4 October 2011

HTC Joins Apple On The Road To Perdition


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Image: 800px-HTC_Evo_4G by Anya1986 on Flickr
800px-HTC_Evo_4G

Do you remember Apple’s disrespect of their customers’ privacy?

It now turns out that the Taiwanese

HTC ain’t any better

in that respect.

Privacy International, whom I follow on Google Reader issued an article citing a very detailed report prepared by Artem Russakovski, Justin Case and Trevor Eckhart and made available on the Android Police website.

It turns out that HTC, in the absence of any corresponding consent, collect the personal data of their users and share that data with third parties.

Assuming that HTC have deployed the same business model also within the European Union, they have committed some

serious breaches

under the applicable data protection and privacy legislation here.

First, HTC should be aware of the fact that by processing personal data they act as a data controller and are therefore under the obligation to process the data fairly and lawfully and only for an explicit and legitimate purpose.

Second, when processing personal data, HTC must ensure that the buyers and users of their mobile devices, i.e. the data subjects have served HTC with an

explicit consent

to that data processing.

Not that HTC fail to obtain that explicit consent, they moreover mislead their users!

It is said to work like that: HTC ostensibly offer their users the option not to allow the collection and use of personal information, but even if the users select that option, HTC collects and processes the data anyway.

And third, by so doing, HTC have failed to prevent an

unwarranted intrusion

into the private sphere of their users.

I think that HTC, being a major competitor to Apple, should offer its customers a set of good privacy options, in order to create an advantage over the Cupertino company.

Instead, HTC seems to have opted to spy on and fool their customers thereby joining Apple on the road to perdition…

How about you?

Would you prefer one mobile device manufacturer over another, if it offers you a better privacy protection?

30 April 2011

Sony PSN: Clueless And Breaching


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Playstation 3: Sixaxis Wireless Controllerphoto © 2008 włodi | more info (via: Wylio)

Not that I wish to blog so often on data protection, but some technology giants would not give me a break.

Last week I covered the (very likely) unlawful data collection practice of Apple’s iPhone and this week I decided to spend some words on the fact that

Sony Leaked Personal Data

particularly credit card data from its Play Station Network.

Ars Technica have been reporting during the last few days, here is the most current update as of the writing of this article.
According to Sony, “It is possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.”

What is this if not a

Personal Data Breach?

Some of you will remember that at the end of 2009 the European Union updated its Telecoms Package and, as a part thereof, the ePrivacy Directive. The European lawmakers sharpened the provisions on privacy and introduced a data breach notification requirement in order to prevent data loss debacles.

The updated ePrivacy Directive mandates that in the event of a personal data breach, providers of publicly available electronic communications services shall, without undue delay, notify the personal data breach to the competent national authority in charge for data protection.

Now read the italic type again. What providers does it cover? Only telcos, right? One could ask:

Must Sony Notify Its Breach?

Well, seemingly not under the ePrivacy Directive since Sony should not be defined as a telco.
Funnily, during the negotiations of the Directive’s final version, the European Parliament demanded that all providers of “information society services” be subjected to the data breach notification duty. Sony is, inter alia, a provider of information society services – check the definitions of the E-Commerce Directive (2000/31/EC). Hence, that demand would have covered Sony, had it only been implemented.

However, European Union Directives normally set only minimum requirements and leave member states with a certain amount of leeway as to the exact rules to be transposed.

Member states such as Germany, Spain, Austria and Ireland did not limit the data breach notification duty to only telcos. They rather chose to oblige the so-called data controller under the Data Protection Directive (95/46/EC). Thus, they have achieved a much broader scope of applicability.
Data controller’s definition clearly puts

Sony Under An Obligation

to notify the respective data protection authorities of above member states.
To the best of my knowledge, Sony has not yet undertaken such a notification – it has been dangerously clueless for more than two weeks instead.

What Is The Moral Of The Story?

The data breach notification was introduced as a consequence of recent years’ high-profile incidents of personal data loss across Europe.
Who forgot the T-Mobile data loss or the UK privacy debacles?
Now, it seems, Sony has joined the data breach elite.
See, what the consequence therefor will be.