The Right to be Forgotten: EU Decision

euflagth4P2UWF78

Historic Decision by the European Union’s Highest Court

The European Court of Justice ruled in favor of an individual’s right to have Google delete certain links about that individual. The decision was based in part on a finding by the court that Google is a data controller, which apparently is at odds with earlier EU rulings – ECJ’s Advocate General decided in 2013 that Google did not need to delete the links because it was not the “controller” of data and that information should only be deleted when the personal information is either incomplete or inaccurate.

Some commentators question the basis for the decision: “Given that the EU has spent two years debating this right as part of the reform of EU privacy legislation, it is ironic that the ECJ has found it already exists in such a striking manner.” Richard Cumbley of Linklaters told The New York Times.

And, practitioners sound the alarm: Operationally, this will “put search engines in the extremely onerous position of having to take a view on how to comply with potentially millions of individual requests.”  (See more details at IAPP Newsletter, The Privacy Advisor, https://www.privacyassociation.org/publications)

Google and others will argue that this amounts to censorship; from Levi Sumagaysay’s blog:

* * * *

Does the right to be forgotten — or the right to privacy — outweigh censorship concerns? “[The decision] is one of the most wide-sweeping Internet censorship rulings that I’ve ever seen,” Wikipedia founder Jimmy Wales told the BBC. Wales said he expects Google to fight back hard. “If they have to start coping with everybody who whines about a picture they posted last week, it’s going to be very difficult for Google.”

http://www.siliconbeat.com/author/lsumagaysay/

The IoT needs PByD: FTC Looking at Privacy and Security in the Age of Smart Homes

The Internet of Things is the phrase used to describe technology that talks to technology – connected sensors and embedded technology.  Think of smart homes – your refrigerator knows what and when to restock; your HVAC adjusts to your schedule; personal tech – your heart monitor talks to your health care provider.  The FTC recently convened a workshop to address privacy and security considerations surrounding the use of such applications; see:

http://www.ftc.gov/bcp/workshops/internet-of-things/FINALAGENDA-11-13-13.pdf

In conjunction with the event, the Future of Privacy Forum  released “a whitepaper arguing for a new privacy paradigm in the new highly connected world.”

http://www.futureofprivacy.org/2013/11/19/fpf-releases-a-new-privacy-paradigm-for-the-internet-of-things/

The whitepaper authors argue that the consent/notice issues in dealing with the usual customer/consumer paradigm of managing privacy issues may not be relevant or sufficient in a world where the uses of data cannot be discovered until after the data has been collected, employed.  The argument now focuses on Privacy By Design strategies to tackle these thorny issues: anonymizing of data; transparency; codes of conduct; accountability/accessibility.

See IAPP summary of the workshop issues at:  https://www.privacyassociation.org/publications/is_notice_and_consent_possible_with_the_internet_of_things

If we don’t get a handle on this now, that wristband I’m wearing  may soon force me to add another mile to my jog because it knows what I had for lunch!  Let’s move, indeed!Exclamation Point with Social Technology and Internet Color Icon

And in more IoT news, along comes the worm:

http://allthingsd.com/20131130/a-new-worm-proves-that-the-internet-of-things-is-vulnerable-to-attack/#!

My new excuse – the bathroom scale’s been hacked!

Wow Scale

UPDATE:

Google has acquired Nest, the maker of “connected” thermostats and smoke detectors.  According to a statement one of Nest’s founders delivered to TechCrunch, Nest will only use customer information for “providing and improving Nest’s products and services,” indicating it will not be used for Google’s larger advertising schemes.  Of course, the commentators are lining up to speculate about what Google will do with all that data collected straight from a consumer’s home., much in the way consumers have been using connectivity in their cars.  And now Detroit is increasing that connectivity with cars that will be able to connect to the Internet independently, with the car using the custom apps on their own.

See info on Google acquisition of Nest: http://www.engadget.com/2014/01/13/google-acquires-nest/

And, GM’s 2015 roll-out of more connected cars: http://business.time.com/2014/01/07/your-car-is-about-to-get-smarter-than-you-are/

Fun from tomfishburne.com:

 

And then along came Fridge Spam:

-More than 750,000 Phishing and SPAM emails Launched from “Thingbots” Including Televisions, Fridge-

“The attack is believed to be one of the first to exploit lax security on devices that are part of the ‘internet of things.”

See press release from Proofpoint: http://www.proofpoint.com/about-us/press-releases/01162014.php

And, BBC update:

http://www.bbc.co.uk/news/technology-25780908#!