jillybinks: ([House] WTF?)
I was thinking about occasionally blogging about the privacy issues that I learn through my work and my studies.* What I've found is that I learn about concepts that I really would have liked to know as a consumer. So, I figured that I would share information that applies to those situations that I see here in the online LJ world.

This [livejournal.com profile] theferret thing has raised an issue that's been bugging me for awhile. While it's a nitpicky response to something that's insulting on so many higher levels, others are discussing those issues. This is what I know and what I've reacted to.

Opt-in consent does not give you the right to do whatever the hell you want.

Let me give you a little background. The concept of opt-in was developed as a way to get consumer's consent for the actions of company's that are legally allowed and yet not always desired by consumers. In most cases, opt-in is currently being used to gather consent for certain marketing purposes. However, I've seen opt-in used as a phrase in more social situations and for the most part, people are doing it wrong.

Getting opt-in consent does not free you from having to follow the laws, be they legal, moral or social. In fact, when you get opt-in consent, you have established a contractual relationship with the consumer and therefore have to be very sure that you fulfill that contract exactly how you promise to.

In the case of the opt-in consent to public groping, just because you got the victims' consent doesn't mean that what you are doing is right or allowed. You still have to obey the social contracts and rules that we have in our society. Have their consent doesn't make it right.

Also, consent must be freely given in order to be valid. Can a social situation where there is a pressure to prove your sexual comfort ever lead to freely given consent? No.

I have one other point that has nothing to do with the Open Groproval Project. There seems to be a confusion regarding the use of opt-in consent and opt-out consent. This confusion is not limited to consumers but is something companies and some privacy professionals seem to get wrong.

Opt-in consent requires an action on the part of the consumer. The consumer must do something in order to show his or her consent. Opt-out consent requires the consumer to do nothing. To not tell the company that they do not want to participate.

When you are ordering something online and they are asking if you want to receive marketing materials from third-party partners, you must give them opt-in consent to give your email address to a third-party. If there is a tickey box next to that statement and the box is already checked, that is not opt-in consent. That is opt-out consent. In order to get opt-in consent, the box must be empty and the consumer must choose to fill it in.

It seems like a nitpicky detail but it shows a fundamental lack of understanding. Feel free to ask if you have any questions regarding opt-in, opt-out or any other kind of consent.

* I am not a lawyer and I do not play one on the internets.
jillybinks: ([Family Guy] Stewie Poppycock)
My task this weekend was to spend as much time as possible researching data privacy laws. This may have been the perfect time to make a questionable decision regarding the release of personal data.

As I may have mentioned in the last post, I'm seriously considering making a complaint to the Federal Trade Commission. The FTC has governance over a majority of the issues regarding US data privacy rules and regulations. I have several reasons for placing a complaint.

My specific concerns regarding Spokeo, my specific experience using the site and my legal research backing my worries. )

This is just a preliminary list of my thoughts. Feel free to question my assertions, to add your own concerns and so on. Also, feel free to let me know if you have questions or if you want more information on a specific law or issue.

Also, by request, I am unlocking these posts, since this Spokeo thing seems to be effecting far more users that I have access to. Please feel free to link to these posts. However, I ask that you not repost this data elsewhere for the time being. I'm trying to gather as much data as possible before I commit to any actions and I would like to keep this information on the downlow until I decide the best course of action.

However, I do want to make sure that people are able to get this information from somewhere. Right now, this site seems to be spreading like a virus and more and more people are being sucked in. It's really shameful.

ETA: The EU Privacy and Electronic Communications Directive (2002/58/EC) states that Individuals must give prior consent in the form of an opt-in prior to receiving email. The only exception to this rule is in the case of an existing customer relationship, which does not exist in this case.
jillybinks: ([UG] Daniel WTF?)
I can occasionally be an idiot. Especially before I've had my morning coffee. Also, this may be tl;dr, but I suggest you read it anyway.

I received an email like many of you might have had, stating that I was being searched for on Spokeo. Since the person who "sent" the email was a trusted friend, I signed up for the thing. However, I thought I was just creating a login using my email address and a common password that I often use. I didn't realize I was giving them access to my address book until it was too late.

Looking back at the system, I can see they mention it. However, the language is misleading. I also never realized and was never told that the data gathered from my email address book was going to be put into the system. I also was never told that an email was going to be going out to those people in my address book. I assure you, I would never have signed up otherwise.

I've been doing some research and I'm trying to find a way to get my data and all the data gathered through me purged from the servers. Here is what I've found.

Privacy Information
Privacy Policy
Terms of Use
Advertising Policy

According to these policies, the only data that is gathered is "public" data, namely data that anyone could find with dedicated use of their search engines. However, the worrying factor is that they make connections with this data which created a compiled database of more personally identifiable data than would normally exist in each separate source. Also, it seems as through they know just enough about the law to skirt around the edges of legality. However, I'm going to do a little more work on trying to see where I can find the loopholes.

If you are in the system and you are from the EU, you have much more power than I do. You have far more rights by law than I, as an American, can ever have. If you want to know more, I can tell you in detail what your rights are in regard to this system. However, because I do not have your rights, I can't bitch slap this site like I want to.

Here's what can be done. If you received the email, you can opt out of the emails, which I suggest that you do eventually. However, they seem to imply through their policies that the only way you can get your info out of their system is to change the privacy settings of the systems that they are getting the information from. Namely, things like amazon, facebook, pandora, twitter, digg, gmail, vox, stumbledupon, etc. If you received an email, it should tell you what systems you can be accessed on.

Feel free to email me and I can tell you if you're data is visible in my system and what information I can see about you. I'm planning on at some point contacting Spokeo and demanding that my data (and yours) be purged from the system. However, before I do so, I want to make sure that I've gathered as much data on this site as possible for any upcoming legal recourse. Also, I want to make sure that I can give you information about this system so that you won't have to sign on to see what people know about you.

If you have concerns or questions or would just like to bitch me out for being an idiot, please let me know. Comment here or send me an email at jillybinks (at) gmail dot com.

P.S. Much of this email was drafted at 4am when I woke up and was like OMGWTF Personal Data Breach. It is possible that I am overreacting, but I'm totally skeeved out by this site and what it can do and has done. I'm am also completely humiliated that it took 5 days for me to understand the ramifications of this system. This is what I do for a living and the fact that I was taken in so easy is embarrassing. It also seems to imply that this site is really good at sucking people in, but mostly, I think it means I'm an idiot.

Also, while I do this for a living, I am not a lawyer and I do not play one on the internets. I can help you out with sharing information that I know, but if you have real concerns, I would suggest either contacting one or contacting the State, Federal or International government agencies that assist with these matters. I can help you figure this out too.


jillybinks: (Default)

April 2011

345678 9


RSS Atom

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 21st, 2017 04:05 pm
Powered by Dreamwidth Studios