Group Calls for Investigation into Google’s Social Network
The Guardian reports that the Electronic Privacy Information Center (Epic) has asked the Federal Trade Commission (FTC) to investigate Google’s social networking service Google+, claiming that it violates users’ privacy. Epic is reportedly particularly concerned that some features blend comments and photos into users’ search results, without warning users that their information would be searchable. However, Google reportedly states that the company has “taken special care with our new features to provide robust security protections, transparency and control for our users”. Nonetheless, Epic executive director Marc Rotenberg has reportedly queried Google’s commitment to privacy, as a 2011 settlement with the FTC concerning the Buzz product was supposed to mean the company would not violate privacy again.
The Guardian: Epic to FTC: Google Search+ is violating users’ privacy (12 January 2012)
(Source: The Guardian)
Ex-worker Sued Over Exodus of Twitter Followers
Claims Journal reports that internet company PhoneDog LLC (PhoneDog) has sued its former employee Noah Kravitz alleging that “the worker cost the company thousands of dollars in lost business when he took 17,000 Twitter followers with him when he left the firm”. PhoneDog reportedly claims that Mr Kravitz owes it US$340,000 over the loss of the Twitter followers, arguing that they “should be treated like a customer list, and therefore PhoneDog’s property”. However, intellectual property lawyer Steve O’Donnell reportedly rejected the claim that each follower is worth US$2.50 per month to PhoneDog, opining that it is difficult to put a monetary value on Twitter followers who could be ignoring PhoneDog’s posts and “just gathering accounts and broadcasting their own content”. Reportedly, according to patent and trademark lawyer Erik Heels, the case could be a valuable guide to companies in establishing rules relating to employees’ use of social media.
Claims Journal: South Carolina Company Sues Ex-Worker Over Twitter Followers (3 January 2012)
(Source: Claims Journal)
ICO Issues Cookies Report Card
Europe, Middle East and Africa
The UK Information Commissioner’s Office (ICO) has published the Half-term report on cookie compliance (13 December 2011).”Our mid-term report can be summed up by the schoolteacher’s favourite clichés ‘could do better’ and ‘must try harder’”, Information Commissioner Christopher Graham said. Mr Graham said in determining their compliance, organisations should ask themselves whether their sites are doing anything unknown to users, and secondly, whether users are afforded appropriate choice in how they use the site. He suggested that appropriate strategies to achieve these ends may include: switching off cookies until users turn them on again; using a “registration” process for users, during which they can indicate their agreement with the website working “in a certain way”; and in cases where users know “some things are more likely than not going to happen when they arrive at your site”, making sure they “know where to go and what to do” if they would like more choice in the matter. Mr Graham said the first option was the “safest”, but the two alternatives could be practicable provided users were informed and aware.
ICO’s media release (13 December 2011)
Facebook and FTC Announce Settlement of Privacy Issues
Earlier this week, the Federal Trade Commission (FTC) announced its proposed settlement with Facebook over what it termed “unfair and deceptive” business practices. As part of its agreement with the FTC, Facebook must collect users’ permission before making any changes to privacy settings and must also undergo annual consumer privacy audits over the next 20 years. The FTC’ settlement stems largely from changes Facebook made to its privacy procedures in 2009. Among other things, Facebook allegedly publicized information that users had set as private without any notice to the users. The FTC did not impose any fines but Facebook will be forced to pay $16,000 a day for any future violations.
New York Times: F.T.C. Settles Privacy Issue at Facebook (29 November 2011)
(Source: New York Times)
Fines for Email Errors
Europe, Middle East and Africa
The UK Information Commissioner’s Officer (ICO) has announced that it has fined North Somerset Council (NSC) and Worcestershire County Council (WCC) after council staff sent highly sensitive personal information by email to unintended recipients. The ICO fined WCC £80,000 for an incident which involved the disclosure of a large number of vulnerable people’s sensitive data to an additional email contact list including 23 unintended recipients. Meanwhile, the NSC was fined £60,000 after an employee sent five emails, including two with highly sensitive personal information about a child’s case review, to the wrong National Health Service employee.
The ICO found that both councils had failed to take appropriate measures to guard against the unauthorised processing of personal data, including appropriate data protection training for staff. Information Commissioner Christopher Graham said that “[p]ersonal information in cases involving vulnerable people is about the most sensitive personal information imaginable” and that “[p]eople who handle highly sensitive personal information need to understand the real weight of responsibility that comes with keeping it secure”.
ICO’s media release (28 November 2011)