Google Offers Opt-out
The Dutch College Bescherming Persoonsgegevens (CBP) has announced that Google will offer wireless router owners the possibility of opting-out of the collection of data from their router. The option will apply worldwide, and follows enforcement action by the CBP in response to Google’s unauthorised acquisition of data from unsecured wireless networks.
The CBP advises that, notwithstanding Google’s announcement, it is still examining whether the company has complied with previously announced requirements.
CBP’s media release (15 November 2011)
Related media and news items:
Google’s media release (15 November 2011)
ZDNet UK: Google offers Wi-Fi database opt-out method (16 November 2011)
(Source: CBP; Google; ZDNet UK)
EU and US Initiate Air Passenger Name Record Protection Agreement
The European Commission (EC) has announced the initiation of an agreement with the US on airline passenger name records (PNR) to improve data protection and provide an efficient tool to fight serious transnational crime and terrorism. The agreement is envisaged to bring more “clarity and legal certainty to both citizens and air carriers”. “Privacy-friendly rules” have been incorporated in the agreement, requiring PNR data to be de-personalised six months after it is received by US authorities, transferred to a “dormant database” after five years, and destroyed after 10 years. The agreement also specifies the purposes for which PNR can be used by US authorities, including the prevention and detection of terrorism and transnational crimes, but excluding the investigation of minor crimes.
EC’s media release (17 November 2011)
EU Plans Web Privacy Laws Raising Potential Trans-Atlantic Disputes
Vivian Reding, European justice commissioner, announced she plans on revising the EU’s main data privacy law to require non-EU companies to conform to the strict rules on data collection. She also intends on adding tougher sanctions associated with the law. Reding expects to present these changes in January. Following this presentation, changes would then have to be approved by the European Parliament and Council of Ministers. If implemented, the updated law might force companies like Google and Facebook to re- think how they collect personal data from their users.
New York Times: E.U. to Tighten Web Privacy Law, Risking Trans-Atlantic Dispute (9 November 2011)
(Source: New York Times)
Consumers Lose Patience With Companies That Lose Data
Unisys has released its biannual Unisys Security Index, which compiles data from a survey of more than 10,000 people in 12 countries. The survey found that consumers have lost patience with companies involved in data breaches, with “virtually all respondents” indicating they would personally “take action of some kind after learning of a security breach involving their personal data”. Typical responses included closing accounts, changing passwords, publicly exposing the breach, taking legal action or avoiding online transactions. The index further recorded an 18% increase in the degree of concern about data security, compared with 2010.
Unisys notes that respondents from the US and Australia were most likely to want to publicly expose data breaches, with Unisys Asia Pacific security program director John Kendall suggesting Australian consumers would compensate for the lack of mandatory breach notification by using social media to express their dismay. Mr Kendall added that data security should be considered as more than an IT issue, as breaches have “real business and financial implications from the loss of customer trust and confidence”.
Unisys’s media release #1 (2 November 2011)
Unisys’s media release #2 (8 November 2011)
Related news item:
News.com.au: Survey warns business on online security (8 November 2011)
(Source: Unisys; News.com.au)
FTC Regulatory Action
The US Federal Trade Commission (FTC) has released the following media releases relating to recent regulatory actions: