Last week, Google announced changes in its privacy policies that will affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized the Internet services giant (Congress pdf; archive pdf) for not including an opt-out provision; Google said that users who objected could stop using its services and move their data elsewhere.

Now, CNet reports that Google is responding to the criticisms in a letter (pdf) to federal lawmakers and a blog post. CNet reports:

Google announced plans to rewrite its privacy policy last week. The revision will give the company explicit rights to “combine personal information” across the many products and services it currently offers.

“We’re not collecting more data about you. Our new policy simply makes it clear that we use data to refine and improve your experience on Google–whichever products or services you use,” Google said at the time. “This is something we have already been doing for a long time. We’re making things simpler and we’re trying to be upfront about it. Period.” Read more »

Illinois Attorney General Lisa Madigan recognized International Data Privacy Day and released the latest Information Security and Security Breach Notification Guidance (Illinois AG pdf; archive pdf). “In releasing her Information Security & Security Breach Response Guide, Madigan encouraged businesses and government agencies to establish an Information Security Program to understand the scope of the personal information they collect and to train employees how to properly maintain and handle information to prevent security breaches, which in turn can help prevent identity theft,” a press release said.

Here’s information from the guidance’s introduction:

The Illinois Personal Information Protection Act requires notification to Illinois residents in the event of an unauthorized acquisition of their personal information. Read more »

In the last few months, there have been reports about how smartphone users’ data could be quietly gathered and used by companies via software from a company called Carrier IQ. Sen. Al Franken (D-Minn.), chairman of the subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee, wrote to Carrier IQ demanding answers about how this technology affects cellphone users’ privacy. European officials are investigating the company for possible privacy violations. Carrier IQ spoke with the Wall Street Journal about its software.

Now, the Hill reports that Rep. Ed Markey (D-Mass), a co-chairman of the House caucus on privacy, has released a discussion draft (pdf) of the Mobile Device Privacy Act, which would require telecommunications providers such as Verizon, AT&T and Sprint to reveal if they are using data-tracking software such as Carrier IQ on mobile devices:

Consumers would have to consent to any data collection or transmission, and third parties would have to have policies in place to secure the data they collect.

Companies that want to transfer data to third parties would have to file applications with the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). Read more »

USA Today reports on how companies such as Google and Facebook are reacting to changes proposed in the European Union that would limit tracking of individuals’ online activities:

They may be battling each other tooth-and-nail to win over online advertisers. But Google and Facebook are on the same side when it comes to opposing new data-handling privacy laws fast-gelling in Europe and the U.S.

On Wednesday, the European Union formally proposed strict rules that could restrict much of the systematic tracking and profiling Google and Facebook routinely do of Internet users, as part of delivering targeted ads to them.

If Europe’s new rules are implemented as expected in 2013, the tech rivals could face hefty fines, up to 2% of annual revenue, for any violations. In Google’s case that translates into a maximum penalty of $800 million.

On Tuesday, Facebook Chief Operating Officer Sheryl Sandberg delivered a statistics-filled speech at a tech conference in Munich outlining how Europe’s proposed rules are very likely to stymie the global economy. [...]

Meanwhile, refinements announced this week by Google and Facebook, about how each tracks and profiles Internet users, added heat to the domestic debate over the need for new data privacy rules here in the U.S. Read more »

Last week, there was discussion of HB 2288 (pdf) in Hawaii, a bill that could have lead to the state keeping tracking of all Web sites visited, which would raise numerous privacy and civil liberties questions. Now, Computerworld reports that lawmakers in Hawaii have dropped the legislation:

Lawmakers in Hawaii on Thursday quietly dropped a bill that would have required Internet service providers to collect the detailed browsing histories of Internet users in the state and store the data for at least two years.

The bill, HB 2288, would have required anyone providing access to the Internet in Hawaii to maintain “consumer records” of every Internet user’s subscriber information and data such as the IP addresses, domain names and host names of the sites they visit.

In theory at least, the bill would have covered not only ISPs but also libraries, coffee shops and employers, the Electronic Frontier Foundation noted in a blog post Thursday. [...]

The bill was scheduled to be heard on Thursday before the Hawaii State Legislature’s House Committee on Economic Revitalization & Business (ERB). It was instead tabled, in what appears to have been a response to overwhelming opposition to the bill from many quarters. Read more »

In honor of International Data Privacy Day, Computerworld in New Zealand has rounded up what it believes to be the 15 worst Internet privacy scandals:

These high-profile privacy scandals involve many underlying technologies, from search to social media, e-mail to voice mail, mobile phones to Webcams to GPS. But at the heart of all of these privacy scandals are companies collecting personal data without the user’s knowledge or consent and then either sharing it with third parties or simply failing to keep it safe. [...]

1. Sony CD Spyware

Sony BMG ran into a major privacy flap in fall 2005 because of the anti-piracy measures called XCP that it added to music CDs. When a customer played one of these CDs on a Windows PC, the CD installed hidden rootkit software onto the PC that communicated the CD being played and the IP address of the PC back to Sony. This so-called spyware also created vulnerabilities on PCs for worms or viruses to exploit. Critics said Sony had created a backdoor onto its customers’ machines, leading Sony to recall the CDs and offer a free removal tool for the rootkit software. Class action lawsuits were filed against Sony in Texas, New York and California. The U.S. Federal Trade Commission required Sony to pay $150 to any consumer whose PC was damaged by the software as part of a settlement for violating federal law. (Also see: Sony BMG rootkit scandal – five years later) [...]

3. AOL Search Leak

In August 2006, AOL released a file containing 20 million search keywords used by 650,000 of its users over a three-month period. The file was supposed to be anonymous data available for research purposes, but personally identifiable information was available in many of the searches making it possible to identify an individual and their search history. AOL admitted it was a mistake to release the data and removed it from its Web site after three days, but by then the data had been mirrored at sites across the Internet. AOL’s CTO Maureen Govern quit two weeks later. In September 2006, a class action lawsuit was filed – that’s still lingering in California courts — against AOL demanding $5,000 per user.

4. Google Street View Read more »