1. Cloud computing and your privacy
The World Privacy Forum on 23 February 2009 published:
- a report “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing” (26 pgs, see also their summary of the report), with
- cloud computing privacy - tips for consumers (and also for business and government) – nothing unexpected, like “Read the Terms of Service. Then read the Terms of Service again”!
For those not familiar with the term, ”cloud computing” is basically where your data is stored and available online e.g. Facebook, YouTube, Flickr, emails on Hotmail etc. Very convenient as you can login from anywhere you have a Net connection, but it involves risks to your privacy and private information.
To quote from the WPF summary (my emphasis):
“The report finds that for some information and for some business users, sharing may be illegal, may be limited in some ways, or may affect the status or protections of the information shared. Even when no laws or obligations block the ability of a user to disclose information to a cloud provider, disclosure may still not be free of consequences.
The report’s warnings on cloud computing and privacy seem particularly timely given the recent furore over Facebook’s Terms of Service or TOS allowing them to keep and use all your data even after you closed your account (see e.g. New York Times report and BBC reports and Facebook’s resulting “Bill of Rights and Responsibilities”). And, last year, there was a furore over the TOS for Google’s new Chrome browser too.
Using Chrome isn’t exactly the same as putting your data and information into the “cloud”, granted. But the Chrome TOS incident illustrates the same general issue. And in fact these issues aren’t new, even in relation to cloud computing – e.g. the Pew Internet and American Life project issued a memo on the use of cloud computing applications and services in Sept 2008, noting their increasing popularity amongst Americans but that “their message to providers of such services is: Let's keep the data between us.”
So, for instance, some time back I blogged about:
- Facebook’s Hotel California where you could never delete your account once you joined (now fixed),
- Blogger’s Play which displayed bloggers’ uploaded images in a slideshow, and
- the importance of checking the TOS of your physical PO box provider if you want to stay anonymous) – yes, the issues aren’t even exclusive to the virtual world.
But the fuss clearly illustrates users’ increasing awareness of the fine print in the TOS of Web / internet services and their increasing concern about the risks to their privacy.
About time too, I say.
2. Privacy notices & your personal details – ICO consultation
As another sign of the growing realisation that this kind of problem needs to be addressed properly, on 12 January 2009 the UK information regulator, the Information Commissioner’s Office, had launched a consultation on a new draft Privacy Notices Code of Practice “designed to help organisations provide more user friendly privacy notices”. Particularly on their websites, of course, but it relates to all organisations that collect / store personal information about people.
To quote from the ICO (my emphasis):
“The ICO believes that some existing privacy notices contain too much legal jargon and are written to protect organisations, rather than to inform the public about how their information will be used… we want to ensure that privacy notices provide clear, user friendly information to the public about how their personal details will be used and what the consequences of this are likely to be”.
Not surprising and again about time too, I say!
If you do it by the closing date of 3 April 2009, us mere members of the public can respond on the draft Code of Practice on Privacy Notices too (e.g. if you don’t think it goes far enough to protect private individuals) - see the consultation page and their consultation response form (not a Web form but in RTF, and you have to save it in Word format and email it to email@example.com).
If these issues interest you, you may also be interested in:
- email spam and your privacy
- (by way of some light relief) that "data protection" can be abused by organisations too, as an excuse to refuse to give you information that you're actually entitled to get, usually from laziness or ignorance or excessive red tape rather than malice, but who knows...