Originally Posted by muppetry
Originally Posted by Taniwha
Originally Posted by Tallest Skil
Originally Posted by Suddenly Newton
Most Google/Samsung defenders in the forums tend to argue something like "see, Apple does it too!" using spurious examples. They never actually deny that Google/Samsung did whatever they were accused of doing.
Exactly. And to top it off, Apple's NOT doing what Google, et. al. do! There's no "too"! In Apple's list of "Apple affiliated companies"… it's all Apple! Just under different names! It's to be understood that Apple shares the personal information you give them… with Apple! It's them! And then they go on to say that non-personal information is shared with true third-parties, and they state what that non-personal information is.
Ah TS, are you being willfully ignorant ? The Apple definition of non-personal information is, to put it mildly, defective, as I pointed out earlier in this thread. It is really quite asinine in this context to ignore the fact that the Apple definition is absolutely contrived and not in any way compatible with internationally accepted definitions of personal information: Restricting the definition of "personal information" to only cover DIRECTLY IDENTIFIABLE information about persons is simply a trick to deceive the uninformed.
If the definition had been invented by some idiot with no professional experience in privacy law it might be excusable, but that's not the case. It was defined by professionals who are familiar with privacy laws and regulations worldwide. But when it comes from a professional then it must be assumed that it is intentional.
The point is that it is trivial to link various pieces of "apple-defined" non-personal information to identify people. This is why the laws are formulated to include "identifiable" personal information. So please, give it a rest. Nobody can be so stupid as not to see through that. But since we don't have any insight into what apple is really doing it is a bit difficult to say more than it looks like a ruse which will create the illusion that they are not processing personal information while at the same time opening a back door to permit it. To me it seems quite obvious that the specific inclusion of "direct" in the definition, is something that requires closer examination.
And before you start arguing that this is a US Company and subject only to US laws, you may wish to wise up on definitions of personal information in various state laws and federal regulations (HIPAA for example). In any case, there is not a shadow of doubt that the Apple definition is incompatible with privacy law in the majority of countries which have any such laws at all.
What kinds of non-personal information do you think could reasonably be combined to permit identification of a customer?
Well this is not a hard question to answer: Let's take 2 examples.
1. you buy something on the internet, and supply your credit card, email address and login-name.
2. you buy something in a shop, pay in cash and supply your home address for the delivery, your email address in case there's some problem with the order, and your telephone number so that the delivery man can call you to arrange a time to take the delivery.
In this case you have two datasets. The internet supplier doesn't have your home address and telephone, but the brick and mortar shop does.
Now an indexer can link the two datasets based on your email address. That, incidentally, is how many internet data aggregators function ... building links by indexing on seemingly disconnected information sub-sets. If you*re interested PM me and I'll send you an article about data leakage on the internet. It's quite revealing.
But my main point is another one:
Apples "Privacy" policy does not give you ANYTHING LIKE A USEFUL GUARANTEE. Most people probably wouldn't notice the fine distinction that Apple makes and the fact that they classify information as personal only if it is directly attributable to a person. Anything that is not DIRECTLY attributable, is "free-to-use-in-any-way-we like". So the unwary reader, and intellectually challenged AI moderators, don't understand that the definition that Apple invented is not a protection of personal information and not a guarantee at all. In fact it's a blank check as long as the data set doesn't contain your NAME.
The other point I made was that the Apple definition is in contradiction to the most widely accepted international definition of "personal information" in the laws of many countries, whicht is "any information relating to identified or identfiable natural persons"
Actually I just did a quick check in a couple of international privacy law resources (Baker & McKenzie, Linklaters). About 40 countries, including the entire EU, but also Russia, India, Argentina, Chile, Columbia, Kazakhstan, Azerbaijan, Indonesia, Philippines, Turkey, and Vietnam (among others) ALL use the "identified or identifiable" definition. So Apple is WAY off target.
And here's the Killer :-). EVEN GOOGLE defines personal information more broadly than apple's limited definition. I find that is simply hilarious.
This is information which you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by Google."
For the intellectually challenged, the last sentence is the key. (Hi TS).
So, what I am saying is that the Apple definition is self-serving and deceptive and clearly in violation of the law in at least 40 countries outside of the US of A.
Apart from the simple comparison to the google privacy definition, as a privacy professional I am by no means defending Google in any shape or form. But there have been enough contributions to this thread that draw attention to the shit that Google is propagating. I don't think I need to add to that.
Hope that helps to clarify the issues.