If you’re looking to give the gift of privacy this holiday season, you might want to check out the 2022 edition of Mozilla’s Privacy Not Included buyer’s guide, which was released on Wednesday. The annual guide includes privacy reviews of over 75 popular consumer electronics goodies and will be continually updated throughout the season.

Possible gifts in the guide so far include the Apple Watch, Nintendo Switch, Amazon Echo, Garmin fitness trackers, Google Chromecast, Steam Deck, and the Meta Quest Pro.

According to Mozilla researchers, MetaQuest Pro can be especially challenging for privacy seekers. To get the full scoop on privacy for the gadget, a buyer would need to have at least 14 browser tabs open to peruse the privacy documents totaling 37,700 words — which is roughly 6,747 words longer than Dickens’ “A Christmas Carol.” And very little is interesting to read.

,[T]The question it comes down to is, does Meta/Facebook have your best interests at heart when it collects all the data Quest Pro is capable of collecting? Mozilla asks in its guide. “From Cambridge Analytica to where we are today with Mark Zuckerberg’s hopes for the metaverse, the answer to that question is an overwhelming no.”

Mozilla Privacy Not Involved Holiday Buyers Guide Infographic

Image credit: Mozilla

Meta is not alone in creating prolix privacy policies. The researchers noted that even products like the Amazon Echo Dot and Google Pixel watch come with multiple privacy policies for the hardware, apps and companies with which they share data.

“It sounds like the Rube Goldberg experiment privacy documentation companies are trying to throw at consumers,” Jan Caltrider, the guide’s lead researcher, said in a statement.

“If I am struggling to understand it as a privacy researcher, the situation for consumers is much worse. It’s not right,” he added.

Caveats and Hairsplitting

Jawwad Malik, security awareness advocate for KnowBe4, a security awareness training provider in Clearwater, Fla., stressed that the purpose of privacy policies is to inform users about how their information will be used and for what purposes so they can make informed decisions. Huh.

“When the policies are so complex and prohibitive to read, most people will just click through to use the app or service,” Malik told TechNewsWorld. “This puts them at risk because they may be consenting to have their information used in ways they are not aware or comfortable with.”

“Complex privacy policies make it more difficult than necessary for end users to fully understand the privacy they expect from the company and their rights as a user,” said Paul Bischoff, privacy advocate at Comparitech. consumer protection products.

“The more complex the privacy policy, the more you’ll find exceptions, warnings, hidden terms, and haircuts,” Bischoff told TechNewsWorld.

However, Daniel Castro, vice president of the Information Technology and Innovation Foundation, a research and public policy organization in Washington, DC, pointed out that privacy policies are often complex because digital products and services are complex.

Plus, he continued, the companies making these products face regulators not only in the 50 states but all over the world. “With these companies facing heavy penalties for any errors or omissions, it’s not surprising that lawyers have started writing these terms,” ​​Castro told TechNewsWorld.

“Many of these privacy policies are often ‘for lawyers, by lawyers’ for consumers,” he added. “These companies are not trying to defraud consumers – they are trying to avoid penalties. But if they oversimplify or generalize, they will face penalties like the nearly $400 million Google settlement.”

Save the Jargon for the TOS

Malik countered that while privacy policies are important to legally protect organizations that use customer data, they should be done in a transparent and easy-to-understand manner so that people can make the right decisions for themselves.

“While complex policies may provide some protection from litigation, they can open up a whole new set of challenges for organizations if they are found to be intentionally vague about how they deal with customers,” he said.

Because tech companies are so concerned about privacy-related litigation with their products or services, they are willing to write complex privacy documents that protect their own interests, often at the expense of the consumer, said Mark, president and principal analyst at SmartTech. Ann Vena of the Research in San Jose, Calif.

“Tech companies should be required to write more simplified privacy documents that consumers can understand,” Vena told TechNewsWorld. “Apple, in particular, is very good about this in its privacy policies which are often written in easy-to-understand language.”

“Privacy policies should be simple and human-readable. Save the legal jargon for terms of service,” Bischoff said.

Too many connections

Researchers at Mozilla noted that their privacy guide has become tighter than ever due to the increase in connected devices on the market.

“We are living through an unprecedented explosion of connected products,” researcher Misha Rykov said in a statement. “Now there are children’s toys, litter boxes, sunglasses and vacuums that connect to the Internet – and then scoop up and share precious personal information.”

Caltrider said what many consumers don’t realize is that every connection from a device to the Internet opens an entry point into their homes. He told TechNewsWorld, “Combine that with the apps you need to control these devices — apps that control microphones and cameras and can access contacts and location information — and it’s about privacy.” Raises a lot of questions.”

“If you try to read the privacy policies of everything you bring into your home, it’s nearly impossible,” she said. “I do this for a living, and it makes my head spin trying to understand Amazon, Meta, or Verizon’s vast network of privacy policies.”

privacy trade-offs

For people who want to protect their privacy and don’t want to read privacy policies, there are measures they can take, although they often require trade-offs.

“It’s possible to prevent unwanted tracking by disabling Wi-Fi connections on devices that don’t require core functionality, such as smart TVs,” explained Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration consultancy. Testing Company in Scottsdale, Ariz.

“Not connecting the TV to a network prevents the manufacturer from collecting tracking data or injecting ads into the interface, but the trade-off is that you may not get any firmware updates that could introduce additional features.” is or can fix known issues,” Clements told TechNewsworld.

“Consumers should be especially wary of cheap no-name devices equipped with microphones or cameras,” he warned. “There are numerous examples of manufacturers recording and sending all sensor data back to overseas servers without the user’s consent or knowledge.”

However, he acknowledged that in practice, it can be challenging to thoroughly understand the privacy implications for any given product. “There are a lot of legal loopholes that can be built into complex confidentiality agreements, as well as few good ways for the average person to confirm whether manufacturers are living up to their end of the agreement,” he added.

Data privacy laws are becoming a major focus globally as businesses scramble to meet new compliance obligations.

Privacy rules generally oblige any business or organization to securely store all data collected or processed by them. What they do with that data is strictly regulated.

According to a Gartner report, by the end of next year about 65% of the world’s population will have their personal data covered under modern privacy rules. Following these extended rules can be challenging.

The harvesting of personal data from electronic transactions and the increasing use of the Internet over the past 20 years have seen companies have almost free reign.

Many organizations involved in international commerce must modify their procedures in line with the new law. This is a priority for transactions and correspondence involving e-commerce and social media.

Expanding consumer mistrust, government action, and competition for customers prompted some governments to introduce stricter rules and regulations. Its effect is changing the conditions of a no-man’s land, which has allowed both large companies and small businesses to run rampant with people’s personal data.

“The biggest challenge companies face by far is maintaining the amount of data they manage, which is subject to ever-changing data privacy requirements,” Neil Jones, director of cybersecurity evangelism at Egnyte, told TechNewsWorld.

Classification of different demands

The European Union has a General Data Protection Regulation (GDPR). According to Jones, in the UK and Continental Europe, data privacy has generally been viewed as a fundamental human right. In the US and Canada, businesses must navigate around a growing patchwork of state and provincial laws.

Data privacy law in the US and Canada has traditionally been more fragmented than in the UK and Europe. Canada’s Quebec, and the United States’ Utah and Connecticut are the latest to enact comprehensive data privacy laws, joining the US states of California, Virginia and Colorado.

By the end of 2023, 10% of states in the US will be covered by data privacy legislation, Jones said. The lack of a universal standard for data privacy has created an artificial layer of business complexity.

In addition, today’s hybrid work environment has created new levels of risk, with complex compliance with myriad privacy concerns.

what’s at stake

To increase productivity, organizations may need to ask employees detailed questions about their behavior and work-from-home arrangements. According to Jones, these types of questions can create unintended privacy implications of their own.

The recent convergence of Personally Identifiable Information (PII) and Protected Health Information (PHI) has put even highly confidential data at risk. This includes confidential test results such as workers’ compensation reports, health records of employees and patients, and COVID-19 information.

“With 65% of the world’s population expected to have personal data covered under privacy regulations by next year, respecting data privacy has never been more important,” Jones said.

cloud privacy barriers

Data privacy and security are the top challenges for implementing a cloud strategy, now rebranded as Foundry, according to a recent study by IDG. In this study, the role of data security was a major concern.

When implementing a cloud strategy, IT decision makers or ITDMs are facing challenges such as controlling cloud costs, data privacy and security challenges, and lack of cloud security skills/expertise.

With more focus on securing privacy data, this problem becomes bigger as more organizations migrate to the cloud. The two main obstacles the IDG study found were data privacy and security challenges and a lack of cloud security skills/expertise.

According to Foundry, spending on cloud infrastructure has increased by about $5 million this year.

“Although enterprise businesses are leading the charge, SMBs are not far behind when it comes to cloud migration,” said Stacey Rapp, marketing and research manager at Foundry, when the report was released.

“As more organizations move towards living entirely in the cloud, IT teams will need the appropriate talent and resources to manage their cloud infrastructure and overcome any security and privacy barriers that may occur in the cloud,” he said.

obtaining compliance

Organizations can successfully prepare for data privacy legislation, but doing so requires making data privacy initiatives a “full-time job,” Jones maintained.

“Many organizations view data privacy as a part-time project for their web teams, not a full-time business initiative that can significantly impact customer relationships, employee morale and brand reputation,” he said. offered.

Beyond that step comes establishing holistic data governance programs that provide greater visibility into a company’s regulated and sensitive data. Added to this is working with trusted business and technology partners who understand the data privacy space and can help you prepare for rapidly evolving regulations.

Jones suggests that perhaps the most dynamic approach is to use advanced privacy and compliance (APC) solutions. It enables organizations to easily comply with global privacy regulations in one place.

Specifically, APCs can help achieve compliance by:

  • Managing Data Subject Access Requests (DSARs), such as the right of individuals to be notified of personal data collected on them, the right to opt-out of personal information being sold to others, or by collecting organizations right to be forgotten
  • Assessing the company’s compliance preparedness and scope with specific regulations (eg, GDPR, CCPA)
  • Create and review technical assessments of third-party vendors and evaluate potential risks to consumer data
  • Enhance cookie consent capabilities such as integration of cookie consent into compliance workflows

active labor

It can be difficult for companies to understand today’s rapidly evolving privacy landscape, as well as how specific rules apply to them, Jones said. However, by taking proactive steps, organizations can stay on top of data privacy regulations in the future.

Those phases include these ongoing tasks:

  • Monitor the status of data privacy regulations in the countries, provinces and states where the customer base resides
  • Create a data privacy task force that can improve organizational focus and increase senior executive focus on privacy initiatives
  • Be aware of new federal data privacy legislation such as the proposed US Data Privacy and Protection Act (ADPPA)

It is also important to note the long-term benefits of data privacy compliance. Specifically strengthening the company’s overall cyber security protections.