B12 Solipsism

Spreading confusion over the internet since 1994

Archive for the ‘GDPR’ tag

Vermont passes first law to crack down on data brokers

without comments

Data Dump
Data Dump

TechCrunch reports:

While Facebook and Cambridge Analytica are hogging the spotlight, data brokers that collect your information from hundreds of sources and sell it wholesale are laughing all the way to the bank. But they’re not laughing in Vermont, where a first-of-its-kind law hems in these dangerous data mongers and gives the state’s citizens much-needed protections.

Data brokers in Vermont will now have to register as such with the state; they must take standard security measures and notify authorities of security breaches (no, they weren’t before); and using their data for criminal purposes like fraud is now its own actionable offense.

If you’re not familiar with data brokers, well, that’s the idea. These companies don’t really have a consumer-facing side, instead opting to collect information on people from as many sources as possible, buying and selling it amongst themselves like the commodity it has become.

This data exists in a regulatory near-vacuum. As long as they step carefully, data brokers can maintain what amounts to a shadow profile on consumers. I talked with director of the World Privacy Forum, Pam Dixon, about this practice.

“If you use an actual credit score, it’s regulated under the Fair Credit Reporting Act,” she told me. “But if you take a thousand points like shopping habits, zip code, housing status, you can create a new credit score; you can use that and it’s not discrimination.”

And while medical data like blood tests are protected from snooping, it’s not against the law for a company to make an educated guess your condition from the medicine you pay for at the local pharmacy. Now you’re on a secret list of “inferred” diabetics, and that data gets sold to, for example, Facebook, which combines it with its own metrics and allows advertisers to target it.

(click here to continue reading Vermont passes first law to crack down on data brokers | TechCrunch.)

Exactly why I wish the US would implement its own version of the GDPR that we’ve discussed. Corporations that mine our digital data, and sell it, and resell it, without oversight, or without giving “a taste” to the consumer are corporations that need to be regulated and watched by a consumer protection agency of some kind. Not every consumer is savvy enough to obfuscate their tracks, and honestly, even somewhat savvy consumers are no doubt caught up in these nameless corporations’ databases. Corporations like EquifaxQuotient and Catalina Marketing and a few thousand others don’t really need to use browser cookies anymore, they also use the unique ID of your devices, they track your IP numbers down to your block group, and can track you at home, at office, via phone, via credit card, via geolocation and via other means. I find it Orwellian and creepy.

My sincere wish is that Vermont continues on this path of regulation of the wild, wild web of data brokers, and that other states and the entire country follows suit.

Written by Seth Anderson

May 28th, 2018 at 3:49 pm

Posted in Advertising,Business,government

Tagged with , ,

EU Privacy Law Enters Into Force

without comments

Faux Vintage photo of a real vintage digital camera
Faux Vintage photo of a real vintage digital camera

The NYT/Reuters reports about the GDPR:

New European privacy regulations went into effect on Friday that will force companies to be more attentive to how they handle customer data.

The ramifications were visible from day one, with major U.S.-media outlets including the LA Times and Chicago Tribune were forced to shutter their websites in parts of Europe.

People in the bloc have been bombarded with dozens of emails asking for their consent to keep processing their data, and a privacy activist wasted no time in taking action against U.S. tech giants for allegedly acting illegally by forcing users to accept intrusive terms of service or lose access.

“You have to have a ‘yes or no’ option,” Austrian Max Schrems said before filing complaints in European jurisdictions. “A lot of these companies now force you to consent to the new privacy policy, which is totally against the law.”

(click here to continue reading EU Privacy Law Enters Into Force, Activist Takes Aim – The New York Times.)

Amazing really the number of these emails I’ve received. Several are worded in such a way that I did not accept their terms, and assume my account will become dormant. If it was a company I cared to still do business with, I might look a little deeper, but mostly I just shrug and delete.

We first heard about GDPR late last year and only wish the US took consumer privacy as seriously as the EU.

Dreaming Has A Low
Dreaming Has A Low

From December, 2017:

 

Almost a fifth of companies in the marketing and advertising sector would go out of business if they were to be hit by a fine for non-compliance of the new GDPR legislation.

 

The General Data Protection Regulation (GDPR) comes into force in less than one year and covers everything from a consumer’s ‘right to be forgotten’ to data breach notification and accountability. At the heart of the reform in how companies must handle customer data is a fine, standing at €20m or 4% of an company’s global revenue, if they are found to be falling foul.

 

But, in a survey of 187 marketing and advertising companies conducted by YouGov on behalf of law firm Irwin Mitchel, 70% said they wouldn’t be certain of their ability to detect a data breach. Meanwhile, just 37% said they would be equipped to deal with it in the required timescale of three days.

 

 

(click here to continue reading 17% of marketing and advertising agencies would go under if hit with a GDPR fine | The Drum.)

Extraordinary Measures
Extraordinary Measures

A privacy regulation with teeth:

 

With 200-plus pages of regulation set to come into force in May 2018, it formalizes concepts like the “right to be forgotten,” data breach accountability, data portability and more — and is arguably the biggest disruption in the digital space in recent years.

 

Potential fines

 

Simply put, the regulations are being put into place to give individual more rights to their data, but brands and marketers need to get on board beforehand in order to avoid hefty potential fines – up to $24m, or 4% of annual turnover (whichever is the greater sum). Some of the requirements include:

 

  • Requiring consent for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to have a data protection officer to oversee GDPR compliance

 

 

(click here to continue reading What does the EU’s privacy reform mean for US marketers? And what should you do now? | The Drum.)

Written by Seth Anderson

May 25th, 2018 at 8:17 am

Posted in Business

Tagged with ,