To recap: In 2009, Google came under fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.” In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data. In April, the Federal Communications Commission decided (redacted pdf) that it would not take enforcement action against the company over this data collection and retention, but it would fine Google $25,000 for impeding the agency’s investigation into the private data collected and retained via its Street View product.

The online services giant also faced questions from states over the data collection. Last month, the Washington Post reports that Google has reached a settlement (Connecticut pdf; archive pdf) with 38 states and the District of Columbia over the collection and retention of individuals’ personal data through its Street View product, but the company will only have to pay $7 million total and implement a privacy program.

Now, the New York Times reports that Google will again pay a minimal fine over its Street View private data collection, this time to a privacy regulator in Hamburg, Germany:  Read more »

Education Week reports on a ruling by the U.S. Court of Appeals for the Sixth Circuit in the case G.C. v. Owensboro Public Schools (court pdf; archive pdf) concerning the privacy of students’ mobile phones:

In a novel decision, a federal appeals court has ruled that a Kentucky school administrator’s search of text messages on a student’s cellphone was unreasonable and violated the student’s rights under the Fourth Amendment.

A panel of the U.S. Court of Appeals for the 6th Circuit, in Cincinnati, ruled 2-1 on the legality of the cellphone search. It ruled unanimously that the student was denied due process when the district expelled him without a hearing for repeated disciplinary infractions. [...]

In September 2009, G.C. was seen texting on his cellphone in class, a violation of school rules. The teacher turned over the phone to another assistant principal, who read four of G.C.’s text messages on the phone. The assistant principal later testified that she knew of the student’s discipline issues and was looking “to see if there was an issue with which I could help him so that he would not do something harmful to himself or someone else.” Read more »

A couple of years ago, when Rebecca Skloot published a book about the fascinating story of Henrietta Lacks, her cervical cancer and what researchers did with it, news articles raised questions about the privacy of a person’s medical data and what rights a person has to their own tissue. Now, Skloot updates the story in an opinion column for the New York Times — and, now, there are even more genetic privacy questions:

LAST week, scientists sequenced the genome of cells taken without consent from a woman named Henrietta Lacks. She was a black tobacco farmer and mother of five, and though she died in 1951, her cells, code-named HeLa, live on. They were used to help develop our most important vaccines and cancer medications, in vitro fertilization, gene mapping, cloning. Now they may finally help create laws to protect her family’s privacy — and yours.

 The family has been through a lot with HeLa: they didn’t learn of the cells until 20 years after Lacks’s death, when scientists began using her children in research without their knowledge. Later their medical records were released to the press and published without consent. Because I wrote a book about Henrietta Lacks and her family, my in-box exploded when news of the genome broke. People wanted to know: did scientists get the family’s permission to publish her genetic information? The answer is no. [...]

The Article 29 Working Party announced (pdf) that it has released a joint “Opinion 02/2013 on apps on smart devices”  (Working Party pdf; archive pdf). The Working Party said in its announcement that the opinion “details the specific obligations of app developers and all other parties involved in the development and distribution of apps under European data protection law. Other parties include app stores, advertising providers and Operating System and device manufacturers. Special attention is paid to apps targeting children.” Here’s more from the joint opinion’s summary:

There are hundreds of thousands of different apps available from a range of app stores for each popular type of smart device. It has been reported that more than 1,600 new apps are added to app stores daily. An average smartphone user is reported to download 37 apps. Apps may be offered for little or no upfront cost to the end user and can have a user base of just a few individuals or many millions. Read more »

The New York Daily News reports on a bill introduced by N.Y. Assemblyman Daniel J. O’Donnell (D-Manhattan) concerning the privacy of student data. The bill, A06059 (Assembly html; archive pdf), seeks to prohibit the release of personally identifiable student information without either parental consent or, “in the case of students eighteen years of age or older the consent of the student.” The bill does include exceptions for disclosures required by law, a court order or warrant, or a contract with a third party but the contract must meet certain requirements. The bill includes biometric data — such as fingerprints, retina and iris patterns, DNA, facial characteristics and handwriting — as “personally identifiable student information.” The bill also includes disclosure requirements for “the department, district board of education or school” that shares the student data with other parties.

The bill comes after the Daily News reported that, “In an unprecedented move, education officials will hand over personal student data to a new private company to create a national database for businesses that contract with public schools. Working with the city, state education officials are already uploading private information about students — their names, addresses, test scores, learning disabilities, attendance and disciplinary records — into a $100 million database called inBloom.” Although “Officials vowed they would comply with a federal law, the Family Educational Rights and Privacy Act, which requires that the confidential information be protected,” there are protests from parents as well as student and privacy advocates.

ProPublica takes an in-depth look at data brokers, companies that compile information on individuals and the sell or use that data for marketing or other purposes:

Data companies are scooping up enormous amounts of information about almost every American. They sell information about whether you’re pregnant or divorced or trying to lose weight, about how rich you are and what kinds of cars you have. [...]

But many people still don’t even know that data brokers exist.

Here’s a look at what we know about the consumer data industry.

How much do these companies know about individual people?

They start with the basics, like names, addresses and contact information, and add on demographics, like age, race, occupation and “education level,” according to consumer data firm Acxiom’s overview of its various categories.

But that’s just the beginning: The companies collect lists of people experiencing “life-event triggers” like getting married, buying a home, sending a kid to college — or even getting divorced. Read more »