{"id":15273,"date":"2019-05-08T08:10:03","date_gmt":"2019-05-08T16:10:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/05\/08\/news-9022\/"},"modified":"2019-05-08T08:10:03","modified_gmt":"2019-05-08T16:10:03","slug":"news-9022","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/05\/08\/news-9022\/","title":{"rendered":"The top six takeaways for user privacy"},"content":{"rendered":"

Credit to Author: David Ruiz| Date: Wed, 08 May 2019 15:00:00 +0000<\/strong><\/p>\n

Last week, Malwarebytes Labs began closing out our data privacy and cybersecurity law blog series, a two-month long exploration spanning five continents<\/a>, 50 states<\/a>, just as many data breach notification laws, three non-universal definitions of personal information and personal data<\/a>, five pending US data protection laws, and one hypothetical startup\u2019s efforts to just make sense of it all. <\/p>\n

We published six high-level takeaways<\/a> from that series, focusing on what companies can and should do for data privacy compliance in the US and around the world. <\/p>\n

Today, we bring the focus back to users. Amidst never-ending data breaches and constantly-surprising company fiascos, here are six takeaways for anyone in the US who cares about protecting their online privacy, whether in a court of law or in a web browser. <\/p>\n

1. You are not alone<\/h3>\n

From January 14 through February 15, 2019, Malwarebytes surveyed nearly 4,000 individuals across 66 countries, asking them about their approaches to online privacy and cybersecurity. Do they care about online privacy? Do they do anything to protect their information online? Where do they admittedly fail? <\/p>\n

The results were clear: Almost everyone, no matter their age or postal code, cares about online privacy<\/a>. <\/p>\n

A full 96 percent of respondents said they care about protecting their personal information, while 97 percent said they take steps in protecting their online data. Those steps include refraining from posting any sensitive personal data online, using cybersecurity software on their machines, running software updates regularly, and verifying the security of websites before making any purchases. <\/p>\n

2. In the US, you have few legal options to assert your data privacy rights in court<\/h3>\n

Historically, the United States has approached data privacy legislation on a case-by-base basis<\/a>, writing and passing laws that protect specific types of data collected by industry-specific companies. <\/p>\n

There\u2019s a law that protects health care data handled by health care providers (HIPPA). There\u2019s a law protecting children\u2019s data that applies to companies that knowingly market their products toward children (COPPA). There\u2019s a law for video rental history, another for credit information, and another for banks, insurance companies, and certain financial institutions that collect personal information. <\/p>\n

However, the sheer volume of these sector-specific data privacy laws never coalesces into comprehensive, legal data protection for Americans. Instead, the laws interlink to form more of a net\u2014holes included<\/a>. <\/p>\n

As we wrote before: <\/p>\n

\n

\u201cIf a company gives intimate\u00a0menstrual tracking info to Facebook<\/a>? Tough luck. If a flashlight app\u00a0gathers users\u2019 phone contacts<\/a>? Too bad. If a vast network of online advertising companies and data brokers\u00a0build a corporate surveillance regime<\/a>\u00a0that profiles, monitors, and follows users across websites, devices, and apps, delivering ads that never disappear? Welcome to the real world.\u201d<\/p>\n<\/blockquote>\n

When a certain type of data isn\u2019t regulated by a certain law, consumers are left with little legal recourse, said Lee Tien, senior staff attorney for Electronic Frontier Foundation. <\/p>\n

\u201cIn general, unless there is specific, sectoral legislation, you don\u2019t have much of a right to do anything with respect to [data privacy],\u201d Tien said.<\/p>\n

Ouch. <\/p>\n

There is one caveat though…<\/p>\n

3. Companies cannot legally lie about how they handle your data<\/h3>\n

In the US, companies are bound by laws that prohibit \u201cunlawful, unfair, or fraudulent\u201d business practices, along with \u201cunfair, deceptive, untrue, or misleading\u201d advertising. Those laws also cover data protection practices. <\/p>\n

So, if a company says it will not sell your data, but it does, that company has broken the law, and it can be hit with a lawsuit. This same principle applies when a German automaker lies to the public about its \u201cclean diesel\u201d engines<\/a>, or when the world\u2019s largest social media company allegedly violates a privacy decree it made many years prior<\/a>. <\/p>\n

While these types of lawsuits can be filed by individuals, their success is limited. If, say, an individual wants to sue a company because of a data breach, that individual must first show that they personally suffered harm. Because of the myriad variables involved in any data breach\u2014the actual criminals who stole the data, the direct relation from a data breach to potential economic injury\u2014such harm is exceedingly difficult to prove<\/a>. <\/p>\n

In 2017, an Uber driver failed to meet just this requirement when he sued the company for a data breach that affected up to 50,000 drivers. <\/p>\n

The judge at his hearing told him: <\/p>\n

\n

\u201cIt\u2019s not there. It\u2019s just not what you think it is\u2026It really isn\u2019t enough to allege a case.\u201d<\/p>\n<\/blockquote>\n

Fortunately, there is yet another caveat. State Attorneys General, county District Attorneys, and city attorneys can sue a company for its deceitful business practices without<\/em> having to show personal harm. <\/p>\n

Those lawsuits have worked<\/a>. <\/p>\n

4. Take data privacy into your own hands with online tech tools<\/h3>\n

Filing a successful lawsuit\u2014or waiting around for a government attorney to file one for you\u2014is not the only way to protect your online privacy. Today, there are multiple online privacy tools that protect users from invasive online tracking, helping to put a wall between users and persistent online ads. <\/p>\n

Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse, said that users can protect their online activity by using a number of both privacy-focused web browsers and tracker-blocking browser extensions. Though Privacy Rights Clearinghouse does not endorse any products, Stephens mentioned the web browsers Brave and Firefox Focus\u2014which both automatically block online tracking\u2014and the browser extension Disconnect, which the New York Times chose as its favored anti-tracking tool<\/a>. \u00a0<\/p>\n

5. Beware of \u201cdata leakage\u201d<\/h3>\n

Stephens had more advice for users that want to protect their online information: Do not trust any app to leave your private data alone. <\/p>\n

\u201cWe have this na\u00efve conception that the information we\u2019re giving an app, that what we\u2019re doing with that app, is staying with that app,\u201d Stephen said. \u201cThat\u2019s really not true in most situations.\u201d<\/p>\n

Stephens pointed to several examples of mobile apps that have, for no discernible reason, vacuumed up user data, like the flashlight app that collected mobile contacts<\/a>. To avoid this problem, Stephens suggested users navigate the Internet on their mobile devices with a privacy-focused browser and not through any company-developed app. <\/p>\n

\n

\u201cQuite frankly,\u201d Stephens said, \u201cI would not trust any app to not leak my data.\u201d<\/p>\n<\/blockquote>\n

6. You might gain more legal data protections in the next two years<\/h3>\n

Data privacy is, finally, a hot topic for US Congress members. <\/p>\n

Last year, after the Guardian revealed how a political consultancy harvested the Facebook profiles of millions of unwitting users in a covert operation to sway the 2016 US presidential election, Congress responded. They called in Facebook CEO Mark Zuckerberg to testify. They peppered him with questions. They told him to his face that they would regulate his lurching social media behemoth. <\/p>\n

Since then, they\u2019ve held pursuit. <\/p>\n

They invited Google, Alphabet, Twitter, and Facebook executives to explain what their companies were doing to curb Russian disinformation campaigns, and they balked at Google\u2019s self-branded \u201cerror\u201d in failing to disclose the microphones installed in its Nest home security products<\/a>. <\/p>\n

This new Congressional temperament has resulted in multiple legislative efforts to protect Americans\u2019 data. Four US Senators and one digital rights nonprofit<\/a> have all proposed individual federal bills that would regulate how companies collect, store, share, or sell user data. Even the private search engine DuckDuckGo threw its idea into the ring<\/a> early this month. <\/p>\n

Though the bills lack a clear frontrunner, data privacy itself could remain an important topic in the 2020 presidential election. Three Democratic candidates\u2014Senators Amy Klobuchar of Minnesota, Cory Booker of New Jersey, and Michael Bennet of Colorado\u2014have authored or co-sponsored data privacy legislation in the past year.<\/p>\n

The post The top six takeaways for user privacy<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: David Ruiz| Date: Wed, 08 May 2019 15:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Amidst never-ending data breaches and constantly-surprising company fiascos, here are six takeaways for anyone in the US who cares about protecting their online privacy. <\/p>\n

Categories: <\/p>\n