Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Potential Threats. Show all posts

Consenting to Cookies is Not Sufficient

 


While most companies are spending a great deal of their time implementing cookie consent notices, it is becoming increasingly evident that the number and size of developments and lawsuits relating to privacy are on the rise. As a result, companies and their customers are rarely protected by these notices, which is not a surprise.  

It is undeniable that transparency is a worthwhile endeavor. But, the fact remains that companies can be vulnerable to several potential threats that are often beyond their direct control.   

For example, the recent lawsuits involving the Meta Pixel, which also affect many U.S. healthcare companies and are affecting many doctors, are an ideal example of this issue.    

The issue lies in the way websites are designed and built, which contributes to the problem. Except for a few of the biggest tech companies, all of the websites are built using third-party cloud services that are hosted on the web. Among the services offered here are CRM, analytics, form builders, and also trackers for advertisers that take advantage of these functions. Various third parties have a great deal of autonomy over these decisions. However, they are not regulated properly. 

Many kinds of pixels are available on the internet, and many of them serve some purpose. Usually, marketers use this type of data when they want to target advertisements to potential customers. In addition, they want to see how effective their ads are when it comes to reaching them. It is also imperative to note that, by using these trackers, highly specific and detailed personal data is also being collected. This data is being incorporated into existing data portfolios. 

Financial and Healthcare Data are Being Misused 

In most cases, the risks associated with visiting a healthcare website are much higher than when you are visiting any other website. Facebook is not a suitable place for you to share the medical conditions that you are researching with your friends who use that service. This data is not something that you want to be included in your social graph, and you do not want it added. Therefore, the crux of the issue in these lawsuits can be summarized this way: Protected Health Information (PHI) is protected by HIPAA (Health Insurance Portability and Accountability Act), which the actions described in the preceding sentence violate. Seeing digital advertising through the lens of healthcare can also shine a light on how troubling it can be when tracking is used. This is when viewed through the lens of advertising.   

As far as financial services are concerned, the same rules apply. A similar consequence may occur if an unauthorized party gains access to personally identifiable information (PII) or financial data, such as Social Security Numbers or credit card numbers, as well as other confidential data, and it is not handled correctly. This could have dire consequences. Privacy is crucial to safety. Details about your private life should be kept private for the right reasons. Modern advertising practices do not mesh well with these aspects of our lives, which are all significant.   

In addition to the Meta Pixel case, two other recent lawsuits provide us with a deeper understanding of how complex and broad the problem is, and how far it extends.  

Analyzing Sensitive Data From a Different Perspective 

In a recent lawsuit, Oracle was accused of trying to use the 4.5 billion records they currently hold as a proxy system for tracking sensitive consumer data. They have deliberately chosen not to share with any third parties. For comparison, the global population is 8 billion people. The concept of re-identification of de-identified data is far from an invention, but it serves as a clear example of why it matters so much to gather all these pieces of data, no matter how random they may seem. A person can infer most of the details of their life with almost astonishing accuracy. This is if they have access to enough data from Oracle, or whoever gets hold of the data. The data will end up being used in the same way in the end as this is a certainty. 

In a recent case, web testing tools were used to record the sessions of users on a website. This was so that they could see how well users navigated the site as they worked through the steps. As web developers and marketers, it is extremely common for them to use these tools to make their user interfaces more usable. 

In short, some companies are being accused of wiretapping under the Wiretap laws because they are using these tools to gather information. The reason for this is that these tools are capable of transmitting a considerable amount of information without the user's knowledge and the website owner's knowledge. It is inconceivable to believe that such a thing could happen. Even though this may seem like a minor issue, it is very clear once you look at it through the lens of sensitive data.