Tag: data

By Emily Glazer, Deepa Seetharaman and AnnaMaria Andriotis for Wall Street Journal 

The social-media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking-account balances, as part of an effort to offer new services to users.

Facebook increasingly wants to be a platform where people buy and sell goods and services, besides connecting with friends. The company over the past year asked JPMorgan Chase JPM 0.37% & Co., Wells Fargo & Co., Citigroup Inc. C 0.01% and U.S. Bancorp USB 0.70% to discuss potential offerings it could host for bank customers on Facebook Messenger, people familiar with the matter said.

Facebook has talked about a feature that would show its users their checking-account balances, the people said. It has also pitched fraud alerts, some of the people said.

Data privacy is a sticking point in the banks’ conversations with Facebook, said people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many 87 million Facebook users without their consent.

One large U.S. bank pulled away from the talks due to privacy concerns, some of the people said.

Facebook has told banks that the additional customer information could be used to offer services that might entice users to spend more time on Messenger, a person familiar with the discussions said. The company is trying to deepen user engagement: Investors shaved more than $120 billion from its market value in one day last month after it said its growth is starting to slow.

Facebook said it wouldn’t use the bank data for ad-targeting purposes or share it with third parties.

“We don’t use purchase data from banks or credit-card companies for ads,” spokeswoman Elisabeth Diana said. “We also don’t have special relationships, partnerships or contracts with banks or credit-card companies to use their customers’ purchase data for ads.”

Facebook shares climbed sharply Monday on the news, rising 4.45%, marking the biggest one-day gain since last month’s historic drop.

Banks face pressure to build relationships with big online platforms, which reach billions of users and drive a growing share of commerce. They also are trying to reach more users digitally. Many struggle to gain traction in mobile payments.

Yet banks are hesitant to hand too much control to third-party platforms such as Facebook. They prefer to keep customers on their own websites and apps.

As part of the proposed deals, Facebook asked banks for information about where their users are shopping with their debit and credit cards outside of purchases they make using Facebook Messenger, the people said. Messenger has some 1.3 billion monthly active users, Chief Operating Officer Sheryl Sandberg said on the company’s second-quarter earnings call last month.

Alphabet Inc.’s Google and Amazon.com Inc. also have asked banks to share data if they join with them, in order to provide basic banking services on applications such as Google Assistant and Alexa, according to people familiar with the conversations.

Facebook has taken a harder public line on privacy since the Cambridge Analytica uproar. A product privacy team has announced new features such as “clear history,” which would allow users to prevent the service from collecting their off-Facebook browsing details. It also is making efforts to alert users to its privacy settings.

That hasn’t assuaged concerns over Facebook’s privacy practices. Bank executives are worried about the breadth of information being sought, even if it means their bank might not being available on certain platforms their customers use. Bank customers would need to opt-in to the proposed Facebook services, the company said in a statement Monday.

JPMorgan isn’t “sharing our customers’ off-platform transaction data with these platforms, and have had to say no to some things as a result,” spokeswoman Trish Wexler said.

Banks view mobile commerce as one of their biggest opportunities but are still running behind technology firms such as PayPal Holdings Inc. PYPL 0.62% and Square Inc. Customers have moved slowly, too; many Americans still prefer using credit or debit cards, along with cash and checks.

In an effort to compete with PayPal’s Venmo, a group of large banks last year connected their smartphone apps to money-transfer network Zelle. Results are mixed so far: While usage has risen, many banks still aren’t on the platform.

In recent years, Facebook has tried to transform Messenger into a hub for customer service and commerce, in keeping with a broader trend among mobile messaging services.

A partnership with American Express Co. AXP 1.04% allows Facebook users to contact the card company’s representatives. Last year, Facebook struck a deal with PayPal that allows users of that payment service to send money through Messenger. And Mastercard Inc. MA 0.54% cardholders can place online orders with certain merchants through Messenger using the card company’s Masterpass digital wallet. (A Mastercard spokesman said Facebook doesn’t see the card users’ information.)

Rain takes on Vodacom, MTN

By Nick Hedley for Business Day 

The new mobile operator backed by prominent businessmen Patrice Motsepe, Paul Harris and Michael Jordaan is taking the fight over data prices to sector giants Vodacom and MTN.

Rain, a data-only network operator that launched mobile services two weeks ago, wanted to win over its rivals’ heavy data users with a simpler offering and competitive prices, CEO Willem Roos said.

Amid a decline in traditional voice revenues and public scrutiny over connectivity costs, data is becoming a major battleground for SA’s telecommunications companies, and the market is ballooning – Vodacom, MTN, Cell C and Telkom generated a combined R47bn in data revenues in SA in their financial years ended December and March.

Rain does not offer traditional voice services, but sells data for R50 a gigabyte, while outside of peak evening hours, its customers can use unlimited data for R250 a month, according to Roos, the former CEO of Outsurance.

In the two weeks since launching the product, “our business volumes have surprised us slightly on the positive side, particularly since we didn’t do any advertising”, he said.

“I really think we’ve addressed a few pain points in the market that customers have experienced, and although our offering is somewhat limited geographically and in being data only, for customers where that makes sense, I think it’s quite a compelling product.”

The metropolitan-focused operator plans to grow its network from 2,100 cellphone towers to 5,000 within the next three years.

Rain, which also offers fixed-wireless services, had mostly resolved “teething problems” related to delayed deliveries of SIM cards, Roos said.

The company, which is more than 40% black-owned, was promoting dual-SIM phones, where customers used Rain for data services and a rival’s network to make traditional voice calls. Roos said some customers were becoming comfortable with the idea of ditching voice-enabled SIM cards altogether and making all their calls on WhatsApp and other internet-based services.

With Rain’s coverage confined to cities and large towns, “we accept it’s slightly a niche product, but not small — I still think there are millions of people it would appeal to”.

Rain already lets Vodacom roam on its network and Roos said that it was considering giving mobile virtual network operators access to its spectrum and infrastructure.

“We have had discussions with a number of players. But I think the data-only aspect still needs to be proven, and we’re also keen on building our own business because the real value would lie in building a good retail business…. We’d like to become a decent-sized player.”

Africa Analysis director Dobek Pater said while it would take time for Rain to build market share, its mobile offering was likely to have a “significant” effect on the market.

It could stimulate competition by allowing new operators to use its network, while its larger competitors would probably have to reduce their data prices further, Pater said.

Bar some of Telkom’s offerings, Rain was the cheapest operator in the market for consumers who used less than 20GB of data a month.

“In terms of what Icasa [the Independent Communications Authority of SA] and the Competition Commission are trying to achieve in terms of reducing data prices and the cost to communicate, that will transpire to a large extent through private sector initiatives anyway. Competitive market forces will force prices down even further.”

By Tehillah Niselow for Fin24 

Liberty Holdings customers received SMSs on Saturday alerting them that personal information related to their insurance policies could have been stolen by an external party.

The Information Regulator, which has asked for information about the Liberty breach, is clearly concerned about the increasing number of cyber attacks affecting personal data in South Africa.

“Without a fully functional Information Regulator, these breaches will continue to occur without sanctions provided for in the Protection of Personal Information Act (POPIA),” said chairperson Advocate Pansy Tlakula.

Tlakula urged “the powers that be to assist it in fast tracking its operationalisation”.

According to corporate law firm Michalsons, certain limited sections of POPIA have already been implemented. However, the bulk of the legislation will only commence at a later date, to be proclaimed by the president. As there is a one-year grace period, the POPIA deadline might only be set for the end of 2019 or in 2020.

In the meantime, South Africans are coming under heightened attack from cyber criminals and hackers.

Andrew Chester, MD of Ukuvuma Security, told Fin24 that affected clients or users should immediately alert their banks and cellphone provider. They should also undertake a credit check as well as a Google search to determine whether their personal information is in the public domain.

Liberty email hack

In SMSs to clients on Saturday, financial services company Liberty informed them that its email repository had been breached by a third party trying to demand a “ransom” in exchange for the data.

Liberty has not revealed much about the breach, citing a police investigation. CEO David Munro confirmed that Liberty’s insurance clients were the only ones affected, and that none of its other business had been compromised.

The company said none of its clients have been impacted financially, and that individuals will be personally advised if their information has been affected.

ViewFines licence details

In May the Hawks, the State Security Agency and the Information Regulator said they would probe the breach of personal records of 943 000 South African drivers, allegedly from online traffic fine website ViewFines.

The information reportedly contained the names, identity numbers and email addresses of South African drivers stored on the ViewFines website in plaintext.

The ViewFines website is owned by Aggregated Payment Systems. News24 reported that its operations manager confirmed the company was “implementing security measures immediately” to improve the website after being informed of the breach.

The source of the data was located by Troy Hunt, an Australian security researcher and creator of the free service Have I Been Pwned, which checks whether an individual’s information has been compromised.

Facebook scandal

While Facebook founder and CEO Mark Zuckerberg had to face angry lawmakers in the US and European Union, it was reported that the data breach involving the UK political consultancy affected almost 60 000 South African users.

In May, the Information Commissioner’s Office of the United Kingdom (which regulates Facebook outside the US and Canada) advised the Information Regulator of South Africa that over 87 million people had been affected worldwide.

However, no evidence could be found of South Africans having been targeted, as the majority of users involved were in the US.

Master Deed’s data breach “biggest” digital security threat in SA

Hunt was once again instrumental in revealing what was known as the “biggest” data breach in South African history, together with iAfrikan CEO Tefo Mohapi in October 2017.

Over 60 million South Africans’ personal data, from ID numbers to company directorships, was believed to have been affected.

The information was traced to Jigsaw Holdings, a holding company for several real estate firms including Realty1, ERA and Aida. The information reportedly came from credit bureau agencies, and was used to vet potential clients.

The information trove was found not to have been hacked, as it was stored in an easily accessible manner on an open web server.

Ster-Kinekor’s database compromised

Movie theatre chain Ster-Kinekor was responsible for up to 7 million South Africans falling victim to a data leak in March 2017.

Fin24 reported that Durban developer Matt Cavanagh announced he had discovered a flaw in Ster-Kinekor’s booking website, and that he had reported it to the company.

There were between 6 and 7 million users in the database. Of those, 1.6 million people had email addresses linked to them on the movie theatre chain’s database.

By Harry Pettit for MailOnline 

An ’embarrassing’ leak shows the European Union has fallen short of its own data protection laws.

The European Commission’s website has published 700 records, including the names, addresses and mobile numbers of conference attendees, according to a report.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR).

The Commission has previously warned that those who breach these rules, which came into force last week, could face millions in fines.

Following the leak, a spokesperson said the authority was exempt from GDPR laws for ‘legal reasons’.

Officials in Brussels will follow a similar set of new laws that ‘mirror’ those laid out in GDPR.

These rules will not enter force until autumn, according to the Telegraph.

The spokesperson added that the Commission is ‘taking and will continue to take all the necessary steps to comply’.

GDPR aims to strengthen and unify data protection for all individuals within the EU, which means cracking down on how companies use and sell user data.

Under GDPR, companies are required to report data breaches within 72 hours, as well as allow customers to export their data and delete it.

Companies scrambled to comply with the rules before they were ratified on May 25 with the Commission threatening hefty fines for those who breached them.

The bureaucracy’s website exposed 700 records that include people’s names, professions, and even some postcodes and addresses.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation. GDPR aims to strengthen and unify data protection for all individuals within the EU.

The records, some of which featured the private information of Britons, were collected during EU meetings and conferences and stored on data spreadsheets.

Tech website Indivigital found the documents are among thousands hosted by the website Europa.eu that are freely accessible online.

Many of them could be found by simply searching for the document on Google.

This leak would constitute a breach of GDPR rules were the blunder committed by other organisations or businesses.

What is GDPR?

The General Data Protection Regulation is an EU-wide law that cam into force on May 25 2018.

It gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.

For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data.

It also grants users a right to easily access the data collected from them and transparency on how it is being used.

Everyday users have to do very little to comply with GDPR – it’s more targeted at big online businesses.

Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines.

This ends territorial-based accountability used by some firms not based in the EU to previously avoid sanction.

The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around leaks.

The weight of fines able to be issued has also increased under GDPR.

Regulators will be able to issue penalties equivalent of up to four per cent of annual global turnover or 20 million euro (£17.5 million) – whichever is greater.

For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.

Fines for such a breach can reach up to £17.5 million ($23 million) or four per cent of global turnover – whichever is largest.

Jon Baines, a data protection expert at law firm Mishcon de Reya, described the ‘irony’ of the EU’s admission.

‘Although the information disclosed here does not appear to be particularly sensitive, it does raise questions about the general level of compliance, and whether any further inadvertent disclosures have been made,’ he told the Telegraph.

Steve Gailey, security expert at database security firm Exabeam, added that the exposure ‘is embarrassing for the EU, coming hot on the heels of GDPR’.

By Scott Duke Kominers for Bloomberg 

How much is your privacy on Facebook worth?

This question has seen renewed attention following the revelation that political analysis firm Cambridge Analytica, hired by the Trump election campaign, gained access to the private information of more than 50 million users. One of the possible responses that’s generated some discussion is the creation of a paid tier that’s free of ads and data sharing. 1 Such an option would likely be socially beneficial and have considerable public appeal. But my guess is that it would be pretty expensive, too.

Let’s start with some rough calculations. Facebook’s annual ad revenue was about $40 billion in 2017, with 2.13 billion monthly active users. That means the average user is worth roughly $20 in ads to Facebook a year. That’s probably already a lot more than many users would pay for privacy on the social network.

But the price also depends on who would choose to pay for greater privacy. And it’s likely that many of the users who would opt for more protection could be worth more than $20 each to the company.

Why’s that? First, the value of keeping your data private increases with the amount of data you provide on the platform; by the same token, the more data you give Facebook, the better it can advertise to you. Similarly, you might find privacy especially valuable if there’s something unusual or unique about you that makes you especially easy to target.

The people who can afford a paid tier are on average wealthier; that too makes them more valuable to advertisers. And some of them already have browser ad blockers, so it’s hard to reach them via other channels.

To make up for those sorts of customers opting out of data sharing, Facebook would have to charge a lot more than the average of $20 just to break even. A back-of-the-envelope estimate based on the Pareto principle — 80 percent of the ad revenue coming from 20 percent of users — suggests that if mostly high-value users purchase privacy, then Facebook would need to charge closer to $80 a year.

That’s much more than even high estimates of the value most people attach to having access to Facebook. And it’s still a substantial underestimate of the likely price. According to Facebook’s annual report, the company’s 239 million North American users are responsible for a bit less than half of ad revenue; applying the Pareto principle to them would suggest annual privacy prices in the range of $325 a person.

If price alone were the question, Facebook might indeed want to charge huge amounts for enhanced privacy. The users who buy out won’t all be the most valuable users, and it would be pretty lucrative if the company could sustainably charge some customers much more for privacy than the annual ad revenue they generate. But that’s unlikely to work out in the long run.

Putting a high price on privacy would make it clear just how much Facebook’s user data is worth. We’d probably see increased calls to share that value by giving users a portion of revenues. The consumer-led drive for increased privacy would likely accelerate, too, prompting a growing number of users to leave the platform (assuming they can’t afford or are unwilling to pay for greater privacy).

A user exodus plus enhanced scrutiny of data practices would quickly eat away at the profits from offering the paid tier, making the whole thing a losing proposition.

Facebook must have run the numbers on this already, using much better information than we have here. The idea of a paid tier isn’t new; if Facebook hasn’t offered such an option, the company probably thinks it would be a money-loser. So if we want Facebook users to have control over how their data is shared, we may need outside pressure. The company isn’t likely to provide the option on its own.

It’s also worth noting that advertising and data sharing don’t have to be completely coupled. Facebook could enhance privacy directly by adopting data protection strategies based on privacy science, as Apple, Google, and the Census have in some of their applications.

Taking back your digital identity

We’re bringing information and devices online at an unprecedented rate, raising one of the fundamental questions of our time: how do we represent ourselves in this digital world that we are creating? And more importantly, how do we secure our identity in a digital world?

We’ve heard about blockchain for currencies and smart contracts, a compelling and crucial application is in securing online identity.

For four billion years, the genetic code has been life’s data store- containing not only instructions for but also the lineage of all terrestrial life. Over the past few hundred thousand years, a new species has emerged, one that is rapidly and inexhaustibly producing huge volumes of data of their own: humans.

A brief history of humanity’s data affair
We have observed the world and made sense of it through language for as long as we’ve existed. Armed with the technologies we developed, we peered inside atoms and learned something about the behaviour of the fundamental particles including electrons and photons that we have found there. Developing capabilities to manipulate collections of these units of electricity and light has led to a series of technological revolutions that has had a fundamental impact on how we store, analyse and communicate information about our world.

The network of networks, the Internet, has evolved over time from a range of contributing developments by mathematicians, scientists and engineers. In each decade from the 1940s inventions included the transistor, the computer, computer networks, remote access to computing power, software and documents, and finally by the mid-1990s, commercial service providers ensured increasingly global connectivity. Near-instant text and audio-visual communication, and the emergence of social media and online services across industries, have vastly transformed our society in a remarkably short space of time.

The benefits of increased connectivity come with the associated risk around how the information that we create, communicate and store can be intercepted, sometimes with malicious intent. Cryptography is the ancient art of achieving confidentiality by transforming a message such that is only intelligible to someone in possession of a key. Since the emergence of the Internet, a multitude of algorithms for data security have been developed, and global standards for encryption protocols provide some level of communications security over our computer networks.
Just months after the financial crash of 2008, the first digital currency to employ cryptography to solve the problem of double-spending without the requirement for a central trusted third party was proposed. That currency was Bitcoin, now valued at over USD 100 billion, and one of over 1000 different crypto-currencies. The technology underlying this decentralised capability is a distributed ledger, or blockchain. Transactions are recorded in blocks that are linked and secured by cryptography, these records are verified and stored across a network making the ledger resistant to modification.

The really interesting part is that blockchain, this combination of capabilities in computing, connectivity and cryptography, has applications not only in the financial world, but in any transactional environment, including for a decentralised personal data management system that ensures users own and control their data.

Ups and downs: the risks of exponential data
As of this year, the digital world’s data content is estimated at billions of terabytes, or zettabytes, 90% of which has been created since 2016. Information is an increasingly valuable commodity, and its acquisition, analysis and trade plays an important role across industries. And with one quarter of the world’s population using Facebook every month in 2017, a lot of this data is personal.

The rise of social media has led to new conceptualisations and discussions around identity, as we build representations of ourselves online. On the other hand, information about ourselves that we did not intend to be shared or distributed is also contributing to our digital profiles. Any organisation with stores of personal data can be hacked, be negligent, or even sell this data to external parties for profit, resulting in outcomes that range from spam to identity theft.

In 2013 and 2014, three billion Yahoo! accounts were hacked in what was the highest-profile digital identity breach at the time. In South Africa, more than 30 million identity numbers and other associated financial information was leaked online only last year. Regulators have been swift in their response: personal data protection regulations such as the European GDPR or South African POPI Act carry severe penalties to companies who act recklessly or even negligently with personal data.

Stunning revelations surrounding Facebook’s sharing of up to 87 million members’ data to a third party in the service of the last US presidential election has caused shockwaves across the world, wiping $100-billion off its market capitalisation and leading some analysts to speculate around fines that could amount to $2-trillion – 100 times larger than the biggest corporate fine in history.

One definition of personal data is an economic asset generated by the identities and behaviours of individuals, and the monetisation potential of its (mis)use is astounding. Services like messaging, search and navigation may appear free to use, but they actually come at a cost: your personal data, or perhaps more aptly called your consumer data. Because as has been said, if you’re not paying, you’re not the customer; you’re the product. The question of how to verify, secure and manage identity and personal data online is more pertinent today than ever before.

The strongest link in the (block)chain
Identification provides a foundation for human rights. An estimated 1.1 billion people worldwide cannot officially prove their identity, and we simply don’t know how many of the world’s more than 200 million migrants, 21.3 million refugees, or 10 million stateless persons have some form of identification. The World Bank estimates that 78% of these unidentified people are from sub-Saharan Africa and Asia.
The recent Blockchain Africa Conference in Johannesburg brought together like-minded innovators. Global Consent, based in Cape Town, is one such local player doing exciting things in the identity space. Consent is developing a blockchain-based trust protocol to independently authenticate identity and selectively exchange personal information. Consent is also the first Sovrin steward in Africa. Sovrin is the world’s first publicly available distributed ledger dedicated to digital identity. The code base of Sovrin is part of the open source Hyperledger project, which is governed by the Linux Foundation and backed by corporates including SAP, IBM, NTT and Intel. The infrastructure for ensuring consensus, security and trust around identity transactions on the Sovrin network is provided by globally distributed stewards like Consent, who independently own and operate nodes on the network.

Blockchain has impressive applications in a transactional environment, in this context enabling individuals to own and control their identities online in a decentralised personal data management system where records are verified and stored across a network making the ledger resistant to modification. Like any network, the strength of a blockchain-enabled personal data management system depends in part on its size. And given the size of the problem of personal identification in Africa, both online and off, we can look forward to ongoing discussion and adoption of technologies like blockchain to meet this challenge going forward.

So … developments in computing, connectivity and cryptography, have resulted in blockchain, the technological confluence of the three, with exciting applications in identification and securing personal data online. However, we live in the physical world, and biometric data will need to support the initial registration of an individual on such a system. A candidate for advanced biometric identity verification is a naturally occurring structure, which could also be the future of data storage, with a remarkable 700 terabyte capacity per gram- the ultimate unique identifier.

This structure is the DNA molecule, and despite significant achievements like determining its structure and sequence, science continues to grapple with the computational complexity of understanding life. The role of large portions of determined sequences remain a complete mystery. Life, and in particular humanity, is arguably the most mysterious phenomenon we have ever encountered, and we have a long way to go in terms of fully understanding ourselves.

One thing we have arrived at is a solution to taking back ownership of our identities in the digital world we are creating, through the compelling application of blockchain in the digital identity space.

By Adriana Marais, Head of Innovation at SAP Africa

By Lizzie Plaugic for The Verge

On a recent Sunday, creative director Jason Debiak was having breakfast with his family in New Jersey, when something strange happened.

“I was having an adorable breakfast with my family, my 2-year-old daughter and my wife,” he says. “Something came up [on my phone] and I usually try not to check my email, but I checked my email and it said, ‘You have 10 new matches on Match.com.’ I was like … what?”

Debiak’s long-forgotten — and, he assumed, long-deleted — dating profile from over a decade ago had suddenly been reactivated. “I log in, and there I am, from 15 years prior, with less gray hair,” he said. “And my whole profile is there, everything.” Judging by the messages he received, Debiak says it seemed like the account had been reopened for about a week.

“I contacted customer service, and they said, ‘Oh, we’re sorry you got email notifications. We’ll turn off email notifications,’” Debiak said. “And I was like, ‘No, you don’t understand. Not only do I not want email notifications – I don’t want to be on your website, ever.’”

Old, ‘deleted’ accounts reactivated
A Match Group spokesperson confirmed that a “limited number” of old accounts had been accidentally reactivated recently and that any account affected received a password reset. Match.com’s current privacy statement, which was last updated in 2016, says that the company can “retain certain information associated with your account” even after you close it. But that Match Group spokesperson also told The Verge that the company plans to roll out a new privacy policy “in the next month or so,” in order to comply with the EU’s General Data Protection Regulation (GDPR); under the new policy, all those years-old accounts will be deleted. The Verge has requested clarification on which accounts will qualify for deletion, and what “deletion” will specifically entail, but has not received a response as of press time.

In the past, it hasn’t been uncommon for dating websites to use and retain your data for research, marketing, or, as Match.com’s current privacy policy says, “record-keeping integrity.” In a 2009 ComputerWorld report, eHarmony’s then-VP of technology Joseph Essas said, “We have an archiving strategy, but we don’t delete you out of our database. We’ll remember who you are.” Herb Vest, the founder and CEO of the now-defunct dating website True.com, said in the same report: “The data just sits there.” Even if the profile reactivations were just a glitch in Match’s system, they’re a stark reminder that the internet doesn’t easily forget.

Although there is no federal data destruction law in the US, 32 states — including Texas, where Match Group is headquartered — have data disposal laws that require “entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.” In addition to that, 13 states, also including Texas, have laws that require private companies to maintain reasonable cybersecurity practices. If that sounds vague, that’s because it is. “A lot of this is still, I don’t want to call it amorphous, but it’s still being defined, frankly,” explains Scott Shackelford, an associate professor and Cybersecurity Program chair at Indiana University-Bloomington. “What ‘reasonable’ is, is a moving target.”

But that doesn’t change the fact that many former Match.com users feel blindsided by this, not to mention misled by Match. It’s not clear how many people saw their years-dormant Match.com profiles reactivated recently, but it’s not hard to find complaints about the ghost profiles online.

First launched in 1993, Match.com has since become a dating behemoth. Its parent company, Match Group, now owns dating apps like OkCupid, PlentyofFish, and Tinder. (It reportedly tried to buy Bumble last year, and it’s now embroiled in a messy lawsuit with the app involving trade secrets and intellectual property.) OkCupid allows users to delete or disable their accounts but still retains data. PlentyofFish and Tinder’s privacy policies both claim to retain data “only as long as we need it for legitimate business purposes and as permitted by applicable legal requirements.” Tinder, like Match.com. also notes it will “retain certain data” after you close your account.

“There probably are good reasons to keep deleted profiles for some period of time — for example, to prevent or detect repeat users or fake users, etc,” Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, wrote in an email. “But that doesn’t mean forever.”

Data is forever
Rob P., who had been an active online dater since around 2005, recently had his Match.com profile resurface, even though he’s engaged now. And his experience with Match.com’s customer service after the fact was frustrating. He just wanted someone to delete his profile, but no one would do it. “They kept using terminology that was… not saying it’s permanently deleted, just ‘unviewable’ or ‘inaccessible’,” he says. “And I kept saying, ‘It needs to be deleted.’”

Match Group has run into complaints about this before. A class action lawsuit filed in 2010 by former subscribers claimed that Match.com was trying to deceive users by keeping inactive and fraudulent accounts viewable. “With regard to inactive members (i.e., members who have cancelled their subscriptions and / or allowed their subscriptions to lapse),” the filing reads, “Match takes virtually no action to remove these profiles (that remain on the system, are searchable by members, appear as and are in fact counted among Match’s ‘active members’) for months and sometimes years after the individuals have become inactive.” The suit was dismissed in 2012 after US District Judge Sam Lindsay found that Match’s user agreement didn’t require it to remove these profiles.

In 2015, California resident Zeke Graf filed a class action lawsuit against Match claiming the company was knowingly violating a California civil code which requires every dating service contract to include a statement allowing the buyer to cancel their subscription. That lawsuit was later voluntarily dismissed by Graf.

In an increasingly privacy-conscious world, the sudden zombie appearance of an old social media profile would be an unnerving experience for anyone. But online dating, in particular, puts people in a vulnerable position, often encouraging users to reveal as much of themselves as possible. “You’re filling out questionnaires about your beliefs and feelings and who you are as a person,” Rob P. says. “Hopefully the algorithm uses that information to match you up with the best compatible mate, but it’s scary to think they’re holding on to that data even after you close your account.”

Ex-user Katie Storms also saw her account, which she deactivated in 2014, pop up again this month. She’s concerned about data privacy, but also the more immediate impact that a new dating profile could have on her current relationship. “Thankfully I am married to an incredible man who, I immediately told him, ‘Hey, this happened, and I’m concerned about it,’ and we walked through it together,” she says. “I can’t imagine… not that I want to be married to anyone who wouldn’t be understanding about it, but what if you were?”

Jason Debiak also told his wife about the rogue profile immediately, but he later found out that some of her friends had seen it, and thought it was evidence of something more sinister. “That would’ve caused quite an issue if I hadn’t seen those emails,” he says.

Zombie profiles can also affect current users, who, again, are putting themselves in a vulnerable position, only to be confronted with people who aren’t actually looking to date. “I felt like it was a little bit of a violation of privacy for me, and misleading to the people who are on Match.com right now looking for people,” Storms says. “I don’t blame those people who saw my profile and winked at me, but I’m sorry, I’m happily married.”

Data retention policies, especially in the US, can vary from company to company. Match Group owns data from thousands of users, and — as recent scandals and controversies regarding the consequences of user data retention have taught us — it doesn’t have to be completely transparent about what it’s doing with that data. But these reactivations are a reminder that the internet has a long memory, and the burden often falls on the user to be mindful of what they share. “Obviously we need more transparency and control over our own data,” Rob P. says. “But it feels like uncharted territory.”

By Alex Hern for The Guardian 

Facebook has started the process of notifying the approximately 87 million users whose data was harvested by the election consultancy Cambridge Analytica.

The social network eventually hopes to inform every user who was affected with a warning at the top of their Facebook news feed. For now, however, individuals can check by going to a new help page on the site or searching for “How can I tell if my info was shared with Cambridge Analytica?” in Facebook’s help centre.

Most users will see a message saying that “neither you nor your friends logged into ‘This Is Your Digital Life’”, the personality quiz that Cambridge Analytica used to gather its data.

Around 87 million individuals, including more than 1 million people in the UK, will receive a different response saying “a friend of yours did log in”.

That means that their public profile, page likes, birthday and current city were likely shared with the company, as well as potentially the contents of their news feed at the time.

Around 300,000 people – including 53 people in Australia, 10 people in New Zealand, and an unknown number of users in the UK – will receive a message informing them that they installed the This Is Your Digital Life app.

This means they almost certainly handed over the personal information of all their Facebook friends at the time, as well as formed part of the core group for the psychometric profiling that Cambridge Analytica carried out during the US election campaign.

Facebook has promised widespread changes to its platform to prevent further “abuse” of the sort it attributes to Cambridge Analytica. “These actions would prevent any app like [This Is Your Digital Life] from being able to access so much data today,” the company said in March.

High data costs hit low-income households

By Avantika Seeth for City Press

The high cost of data is seriously stifling the growth of South Africa’s lower-income households, leading to the digital divide leaving many behind in the fast paced world of information access and communication.

This is according to community advocacy organisation Amandla.mobi, who yesterday made submissions at the Independent Communications Authority of South Africa (Icasa) public hearings in Sandton.

An inquiry into high data costs was launched by Icasa last year, with the second draft of public hearings into the “end-user and subscriber service charter amendment regulations 2016” ending on Friday.

Amandla.mobi, who made submissions to Icasa on why data costs should be reduced, say that greater transparency of communication services needs to happen.

“What we are saying is that low income consumers are paying disproportionately higher charges and are in turn not seeing benefits of competition in comparison to high-income consumers who are able to buy larger quantities of data. The low-income consumers actually end up paying more for their data bundles,” Koketso Moeti, executive director of Amandla.mobi told City Press.

Moeti believes that the high cost of out-of-bundle data rates contributes to the general public, particularly those from lower income households, not benefiting from the online space.

“These days, more and more things are happening online. To apply for school, it has to be done online. To register a business, it has to be done online. Even government responsiveness happens more and more in the online space and the inability to access data holds people back from accessing these very basic, but necessary services,” Moeti said.

Moeti explained that two recommendations made in the submission need particular attention: the option of consumers to opt in and out of out-of-data bundle packages and that a restriction on the maximum difference allowed in pricing per megabyte between small and large bundles be implemented.

“Ultimately, those who are only able to afford smaller data bundles pay a higher rate per megabyte, than those users who purchase larger data bundles. A practical example is the Vodacom out-of-data bundle rate from 2017, which basically equates to a user paying R990 per gigabyte of data,” Moeti said.

The out-of-bundle rate, Moeti said, was based on Vodacom’s current 99c per megabyte out-of-bundle rate which came into effect on October 15 last year.

“As table 1 shows, out-of-bundle prices are 10 times higher than prices for 1 gigabyte and this in fact understates the problem. There is significant competition at the top of the market with promotional offers that offer higher-income contract consumers data at 0.03c or less. This means that those consumers who are using small data bundles or using data ‘out of bundle’ may be paying 50 times what richer consumers are paying,” Amandla.mobi said of the table.

Moeti added that some of the mobile providers such as Cell C and Telkom do provide good value packages for smaller data purchases.

Other industry players who also presented submissions included MTN, Vodacom, Cell C, and Telkom.

In 2016, Tariffic, the company that helps companies and individuals determine if they’re spending too much money on their cellphones, conducted research into the data costs within South Africa.

Tariffic found data prices in South Africa to be 134% more expensive compared with other Brics nations.

“Tariffic’s analysis shows that, once prices were converted to rands and re-based for the cost of living, South Africa was consistently the second most expensive for one, two and three gigabyte data contracts, with Brazil being the most expensive in all three cases. Data prices for South Africa were on average 134% more expensive than the cheapest prices in the group,” the report said.

“Data prices are comparably rather expensive in South Africa and there has been no major movement to reduce these prices, specifically for the low-value data bundles, which are in very high demand,” Tariffic chief executive Antony Seeff told City Press.

“Even though there is work to be done across the board with regards to data prices, if people are tired of high data prices, they can move networks to where prices are more affordable,” Seeff said.

By Avantika Seeth for City Press

They may not have the cachet of entrepreneurs, or geek chic of developers, but data protection officers are suddenly the hottest properties in technology.

When Jen Brown got her first certification for information privacy in 2006, few companies were looking for people qualified to manage the legal and ethical issues related to handling customer data.

But now it’s 2018, companies across the globe are scrambling to comply with a European law that represents the biggest shake-up of personal data privacy rules since the birth of the internet – and Brown’s inbox is being besieged by recruiters.

“I got into security before anyone cared about it, and I had a hard time finding a job,” said the 46-year-old, who is the data protection officer (DPO) of analytics start-up Sumo Logic in Redwood City near San Francisco.

“Suddenly, people are sitting up and taking notice.”

Brown is among a hitherto rare breed of workers who are becoming sought-after commodities in the global tech industry ahead of the European Union’s General Data Protection Regulation (GDPR), which goes into effect in May.

The law is intended to give European citizens more control over their online information and applies to all firms that do business with Europeans. It requires that all companies whose core activities include substantial monitoring or processing of personal data hire a DPO. And finding DPOs is not easy.

More than 28,000 will be needed in Europe and U.S. and as many as 75,000 around the globe as a result of GDPR, the International Association of Privacy Professionals (IAPP) estimates. The organization said it did not previously track DPO figures because, prior to GDPR, Germany and the Philippines were the only countries it was aware of with mandatory DPO laws.

DPO job listings in Britain on the Indeed job search site have increased by more than 700 percent over the past 18 months, from 12.7 listings per every 1 million in April 2016 to 102.7 listings per 1 million in December.

The need for DPOs is expected to be particularly high in any data-rich industries, such as tech, digital marketing, finance, healthcare and retail. Uber, Twitter (TWTR.N), Airbnb, Cloudflare and Experian (EXPN.L) are advertising for a DPO, online job advertisements show. Microsoft (MSFT.O), Facebook (FB.O), Salesforce.com and Slack are also currently working to fill the position, the companies told Reuters.

“I would say that I get between eight and 10 calls a week about a role (from recruiters),” said Marc French, DPO of Massachusetts email management company Mimecast. “Come Jan. 1 the phone calls increased exponentially because everybody realized, ‘Oh my god, GDPR is only five months away.’”

GDPR requires that DPOs assist their companies on data audits for compliance with privacy laws, train employees on data privacy and serve as the point of contact for European regulators. Other provisions of the law require that companies make personal information available to customers on request, or delete it entirely in some cases, and report any data breaches within 72 hours.

On a typical day, French said he monitors for any guidance updates for GDPR, meets with Mimecast’s engineering teams to discuss privacy in new product features, reviews the marketing team’s data usage requests, works on privacy policy revisions and conducts one or two calls with clients to discuss the company’s position on GDPR and privacy.

“Given that we’re trying to march to the deadline, I would say that 65 percent of my time is focused on GDPR right now,” said French, who is also a senior vice president of Mimecast.

The demand for DPOs has sparked renewed interest in data privacy training, said Sam Pfeifle, content director of the IAPP, which introduced a GDPR Ready program last year for aspiring DPOs.

“We already sold out all of our GDPR training through the first six months of 2018,” said Pfeifle, adding that the IAPP saw a surge in new memberships in 2017, from 24,000 to 36,000.

Those companies who have DPOs, meanwhile, are braced for poaching.

Many of those firms reside in Germany, which has long required that most companies that process data designate DPOs. They include Simplaex, a Berlin ad-targeting startup.

“Everyone is looking for a DPO,” said Simplaex CEO Jeffry van Ede. “I need to have some cash ready for when someone tries to take mine so I can keep him.”

Reporting by Salvador Rodriguez; Additional reporting by Stephen Nellis; Editing by Jonathan Weber and Pravin Char for Reuters

  • 1
  • 2

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top