In this article

Sign up for our newsletter

Share this article

Hello all, and happy Thursday! 

The concept of “privacy by design” isn’t new—the term was coined way back in the mid-nineties, but it’s only since privacy by design was enshrined in the GDPR that it’s really come to the fore. One of the stories in our newsletter this week really highlights the importance and challenge of privacy by design, I think. 

According to Reuters reporting, Tesla workers were able to access videos from Tesla owners’ cars and often shared them around the office. These were recordings of accidents, people caught in embarrassing situations—even (allegedly) of the inside of Elon Musk’s garage. One former employee said, “The people who buy the car, I don't think they know that their privacy is, like, not respected … We could see them doing laundry and really intimate things. We could see their kids.” 

Technically, Tesla employees aren’t supposed to be accessing video data for anything other than the analytics and development purposes described in their privacy policy, But the issue is that they can; not that they are or are not allowed. 

If a Tesla employee feels like it, there may not be much to stop them from sharing recordings from individuals’ cars. Teslas collect a significant amount of data by design—an example is Tesla’s Sentry Mode, in which external cameras remain on to detect potential threats and which has been described as a “privacy violation on wheels. 

Ultimately, no amount of policy and procedure can truly protect personal information. The only surefire way to protect personal information is to not have to collect it in the first place—which can be achieved by adhering to privacy-by-design and data minimization principles. 

Best, 

Arlo 

 


Top privacy stories of the week

Indiana poised to add to U.S. state privacy law patchwork 

The Indiana House recently voted unanimously to grant final passage to Senate Bill 5—Indiana’s proposed comprehensive data privacy law—to the state Senate. The Indiana Senate has already voted unanimously to approve the bill earlier, and will now vote on concurrence (considered a formality) before the bill will land on Governor Eric Holcomb’s desk for signature or veto. 

Read more 


'Operation Cookie Monster': International police action seizes dark web market 

In a multinational crackdown dubbed "Operation Cookie Monster," UK authorities seized a massive dark web marketplace. They estimated that the service hosted about 80 million credentials and digital fingerprints stolen from more than 2 million people. 

Read more 


Special report: Tesla workers shared sensitive images recorded by customer cars 

Between 2019 and 2022, groups of Tesla employees privately shared highly invasive videos and images recorded by customers’ car cameras, according to interviews by Reuters with nine former employees. Although Tesla’s privacy notice claims that any recordings are anonymous and cannot be linked to individuals or their vehicles, several former employees indicated they could identify the locations where recordings were made. 

Read more 


Oops: Samsung employees leaked confidential data to ChatGPT 

Mere weeks after lifting a ban on the use of ChatGPT, Samsung discovered that multiple employees had shared proprietary code and meeting transcripts with the AI chatbot. Unless users explicitly choose to opt out of data collection, OpenAI retains all data submitted to ChatGPT in an effort to improve its AI models. In part due to these leaks, Samsung is developing its own AI model. 

Read more 


IAPP GPS 2023: FTC's Bedoya sheds light on generative AI regulation 

During the International Association of Privacy Professionals’s (IAPP’s) Global Privacy Summit conference this year, U.S. Federal Trade Commissioner Alvaro Bedoya asserted that there is no need for further regulation to address the privacy concerns related to AI. "The reality is AI is regulated (in the U.S.). Unfair and deceptive trade practices laws apply to AI," Bedoya said. 

Read more 


The U.S. deserves stronger spyware protections than Biden’s executive order 

U.S. President Joe Biden has signed an executive order that limits U.S. government agencies from using commercially available spyware—but the Electronic Frontiers Foundation argues that this does not prevent the government use of spyware in the U.S. 

Read more 


Osano Blog: The Iowa Consumer Data Protection Act (ICDPA): The basics 

Now that Iowa has joined the five other U.S. states with data privacy laws, what do businesses need to do to get compliant? Fortunately, the Iowa Consumer Data Protection Act appears to be more business friendly than most other laws, but that doesn’t mean compliance is automatic or easy. Read our blog to learn more. 

Read more 

If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you. 

Schedule a demo of Osano today

Privacy Policy Checklist

Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.

Download Now
Frame 481285
Share this article