Categories
datacappy dsdefender

COPPA: How a 1998 Law (Sort of) Protects Your Kids

COPPA—the Children’s Online Privacy Protection Act—was supposed to help guard our kids’ privacy on the internet. More than two decades after its passage, the results are mixed. Yes, COPPA protects some kids, but it is too narrow in scope and needs to be updated.

Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998 to give parents control over what kinds of information companies can gather about their kids and improve security. It’s designed to protect children who use the internet by requiring websites to post their online privacy policy along with a notice to parents to obtain consent before gathering data. Parents are also supposed to be able to access any information collected on their kids for review or to have it deleted.

COPPA applies to commercial websites and apps that are directed at kids aged 13 and under, leaving kids older than 13 unprotected. Personal information includes details such as the child’s first and last name, phone number, Social Security number and even geolocation data (your kid’s street and town). The court can levy penalties of up to $43,280 for each violation, according to Medium.

California Steps In

California has a tougher version, called the California Online Privacy Protection Act (CalOPPA). In the Golden State, CalOPPA applies to operators of online services, apps or commercial websites that collect information on individuals living in California. This means that the website itself does not need to be a business registered in the State of California, according to TermsFeed.

CalOPPA dictates that websites indicate what categories of personal information can be collected (such as email addresses and shipping addresses). Also to be listed are any third parties that might receive and process this information for the site. 

As an example of repercussions, CalOPPA led to the California Attorney General fining app providers by as much as $2,500 each time they failed to provide compliance plans for collecting personally identifiable information.

Strengthening COPPA

Efforts to improve and strengthen COPPA are ongoing, as evidenced by the FTC hosting a recent public workshop called “The Future of the COPPA Rule.” As for future updates to legislation like COPPA, the FTC is not required to take action this year, with the next mandatory review being scheduled in 2023.

One area parents should be concerned about is whether the FTC should grant exceptions for education technology and equipment such as Google Home and Alexa that interact using voice recognition, as noted by a report from the New York Times. This issue is going to persist as long as people continue to make inquiries by voice. It’s grows in popularity for ease of use, but it also results in more personal data to potentially be harvested.

Another concern: the age limit. For the most part, we mark the age of legal adulthood at 18. The fact that COPPA cuts off protection for kids over 13 is a serious mistake. Is your 14-year-old not a kid?

COPPA protects, but on its own is an inadequate shield. Parents who care about their children’s online safety and privacy must be vigilant and set ground rules for computer, tablet and phone usage. Meantime, call your legislators and tell them you want a stronger, tougher COPPA.

Published with permission from PrivacyParent.

Categories
datacappy dsdefender oliverwjones

The Right to be Remembered

The Council of the European Union, the European Commission and the European Parliament designed the GDPR (General Data Protection Regulation) in an effort to protect people’s personal data and privacy when on a website. Through the GDPR, websites are now required to disclose to users that cookies will be used to track their digital footprint and allow users to opt out. Most users find it cumbersome to complete the process and disregard the option. There is also a regulation that grants users the right to be forgotten which allows them to contact companies that collect, analyze and sell their data and request that they be deleted from their databases.  

GDPR laws were not designed in the interest of the user but rather in the interest of the Big Tech giants: Google, Facebook, Amazon, Apple and Microsoft. These key content providers and data collectors, along with many others, profit on the acquisition of user data. Google’s business model masters the art of data collection with Facebook, Amazon and Apple following in their footsteps. Microsoft, while a slightly smaller player in this arena, should not be overlooked for their influence in helping craft the GDPR.

Along with Big Tech, politicians have used the GDPR as a false cover to pretend they are concerned with digital privacy. If politicians really wanted to protect users’ digital data from Big Tech, then the laws would have been differently crafted. The right to be forgotten has confusing loopholes and is nearly impossible for users to implement. In order to be forgotten, a user must make a request to every individual company that collects data and ask to be removed. It’s a daunting task because there are so many companies who collect, analyze and sell data and it’s almost impossible to track them all down. Even if you could contact all these companies, they are constantly generating new partners with whom they transfer your data and the endless cycle continues. This is insanity.  If the laws were crafted with users’ privacy as the primary concern, they wouldn’t be called ‘the right to be forgotten’ but rather ‘the right to be remembered’.  

Let’s pretend the GDPR laws allowed users the same, simple ability to opt out of being tracked as it currently does now to opt in with a single click. If this were the case, websites would never get any user information! Big Tech companies are not affected by GDPR regulations because people are lazy, don’t care or simply do not understand what’s at stake.  If there was a right to be remembered then users would have a real choice, not an obscure, confusing set of steps deeply entrenched within a privacy policy or user agreement. The problem is that users are “informed” but not in ways they can ever access. Who reads a privacy policy or user agreement? It’s easy to slip in consent to collect data in these online documents. It would be much more difficult if every third party host who wanted to place a tracking cookie on your device had to ask for your consent every time. No one would take the time to write companies to allow themselves to be tracked and people would have a real chance at protecting their digital information. These laws need to be re-thought and re-crafted to truly protect digital information.

Categories
datacappy dsdefender oliverwjones

My TV is Spying on Me!

There’s a recent article in the New York Times which reads a little nostalgic, but makes a good point. There’s no space left for smaller players in the consumer electronic space. Even given the innovation happening, smaller players get gobbled up quickly, and consumed into the huge data crunching consumer giants. Think fitbit… The other point Shira Ovide makes is that the largest consumer electronics companies have basically become “The Facebook that happens to sell us the screens, too”. In short if they can watch you jog, watch you watch, and watch you play, that data is as valuable as any physical electronic device they sell you.

Categories
datacappy dsdefender oliverwjones

PRISM

The Internet has given us nearly unlimited access information of all kinds. We can learn about anything that interests us with a few clicks. So can our government, and when their topic of interest is your internet use, that’s a concern.

The federal government’s primary tool for monitoring the Internet activity of U.S. citizens is an initiative called PRISM, launched in the years following 9/11 and immediately covered up. Few people knew anything about it until 2013, when whistleblower Edward Snowden exposed it.

PRISM isn’t an acronym; instead, it’s a codeword that summarizes the government’s attempt to take large quantities of information and focus it in specific areas. In particular, PRISM allows the government to obtain information about individual users directly from the Internet’s biggest sites, such as Google, Facebook and YouTube. Also included in PRISM’s surveillance is mobile data, including location information and text messages.

The government claims that it only does this surveillance to ensure the safety of its citizens, and that PRISM only collects data when there is a given reason to look at the activity of a particular user. However, just as your Echo Dot can hear your conversations when you haven’t specifically said “Alexa”, there’s no guarantee that the government isn’t watching more of your Internet activity than you’re aware of.

Critics of PRISM claim that the program is unconstitutional. The truth is, we don’t really know what the government is doing with our data. The data may simply help the government to identify legitimate issues that might otherwise have gone unnoticed. Or, the government may be compiling data to one day be used against us. Since there is so much grey area surrounding PRISM, which the government has neglected to clarify, many people assume the worst.

What should you, a law-abiding citizen, do about PRISM? Treat your personal data carefully. Protect it. Use safeguards wherever possible, including VPNs, data encryption and private browsing. Be wary of public wifi networks and online storage tools. Above all, be aware of the threats surrounding you, and make choices regarding you and your family’s Internet privacy knowing what’s lurking just out of sight.

Categories
datacappy dsdefender oliverwjones

Facial Rec Privacy Outrage, Again

18 C0-op food stores decided to test a system targeting shop-lifters and violent store visitors using a product from Facewatch. Where’d they get that name?

In an open letter to the retailer, Privacy International questioned the legality of the technology in stores. It also asked whether information was being shared with the police.”

Facial recognition tech has become extremely controversial. Issues of racial profiling, come to mind but this stuff is going to be hard to put back in the box. A decent article from the BBC.

Categories
datacappy dsdefender oliverwjones

EU Algo Policing

If this was even remotely possible… “The Commission said the guidelines require online platforms to identify the algorithmic parameters that determine ranking and to share them with companies.” I can imagine the wittier of the group responding with a single parameter, “result=”.

Margrethe Vestager is becoming something of a star in the European Commission, The Commission. Reuters gives you the basics here.

Categories
datacappy dsdefender oliverwjones

DeepMind AI Loves Proteins

According to a lab in London, Researchers have solved “the protein folding” problem. If this is true, it’s a discovery which rivals, the washing machine. Protein structure and shape in the human body (and all other living things for that matter) define the behaviour of viruses and bacteria. DeepMind is a lab owned by Alphabet Inc. and whether they will share their technology is still an open question.

As much as we’re frustrated with Google’s abuse of individual data, in the fight between good and evil, this investment by Alphabet seems to be a positive one.

Data, data, data, from macro to micro. This article in the NYT is well written.

Categories
datacappy dsdefender oliverwjones

Throwing stones in a gorilla glass house

The latest from Apple complaining that Facebook abuses user data and promiscuously tracks its’ users is a bit rich! The PR firms are hard at work and Facebook is… Well, probably the worst, but what’s painful is to see how much better Apple is at managing this issue. Hypocritical without a doubt, they’ve been promoting an App Tracking Transparency feature and calling out Facebook along the way. It’s true the rhetoric is confusing, but Apple’s strategy here is to attack and distract. They’re up to their necks in a PR game of cat and mouse with Epic, why not attack Facebook and shore up their own spin? The news is all over the place, but this article hits a lot of the information.

Categories
datacappy dsdefender oliverwjones

Apple throws a bone

They’re cutting the App Store fee from 30% to 15% for developers who generate less than $1Million and that’s 95% of us. When? January 1st. My favourite part of this Bloomberg story is Basecamp CTO’s quote from Twitter. “If you’re a developer making $1m, Apple is STILL asking to be paid $150,000, just to process payments on the monopoly computing platform in the US. That’s obscene!” In any case it’s better than nothing and might appease the courts and public opinion for a while. The fact is it’s a monopolistic platform and their problems won’t go away with the bone they’ve just tossed. Here’s a good article from Bloomberg.

Categories
datacappy dsdefender oliverwjones

Apple’s Tracking Tool Rubbing European Authorities Wrong

Apple has been using this IDFA (Identifier for Advertisers) for ‘ever’. As an app developer we see this each time we publish an app. If you want to integrate ads this is the ID that allows 3rd parties to track your usage. It goes without saying that Apple keeps a close eye on it as well. Now Europe is saying Apple is in clear violation of GDPR regulations. The real problem for apple isn’t allowing users to opt-in or not. They can do that easily. The problem is if a user opts-out, they opt-out of tracking for all of the app installations which use this identifier for their ads. And why give away a free app, if you can’t push ads… This Reuters article is decent.