Posted: 6 Min ReadResearch Group

NortonLifeLock Privacy Watch

Volume 1

This blog aims to provide timely updates on the latest privacy trends for individuals concerned about protecting personal information. The inclusion of products, websites, apps, or links does not imply endorsement or support of any company, product, material and/or provider listed herein.

1. Amazon continues to enjoy growing popularity for its Amazon Echo, the Alexa voice assistant and Ring, its internet-connected home-security camera company. But that success also raises no shortage of privacy concerns about the amount of personal data Amazon controls as well as its ability to keep it secure.

We live in an Alexa World and you’re just along for the ride - even if you didn’t know it. Users now freely engage with Amazon’s voice assistant but there’s still little public understanding about what Amazon does with that information. The details spelling all this out are buried deep within their terms and conditions or in hard-to-find settings. Even tech-savvy users don’t necessarily know the full extent of the privacy issues.

More recently, the UK’s National Health Service inked a deal allowing medical advice to be provided via the Echo. No specific patient data is being shared with Amazon by NHS and this agreement could help further the number of ways the UK’s citizens can access publicly available information like the NHS website or phone line 111.

What they're saying:  

“Amazon does not build customer health profiles based on interactions with nhs.uk content or use such requests for marketing purposes. Alexa does not have access to any personal or private information from the NHS,” a company spokesperson told The Conversation.

The Big Picture:

No doubt smart devices are, well, smart. That’s their charm and that’s their value. But we’re still quite early in the development of the Internet of Things (IoT). Simply put, in the rush to trade convenience for privacy, we could be making a bad bargain.

Learn More:

Can smart speakers be hacked? 10 tips to help stay secure

2. California’s sweeping new consumer privacy law went into effect on January 1, 2020. As the deadline drew near, there was a last-minute scramble by businesses racing to meet the new disclosure requirements regarding their data collection policies. And that’s creating a measure of confusion with privacy advocates complaining that compliance is all over the map.

The Big Idea: The California Consumer Privacy Act, or CCPA, was passed to set up new rules to make online life more transparent for consumers. Proponents sought to give the public the right to know what personal information that online companies were collecting about you and to see what data had already been gathered. What’s more, the legislation was designed to give users the option of opting out of such collection and also to ask companies to delete collected data.

Oops: As an example, shoppers signing up for the Ralphs Rewards loyalty program recently learned that the supermarket chain wanted information about your job, your education, your health and your insurance coverage. After news reports spotlighted the company’s intrusive data demands, a spokesman suggested that Ralph’s may soon be going back to the drawing board.

“I can understand why it raises eyebrows,” the spokesman told the Los Angeles Times. “We may need to change the wording on the form.”  

Meanwhile, some companies are posting incorrect privacy information on their websites even while compliance rules are reportedly still being worked out.

The new law matters: Watching the sausage get made is never pretty and neither is legislation. Even while California is taking the lead - as other states look at drafting their own privacy statutes - enforcement can begin by July 1, 2020and is likely to be underfunded. Like any legislation this big, it’s tough to implement, enforce and check enforcement. For more perspective, take a look at this study NortonLifeLock did (in collaboration with academic partners), summing up the implementation/enforcement challenges of General Data Protection Regulation (GDPR).  Still, any speed bumps pale in comparison with the potential privacy benefits to consumers, worn down by one data disclosure after another. Unfortunately, data breaches now feel increasingly common. For instance, the Norwegian Consumer Council recently accused several popular dating apps of supplying user data to third parties involved in advertising and profiling.

Learn More:

Wikipedia: California Consumer Privacy Act

3. Data Collection in the living room is now a fact of life with smart TVs the epicenter of the battle to keep your information private. While much attention has been devoted to the privacy risks associated with the use of smartphones, computers, and websites, there’s far less recognition of the potential security vulnerabilities presented by your smart television. Yet as a recent Consumer Reports study noted, these sets “can transmit a remarkable amount of information about their users back to the TV manufacturers and their business partners.”

Have “Smart TVs” have become too smart for their own good? With televisions essentially morphing into very large computers, there’s now the risk that hackers could access the personal data captured by your smart TV. Don’t dismiss the threat as theoretical; the FBI recently warned consumers that internet-connected smart televisions are vulnerable to hacks. TV makers may be responsible for the same oversight as other manufacturers of IoT-connected devices, viewing consumer data security as an after-thought.

This could open the way for malicious hackers to exploit smart televisions, giving attackers the ability to change channels and show your kids inappropriate videos - or even use the network to access your TV's camera and microphone to silently cyberstalk you.

Turning back the clock is not only possible but it’s happening. At the CES conference in January 2020, Samsung unveiled a new app for its smart TVs that lets Samsung TV owners see how their television is tracking them. Importantly, it also gives users the ability to turn that tracking off.  

Learn More:

What is a Smart TV and What are the Privacy Risks?

4. Data Privacy Day 2020. On January 28, nations, private organizations and privacy advocates around the world recognized this annual event and took stock of progress being made and battles still underway. The overarching message to consumers: Exercise active control over what you’re sharing and choose how, when, where, and for what purposes your data is being used. One encouraging harbinger: More people than ever are paying attention since Data Privacy Day was officially inaugurated 11 years ago: In 2019, Data Privacy Day hashtags (#PrivacyAware and #DataPrivacyDay) were tweeted 50,287 times, up 50% from the prior year. 

 Learn More: 

National Cyber Security Alliance 

To learn more about how to protect yourself, check out NortonLifeLock’s guide on How to Keep Your Online Activity and Identity Private as well as our primer on Privacy, Identity and Trust

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates.  Other names may be trademarks of their respective owners.

About the Author

Dr. Petros Efstathopoulos

Global Head of NortonLifeLock Research Group

Petros joined NortonLifeLock Research Group in 2009 and has focused on next-generation storage/backup systems, portable storage security, network security, privacy and identity. He is responsible for Lab strategy, direction, and growth.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.