By Starr Drum

A quick guide to spotting issues with privacy laws.

Privacy law is growing and evolving at a rapid pace. It can be overwhelming even for practitioners specializing in privacy to keep up with the changing requirements and even more challenging for law students or attorneys specializing in other areas of law. To help you identify which privacy laws apply, I ’ve come up with an alliterative privacy issue-spotting mechanism: “the four Ps of privacy.”

The “four Ps” also serve as a useful tool for practitioners and organizations to ensure they are conducting a complete evaluation of relevant privacy issues to learn whether privacy laws are implicated and determine the scope that privacy counsel should consider and apply. Evaluating the four Ps of privacy is also a process I recommend my law students to follow when attacking their final in my privacy law class.

The four Ps of privacy are people, places, platforms, and purposes. Each one is covered in more detail below.


With very limited exceptions, privacy laws only apply where human people—natural persons—are involved. Typically, these people must be identified or identifiable by some means on an individual level to implicate privacy laws. If people are not involved, privacy laws are not in play.

If it turns out people are involved, there is a two-pronged assessment within this “P.” The first assessment involves what type of people are within scope, both on their own and in relation to the entity collecting their personal information. Employees? Customers? Prospective employees or customers? Patients? Website visitors? Adults? Children?

Second, what categories of personal information are being collected from or about these people? Names? Social security numbers? Fingerprints? IP addresses? Different privacy obligations apply to different types of people and the categories of personal information processed. Those requirements change further depending on how the remaining Ps come into play.


Geography, or “place,” plays a crucial role in the application of privacy laws. Privacy laws typically apply to residents of the jurisdiction where the privacy law has been passed. Still, some privacy laws cast a wider net and reach beyond their territorial borders. Much attention has been paid to privacy laws coming from places like California, Brazil, and Europe because of their broad potential geographic scope. Knowing the locations where the people involved live, work, and, potentially, travel will identify the geography-specific privacy laws that should be evaluated.


The mechanisms that are used to collect, store, or share information can alter privacy obligations. There are several privacy laws that only govern certain platforms, such as websites, phones, cameras, Internet of Things devices, and vehicles. Additionally, the owners of certain platforms such as mobile app stores and social media networks have imposed specific privacy requirements on their users.


Finally, the purposes for which information is being processed will round out the privacy identification process. Is the collected information being used for advertising? For treatment? For security purposes, such as to verify someone’s identity? The purposes of any personal information collection, use, and sharing, can trigger additional legal obligations.

Four Ps in Practice

The four Ps can help companies gauge overall privacy compliance or assess compliance obligations when they undertake new initiatives that implicate one or more of the four Ps. So, how does this work in practice? Say, for example, a brick-and-mortar retailer in Buffalo, New York, wants to set up a website to sell its merchandise and wants to start sending marketing emails to its customers. The company is based in New York, but its brick-and-mortar customers may be from other places, like Canada or Pennsylvania since the company is setting up a website that may sell merchandise to other jurisdictions. The people newly within the scope of this company’s potential privacy obligations are website visitors and customers. The platforms being added are a website and emails. Finally, the purposes of the website and emails are to facilitate e-commerce transactions and potentially to track individuals who access the website or open the emails and to market to them.

Going through the process of assessing the four Ps will set the company on the right path to identifying and evaluating the specific privacy laws it needs to consider as it undertakes new initiatives.

By Starr Drum

Starr Drum is a shareholder with Maynard Cooper & Gale in Birmingham, Alabama.

Sourced from ABA American Bar Association


Firefox offers the speed and convenience of Chrome—and protects you from prying eyes.

The web browser has become the central app on today’s computers. It’s where people check email and social media, message friends, read news, play videos and music, attend school, do office work, and have socially distanced online meetups. You can learn a lot about someone from what happens in their browser, and dozens of companies do just that with cookies and other tracking technology that build up advertising profiles. But it doesn’t have to be that way.

Google’s Chrome browser is fast and efficient. But Chrome has conflicting loyalties between its users and a parent company that is the world’s largest advertising firm. That’s not to say that Google is standing still. The new Chrome 86 includes an impressive list of security upgrades around areas such as password management and preventing harmful downloads. But privacy reforms still lag. For instance, Chrome has yet to disable third-party tracking cookies, although Google says it intends to in coming years.

But you don’t have to wait for Google. Firefox, a privacy-focused browser from the non-profit Mozilla Foundation, already blocks third-party cookies and a wide range of other tracking technologies. Firefox also offers many bonus features, such as the Pocket web-clipping tool and the ability to reformat web pages, so they are easier to read.

Mozilla has demonstrated a years-long commitment to its users as an alternative to big tech that puts people’s privacy and security ahead of everything else. Those efforts have accelerated in the past few years with the development of aggressive but user-friendly anti-tracking technologies, which helped Mozilla earn a nod as one of Fast Company‘s Most Innovative Companies of 2019.

And Mozilla continues to innovate. Most recently, it became one of the first browser makers (Google isn’t one of them) to adopt a new version of the Do Not Track signal. This one sends a signal to automatically opt the user out of the sale of their data under the California Consumer Privacy Act.

While that tech is still in its infancy, Mozilla also just made some concrete privacy improvements by upgrading its Enhanced Tracking Protection to more aggressively block snoops on the desktop. And for Apple users, Firefox is now a better alternative on mobile devices. The new iOS 14 and iPadOS 14 now let you replace Safari as the primary browser, so that links from email or other apps can automatically open in mobile Firefox.

Yet for all the new features Firefox brings, the transition from Chrome (or another browser) is a cinch. In minutes, you can be up and running with a new browser that offers all the conveniences of Chrome, along with better privacy.

If you’ve been putting of switching browsers out of laziness, we’ve got a handy guide to help you get set up. We’ll take you through the process of switching to Firefox and discovering key new features, including all of Firefox’s security and privacy services. Some, such as Pocket, you will access by clicking icons that appear along the top of the browser. Others you’ll reach by clicking on the “hamburger” button of three horizontal lines in the right-hand corner of the browser window and clicking through the popup menu.


After you download and install Firefox, it’s time to import key information like bookmarks and website logins from Chrome. This is the deepest rabbit hole you’ll have to go down when setting up Firefox.

First, click the three-line hamburger button and select Library. Next, click Bookmarks, then scroll to the bottom of the window and click Show All Bookmarks to open the Library window. Now click the third button from the left at the top of the window (featuring up and down arrows) and click Import Data from Another Browser. Follow the instructions to import your choice of cookies, browsing history, saved logins, and/or bookmarks from your old browser. To get a fresh start, free of any trackers, uncheck Cookies before the import.

Tip: you can also press Ctrl+Shift+B (Windows) or Shift-Command-B (Mac) to open the Library window.

Looking just to the left of the hamburger button you’ll come to a circular icon representing a person’s head and shoulders. This takes you to your Firefox account. By signing up for Mozilla’s free cloud service, you can sync all aspects of your browsing—such as bookmarks and history, or even open tabs—over the internet to other computers or mobile devices running Firefox. This account also enables you to use some cloud-based security features I’ll describe in a moment.

You can select what information to sync through the cloud, such as bookmarks and open tabs.


The top reason to switch to Firefox is for its enhanced privacy. Starting at the hamburger icon in the upper right of the browser, those features begin to emerge.

Encrypted DNS lookups
When you start using Firefox, you’ll see a popup pinned to the hamburger button that alerts you to the use of encrypted DNS lookups. Here’s what that means: Whenever you type in a site URL like “amazon.com,” your browser has to check something called the domain name system (DNS) to see what numerical IP address corresponds to the site name you’ve entered. Typically these lookups are unencrypted, potentially allowing an internet service provider (ISP) or hacker to retrieve a list of all the sites that you visit. Chrome encrypts DNS requests if your ISP offers the capability. Firefox is more aggressive, automatically routing all DNS requests to an encrypted service, regardless of the ISP you use.

Firefox automatically routes DNS requests to one of its carefully vetted encrypted service partners.

Protections Dashboard for privacy overview
Click the hamburger icon, and one of the first items you see is the Protections Dashboard. This takes you to the heart of Firefox’s Enhanced Tracking Protection, with a tally of all the trackers that the browser has blocked so far, and descriptions of how they work. This includes third-party (or cross-site) cookies: small files that reside in your browser and report the sites you visit back to marketers. Firefox also blocks tracking code in online ads, as well as “cryptominer” scripts that commandeer your computer to generate cryptocurrency, like Bitcoin. Finally, the browser blocks fingerprinting, which collects specific computer and web browser settings, such as the plug-ins installed, to develop an identifier for advertisers. (Enhanced Tracking Protection is enabled by default on the Firefox Android and iOS apps, too.)

The Dashboard shows tallies and explains the different kinds of trackers that Firefox’s Enhanced Tracking Protection automatically blocks.

To see what Firefox has blocked on the current web page, click the shied icon that appears just to the left of the address bar at the top of the browser window. (The icon turns from gray to purple when content is blocked.) A popup provides details on the specific trackers that have been blocked.

Click the shield icon to see what Enhanced Tracking Protection has blocked on a particular site.

Firefox Monitor for data breaches
Right below the Enhanced Tracking Protection summary, you will see an invitation to sign up for Firefox Monitor. It checks your email address against a database of emails that have been leaked (often along with passwords and other data) in security breaches over the years. If you sign up, a summary of breaches involving your email appears on the dashboard page. Now that you know what accounts have been compromised, you can change your login for the breached service, or shut down the account, to insure that hackers can no longer access it.

Firefox Monitor reports whether any online accounts tied to your email address have been compromised.

Lockwise password manager
The final element on the protections dashboard is Firefox’s password manager, Lockwise. By default, Firefox offers to save any username/password logins you enter on web sites. These go into Lockwise, along with any logins you may have imported from your previous browser when you set up Firefox. If you sign up for a new online account, Lockwise will offer to generate and remember a super-secure password when you right-click the password field on the website. Lockwise has Android and iOS/iPadOS apps, so you can sync logins through your Firefox account across all your devices.

Lockwise generates and remembers secure passwords that you can sync across devices via your Firefox account.

Facebook Container limits social network tracking
The hamburger icon menu has a lot more options, and one more is especially worth mentioning: Add-ons. Click on this, and search for the Facebook Container. This extension is designed to guard against the way that the social network tracks you across the web. For instance, those like and share buttons that appear on many web pages register that you visited the site featuring them, even if you never press the button. Facebook also places cookies to see if you visit the sites of its advertisers. The Facebook Container doesn’t affect your experience on Facebook itself, but it blocks Facebook’s tracking tools on all other sites.

The Facebook Container add-on prevents Facebook from seeing what other sites you are visiting in Firefox.


Switching from Chrome to Firefox doesn’t completely free you from Google, as it’s the default search engine for Firefox. Even with Firefox’s Enhanced Tracking Protection, Google can still track you through your IP address and through cookies that Google places when you use its search engine. (Firefox doesn’t block the “first-party cookies” placed by the web site you are visiting, only third-party cookies placed by outside advertisers.) But you can change the default search engine to DuckDuckGo, which doesn’t track your activity over time to build advertising profiles.

Start by typing any term into the address bar. A dropdown menu previewing results appears. At the bottom right corner of the dropdown is a gear icon. Click it to reach Firefox’s search preferences page. Under “Default Search Engine,” click the down arrow to open the dropdown menu, and select DuckDuckGo from the choices.

You can change your search engine to DuckDuckGo for further protection from tracking.


The switch to Firefox rewards you not only with better privacy but with several handy usability features. Let’s take a tour of a few, beginning right in the address bar.

Reader View’s streamlined article mode
On certain pages, such as newspaper articles, an icon representing a printed page appears just to the right of the page URL. Click this to enter Reader View, which strips away ads, navigation menus, sidebars, and other extraneous elements to give you a clean page for easy reading or printing. A toolbar to the left provides several viewing options. Clicking the “Aa” icon allows you to change font style and size, paragraph and line spacing, and the page color. Click the headphones icon to hear the article read aloud. (Reader View, without dictation, is also available in the Firefox Android and iOS apps.)

Reader View provides a streamlined page in your choice of type and page style.

Pocket web clipping
To the right of the address bar you will see an icon of a shield with a chevron pattern. This activates Pocket. Just press the button to save a copy of the web page you are viewing to your Pocket account. You can tag each clipping with one or more keywords to organize your sources. It’s also a convenient way to save an article you want to read later, when you have more time (including on Pocket’s free mobile apps).

You can add keyword tags to web pages when you save them to Pocket.

Sending tabs to another device
If you use your Firefox account to sync multiple devices, you can use this handy feature to send the tab you are viewing to another device. For instance, you can start reading an article at your computer and finish it on your phone’s Firefox browser, or vice-versa. To send a tab from the desktop browser, click the Firefox Account button in the upper-right of the browser window and select Send Tab to Device.

Use your Firefox account to send the tab you are currently reading to another device.

Feature Image Credit: [Source photo: zoff-photo/iStock]


Sourced from FastCompany

Channel 4 and Virgin Media are adopting Sky’s AdSmart advertising system. Sky says it can put viewers into groups of 5,000 or more based on age, location, lifestyle, and “even if they have a cat”

Personalised advertising already stalks us across the web, and it’s coming to our TVs, with Channel 4 the latest broadcaster signing up to use Sky’s AdSmart to target commercials. While such a system isn’t quite as invasively personalised as the behavioural advertising clogging up the internet in order to show us shoes we’ve already bought, it could have a big impact on television – and risks being rather creepy.

AdSmart is Sky’s system for targeted, addressable ads, which are commercials that can be swapped out and personalised based on location or other personal data – even in live-broadcast, linear TV. Sky has used the platform on its own channels since 2014, and has this year signed up Virgin Media and Channel 4 to do the same.

For viewers, the benefit is not being shown irrelevant ads – Sky won’t show you ads for its broadband if you’re already a customer, for example – and Sky points to research that suggests there’s a 48 per cent drop in channel switching when such targeted ads are shown. For businesses, small companies can target a specific, hyperlocal catchment area rather than throw away money on nationally shown commercials, opening up TV advertising to smaller companies.

And for broadcasters, the benefit is they can charge more, perhaps as much as ten times more, for what they say are more effective ads – helping to claw in more cash as advertising revenues stall. “Better targeting can be beneficial for both advertisers and viewers: it can not only increase ad return on investment for advertisers, but also deliver more relevant information to viewers,” says Yiting Deng, assistant professor of marketing at UCL. Richard Broughton, researcher director at Ampere Analysis, suggests by a rough estimate it could bump revenue at Sky by as much as 10 per cent and across the wider industry by 2 per cent – it’s positive for broadcasters, but its financial impact is limited.

No wonder then that targeted television ads are already in use with on-demand services; Channel 4 earlier this year rolled out a tool letting brands use their own data to match ads to audiences. But swapping out ads is a bit more difficult with live television. “The key technology is combining what is called addressable advertising, which is personalised, with programmatic systems, which is enabling the purchasing of ads automatically,” says James Blake, director of the Centre for Media and Culture at Edinburgh Napier University.

According to Sky, AdSmart turns your set-top box into a local ad server, downloading and storing commercials deemed relevant based on the data the company holds on you. When watching an AdSmart-enabled channel, those ads will be swapped into the commercial break spot; if there are no AdSmart ads available – or you’ve opted out – a generic commercial is shown instead.

To do this, AdSmart and broadcasters that use it require data about viewers. That could be limited, as a local small business could target a handful of postcodes, with a different ad shown to everyone else, with no personal information required. Sky says that location is a key attribute, though there are thousands more, noting that Huddersfield Town Football Club advertises season tickets locally; there’s not much point in showing that commercial to football fans in Scotland, after all. Location can also be used to target ads more carefully using demographic information; if a neighbourhood is more likely to have family homes, showing ads targeting parents makes more sense.

But targeting those ads more precisely – such as showing pet food ads only to those with cats and dogs – requires more data, which broadcasters purchase from third-party data brokers. Sky, for example, says it can select viewers in groups of 5,000 or more based on age, location, lifestyle, and “even if they have a cat”, using Sky’s own customer data, information provided by the company wishing to advertise, and data bought in from third-party brokers such as Experian, Dunnhumby, CACI, 20ci, Mastercard, Emma’s Diary, and Game. Companies such as those have already been targeted with GDPR complaints for exploiting our personal data and selling it on to marketing companies. If you want to know what data Sky et al have gathered on your family, you can file a subject access request.

Technically, it’s possible to make addressable ads more tightly personalised than those groups of 5,000 used by AdSmart, but there’s a danger that could put viewers off, notes Blake. “I think TV companies and broadcasters need to be careful how they use personalised advertising,” he says. “There’s a risk these adverts can be creepy.” Blake points to an experiment in 2017 when viewers on the Channel 4 app were shown adverts with their own names, which some people found “a little bit creepy”, he says.

There’s another reason TV commercials aren’t likely to get quite as personal as online ads: they cost more to make. “You’ve got additional costs for producing high quality TV adverts – the creative process in itself is quite expensive,” Broughton says. “So this is about refining your spend, as opposed to micro targeting a specific segment.”

While there’s merit in avoiding ads for products you’d never buy, such targeted ads could also be used for political marketing – and that raises concerns for democracy when we’re not all seeing the same message, though Blake notes that broadcast television advertising in the UK is heavily regulated. “That’s one of the big reasons why TV is trusted in the way it is,” he says. “But we need to be aware of the risks because TV adverts can be hugely powerful and we don’t want political campaigns and parties to misuse that. There is a danger that you end up in a bubble of like-minded people with like-minded messages, and don’t get exposed to sentiments on the other side.” However, in the UK, such commercials are banned, with unpaid allocated spots given to the parties instead.

And that’s another reason TV ads aren’t likely to be as invasive as online counterparts: they’re heavily regulated. Broadcasters face tighter regulation than online advertisers, and GDPR should limit how personal data is repurposed for marketing. “Addressable advertising in TV took a hit when GDPR came on board,” says Blake. “Before GDPR, there was a lot of discussion about how cookie data [from web browsing] could feed into adverts. And I think GDPR made that process take quite a big hit.”

Both Sky and Channel 4 say they follow GDPR’s rules, and both allow viewers to opt-out of AdSmart, with Sky adding that any “special category data”, such as information about your health, needs consent to be processed by AdSmart.

If such ads do come off as creepy, you can opt out – and not only of AdSmart, but the broadcasters themselves, something they’ll be wary of. As Broughton notes, angering customers doesn’t have much value to broadcasters such as Sky that can cost up to £70 a month. “It’s not worth jeopardising that to get a few extra pence out of an advertiser,” he says, predicting that “they’ll err on the side of caution.”

Feature Image Credit: Getty Images / WIRED

Sourced from WIRED


The social network paid people to monitor their phone activity and Apple was not happy

Facebook and Apple are in another fight over privacy and data after reports surfaced on Wednesday that Facebook built a consumer research app that opened a backdoor to iPhones. The phonemaker, which disabled the app, has accused the social network of violating its app rules.

Apple and Facebook have had a contentious relationship since Apple CEO Tim Cook took a hardline stance against data-collection practices of internet ad giants, calling for more regulations in the industry. Facebook then hired a public relations firm to push back against the criticism of its business model.

The latest episode in the saga is a bit hard to follow. To help, here’s our guide to what happened.

The Facebook Research App
Facebook recruited phone users to install a consumer research app that tracked their web traffic, messaging, app usage and more. About 5 percent of the participants were younger than 18, according to Facebook. (Minors were prompted to get permission from parents during the download process, for what that’s worth.) The app program was managed by third party companies uTest, BetaBound and Applause, which helped distribute the app.

Quick cash for consumers
People who participated in the consumer research typically received $5 to $10 to download the app and up to $20 a month to keep it active. It was almost like a multilevel data marketing deal because people could also make money for each person they referred, and then extra money each month that those people kept the app active. According to online commenters who say they participated in the program, people could potentially even make hundreds of dollars a month. (Facebook did not respond to a request for comment.)

Why does Apple care?
In August, amid a privacy backlash against Facebook, Apple shut down a similar app from Facebook called Onavu, which also collected details about people’s phone usage. Apple said it violated its App Store policies, and no apps should collect data about other apps people have on their phones.

Facebook’s workaround
The new research app avoided Apple’s App Store by using a program that Apple created for enterprise customers. Companies like Facebook use the enterprise program to build internal company apps, apps for communication, transportation and other logistics useful to employees. However, the apps in the enterprise program are only for employees.

Who the fallout is affecting
Perhaps the people most affected at this point are Facebook employees. Apple not only disabled the research app, it shut down all of Facebook’s other utility apps for employees, reportedly leading to some chaos at the office. Facebook has said it’s talking to Apple about getting its internal apps back online.

Without the internal app program, Facebook will have trouble beta testing changes to its main apps, as well, like when it tries out a new design on Instagram or a new feature on WhatsApp, but only among employees.

Also on the case: lawmakers
Lawkmakers have added this issue to the host of others that led Congress to call CEO Mark Zuckerberg and COO Sheryl Sandberg to testify before them last year. On Wednesday, Sen. Mark Warner, D-Virginia, issued a statement that said, “I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection.”

What about those consumers?
Everyone who participated were aware they were participating in market research, according to Facebook. Also, Google and other companies have similar research programs. Nielsen employs thousands of everyday Americans to share their TV viewing habits for market research.

On the other hand, it’s hard to tell if Facebook adhered to the strictest standards of disclosure, and how well-informed participants were. And Facebook already has been under a microscope for privacy and data-sharing issues, most notably the Cambridge Analytica scandal. There have also been questions raised about how Facebook handled user privacy and data, especially in its early days.

Bottom line
No advertiser will pull their money from Facebook over this, but they will call their ad agency and ask what the hell is happening, again.

Feature Image Credit: Bloomberg


Sourced from AdAge