Definition of an identifiable person

April 29, 2008 at 10:12 am | Posted in privacy | Leave a comment
Tags: , , , ,

Just a snippet from the PRISE conference I am attending right now:

dentifiable Person – means a natural person that is or can be identified, directly or indirectly, as a particular person by reference to an identification number or to one or more aspects of the person’s physical, physiological, mental, economic, cultural or social identity. Identifiable Persons may include any employee, applicant, former employee, or retiree of Datalogic, its operating divisions, or subsidiaries in the EU.

Personal Data – is any information about an Identifiable Person that

* is within the scope of the EU Directive,
* is received by Datalogic in the U.S. from the EU,
* is recorded in any form and
* is about, or pertains to, a specific individual; and
* can be linked to that individual.

Personal Data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.

Processing – means any online, offline or manual processing and includes such activities as copying, filing, and inputting Personal Data into a database.

Sensitive Data – is data that pertains to medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or any other data that is identified as “sensitive” by the Identifiable Person.

Source

Meet my here at My FaceSpace

March 28, 2008 at 8:13 am | Posted in Art, privacy | Leave a comment
Tags: ,

But what I do have is this: A video showing “My FaceSpace – The Musical” – this is not the recording from our panel discussion on privacy in social media on Wednesday, but the same piece and artists: Monochrom from Vienna.

The video above was filmed at last year’s Big Brother Awards.

Pimping your blog out to potential employers (?)

February 8, 2008 at 3:29 pm | Posted in Blogging, Career, privacy | 2 Comments
Tags: , , ,

I have only ONCE in my life included the URL of my blog as a reference in an application – and regretted it the moment I had hit the ‘SEND’ button. Negotiating ones need for privacy and ones needs for communication is difficult enough with any blog – I still avoid to put my full name anywhere on this blog as I do not want everybody who knows my name to be able to have a daily update on my life and whereabouts at his fingertips.

Also, I am a bit wary of the influence that using this blog as a job reference might have on my blogging habits: I don’t want to end up writing self-censored and streamlined posts that would be fit to endorse a CV, but wouldn’t make sense to my friends and family. One of the main purposes of this blog is to serve as a repository for the things and ideas that cross my mind in a day, and blogging is a good instrument to add that layer of reflection that draws the line between an idea and an opinion, or an idea and a plan. Also, it helps me keeping my English in shape:-)

Application business
photo by jenna77

What I DO mention occasionally is that I am a daily blogger – for instance when I applied for the editor training that I did in October/November. So far, however, nobody has ever asked for the URL – until today, that is, when I received an email from a consultancy who are looking for someone to take care of their Online PR (part-time!). I hesitated for a moment – then sent them link, also because I appreciated the fact that they had actually READ my application (is there anybody among you readers who has never been in a job interview where the people opposite you didn’t even know your CV?)

Nonetheless I added a little disclaimer: I am not a business blogger, and I am not using this blog as a PR or advertising tool. So whatever you may find here is a reflection of my personality, but it is not intended as a showcase of my PR skills;-)

And to finish the story of that other company, the first and last ones to have received my blog URL in an application: Well, they turned out to be one of those unreliable parties who don’t even bother to send you a either notification of receipt or at least a letter of rejection. I wonder why these things still happen – if marketing and advertising is all about establishing good relations with potential clients, shouldn’t an advertising agency know better?

Lent Logo 2008UPDATE: Lent is of course still on – it’s day three today, and I’m already having a craving for sugar. Looks like it’s going to be a bit tougher this year – but I will not waver, falter or compromise on this issue!

The Dark Side of Open APIs: Privacy exposed

February 3, 2008 at 2:54 pm | Posted in privacy | Leave a comment
Tags: , , ,

Le faux frog just wrote a piece similar to my 30boxes item.

I’m starting to resent some web services that allow users to find friends by entering their e-mail addresses. Why? That feature can be handy but Flickr and Twitter go too far and allow access to e-mail addresses that have not been explicitly marked public. Futhermore, any webcrawler can use those e-mail addresses to generate profiles of people by making a simple API call.

Spokeo crossed my radar this week after I read about it in Newsweek. I’m not interested in monitoring my friends’ activities across dozens of online communities and social networks but I created an account anyway and entered my e-mail address to see what information about me was freely available. I’d recommend periodically doing the same type of thing on Google. I’ve always called it “ego surfing” but the term never really caught on.

To my surprise, Spokeo listed all of my photos on Flickr and all of my tweets on Twitter during the past two weeks. That felt like a violation of my privacy.

An Email to Yahoo/Flickr regarding privacy leak

January 26, 2008 at 12:44 am | Posted in privacy | 2 Comments
Tags: , , , ,

Here is a copy of my email to Yahoo (for Flickr) Germany (they automatically forward me to the German site, due the my IP I suppose), addressing the privacy issue raised by the 30boxes mashup (I wrote about that here). I picked the ‘Infringement of Privacy’ label, hopefully I’ll get a response, hopefully they’ll fix that problem.

Dear Yahoo,

I just learned that, due to an open API at Flickr, it is now possible to extract and MATCH ones nickname and email address and make that connection public. That means: Knowing someone’s email address suffices to retrieve that person’s flickr account.

This is currently possible using the services of a website called www.30boxes.com. 30boxes offers a calendar services and claims to allow people to do the following:

* organize your stuff
* plan your day
* keep up with your friends

Unfortunately, in their interpretation, a friend is someone whose email address you know (an unfortunate misunderstanding that could also be witnessed in the recent disclosure of shared items to everyone in your contact list at Googlemail)

Similarly, keeping up with your friends at 30 boxes works the following way: Once you have signed up, you can “Find buddies” by entering the email addresses of people you know (of course, knowing someone’s email address does _not_ mean that you are friends!)

30boxes then attempts to retrieve data from the APIs of – among others – Flickr, Twitter, Myspace.

What is disconcerting here is that it, in the case of flickr – matches nicknames and emailaddresses, meaning that the privacy that the nickname offers is jeopardized.

I, for instance, entered the email of a friend (which I am not going to type in here, as I am also going to publish a copy of this email on my blog) and immediately received a link to her flickr account – I am very sure that she isn’t too pleased about this.

I am probably lucky that 30boxes wasn’t able to match my email address with my flickr account (for which ever reason) – nonetheless, I wonder whether:

a) Flickr knows about this vulnerability of their API

b) this vulnerability is covered by the terms and services (I doubt that I would understand the legal language that defines the use of APIs, hence I haven’t checked myself).

In any case: The fact that one HAS the opportunity to chose a nickname does, in my view, suggest that the connection between nickname and email address should also NOT be revealed to third parties nor made public, e.g. publicized in the 30 boxes mashup.

Furthermore: If a user gives out his or her email address, that does not necessarily mean that he or she also meant to allow this person to see his or her flickr account. This is, however, the consequence of opening your api to third parties like 30 boxes.

Your feedback is very much appreciated.

Best wishes

Anaj Blog

I might have to send emails to Twitter, Myspace etc. as well.

Create a free website or blog at WordPress.com.
Entries and comments feeds.