Jun 302011
 June 30, 2011  Posted by  Business, Court, Online

Julia Filip reports:

A federal class action demands that AOL stop intruding on millions of people’s privacy by tracking their Web browsing and selling the information to third-party advertisers. Co-defendants ScanScout and Brightcove also are accused of overriding privacy controls on private citizens’ computers to install temporary files, or “cookies.”

The three defendants allegedly use Adobe flash technology to do their offensive snooping, but Adobe is not named as a defendant.

ScanScout, which provides video ad services to AOL and others, uses Brightcove technology to display online video content and track consumers’ viewing patterns, lead plaintiff Sandra Person Burns says in her 47-page complaint.

Read more on Courthouse News.

Jun 302011
 June 30, 2011  Posted by  Business

Ben Popper reports:

Myspace’s biggest asset is arguably its userbase of somewhere between 50 and 65 million people. Myspace posted a dozen data sets on the data marketplace Infochimps in March, with information on status updates, user activity, apps, photos and more, with prices ranging from $25 to $150.

To be clear, the data on Infochimps does not personally identify users. “The data MySpace sells through Infochimps is intended to help someone track certain types of behavior at a bird’s eye level, such as how many users are in certain zip codes and how many times a certain word is mentioned on the service. The records in these data sets are completely anonymous,” a representative wrote in an email.

But the acquisition today by Specific Media is quite different. They bought the profiles lock, stock and barrel. Now they will use them for their core business, ad targeting. Considering the going prices on Infochimps, Specific just got a great bargin, picking up between 50-65 million user profiles for about fifty cents a pop.

Read more on BetaBeat.

This may surprise some who might think that I’d be outraged by the news, but I am neither shocked nor particularly upset by it.  Didn’t we all expect it?

Companies sell their assets – including their customer base- all the time. MySpace has gone downhill in the past years.  What does it have left to sell except all that yummy data its users provided in exchange for their free service?  And if you read their fine print, is there really anything in their privacy policy or terms of service that assured users their data would never be sold at all, ever?

But if  users think this is bad, what happens if/when Facebook does the same thing down the road?

I’m actually more concerned that pharmacies and hospitals can include patient/customer data when they sell out to another hospital or pharmacy.  Surprised?  There’s an exception in HIPAA that seemingly permits that and I’ve seen it happen in some bankruptcy situations or big chain takeovers.

All in all, this strikes me as just another reminder that in the U.S., it may be our information and our details, but we don’t necessarily have the right to control who can get that information or how they can get it.

Hopefully, Specific Media will have clearly posted directions on how to completely and permanently delete profiles and they will honor such requests because that’s an issue that still needs to be addressed – and in my opinion – legislated.  We should have some recourse and protection so that if we don’t want a company to have our  data when we have no relationship with them, they have to delete it.  In the absence of a recognized right   that companies cannot buy our data without our consent, at the very least we need some assurance that they cannot use it to contact us or to market to us without our consent.

And with that, I’ll just wait over here while Adam Thierer splutters at my less than business-friendly attitude.

More on the sale of MySpace here.

Jun 302011
 June 30, 2011  Posted by  Breaches, Business, Laws

With so much going on this year in terms of privacy and data breaches, there have been many who have somewhat optimistically believed that this would be the year when we get privacy legislation and a federal data security/breach notification law.  Every year since I started this blog (2006), I’ve seen and posted such news items.  And each year has come and gone without Congress passing any legislation.  At a hearing this week, the pushback against privacy legislation was evident.

Sarah Lai Stirland reports:

Federal legislative proposals to help consumers to effectively stop companies from tracking them online without their knowledge might “break the internet,” a key Republican senator working on the legislation said in a hearing on the issue on Wednesday.

“In a world where people voluntarily share very personal information on web sites like Facebook and Twitter on a daily basis, I’m not entirely sure what consumer expectations are when it comes to privacy, but I am sure that different consumers have different expectations about privacy,” said Sen. Pat Toomey (R-PA) in a Wednesday morning Senate Commerce Committee hearing on privacy and data security.

Toomey said he was worried that the legislative proposals currently being discussed in Congress are a “solution in search of a problem.”


Read more on TPM.

While it is easy and often trendy to just dismiss any concerns raised by Republicans or write them off as pro-business, there’s nothing wrong with being pro-business as long as it’s not at the expense of individual rights. So we should consider the impact on commerce, but I am of the mindset that says that regulations that make it clear what businesses can and cannot do would actually be a boon to businesses as it would offer them a clear yardstick and some protection from complaints. It would also save them the time and inordinate expense of trying to comply with a hodge podge of state laws.

But as with data breach notification, a federal privacy bill will only be useful if it’s a strong bill that does not trump strong state laws but rather incorporates them at a national level.

Notice is not enough, Congress. Consumers need some recognized right to say “no” and have it enforced. And just because a dozen other internet users do not mind a, b, or c, well, they don’t get to waive my rights. Write and enact a law that respects the rights of those who are privacy-protective and everyone benefits. Do nothing or write a law that erodes individual rights in favor of commerce and we’ll all be back here next year. And the year after. And the year after….

Jun 292011
 June 29, 2011  Posted by  Laws, Surveillance

Vermont Congressman Peter Welch plans to announce legislation that he says will catch the law up with technology now that new mobile devises make it easier to use GPS technology to track individuals.

The Geolocation Privacy and Surveillance Act sponsored by Welch and Republican Utah Rep. Jason Chaffetz is aimed at giving clear guidelines for when and how geolocation information can be used.

Read more of this AP story on News Times