Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens’ Sensitive Data

Sensitive Data

The U.S. Federal Trade Commission (FTC) warned this week that it
will crack down on tech companies’ illegal use and sharing of
highly sensitive data and false claims about data
anonymization.

“While many consumers may happily offer their location data in
exchange for real-time crowd-sourced advice on the fastest route
home, they likely think differently about having their
thinly-disguised online identity associated with the frequency of
their visits to a therapist or cancer doctor,” FTC’s Kristin Cohen
said[1].

The sensitive nature of information about users’ health and
their precise whereabouts has prompted the agency to caution
against opaque practices in the “shadowy ad tech and data broker ecosystem[2],” with consumers having
little to no knowledge of how their personal data is harvested,
used, and processed.

What’s more, mobile apps are known to embed software development
kits (SDKs) that claim to collect and share anonymized user
information with third-parties, including data aggregators that
gather such data from myriad sources and then sell access to
it.

“These companies often build profiles about consumers and draw
inferences about them based on the places they have visited,” the
FTC said, adding the abuse of mobile location and health
information exposes users to “significant harm.”

To that end, the consumer protection authority said it intends
to “vigorously enforce” the law should it uncover cases where
location, health, or other sensitive data are exploited for profit
or other ulterior motives.

“Companies may try to placate consumers’ privacy concerns by
claiming they anonymize or aggregate data,” it further stated.
“Firms making claims about anonymization should be on guard that
these claims can be a deceptive trade practice and violate the
FTC Act[3]
when untrue.”

Data anonymization refers to the practice[4]
of protecting private or sensitive information by stripping off
identifiers such as names, social security numbers, and addresses
that connect an individual to stored data.

CyberSecurity

However, it’s been repeatedly[5]
established[6]
that anonymized data can often be re-identified when combining
several datasets, forming a “surprisingly clear picture of our
identities.”

In 2016, a study[7]
found that any four apps selected at random can be used to
re-identify a user in a pseudo-anonymized dataset more than 95% of
the time based on information collected from 54,893 Android users
over a period of seven months.

Then last July, Vice took the wraps off[8]
an “entire overlooked industry” that explicitly functions to link
mobile advertising IDs[9]
(MAIDs) collected by apps to personally identifiable information
(PII), effectively defeating the anonymity protections.

References

  1. ^
    said
    (www.ftc.gov)
  2. ^
    data
    broker ecosystem     (thenextweb.com)
  3. ^
    FTC
    Act     (www.ftc.gov)
  4. ^
    practice
    (en.wikipedia.org)
  5. ^
    repeatedly
    (www.vice.com)
  6. ^
    established
    (www.vice.com)
  7. ^
    study
    (arxiv.org)
  8. ^
    took the
    wraps off     (www.vice.com)
  9. ^
    mobile
    advertising IDs     (thehackernews.com)

Read more