FTC Sets the Pace; Brexit & Privacy
FTC Sets the Pace; Brexit & Privacy
What a busy few weeks it has been – both domestically and abroad.
Here in the US, the FTC continues to be an active privacy enforcer, with the announcement of increased penalties of up to $40,000 for some privacy violations of the Telemarketing Sales Rule (TSR), the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR), and the Children’s Online Privacy Protection Act (COPPA). The FTC also announced an important privacy settlement against mobile ad network InMobi over poor data collection practices concerning location data, as well as for COPPA violations. This case is important because it signals the FTC’s ongoing focus upon emerging industries, such as mobile ad tech and privacy.
In EU news, I was as surprised as anyone by England’s approval of the Brexit referendum to leave the EU. While I can’t pretend to know how this will play out politically, Brexit will nonetheless have significant privacy repercussions. Some thought leaders are already speculating whether England, if it indeed leaves the EU, will join the EEA, similar to Norway, and thus still have critical access to the EU market, or whether it will need to pass its own version of the GDPR and apply to Brussels for an “adequacy” designation in order to transfer personal data back to England. What a mess! But as I have long said, privacy means full employment opportunity.
On a brighter note, the EU and US have come to a formal agreement on the final framework of the Privacy Shield, amending some language to address concerns from EU privacy advocates. Some key revisions include a written commitment from the White House to not engage in NSA-style bulk collection of transferred data (unless under specific conditions in a “targeted and focused” manner), a requirement for companies to delete data that no longer serves the original purpose of collection, and for the US ombudsperson in charge of overseeing complaints to operate independently of national security services. According to commission officials, the revised framework has been sent to the Article 31 Committee of EU Members States for approval in July. I commend the negotiators on both sides of the Atlantic for their efforts and cool heads. Well done!
In Ghostery news, I was quoted in a Bloomberg article about Brexit’s impact on international digital marketing; be sure to read through for a good overview of various questions that have been raised. Additionally, CEO Scott Meyer was featured in a podcast on online business blog Growth Everywhere, where he speaks about Ghostery’s journey from conception to a successful and rapidly growing privacy business.
Finally, if you would like to receive the Dispatch via email every week, please sign up here and please follow me on Twitter at @CPORuback, where you can get even more insight and information on privacy and security topics.
Until next time,
Todd Ruback, Chief Privacy & Security Officer & VP of Legal Affairs
Last week, as the U.S. prepared for Chinese President Xi Jinping’s state visit, ostensibly to focus upon cyber-espionage, among other things, the U.S. Office of Personnel Management disclosed that hackers who had previously stolen privacy centric information from the agency also stole fingerprint data on up to 5.6 million federal employees.
While present use of biometric data is limited, some fear greater risk to the affected individuals as biometric information, such as fingerprints, become more commonly used as an access point as we move into the Post-Internet Age of connected sensors.
Apple announces that it will embed ‘content blocking’ functionality in iOS 9
Ghostery today announced a new industry study that identifies the hidden security risks associated with the rapid growth of digital marketing technology.
The Ponemon Institute today released the results of a new survey quantifying the effect of mixed content security warnings and impacts on customer attrition across major U.S. retail websites.
Please select which Ghostery resource you need from the list below.