Subscribe in a reader
Subscribe via Email

Enter your email address:
Delivered by FeedBurner
Privacy Policy

We do not sell, rent, trade or otherwise disclose email addresses or other personal information visitors submit through our website. Please note that we use analytics performance cookies on our blog in order to collect aggregated and anonymised statistical data about our blog. By subscribing to or by using this website, you agree to these cookies being served on your computer or other electronic device. Cookies are small text files that are placed on your machine to help the site provide a better user experience. You may prefer to disable cookies on this site. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
Disclaimer

This website is for general information purposes only. Information posted is not intended to be legal advice.
Topics
Tags

Article 29 Working Party behavioral advertising big data cloud COPPA Cross Border cross border data flow Cross Border Data Transfers cross border ediscovery Data Breach data privacy data protection Data Protection Authority data protection law e-discovery EDD EDiscovery EDPS EU EU Commission EU Data Protection Directive European Union Data Protection facebook FCRA France FTC global Google HIPAA international IoT Italy NSA Personal Data personal data protection Peter Hustinx privacy privacy by design privacy laws Safe Harbor social media standard contractual clauses tweets twitter web 2.0

Facebook’s Instant Personalization: It Takes FIFTEEN Steps to ” OPT-OUT “

After Facebook‘s recent changes in their privacy policies, you need to take a few steps if you don’t want your Facebook bio, education & work, hometown, likes and interests data to be publicly shared online, as well as probably sold to behavioral marketers.

1. Go to your Facebook page

2. Go to “account”

3. Go to “privacy settings”

4. Go to “applications & websites”

5. Go to “instant personalization pilot program” all the way at the bottom

6. UN-check the PRE-checked box: allow selected partners to …(steal all your data?)

7. A window pops up; are you SURE? click: CONFIRM!!

8. Go back to “applications & websites”

9. Go to “what your friends can share”

10. Uncheck each category that you don’t want your friends to share online

11. Click : Save Changes

After this, you need to block each “selected partner” on their respective Facebook page. So far, they are

12. Microsoft Docs : click “block”

13. Pandora : click “block”

14. Yelp : click “block”

15. Keep checking every day , for the rest of your life, which new “selected partner” Facebook has added to the list and block those too.

Voilà! You have just opted out! Wasn’t that quick & easy?

Unfortunately, I believe most people won’t bother to go through all these steps, even in order to protect their privacy.

Worse, most people won’t even know how to opt-out, because the opt-out option is set up in such a complicated way. Facebook knows this and counts on this.

Do you think it’s fair to have to go through fifteen steps in order to prevent your personal data to be sold to advertisers?

In Canada’s Privacy by Design system , the opt-in option is the default setting.

Jules Polonetsky, Director of The Future of Privacy Forum proposes more balance between consumer and business interests by improving opt-out techniques.

Both above mentioned alternatives have one thing in common: the ingredient that is missing in Facebook‘s machiavellian opt–out design, which is “respect for the consumer”.

UPDATE: EPIC and others have filed a complaint on 5/5/ 2010 with the FTC about the New Facebook Features discussed in this article.

UPDATE: After worldwide outrage about Facebook’s new Privacy Policy, Facebook caved in and made some changes:

Facebook’s New Privacy Controls as of 5/28/2010

UPDATE: One more reason to opt-out of Facebook’s instant personalisation program. Now all your “likes” might show up on your Facebook friends’ Bing search: see Facebook and Bing Do the Search Two-Step. Since I wrote the article, Facebook has added Rotten Tomatoes and Scribd to their list of instant personalization partners. 9/15/2010

by Monique Altheim on April 29, 2010 • Permalink

Posted in Online Privacy

Tagged Canada, choice, data privacy, facebook, instant personalization, Jules Polonetsky, opt out, opt-in, Personal Data, personal data protection, privacy, privacy by design, social media, THe Future of Privacy Forum, web 2.0

Posted by Monique Altheim on April 29, 2010

https://ediscoverymap.com/2010/04/7-steps-to-opt-out-of-facebooks-new-instant-personalization-program/

IAPP Global Privacy Summit 2010 – Hot Topics : Robert Rothman on the New EU Controller-to-Processor Model Clauses

At the recent IAPP Global Privacy Summit in Washington, D.C., many hot topics were addressed:

Privacy by Design, Behavioral Advertising, the new EU Cookie Consent Law, the Smart Power Grid, the Cloud, Web 2.0, the new EU Model Clause Agreements, Controllers, Processors and Sub-Processors, the recent Google convictions, to name just a few.

I interviewed a few prominent privacy professionals, attending and/or presenting at the summit on some of the important issues of the day.

Robert Rothman, President of Privacy Associates International, (PAI ), is an expert in Cross Border Data Transfers.

The EU Commission Decision of February 5, 2010, contains new rules on standard contractual clauses for the transfer of personal data from EU countries to processors established in third ( non-EU , and non- “adequate” ) countries. This decision comes into effect on May 15, 2010.

I asked Robert Rothman to explain the changes in the model clauses.

See also my previous post for a comprehensive coverage of the subject matter.

by Monique Altheim on April 24, 2010 • Permalink

Posted in Conferences, Cross Border Data Flow, European Union Data Protection, Online Privacy

Tagged controller to processors, Cross Border, cross border data flow, cross border ediscovery, EU, EU Commission, European Union Data Protection, global, international, model clauses, Personal Data, personal data protection, Privacy Associates International, Robert Rothman, standard contractual clauses

Posted by Monique Altheim on April 24, 2010

https://ediscoverymap.com/2010/04/iapp-global-privacy-summit-2010-hot-topics-robert-rothman-on-the-new-eu-controller-to-processor-model-clausesmodel/

IAPP Global Privacy Summit 2010 – Hot Topics : Jay Libove on Italy v. Google

At the recent IAPP Global Privacy Summit in Washington, D.C., many hot topics were addressed:

I interviewed a few prominent privacy professionals, attending and/or presenting at the summit on some of the important issues of the day.

In this video, Jay Libove, CISSP, CIPP, an experienced privacy professional, expresses some concerns about the recent Italian verdict against three Google executives.

For the latest update on this case, click here

by Monique Altheim on April 24, 2010 • Permalink

Posted in Conferences, Online Privacy

Tagged data privacy, EU, European Union Data Protection, Google, Italy, Jay Libove, Personal Data, personal data protection, privacy, privacy laws, social media, web 2.0

Posted by Monique Altheim on April 24, 2010

https://ediscoverymap.com/2010/04/iapp-gobal-privacy-summit-2010-hot-topics-jay-libove-on-italy-v-google/

IAPP Global Privacy Summit 2010 – Hot Topics: Cédric Laurant and the EPHR project

At the recent IAPP Global Privacy Summit in Washington, D.C., many hot topics were addressed:

I interviewed a few prominent privacy professionals, attending and/or presenting at the summit on some of the important issues of the day.

In this video, I interviewed Cédric Laurant, who is an attorney and an independent privacy consultant based in Belgium. Cédric was probably the only European to have braved the Icelandic ash clouds in order to make it to the IAPP Summit in Washington, D.C. Indeed, about 25 European speakers and a couple of hundred European attendees never got to the summit because of cancelled flights all over Europe.

Cédric is closely involved in the brand new European Privacy and Human Rights ( EPHR) project. This project is a collaboration between EPIC ( Electronic Privacy Information Center) in Washington, D.C., PI (Privacy International) in London and the CEU ( Central European University ) in Budapest.

by Monique Altheim on April 23, 2010 • Permalink

Posted in Conferences, European Union Data Protection, Online Privacy

Tagged Belgium, Budapest, Cedric Laurant, CEU, CMCS, data privacy, EPIC, EU, European Union Data Protection, Global Privacy Summit, Icelandic ash clouds, London, Personal Data, personal data protection, privacy, Privacy International, privacy laws

Posted by Monique Altheim on April 23, 2010

https://ediscoverymap.com/2010/04/iapp-global-privacy-summit-2010-hot-topics-cedric-laurant-and-the-ephr-project/

IAPP Global Privacy Summit 2010 – Hot Topics -Privacy by Design in Canada

At the recent IAPP Global Privacy Summit in Washington, D.C., many hot topics were addressed:

I interviewed a few prominent privacy professionals, attending and/or presenting at the summit on some of the important issues of the day.

In this video, I interviewed Ken Anderson, Assistant Commissioner, and Estella Cohen, Issues Manager at the Information and Privacy Commissioner’s Office in Ontario, Canada.

They explain the concept of Privacy by Design and how it is implemented in Canada.

The IAPP is holding a Canada Privacy Symposium 2010 on May 26 – 28, in Toronto.

Update November 1, 2010: Privacy by Design Resolution adopted by international privacy commissioners in Jerusalem

by Monique Altheim on April 23, 2010 • Permalink

Posted in Online Privacy, Privacy by Design

Tagged Anne Cavoukian, Canada, data privacy, default setting, Estella Cohen, facebook, Google, Ken Andersen, Ontario, personal data protection, positive-sum, privacy, privacy by design, privacy laws, social media, web 2.0

Posted by Monique Altheim on April 23, 2010

https://ediscoverymap.com/2010/04/iapp-global-privacy-summit-2010-hot-topics-privacy-by-design-in-canada/

IAPP Global Privacy Summit 2010 – Hot Topics: Jules Polonetsky Predicts the Future of Behavioral Advertising

At the recent IAPP Global Privacy Summit in Washington, D.C., many hot topics were addressed:

I interviewed a few prominent privacy professionals, attending and/or presenting at the summit on some of the important issues of the day.

In this video, I interviewed Jules Polonetsky, Director of The Future of Privacy Forum, on the future of behavioral advertising.

by Monique Altheim on April 23, 2010 • Permalink

Posted in Conferences, Online Privacy

Tagged behavioral advertising, data privacy, Data Protection Authority, facebook, FTC, Google, Jules Polonetsky, social media, THe Future of Privacy Forum, web 2.0, yahoo

Posted by Monique Altheim on April 23, 2010

https://ediscoverymap.com/2010/04/iapp-global-summit-2010-hot-topics-jules-polonetsky-predicts-the-future-of-behavioral-advertising/

IAPP Global Privacy Summit 2010 – Hot Topics: Convergence, by Jay Libove, CISSP, CIPP

At the recent IAPP Global Privacy Summit in Washington, D.C., many hot topics were addressed:

I interviewed a few prominent privacy professionals, attending and/or presenting at the summit on some of the important issues of the day.

In this video-interview, Jay Libove, CISSP, CIPP, talks about the importance of convergence of all corporate departments in order to increase efficiency.

by Monique Altheim on April 22, 2010 • Permalink

Posted in Conferences, Online Privacy

Posted by Monique Altheim on April 22, 2010

https://ediscoverymap.com/2010/04/iapp-global-privacy-summit-2010-hot-topics-convergence-by-jay-libove-cissp-cipp/

E-Discovery Challenges in China

by Kevin Lo

A complicated international anti-dumping case brought several U.S. lawyers and a team of e-discovery experts to a large industrial town in northeast China. They had come to interview senior executives and conduct a search of paper and electronic records at a major pharmaceutical company.

During negotiations for the trip, the company said the team was more than welcome to speak with anyone they wished to meet and that access to records would be granted willingly. What transpired once the team arrived in China, however, was considerably different.

To begin with, their hosts seemed disinclined to get down to business. On the first day, they insisted on giving a tour of the large plant. It was long and far too detailed for the team’s interests. Having everything translated only added to the ordeal.

After the tour ended, the hosts suggested everyone go to lunch. The lead lawyer politely declined, despite the urging of her translator to accept. The lawyer asked, instead, to begin the discovery process. “I would like to begin by taking a copy of your hard drive,” she said to the company’s CEO.

Although the CEO didn’t say no outright, it was obvious this request made him quite upset. Rather than discuss the matter further, he changed the subject back to the luncheon invitation. “We can eat and have something to drink and get to know each other,” he said.

“He’s got something to hide,” one of the lawyers said to his colleagues. Although he had made this observation in an aside, it was loud enough for the CEO’s translator to hear.

by Monique Altheim on April 14, 2010 • Permalink

Posted in EDiscovery, Online Privacy

Tagged China, Cross Border, cross border ediscovery, cultural differences, e-discovery, EDD, EDiscovery, global, international

Posted by Monique Altheim on April 14, 2010

https://ediscoverymap.com/2010/04/e-discovery-challenges-in-china/

EU Cross Border Ediscovery, Standard Contractual Clauses, and Sub Processors: What Will Change on May 15, 2010?

How the New EU Rules on Data Export Affect Companies in and outside the EU

by Dr. Thomas Helbing

On 5 February 2010 the Commission of the European Union (EU) has updated the set of standard contractual clauses for the transfer of personal data to processors in non-EU countries. The old clauses are repealed with effect from 15 May 2010.

Standard contractual clauses are an important instrument for companies in the EU to comply with national data protection laws if information on individuals is transferred to or accessed by organizations outside the EU.

The EU Commission decision is relevant for all organization receiving personal data – for example customer or employee data – from subsidiaries, customers or vendors in the EU.

In addition, the new standard contractual clauses will also affect companies who indirectly receive personal data that originally comes from the EU, e.g. by providing services to companies which process EU data. This is because the new standard contractual clauses require from companies importing personal data from the EU to contractually impose the terms of the clauses on any subcontractor to which they transfer personal data or grant access.

In particular, agreements on outsourcing, cloud computing, software as a service (SaaS) or application service providing (ASP) and software like Human Resources Information Systems (HRIS) Customer Relationship Management (CRM) tools and Enterprise Resource Planning (ERP) software are affected.

Example “CRM”: CRM-Ready Inc. is a US-based company providing a Customer Relationship Management software that clients use remotely via a web browser (Software as a Service – SaaS). Best-Resell GmbH in the EU intends to use CRM-Ready’s system to store and manage its customer data. CRM-Ready Inc. and Best-Resell GmbH agree to conclude a contract with the EU standard contractual clauses to ensure Best-Resell’s compliance with local privacy laws.

Example “HR-Data”: Global Workers Ltd. is a multi-national company headquartered in Japan with subsidiaries in various EU countries. Names, functions and phone numbers of all employees are stored centrally in a firmwide database at Global Workers Ltd. in Tokyo. The EU subsidiaries and Global Workers Ltd. agree on the EU standard contractual clauses to ensure the lawfulness of the intra-group data transfers under EU laws.

In this article we answer the following questions:
• What is the Concept behind Standard Contractual Clauses?
• What are the Changes to the Standard Contractual Clauses?
• How Does the New Subcontracting Scheme of the Clauses Work in Practice?
• When Do the New Clauses Take Effect and Which Existing Agreements Need to be Updated?
• How Do the Clauses Affect Companies Outside the EU?

by Monique Altheim on March 26, 2010 • Permalink

Posted in Cross Border Data Flow, European Union Data Protection, Online Privacy

Tagged adequate level, Cross Border, cross border ediscovery, data controller, data processor, e-discovery, EDiscovery, EU, EU Commission, European Union Data Protection, Personal Data, personal data protection, privacy laws, SaaS, Safe Harbor, standard contractual clauses

Posted by Monique Altheim on March 26, 2010

https://ediscoverymap.com/2010/03/cross-border-ediscovery-from-the-eu-standard-contractual-clauses-and-sub-processors-what-will-change-on-may-15-2010/

The French Data Protection Authority: Video Surveillance Images are “Personal Data”

POSTED ON MARCH 16, 2010 BY HUNTON & WILLIAMS LLP

In a decision handed down on February 25, 2010, the French Constitutional Court ruled that the right to privacy derives from Article 2 of the Declaration of Human Rights, and is therefore considered a constitutional right under French law. The Court also ruled that the legislature must strike a balance between the right to privacy and other fundamental interests, such as preventing threats to public safety, which are necessary to preserve constitutional rights and principles.

In its decision, the Court ruled on several provisions of a legislative bill (the “Bill”) aimed at combating acts of group violence and protecting public servants. This Bill would have authorized the owners of buildings to provide live, closed-circuit video surveillance images of a building’s common areas to local or national law enforcement authorities in the event that activities taking place on the premises might require police intervention. The Court ruled against this provision on the grounds that it did not provide the safeguards necessary to protect the privacy rights of individuals living in the buildings.

Following the Court’s ruling, the French Data Protection Authority (the “CNIL”) took the opportunity to restate that video surveillance images are considered “personal data” since they allow for the identification of individuals. Consequently, any video surveillance using a system that is installed on the private premises of a building (e.g., in hallways, staircases or elevators) constitutes a data processing activity within the scope of the Data Protection Act and requires prior notification to the CNIL.

View the full text of the Court’s decision and the CNIL’s comments (both in French).

Link

by Monique Altheim on March 19, 2010 • Permalink

Posted in European Union Data Protection, Online Privacy

Tagged Cross Border, data privacy, Data Protection Authority, e-discovery, EDiscovery, EU, European Union Data Protection, France, global, Personal Data, video surveillance images

Posted by Monique Altheim on March 19, 2010

https://ediscoverymap.com/2010/03/the-french-data-protection-authority-video-surveillance-images-are-personal-data/

Privacy and Security TidBits

Subscribe via Email

Privacy Policy

Disclaimer

Topics

IAPP Global Privacy Summit 2010 – Hot Topics : Robert Rothman on the New EU Controller-to-Processor Model Clauses

IAPP Global Privacy Summit 2010 – Hot Topics: Cédric Laurant and the EPHR project

E-Discovery Challenges in China

EU Cross Border Ediscovery, Standard Contractual Clauses, and Sub Processors: What Will Change on May 15, 2010?

How the New EU Rules on Data Export Affect Companies in and outside the EU

The French Data Protection Authority: Video Surveillance Images are “Personal Data”

Categories

Archives

Meta

Subscribe via Email

Privacy Policy

Disclaimer

Topics

Tags

How the New EU Rules on Data Export Affect Companies in and outside the EU

Categories

Archives

Meta