Mobile Privacy — The World Privacy Forum attended the NTIA Multistakeholder meeting as one of the core drafters of the code of conduct being considered by the NTIA Multistakeholder process. WPF and the other drafters are accepting comments from all stakeholders in preparation of the next iteration of the draft.
Facial recognition — Pam Dixon spoke at a CES panel on privacy issues in facial recognition technologies as part of the Leaders in Technology program at CES. The panel was moderated by Tony Romm of Politico and included FTC Commissioner Maureen Ohlhausen and Harley Geiger, legislative counsel for Representative Zoe Lofgren. Dixon spoke on the need for increased work on consumer options in a “sensor rich environment where there is no option to opt out by walking out.” Referenced in the panel was WPF’s report on digital signage and facial recognition, The One-Way Mirror Society.
Mobile privacy — Mobile app privacy is the topic of the multistakeholder process to be undertaken this week under the direction of the US Department of Commerce. Over the weekend, a NYT article revealed that mobile carriers received more than 1.3 million requests by law enforcement for mobile data, including requests for text messages. This article is a focusing event. It is a reminder that in mobile privacy we need to put the consumer first, focus on what is important, and apply responsibility for privacy and transparency throughout the hierarchy of mobile players, from carriers to platforms to app stores to publishers to developers. It is unclear yet what segments of the hierarchy require what amounts of the burden, but what is clear is that carriers will certainly need to do a lot. It is also clear that the idea of just an icon on a screen to communicate the idea of mobile privacy to consumers is a band-aid approach at best when faced with the truth of where some of the real risks are for consumers.
If the devices are left with older versions of the iOS4 software, the data stored on the iPhones and iPads will be unencrypted and can include latitude, longitude, when the location was visited, for how long, and the data could have been collected for as long as a year. Up to 2 MG of data can be stored, which can be a lot of location data.
Health privacy — The World Privacy Forum filed comments today about how medical records and other health information is intersecting with online advertising and online activities. The WPF comments were filed with the Department of Health and Human Services in response to its request for comments on personal health records, privacy, and social media.