Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

Maybe one of the biggest data privacy stories of September has been Mozilla's Privacy Not Included report on how car companies are handling consumer data.

In a first for the reporters, all 25 surveyed car companies failed the privacy test, making cars the worst product category the team has ever investigated. That's horrifying for a few reasons:

a) Car companies are some of the largest companies in the world, collectively worth trillions (!) of dollars.

b) In many parts of the world, a car is a necessity.

To see so many rich and powerful companies collectively ignore data privacy is disheartening. The report found that all 25 companies failed to adhere to data minimization practices, 84% say they can share or sell data without explicit and transparent consent, 92% offered drivers nearly no control over their data, and for most, it was unclear if they met minimum security standards. 

That could make a data breach at any of these companies catastrophically damaging for the millions of people who own those cars.

Newer cars are getting worse, as well, with most built within the past few years capable of transmitting data over cellular or wifi networks without you even knowing. 

This has resulted in incredibly intimate information about drivers being harvested and potentially shared by car companies, including: medical information, genetic information, how fast you drive, where you drive, and the songs you play in your car.

The scope of it is insane, but the improper collection and use of geolocation data by itself would be cause for alarm, seeing as where you go in your car could be extremely dangerous information in the hands of a bad actor or even the government.

People seem to have moved on from the initial explosiveness of this story (including the vague wording that cars could monitor your "sex life" that had people both giggling and worried), but it isn't something we can just forget about and continue on with our lives. 

One of the largest product categories in the world is a privacy nightmare, and we have to compel these companies to change. 

Product Spotlight 🔦

Every company's data ecosystem is unique, so we've added custom data types and subjects alongside the predefined list of data types to help you build the best data inventory possible.

Custom data types might be specific to a process at your company where newly created data types aren’t obvious or predictable, or you may just want a more memorable name for a specific data type that is critical for your business. 

No matter the situation, you now can clarify data types more thoroughly and even incorporate these data types in policy rules and reports to ensure data governance for even your most unique data sources.

Regulation Focus 🔬

EU Digital Services Act Article 12.1

"Providers of intermediary services shall designate a single point of contact to enable recipients of the service to communicate directly and rapidly with them, by electronic means and in a user-friendly manner, including by allowing recipients of the service to choose the means of communication, which shall not solely rely on automated tools."

The EU had another major data protection law come into effect in August, the Digital Services Act. The DSA is aimed at bringing tech giants more under the umbrella of data privacy to ensure they are responsibly handling data, applying to companies like Google, Meta, and Amazon.

Among the key aspects of the DSA are things like algorithmic transparency, with platforms needing to clearly disclose how automated content moderation tools works, further restrictions against the use of dark patterns to trick consumers, and most importantly, a ban on ads using profiling or targeting based on sensitive data.

All those are strides forward, but it is also interesting that the DSA requires these large companies to appoint what is essentially a DPO position on steroids. This is outlined in articles 11 & 12, and includes making it as easy as possible for members of the public to contact this representative. 

With how many people use the tools that are currently governed by the DSA, one person is likely not enough to actually read and respond to every legitimate consumer request, but opening up this level of transparency is an interesting start in the fight to contain Big Tech's data practices.

Founder's Corner 🎙️

CPO & co-founder Kobi Nissan

Q: After having more time with ChatGPT and the surge of new AI tools on the market, what are your current thoughts on AI?

A: For the overall scope and the fact that this time last year so few people had AI on their minds, it's still very impressive to me. I would caution against the kind of widespread use of large language models that some advocated for earlier this year, as companies still haven't put a thorough AI code of conduct in place and ChatGPT still is far from perfect. 

The generative AI tools that will come out soon will be a completely new frontier capable of amazing feats, and to make sure those tools are safe and compliant, we need to be having deeper conversations about the role of privacy in society.

Webinars & Events 📅

Next week the MineOS team is heading to San Diego for IAPP's Privacy. Security. Risk. 2023 conference! Our suitcases are packed full of awesome swag and we couldn't be more ready to meet so many amazing privacy professionals in one of America's best cities!

We're so excited that we wanted to help get the party going, which is why we're a sponsor for the pre-conference All California Privacy Happy Hour on Wednesday night as well as the Privacy Dreamland LGBTQ+ on Thursday. 

Register for Wednesday's **free** Happy Hour here: https://www.eventbrite.com/e/all-california-privacy-happy-hour-tickets-721446374527?aff=oddtdtcreator

Buy tickets to Privacy Dreamland here:

https://www.eventbrite.com/e/an-lgbtq-allies-mojo-dojo-casa-house-party-the-ultimate-iapp-afterparty-tickets-716079502067

Talk about

data privacy

with us:

press@saymine.com 

How did you like this month's issue?