ADMT & Employment
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: August 3, 2021
In this week's Privacy Insider, I share the story that Amazon has expanded its biometric palm print plan. Now, at Amazon stores across the U.S., you can pay for your purchases by holding your palm over a scanner. Now, to do this, you must first take a scan of your palm and upload it to your Amazon account. But if you do, Amazon will give you $10 toward an Amazon purchase.
When I read this story, my heart dropped. I immediately thought of my close friend who is disabled, forever unemployed as a result and utterly broke. A couple of weeks ago, he decided to try and make some quick cash by selling his blood plasma. His blood pressure was too high, given the stress of his current reality, and the clinic sent him away untapped. But he was willing to sell his body fluid, his very DNA, to get $100 in return. Hey, he's in a corner.
Now that Amazon is offering $10 for some of the most sensitive data we own, the unique coding of our very hand, who will take that deal?
I'm sadly a privacy geek, so I immediately know the risks of entering into that agreement. What if Amazon sells that data to their partners or vendors? What the U.S. government comes knocking for it? What if hackers steal it?
But the average consumer probably isn't thinking about those risks, especially if they're struggling financially. A $10 coupon might mean they can order a cheap blanket or some baby wipes or a book.
And that means Amazon's strategy could set us up for a dire reality we should fight to avoid: Privacy is only for the privileged.
As I've ranted before when I talk to you about biometric data, it's so important because it's so identifying. No one shares your exact face, eye structure or palm print. They are uniquely yours. And that's a powerful acquisition for any data-hungry company to have. It's also unchangeable. If you give a company your biometric information, and then hackers breach a system and steal it, no one can issue you a new hand.
As someone financially stable, I can look at that deal and call it garbage. But what about folks who can't? What about my friend? He would absolutely upload his palm print for access to a product he needs.
In discussing this with my colleague, he pointed out that putting a money value on customer data gives the public insights as to how much their data is worth. And I agree that that's a valuable consumer tool. But it also exposes the wild inequality in the consumer-to-company relationship. The profits a company could make from precious biometric data are unknowable, mainly because those profits aren't public knowledge. But we know that the company with the most data has the most power (see recent antitrust cases asserting so), and the richer the data, the more valuable it is.
It worries me that these kinds of financial incentives are giving consumers a raw deal. It doesn't seem fair that those already struggling could feel compelled to give over an essential part of themselves in desperation. Or, if we agree that cash-for-data should be an accepted business transaction, the compensation should match the sacrifice. But that's going to take a consumer education campaign on just how much the product they're selling is worth.
How much would you charge for your data? Because it's worth more than $10 coupon, I promise. After all, how great are you?
Enjoy reading, and I'll see you next week!
Amazon says $886 million fine is 'without merit'
Last week, Luxembourg's privacy authority (CNPD) fined Amazon $886 million, claiming it violated the EU General Data Protection Regulation (GDPR). The CNPD filed the fine with the U.S. Securities and Exchange Commission, but the specific violations are unclear. The CNPD cites Luxembourg's local laws in declining to comment on the ongoing matter. Amazon said the decision is "without merit" and that it intends to defend itself "vigorously."
Read Story
Court: DSAR responses must include 'internal communications' about the data subject
Last week, Germany's highest civil court published a decision clarifying the scope of data subject access requests (DSARs) under the EU General Data Protection Regulation (GDPR), and it's broader than previously understood in the country. The court said responses to DSARs must include "previous correspondence and notes of internal processes or internal communications related to the data subject," according to Data Protection Report. Meaning: You must disclose those Slack communications and emails about the data subject, too.
Read Story
Zoom agrees to $85 million settlement over alleged privacy violations
On August 2, Zoom agreed to settle a lawsuit alleging it violated users' privacy for $85 million. The case cited "Zoombombing," a term describing uninvited users gaining entry into a private Zoom meeting to disrupt it. During the early days of the COVID-19 lockdown, when Zoom exploded in popularity, hackers targeted businesses, online classrooms and others enough that the company stopped developing new features to fix the problem, Mashable reports.
Read Story
Amazon offers users $10 to upload their palm prints as payment method
Amazon has expanded its biometric palm print scanners in its stores across the U.S., including New York, New Jersey, Maryland and Texas. Last year, the company introduced its scanner program, Amazon One, asking customers to upload their palm prints and link them to their Amazon account for $10. By connecting it to an account, "Amazon can use the data it collects, like shopping history, to target ads, offers and recommendations to you over time," TechCrunch reports.
Read Story
If Apple's pro-privacy, why doesn't it support a Global Privacy Control?
Privacy advocates' call for a legally enforceable opt-out mechanism across the web is close to becoming a reality. A coalition of companies and publishers released a technical specification for a Global Privacy Control (GPC) control at the browser level last year. And while the California Consumer Privacy Act doesn't specifically call for a GPC button, in his 2020 guidance on the law, the California Attorney General states that businesses must honor it. But Apple "despite its stated (and heavily advertised) commitment to privacy, has not incorporated the global privacy control into Safari …. Nor has it built it into iOS," WIRED reports.
Read Story
Google unveils plans for Play Store' safety section'
Google has unveiled design plans for its Play Store's upcoming safety section, which will feature information about an app's data collection, privacy and security practices, The Verge reports. Developers have from October 2021 to April 2022 to describe how they do things, and the safety section will begin appearing in app descriptions in the first quarter of 2022, the report states. Google has said apps that don't comply could see their updates blocked.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.