|
|
 |
It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy.
- The Mozilla Foundation
|
|
|
Welcome to Snippets—The headline really says it all this week, but the Mozilla Foundation released a report concluding that data privacy in modern vehicles is "the worst." 🚗 This release comes as a fast follow from the California Privacy Protection Agency’s announcement earlier this year about actively investigating the data privacy practices of connected vehicles.
In other news, X (formerly known as Twitter) changed its privacy policy to note it may now collect biometric data, TikTok is opening a data center in Dublin, Montana passed a landmark genetic privacy law, and more.
|
|
|
|
|
Vehicle data privacy receives failing grade
|
 |
|
Alex Castro / The Verge
|
A recent report by the Mozilla Foundation called cars “the official worst category of products for privacy that we have ever reviewed,” noting that most automakers sell or share personal data, while offering users minimal means of data control.
|
- The report examined 25 car brands including Ford, Toyota, Volkswagen, BMW, and Tesla—all of which failed to meet minimum privacy standards due to collecting, sharing, and selling personal data ranging from driving habits to “sexual activity.”
- 84% of brands in the study were found to share personal data with data brokers and other businesses, 76% claimed the right to sell personal data, and 56% will share information with the government or law enforcement if requested.
- Tesla was singled out as the worst brand in the study, with researchers noting its AI-powered autopilot was "untrustworthy" due to its involvement in various crashes and fatalities.
|
|
|
|
|
|
|
Customers note Transcend "thrives on chaos" in 2023 IDC MarketScape report
|
|
Transcend is proud to be named a Major Player in the IDC MarketScape: Worldwide Data Privacy Compliance Software 2023 Vendor Assessment!
In the report, it was noted that, “Unlike first-generation data privacy compliance providers, Transcend fully automates many of the cumbersome and menial aspects of compliance.”
Learn more with a free excerpt of the report.
|
|
|
|
|
|
|
|
X changes privacy policy to include biometric data
|
 |
|
The Verge
|
X, formerly known as Twitter, updated its privacy policy to include provisions for collecting biometric information and employment history from users, with the stated purpose of enhancing safety, security, and identification.
|
- The new policy allows X to gather and use users' biometric data (which typically includes fingerprints, iris patterns, or facial features), but doesn't specify the exact type of data to be collected or the collection method.
- In addition to biometric data, the platform may also collect users' employment and education history, job preferences, and job search activity, likely tied to a new job search feature hinted at by X owner Elon Musk.
- This privacy policy change comes as X is already involved in a proposed class-action lawsuit for alleged violations of the Illinois Biometric Information Privacy Act (BIPA).
|
|
|
|
|
|
|
|
TikTok opens Dublin data center
|
 |
|
Getty Images
|
TikTok has launched its first European data center in Dublin. Part of an initiative called "Project Clover," the move is meant to address data privacy concerns linked to the company's Chinese ownership.
|
- While still emphasizing that TikTok has never shared data with Beijing, the social media company plans to migrate European users’ data to Dublin—with plans to open additional centers in Ireland and Norway.
- To further ensure security, TikTok has enlisted NCC Group, a third-party security company, to audit its cybersecurity and data protection measures.
- Project Clover follows a series of restrictions and bans on TikTok by institutions like the UK government, the European Parliament, and the EU Council, due to cybersecurity and privacy concerns.
|
|
|
|
|
|
|
|
- FitBit is facing three new GDPR complaints.
- Software engineers filed a class action against OpenAI.
- A BIPA class action against Microsoft was partially dismissed.
- 70% of VPN providers are violating GDPR, according to study.
- Reviewing Murena’s “de-googled” Android smartphone.
|
|
|
|
|
|
Montana leading the way on genetic privacy
|
 |
|
Basak Gurbuz Derman / Getty Images
|
Montana passed the Genetic Information Privacy Act (GIPA), one of the most comprehensive consumer genetic privacy laws in the nation—continuing to establish the state as a leader in comprehensive privacy protections.
|
- Since 2013, Montana has passed a series of privacy laws, starting with one requiring police to obtain a warrant for electronic device location data, a concept later adopted in California's CalECPA.
- The GIPA enacts requirements for companies processing consumer genetic data, including notice and consent provisions, transparency on data protections, and prohibitions on genetic data disclosures.
- The state has also enacted laws limiting the use of facial recognition, protecting online data privacy, and requiring a warrant for searching consumer DNA databases.
|
|
|
|
|
|
|
|
Apple under pressure from child safety groups
|
 |
|
John Taggart for The New York Times
|
Apple faces mounting pressure from child advocacy groups and investors to more actively monitor their devices for child sexual abuse materials, despite the privacy concerns that derailed a similar initiative in 2021.
|
- Child advocacy group, The Heat Initiative, has launched a $2 million advertising campaign urging Apple to detect, report, and remove child sexual abuse materials from its iCloud platform.
- Several investors have also called on Apple to publicly report the number of abusive images detected across its devices and services—with two planning to submit a shareholder proposal requiring the company to do so.
- Apple defended its decision not to scan iCloud, citing the risk of government surveillance and infringement of user privacy, but has released a feature for children’s accounts that pushes a warning if the account receives or is sent nude images.
|
|
|
|
|
|
|
AI Governance 101—your complete guide
|
|
AI governance is the process of building technical guardrails around how your organization deploys and engages with artificial intelligence (AI) tools. Applied at the code level, effective AI governance helps organizations observe, audit, manage, and limit the data going into and out of AI systems 🔄
Read our latest guide to explore why AI governance is so important, the pillars of effective AI governance, current and upcoming AI regulation, and more.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
