Online privacy

In 2016, Google changed its terms of service, allowing it to merge its trove of tracking and advertising data with the personally identifiable information from our Google accounts. Google uses, among other things, our browsing and search history, apps we’ve installed, demographics such as age and gender and, from its own analytics and other sources, where we’ve shopped in the real world. Google says it doesn’t use information from “sensitive categories” such as race, religion, sexual orientation or health.

All 2.2 billion people who use Facebook will soon see changes to their privacy settings, in response to a sweeping new privacy law in Europe — but American users won't see exactly the same thing as their European counterparts.

Facebook has quietly altered its terms of service, making stricter Irish data protection laws no longer binding on the vast majority of its users. Now, Facebook’s headquarters in California will be responsible for processing any relevant legal claims, and American law will be binding for those outside the European Union.

[Speech] As public attention has been drawn to the practice of collecting data, there is a heightened concern about the value of privacy and the value of consumer data. This concern is no longer limited to privacy advocates and policymakers who have sounded the alarm for years, only for their concerns to fall on deaf ears.

Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally. In a tweak to its terms and conditions, Facebook is shifting the responsibility for all users outside the US, Canada and the European Union from its international HQ in Ireland to its main offices in California. It means that those users will now be on a site governed by US law rather than Irish law.

If Facebook has to pay a  Federal Trade Commission penalty for the Cambridge Analytica data scandal, it will join a very short list of companies to have done so. Of 91 cases involving online privacy issues the Federal Trade Commission has brought since the first in 1998, just two companies have paid civil penalties specifically for violating adult users' privacy. They are Google, which paid $22.5 million in 2012 and Upromise, which paid $500,000 in 2017. The numbers aren't surprising to experts because of the constraints on the FTC when it comes to policing consumers' privacy rights.

Facebook outlined its data collection practices. According to Product Management Director David Baser, some third-party websites and apps send data about their users to Facebook, regardless of whether those users have Facebook profiles. In return for that information, Facebook helps those websites serve up relevant ads or receive analytics that help them understand how people use their services. The company gets this data from websites and apps that let people share or like posts using Facebook plugins, or log into the website with their Facebook accounts.

On April 12th, the Irish High Court elevated a series of questions to the European Court of Justice (ECJ, the Supreme Court of the European Union) regarding the validity of key legal instruments used by American tech companies to process Europeans’ personal data. Judge Caroline Costello of the Irish High Court is concerned about the national surveillance practices of the United States and the level of privacy rights observed there.

Thousands of free, popular children's apps available on the Google Play Store could be violating child privacy laws. Seven researchers analyzed nearly 6,000 apps for children and found that the majority of them may be in violation of the Children's Online Privacy Protection Act, or COPPA.  Thousands of the tested apps collected the personal data of children under age 13 without their parent's permission, the study found.