4 October 2011

HTC Joins Apple On The Road To Perdition


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Image: 800px-HTC_Evo_4G by Anya1986 on Flickr
800px-HTC_Evo_4G

Do you remember Apple’s disrespect of their customers’ privacy?

It now turns out that the Taiwanese

HTC ain’t any better

in that respect.

Privacy International, whom I follow on Google Reader issued an article citing a very detailed report prepared by Artem Russakovski, Justin Case and Trevor Eckhart and made available on the Android Police website.

It turns out that HTC, in the absence of any corresponding consent, collect the personal data of their users and share that data with third parties.

Assuming that HTC have deployed the same business model also within the European Union, they have committed some

serious breaches

under the applicable data protection and privacy legislation here.

First, HTC should be aware of the fact that by processing personal data they act as a data controller and are therefore under the obligation to process the data fairly and lawfully and only for an explicit and legitimate purpose.

Second, when processing personal data, HTC must ensure that the buyers and users of their mobile devices, i.e. the data subjects have served HTC with an

explicit consent

to that data processing.

Not that HTC fail to obtain that explicit consent, they moreover mislead their users!

It is said to work like that: HTC ostensibly offer their users the option not to allow the collection and use of personal information, but even if the users select that option, HTC collects and processes the data anyway.

And third, by so doing, HTC have failed to prevent an

unwarranted intrusion

into the private sphere of their users.

I think that HTC, being a major competitor to Apple, should offer its customers a set of good privacy options, in order to create an advantage over the Cupertino company.

Instead, HTC seems to have opted to spy on and fool their customers thereby joining Apple on the road to perdition…

How about you?

Would you prefer one mobile device manufacturer over another, if it offers you a better privacy protection?

30 April 2011

Sony PSN: Clueless And Breaching


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Playstation 3: Sixaxis Wireless Controllerphoto © 2008 włodi | more info (via: Wylio)

Not that I wish to blog so often on data protection, but some technology giants would not give me a break.

Last week I covered the (very likely) unlawful data collection practice of Apple’s iPhone and this week I decided to spend some words on the fact that

Sony Leaked Personal Data

particularly credit card data from its Play Station Network.

Ars Technica have been reporting during the last few days, here is the most current update as of the writing of this article.
According to Sony, “It is possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.”

What is this if not a

Personal Data Breach?

Some of you will remember that at the end of 2009 the European Union updated its Telecoms Package and, as a part thereof, the ePrivacy Directive. The European lawmakers sharpened the provisions on privacy and introduced a data breach notification requirement in order to prevent data loss debacles.

The updated ePrivacy Directive mandates that in the event of a personal data breach, providers of publicly available electronic communications services shall, without undue delay, notify the personal data breach to the competent national authority in charge for data protection.

Now read the italic type again. What providers does it cover? Only telcos, right? One could ask:

Must Sony Notify Its Breach?

Well, seemingly not under the ePrivacy Directive since Sony should not be defined as a telco.
Funnily, during the negotiations of the Directive’s final version, the European Parliament demanded that all providers of “information society services” be subjected to the data breach notification duty. Sony is, inter alia, a provider of information society services – check the definitions of the E-Commerce Directive (2000/31/EC). Hence, that demand would have covered Sony, had it only been implemented.

However, European Union Directives normally set only minimum requirements and leave member states with a certain amount of leeway as to the exact rules to be transposed.

Member states such as Germany, Spain, Austria and Ireland did not limit the data breach notification duty to only telcos. They rather chose to oblige the so-called data controller under the Data Protection Directive (95/46/EC). Thus, they have achieved a much broader scope of applicability.
Data controller’s definition clearly puts

Sony Under An Obligation

to notify the respective data protection authorities of above member states.
To the best of my knowledge, Sony has not yet undertaken such a notification – it has been dangerously clueless for more than two weeks instead.

What Is The Moral Of The Story?

The data breach notification was introduced as a consequence of recent years’ high-profile incidents of personal data loss across Europe.
Who forgot the T-Mobile data loss or the UK privacy debacles?
Now, it seems, Sony has joined the data breach elite.
See, what the consequence therefor will be.

 

11 March 2011

Digital Oblivion: To Be Or Not To Be?


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

1 if 3 Zoom blur experiment - Woodphoto © 2008 Mike Baird | more info (via: Wylio)

Have you ever tried to search the web for information relating to yourself?
If yes, how accurate were the results that showed up, say, in Google?
And what would you do if you found information or data that were not really up-to-date, or were inaccurate or even libelous?

Well, you might rely on the law of data protection and undertake certain actions. And if you are domiciled in Spain, which is known for its higher standards on data protection, your actions are likely to be more fruitful than elsewhere.
This is at least what the story of the Spanish doctor Guidotti Russo evidences.

Imagine

that a 20 years old newspaper article covering some accusations against you, is still being accessible via Google’s search engine. Imagine further that, in the mean time,  you have been cleared from all those accusations.
What would you do? Or put another way, what are the remedies you may rely upon?

The law on data protection

in the European Union is approximated by the Directive 95/46/EC. Accordingly, its Article 6 provides that “… every reasonable step must be taken to ensure that data which are inaccurate or incomplete… are erased or rectified.”
This is what Dr Russo appears to have requested before the Agencia Española de Protección de Datos, namely that Google be ordered to cease the access to that newspaper article.
Not surprisingly, Google, asserting the right to information access, did not obey and the issue landed before an ordinary court in Madrid.
From what I read, this court has been considering to ask the Court of Justice of the European Union for a preliminary ruling.

Other commentators on the Web did already make a link between this case and

“The right to be forgotten”

which the European Commission recently presented in its communication COM(2010)609. That oddly named right seems to be a part of Commission’s plan to revise the data protection rules, in order to strengthen individuals’ rights.
The Commission defines it as “the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired;”

Hmm, I do not see any significant difference to the language of the Data Protection Directive I quoted above. Do you?
So, I guess clarifications will follow.
Anyway, my personal opinion is that a right to be forgotten should result in a mechanism of data self-destruction or data fading away which individuals should be able to configure as they like. Equally important, such right should be incapable of being contractually waived. 

Once introduced, however, a right to be forgotten will very likely collide with another fundamental right –

The right to access information

It is obvious – in today’s information society the right to access information has become important more than ever. Data or information that is subject to a self-destruction will, however, seriously challenge that rights’s fundamental character.
At a first glance, this argument seems to hold water.
But hey! What data should the right to be forgotten concern?
Is it not about personal data?
And since it is, why should someone else’s right to access my personal data trump my right to determine whether that someone should access it in the first place?

Invitation to discuss

For me, the existence of a digital oblivion right evokes questions upon questions. It appears to be a really promising discussion topic, does it not?
Hence, do not hesitate to tell me what you think about it!

 

Did you find this article informative or helpful? If yes, you might want to share it by pressing one of below buttons or to otherwise tell your friends about it.