OK Google. How do I turn location services off?
There was much furore this month when a report from the Associated Press revealed that Google continues to track location data even when users believe they have opted out of this service. Privacy campaigners and business leaders were quick to point out that this could the first real test of GDPR.
Several days after the news broke, an individual in California took to court to accuse Google of violating the state’s privacy laws. If the lawsuit is granted class-action status, Gizmodo writes that we could see the tech giant face law action from "practically every breathing American."
There’s no denying that location services can be beneficial for consumers, offering everything from traffic and weather updates to turn-by-turn navigation. But it is paramount that companies are transparent in regards to how they are collecting and using this data - as well as how to completely opt out of these services.
Location data is also one of the most identifiable pieces of information that companies can hold. Each individual has a unique time series, revealing home and work addresses as well as the specific routes people take to these locations. For this reason, it is notoriously hard to anonymise - and it is especially important that this data doesn’t fall into the wrong hands.
If you would like to know how to completely disable Google’s location services, The Guardian has written a how-to guide here.
Stand and deliver - or we’ll report you to the ICO!
High street health and beauty retailer Superdrug apparently became the latest company to fall victim to a data breach this month - but then again, they might not have been.
While the company admitted that personal details had been obtained by cyber criminals, they also claimed "there is no evidence that Superdrug’s systems have been compromised". In an email distributed to all online customers, the company’s CEO suggested that customer email and passwords were instead gleaned from other websites.
This attack on Superdrug follows an article by IDG Connect, which predicts that GDPR-based extortion could become the next cybercrime trend. In this scenario, hackers would either steal or pretend to steal personal data from a company’s systems before ransoming it back under penalty of being reported to the ICO.
GDPR guidelines legislate that companies should evaluate the risk of a breach and based on that assessment they should decide whether to communicate a potential breach to their customers. If they fail to act upon a breach within 72 hours, they risk being found in breach of the regulation and consequently a significant fine.
While the introduction of GDPR has undoubtedly been a good step forward in regards to protecting consumer rights, we can’t help but wonder if the sheer severity of its fines has unintentionally introduced an additional risk via GDPR-based extortion.
Digital birth control and anonymous data
Also this month, Wired reported on Natural Cycles - a digital contraceptive that uses body temperature measurements and menstruation data to inform users when it is safe to have unprotected sex. The mobile app was recently approved by the US Food and Drug Agency.
At the moment, the company does apparently share some data with drug regulators and academic research partners, but it is anonymised.
From our perspective, the fact that Natural Cycles choose to anonymise their data puts them above and beyond most companies handling personal data. They are certainly taking data privacy much more seriously, in terms of the status quo.
However, if the company does decide to one day sell this data to third-parties, it’s essential that they are clear and upfront about how it will be used.