Banner Image
qoute Image

Should we as a society really be going headfirst into virtual reality [...] before we have strong privacy legislation?

- Cooper Quintin, Electronic Frontier Foundation

Welcome to Snippets! Though techies and early adopters are eagerly awaiting Friday's launch of the long-awaited Apple Vision Pro, privacy experts aren't sold—citing the enormous quantities of data the Vision Pro, and other AR devices, consume. 

Plus, the California Attorney General announced an investigative sweep into popular streaming services, OpenAI has 30 days to defend a suit brought by the Italian DPA, research shows ambient light sensors can leak sensitive data, and more.


Privacy experts concerned about Apple’s Vision Pro


Elena Lacey/The Washington Post; iStock

With Apple's Vision Pro headset launching in the US on Friday, tech columnist Geoffrey Fowler is wary of the privacy implications of a device that contains two depth sensors, 6 microphones, and 12 cameras.
  • Though Apple has implemented partial data collection restrictions, privacy researchers have flagged new risks stemming from unclear guidelines on who gets to access home maps and data on in-house movements.
  • The author argues that for the goggles to deliver the promised experience, apps will need a ton of information on the user and their environment—information that could easily end up in the hands of data brokers.
  • Though it’s common knowledge that smartphones record user activity, the Vision Pro goes even further by scanning body movements and a user’s environment.

🌟 Attorney Heidi Saas on unleashing privacy magic

Join us February 14 at 9am PT for a captivating conversation with Heidi Saas, a privacy and technology attorney, and one of privacy’s OG superstars!

In this very special Valentine's day show, Heidi will share insights on her:

- Remarkable path into the privacy industry
- Top tips for building a successful privacy career
- Key privacy predictions for 2024
- Case studies of real-life privacy challenges

Reserve your spot now!


Streaming services face scrutiny for CCPA compliance


Patrick T. Fallon/Bloomberg via Getty Images

California Attorney General Rob Bonta’s office announced a new investigative sweep focusing on popular streaming platforms—alleging that many of these services are not CCPA compliant.
  • According to the statement, several of the companies in question have not followed opt-out requirements for the sale of consumer data to third parties.
  • Apps not providing easy opt-out mechanisms are also under the lens—with Bonta adding that consumers should be given opt-out choice across all devices connected to their account.
  • Offenders no longer have the cushion of a 30-day cure period, with specific windows allotted on a discretionary basis.


More Italian trouble for ChatGPT


Getty Images

In Italy, ChatGPT has landed in hot water again. Following a “fact-finding activity” that began in mid-2023, the Italian DPA concluded OpenAI has breached certain GDPR provisions—giving the company 30 days to present a defense.
  • Though details of the allegations aren't yet public, it’s believed they revolve around OpenAI’s collection and use of personal data to train the ChatGPT platform.
  • Age protections are also of concern. Last year the regulator called for an age verification system to shield younger users from inappropriate content.
  • Open AI has had a strained relationship with Italian authorities from the start. This current investigation was preceded by a month-long ban on ChatGPT in 2023, due to privacy concerns.

  • Minnesota primary voters will have to disclose their party.
  • Apple claims UK Home Office could veto new privacy features.
  • NIST seeks public input ahead of privacy framework update.
  • Italy’s DPA fines the city of Trento for AI misuse.
  • The privacy implications of three types of facial recognition.


Research shows new privacy risk from ambient light sensors


Alex Shipps/MIT CSAIL

MIT researchers have discovered that ambient light sensors, the smartphone components that adjust screen brightness in response to natural light, can compromise user privacy.
  • Ambient light sensors discreetly capture user interactions on the screen (scrolling, swiping, etc.), which could allow apps to obtain data directly from the screen without camera access.
  • Using a computational imaging algorithm, the researchers studied images of surroundings from the display screen’s perspective—finding the process could be deployed by hackers to reconstruct images of hand movements on the screen.
  • The researchers proposed a two-part solution: reducing sensor speed and precision, and introducing user permissions to restrict apps’ access to the sensors.


Monero’s privacy protections cracked, so says Finnish authorities



Finnish cybercrime experts claim to have made a breakthrough in tracing Monero transactions, potentially undermining the cryptocurrency's reputation for absolute privacy.
  • The experts claim to have calculated the likely outcome of a Monero transaction linked to a criminal case—though the methods used to trace the transaction were not disclosed.
  • The case involves Julius Aleksanteri Kivimäki, who allegedly hacked a health database and demanded ransom. He is suspected of using Monero to hide bitcoin payments received from victims.
  • The news was met with disbelief and outrage among Monero advocates, with some arguing the target was likely identified without needing to break Monero's encryption.

🏆 Get to know the 2024 Privacy First Award winners

As we all know, privacy pros do important work in a dynamic, often difficult industry—so this year, we're kicking off the Privacy First awards to acknowledge and celebrate those efforts!

The Privacy First Awards are a celebration of outstanding individuals pursuing better privacy for all—from legal experts to Chief Privacy Officers, engineers to security executives.

Transcend Horizontal Logo

Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.

You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.