Google agrees privacy policy changes with data protection watchdog
Fri 30 Jan 2015, 15:40

Google has agreed to rewrite its privacy policy after pressure from the UK Information Commissioner's Office. The firm must make it easier for users to find out how their data is collected and what it is used for and submit to a two-year review. The deal follows an investigation by the regulator. Similar reviews are continuing elsewhere in Europe. It is understood that Google will seek to strike a similar deal with other European regulators. The Information Commissioner's Office (ICO) found that Google was "too vague when describing how it uses personal data gathered from its web services and products".

Passenger tracking in the EU will be as invasive as it is in the US
Fri 30 Jan 2015, 15:40

While the debate over an EU-wide scheme continues, the same scheme has been operating for all flights between EU member states and the US since 2001.

This blanket mass surveillance was instigated by the US in the wake of the 9/11 terrorist attacks, but put airlines in a bind: the US Department of Homeland Security demands the information from them, but European data protection law bars the transfer of data outside the EU.

Mexico City signs anti surveillance principles
Wed 28 Jan 2015, 22:00

For Mexico City, the International Data Privacy Day also marks the official endorsement by the Mexican Federal District data protection authority (InfoDF) of the International Principles for the Application of Human Rights to Communications Surveillance, 13 guiding principles about limiting surveillance. This is timely, as the Mexican Federal Telecommunications Agency (IFT) is currently developing guidelines for cooperation between the government and the Internet Service Providers. This guidelines are one step towards the implementation of the data retention mandate law adopted last year.

Chinese Supreme Court's interpretation on the publication of personal information on the Internet
Wed 15 Oct 2014, 11:42

In October 2014, the People’s Republic of China Supreme People’s Court issued interpretations regarding the infringement of privacy and personal information on the Internet. China has not implemented a comprehensive data protection law. Rather, data protection and privacy are regulated through several sector-specific laws.

In general, the Provisions prohibit Internet users and Internet service providers from using the Internet (or other information networks) to disclose or publish personal information. The personal information protected by this prohibition includes, at a minimum, personal genetic information, medical records, health examination materials, criminal records, home addresses and information regarding private activities. Disclosure or publication on the Internet (or other information network) may be permissible under certain circumstances.

US government healthcare website passes personal data to outside firms
Tue 20 Jan 2015, 21:00

The government’s health insurance website is quietly passing along consumers’ personal data to outside websites. The privacy concerns come against the backdrop Obama’s new initiative to protect personal data online.

In a recent visit to the site, AP found that certain personal details – including age, income and whether you smoke – were being passed along probably without your knowledge to advertising and web analytics sites.

Third-party outfits that track website performance are a standard part of e-commerce.’s privacy policy says in boldface that “no personally identifiable information is collected” by these web measurement tools.

Obama outlines new cybersecurity initiatives to protect consumers
Mon 12 Jan 2015, 23:00

Obama’s Student Digital Privacy Act would stop companies from selling student data to third parties, except for educational purposes, and from using such data to create targeted advertisements. The act is modeled on a California initiative that will take effect in January 2016.

Another proposed piece of legislation is the Personal Data Notification & Protection Act. If passed, it will require companies to alert customers within 30 days of discovering a security breach regarding customer information. It is meant to simplify the current framework for data breach notifications, which varies state by state.