Reminder for any organization dealing with a Privacy Policy:

It's not the privacy policy that matters as much as your actual practices.

Your privacy policy *needs* to accurately and truthfully describe your practices. If it doesn't, you could get in a lot of legal trouble, even if you have "checkboxed" the privacy policy requirement.

WhatsApp’s €225M Privacy Fine Battle Heats Up: EU Court Adviser Backs Appeal.

#WhatsApp #DataPrivacy #EURegulations #TechLaw #DigitalRights #PrivacyPolicy #GDPR #LegalTech #CyberSecurity #BigTech #WhatsAppFine #EDPB #RegulatoryCompliance #EUCourt #TechNews

https://www.techi.com/whatsapp-wins-support-against-eu-privacy-fine/

Due to a recent update of Mozilla FireFox (MFF/FF) terms of service (addition) and an updated privacy policy of their web browser: You will no longer use it, instead find a downstream of FF or simply a google chromium downstream such as Ungoogled Chromium or LibreWolf/Tor Browser, and leave FF behind for good this time.

If you're using #Adobe #Acrobat you might want to check if your organization allows use of the by default enabled generative AI features: Acrobat sends the documents to cloud for processing, which likely goes against the data #privacypolicy of many orgs.

If unsure, go to Preferences > Generative AI and deselect "Enable generative AI features in Acrobat".

https://helpx.adobe.com/acrobat/using/disable-generative-ai.html

So, I'm at the stage of my career where I've started to *collect* Privacy Policies that I read and actually liked (no, there aren't that many).

How nerdy is that?

If you wrote (and implemented) a *good* Privacy Policy on the internet, you might have a secret fan

#Privacy #PrivacyPolicy

https://infosec.exchange/@Em0nM4stodon/112900168713829791

Refused to sign my doctor's office #PrivacyPolicy, because it's said something about advertising that I wasn't comfortable with. The receptionist of course looked at me like I was talking crazy, and suggested that if I didn't sign they can do whatever they want with my information.
Refusing to consent to having my information shared with advertisers means they can share my information with advertisers?? Looks like I have to go online and read it even more closely.

Roku just updated its 101 page, 128,189 characters long Privacy Policy.

For size comparison, the standard Mastodon and Threads post limit is 500 characters, Bluesky's character limit is 300, and xTwitter, 280 for free accounts/25,000 for paid X users.

Happy reading.

#Roku #privacy #PrivacyPolicy

https://docs.roku.com/published/userprivacypolicy?lid=3x4vp098jw92

Even if the fact pattern implied by this meme were literal truth, it would not LITERALLY be a reification of Cory Doctorow's (@pluralistic) enshittification concept; but it comes rather closer than any of us would want!

https://www.erosblog.com/2024/10/15/enshittification-of-a-restroom-near-you/

Insecure #Deebot #robotvacuums collect photos and audio to train #AI
#Ecovacs’s #privacypolicy allows for blanket collection of user data for research purposes, including:
- The 2D or 3D map of the user’s house generated by the device
- Voice recordings from the device’s microphone
- Photos or videos recorded by the device’s camera
It also states voice recordings, videos and photos that are deleted via app may continue to be held and used by Ecovacs
https://www.abc.net.au/news/2024-10-05/robot-vacuum-deebot-ecovacs-photos-ai/104416632 #privacy #surveillance

#Telegram Changes Policy, Says It Will Provide User Data to Authorities

Telegram updated its #privacy policy on Monday to say that the company will provide user data, such as IP addresses and phone numbers, to law enforcement agencies in response to a valid legal order.

The news is a significant shift in Telegram’s policies on providing data to law enforcement.
#tos #privacypolicy

https://www.404media.co/telegram-changes-policy-says-it-will-provide-user-data-to-authorities/

Your regular reminder that a privacy policy *must* describe an organization's real practices.

It is not a copy-paste compliance checkbox.
It is a contract with your users.

We need to normalize reading privacy policies, and shaming bad guys who assume you’ll agree to anything.

A friend sent me a cheap at-home sleep test, but their PP is OBSCENE. Basically you agree that your usage and health data can be shared with, or sold to data brokers, and is not protected by HIPAA.

Hell no! Get bent, #Lofta.

Why am I not surprised?

Sonos’ new privacy policy implies they now sell your data - 9to5Mac

https://9to5mac.com/2024/06/14/sonos-new-privacy-policy-implies-the-company-now-sells-your-data/

Want an example of a darn good #privacypolicy? I step through the 37signals privacy policy for HEY, explain how I think they're using it effectively as a market differentiator against @protonprivacy and others, and show a few places where I think it could be even better. I also highlight a few places where customers need to apply some critical thinking to what the policy actually says.

https://www.linkedin.com/pulse/what-customer-focused-privacy-policy-should-look-like-dr-todd-2zzye