449
submitted 9 months ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

Not sure which news website I should be using for the link, sorry! I'm happy to change it if anyone has a better one.

Google agreed to destroy or de-identify billions of records of web browsing data collected when users were in its private browsing “Incognito mode,” according to a proposed class action settlement filed Monday.

The proposal is valued at $5 billion, according to Monday’s court filing, calculated by determining the value of data Google has stored and would be forced to destroy and the data it would be prevented from collecting. Google would need to address data collected in private browsing mode in December 2023 and earlier. Any data that is not outright deleted must be de-identified.

you are viewing a single comment's thread
view the rest of the comments
[-] NaibofTabr@infosec.pub 65 points 9 months ago

Hmm, it is nice to see an outcome from a lawsuit that is practical and not just a cost-of-doing-business fine.

But "de-identify" doesn't inspire a lot of confidence... anonymized data can be de-anonymized pretty easily most of the time. Also have they kept accurate internal records on all the places pieces of that data have gone inside their various projects and systems? Who would be capable of verifying that it had all been deleted?

[-] oce@jlai.lu 15 points 9 months ago* (last edited 9 months ago)

I think in European law, for data to be anonymous, not only there should be no personal identifying information but also there should be no identifiers that allow to link non personal data together to trace the behavior of a single person. https://www.edps.europa.eu/system/files/2021-04/21-04-27_aepd-edps_anonymisation_en_5.pdf

[-] NaibofTabr@infosec.pub 15 points 9 months ago* (last edited 9 months ago)
[-] oce@jlai.lu 4 points 9 months ago

Do you mean not aggregated? Do you mean aggregating different kinds of data, or do you mean grouping together the same data for a category?

[-] NaibofTabr@infosec.pub 0 points 9 months ago

I mean that when lots of data is compiled, you can remove specific identifiers such as names, emails, IP addresses, phone numbers, etc (anonymization) but it's been demonstrated that it's relatively easy to re-identify specific individuals from "anonymized" data.

[-] oce@jlai.lu 3 points 9 months ago

I think this means you still have some identifier that allows to link those data to a single person. This is quite explicitly not considered anonymization by the gdpr.

[-] MeetInPotatoes@lemmy.ml 14 points 9 months ago

I've verified throughout our fox network that there are no foxes in any henhouses at the moment. They've been instructed to take steps to ensure that no foxes end up in any henhouses accidentally going forward and the foxes tell me that they are truly sorry this time. Despite past reassurances of not being evil, they were in fact..evil. We are rolling out an internal audit system with the help of a 3rd party partner who owes us lots of stuff. We plan on letting the advocacy groups check out our henhouses as long as they agree to be bound by an NDA.

this post was submitted on 01 Apr 2024
449 points (98.5% liked)

Privacy

32506 readers
1231 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS