday for falsely claiming they were certified and in compliance with the US-EU or US- Swiss Safe Harbor Framework. Compliance with the US-EU and US-Swiss Safe Harbor Frameworks means companies follow established requirements for meeting adequacy standards to transfer customer or employee data from the European Union or Switzerland to the United States. To be in compliance, companies must self-certify with the Department of Commerce and are required to show compliance with the seven privacy principles. These principles are notice, choice, onward transfer, security, data integrity, access and enforcement. This self-certification needs to be … Continue reading 13 Companies Settle with FTC for False US-EU & US-Swiss Safe Harbor Claims
Sr. Product Manager | TRUSTe
As most website operators know, the updated COPPA Rule goes into effect July 1, 2013. Included in the update comes an obligation to clearly list all third party operators who collect personal information along with their name and contact information.
Summary of findings: On average there are over 47 third parties per website. Over 62% of third parties found are advertising related companies, while the next largest category of social/sharing tools is at just over 7%. 77% of third party cookies found are persistent.
Read more “TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance”
Director of Policy, TRUSTe
In 2012, privacy went mainstream.
Issues that were previously the sole province of policy wonks became part of the national discussion: the Petraeus-Broadwell scandal (email privacy and ECPA reform), relaxed FAA restrictions resulting in the use of drones by law enforcement (limits on government surveillance, more ECPA reform) and the very successful role of big data and microtargeting in the 2012 elections (OBA compliance anyone?).
Here are the questions we think will continue to loom large for consumers, industry and policymakers in 2013:
1. Should law enforcement be required to get a warrant before accessing my emails and texts?
The Petraeus-Broadwell episode demonstrated how easily the government can gain access to electronic communications (texts, email) without an individual’s knowledge or permission. Shortly after the story broke, legislation requiring a warrant for access to an individual’s electronic communications advanced with bipartisan support in the House and Senate. The bill should have a good chance this year, but that all depends on whether privacy will have visibility and bipartisan support in the 113th Congress.] Read more “10 Important Questions about Privacy as we head into 2013”
Marketing Manager | TRUSTe
“You can opt out of receiving a cookie by changing your browser settings to prevent the receipt of cookies.”
The problem? That wasn’t actually true. While one can opt-out of HTTP cookies using this method, the Flash cookies used by ScanScout to track consumers cannot be controlled via browser settings. (For more information about tracking technology like Flash cookies, check out this FTC educational article). The FTC found ScanScout’s disclosure deceptive and in violation of the FTC Act and as part of the settlement the company is required to complete the following actions:
- Display prominent notice on their homepage disclosing their tracking and linking to an opt-out mechanism
- Display a link within or next to all its targeted display ads that provides an opt-out mechanism
There’s been a real uptick in FTC privacy cases in the last year – most recently they’ve settled with skidekids.com for COPPA violations, Google over its “Google Buzz” rollout, Frostwire for its Android App, and now ScanScout. And that’s just in the last two months! Could your company be next? Here are some takeaways from this most recent case:
Leave no stone unturned in your disclosures. Avoid ambiguous language: if you’re tracking consumers then in no uncertain terms you should disclose a) how you are doing it, and b) how consumers can opt-out of it. Anything short of that invites scrutiny. Read more “How Flash Cookies Left A Bad Taste In the FTC’s Mouth”