Acxiom supports Tim Cook’s call for strict U.S. data laws

Apple Store in Soho

So Tim Cook called for better privacy regulation in the US. Maybe he reads this humble blog.1

Tim Cook:

In 2019, it’s time to stand up for the right to privacy—yours, mine, all of ours. Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives.
This problem is solvable—it isn’t too big, too challenging or too late. Innovation, breakthrough ideas and great features can go hand in hand with user privacy—and they must. Realizing technology’s potential depends on it.

That’s why I and others are calling on the U.S. Congress to pass comprehensive federal privacy legislation—a landmark package of reforms that protect and empower the consumer. Last year, before a global body of privacy regulators, I laid out four principles that I believe should guide legislation:

(click here to continue reading Apple CEO Tim Cook: It’s Time for Action on Data Privacy | Time.com.)

 Eye see u Willis

Fast Company adds:

Acxiom, like Mr. Cook, also supports a national privacy law for the U.S., such as GDPR provides for the European Union. Acxiom is actively participating in discussions with U.S. lawmakers as well as industry trade groups to help ensure U.S. consumers receive the kind of transparency, access, and control Acxiom has been providing voluntarily for years,” the company said. “We believe it would be universally beneficial if we were able to work with Apple and other industry leaders to define the best set of laws that maintain the benefits of data in our economy while giving the necessary protections and rights to all people.”

In its statement, Acxiom said it is working with lawmakers to build a “singular, united set of policies across the U.S.” What it does not want, according to the statement, are “multiple and independent state laws” making it onerous to comply.

Of course, it behooves Acxiom to seem amenable to such legislative moves. It’s becoming increasingly clear that the tide is shifting in the U.S., and more people want better safeguards over their data. Cook called for not just stricter data regulations, but a federally controlled data broker database that would make it possible for citizens to know exactly what information the companies have on them and which companies transacted with these data firms. While Acxiom is saying it’s open to new regulation, it’s unclear what exactly the firm will agree to.

(click here to continue reading Acxiom supports Tim Cook’s call for strict U.S. data laws.)

America does need to reign in the multitude of personal data brokers, and the GDPR is a decent model to work off of. 

Footnotes:
  1. kidding, of course []

Privacy Policy

Privacy God is pleased with our work

I used the built in template to create a privacy policy for this humble blog, even though I don’t really need it, I don’t think. If you are curious about what it says, the link is over to the upper right hand side of B12’s home page, or click here.

If you have any comments, I’d love to hear them. 

Tim Cook blasts weaponization of personal data and praises GDPR

Apple Rising
Apple Rising

BBC News reports:

Apple chief executive Tim Cook has demanded a tough new US data protection law, in an unusual speech in Europe.

Referring to the misuse of “deeply personal” data, he said it was being “weaponised against us with military efficiency”.

“We shouldn’t sugar-coat the consequences,” he added. “This is surveillance.”

The strongly-worded speech presented a striking defence of user privacy rights from a tech firm’s chief executive.

Mr Cook also praised the EU’s new data protection regulation, the General Data Protection Regulation (GDPR).

The Apple boss described in some detail what he called the “data industrial complex”, noting that billions of dollars were traded on the basis of people’s “likes and dislikes”, “wishes and fears” or “hopes and dreams” – the kind of data points tracked by tech firms and advertisers.

He warned that the situation “should make us very uncomfortable, it should unsettle us”.

(click here to continue reading Tim Cook blasts ‘weaponisation’ of personal data and praises GDPR – BBC News.)

Kudos to Mr. Cook. As regular readers of this space know, I’ve been jealous of the EU and their fancy data protection policies for a while.

You Are Being Film
You Are Being Film

And this point is key:

And the trade in personal data served only to enrich the companies that collect it, he added.

Not only is our personal data being mined, processed and sold, but we don’t get compensated for it. Sure we get a place to look at photos of grandkids, and Russian-created memes, but at what cost?

Vermont passes first law to crack down on data brokers

Data Dump
Data Dump

TechCrunch reports:

While Facebook and Cambridge Analytica are hogging the spotlight, data brokers that collect your information from hundreds of sources and sell it wholesale are laughing all the way to the bank. But they’re not laughing in Vermont, where a first-of-its-kind law hems in these dangerous data mongers and gives the state’s citizens much-needed protections.

Data brokers in Vermont will now have to register as such with the state; they must take standard security measures and notify authorities of security breaches (no, they weren’t before); and using their data for criminal purposes like fraud is now its own actionable offense.

If you’re not familiar with data brokers, well, that’s the idea. These companies don’t really have a consumer-facing side, instead opting to collect information on people from as many sources as possible, buying and selling it amongst themselves like the commodity it has become.

This data exists in a regulatory near-vacuum. As long as they step carefully, data brokers can maintain what amounts to a shadow profile on consumers. I talked with director of the World Privacy Forum, Pam Dixon, about this practice.

“If you use an actual credit score, it’s regulated under the Fair Credit Reporting Act,” she told me. “But if you take a thousand points like shopping habits, zip code, housing status, you can create a new credit score; you can use that and it’s not discrimination.”

And while medical data like blood tests are protected from snooping, it’s not against the law for a company to make an educated guess your condition from the medicine you pay for at the local pharmacy. Now you’re on a secret list of “inferred” diabetics, and that data gets sold to, for example, Facebook, which combines it with its own metrics and allows advertisers to target it.

(click here to continue reading Vermont passes first law to crack down on data brokers | TechCrunch.)

Exactly why I wish the US would implement its own version of the GDPR that we’ve discussed. Corporations that mine our digital data, and sell it, and resell it, without oversight, or without giving “a taste” to the consumer are corporations that need to be regulated and watched by a consumer protection agency of some kind. Not every consumer is savvy enough to obfuscate their tracks, and honestly, even somewhat savvy consumers are no doubt caught up in these nameless corporations’ databases. Corporations like EquifaxQuotient and Catalina Marketing and a few thousand others don’t really need to use browser cookies anymore, they also use the unique ID of your devices, they track your IP numbers down to your block group, and can track you at home, at office, via phone, via credit card, via geolocation and via other means. I find it Orwellian and creepy.

My sincere wish is that Vermont continues on this path of regulation of the wild, wild web of data brokers, and that other states and the entire country follows suit.

EU Privacy Law Enters Into Force

Faux Vintage photo of a real vintage digital camera
Faux Vintage photo of a real vintage digital camera

The NYT/Reuters reports about the GDPR:

New European privacy regulations went into effect on Friday that will force companies to be more attentive to how they handle customer data.

The ramifications were visible from day one, with major U.S.-media outlets including the LA Times and Chicago Tribune were forced to shutter their websites in parts of Europe.

People in the bloc have been bombarded with dozens of emails asking for their consent to keep processing their data, and a privacy activist wasted no time in taking action against U.S. tech giants for allegedly acting illegally by forcing users to accept intrusive terms of service or lose access.

“You have to have a ‘yes or no’ option,” Austrian Max Schrems said before filing complaints in European jurisdictions. “A lot of these companies now force you to consent to the new privacy policy, which is totally against the law.”

(click here to continue reading EU Privacy Law Enters Into Force, Activist Takes Aim – The New York Times.)

Amazing really the number of these emails I’ve received. Several are worded in such a way that I did not accept their terms, and assume my account will become dormant. If it was a company I cared to still do business with, I might look a little deeper, but mostly I just shrug and delete.

We first heard about GDPR late last year and only wish the US took consumer privacy as seriously as the EU.

Dreaming Has A Low
Dreaming Has A Low

From December, 2017:

 

Almost a fifth of companies in the marketing and advertising sector would go out of business if they were to be hit by a fine for non-compliance of the new GDPR legislation.

 

The General Data Protection Regulation (GDPR) comes into force in less than one year and covers everything from a consumer’s ‘right to be forgotten’ to data breach notification and accountability. At the heart of the reform in how companies must handle customer data is a fine, standing at €20m or 4% of an company’s global revenue, if they are found to be falling foul.

 

But, in a survey of 187 marketing and advertising companies conducted by YouGov on behalf of law firm Irwin Mitchel, 70% said they wouldn’t be certain of their ability to detect a data breach. Meanwhile, just 37% said they would be equipped to deal with it in the required timescale of three days.

 

 

(click here to continue reading 17% of marketing and advertising agencies would go under if hit with a GDPR fine | The Drum.)

Extraordinary Measures
Extraordinary Measures

A privacy regulation with teeth:

 

With 200-plus pages of regulation set to come into force in May 2018, it formalizes concepts like the “right to be forgotten,” data breach accountability, data portability and more — and is arguably the biggest disruption in the digital space in recent years.

 

Potential fines

 

Simply put, the regulations are being put into place to give individual more rights to their data, but brands and marketers need to get on board beforehand in order to avoid hefty potential fines – up to $24m, or 4% of annual turnover (whichever is the greater sum). Some of the requirements include:

 

  • Requiring consent for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to have a data protection officer to oversee GDPR compliance

 

 

(click here to continue reading What does the EU’s privacy reform mean for US marketers? And what should you do now? | The Drum.)