Privacy

Google has acknowledged that one of its home alarm products contained a secret  microphone. Product specifications for the Nest Guard, an all-in-one alarm, keypad and motion sensor, available since 2017, had made no mention of the listening device.

Nest Guard is an all-in-one alarm, keypad, and motion sensor but, despite being announced well over a year ago, the word microphone was only added to the product's specification this month.

But earlier this month, the firm said a software update would make Nest Guard voice-controlled. On Twitter, concerned Nest owners were told the microphone has not been used up to this point.

In response to criticism, Google claimed:

The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part. The microphone has never been on and is only activated when users specifically enable the option.

This is the kind of thing that makes me paranoid of smart home devices, commented Nick Heer , who writes the Pixel Envy blog.

If I owned one of these things and found out that the world's biggest advertising company hid a microphone in my home for a year, I'd be livid.

The Gambling Commission (UKGC) has released a new set of rules, ensuring that operators implement a new wave of identity checks to make gambling safer and fairer.

Following an open consultation, and to further guard against the risk of children gambling, new rules mean operators must verify customer identity and age before they can either deposit funds into an account or gamble with the licensee, with either their own money or a free bet or bonus.

Furthermore, the UKGC has clamped down on free-to-play games, stressing that customer must now be age verified to access such versions gambling games on licensees' websites, emphasising that there is no legitimate reason why they should be available to children.

Changes are also designed to aid with the detection of criminal activity, whilst operators are reminded that they cannot demand that ID be submitted as a condition of cashing out, if they could have asked for that information earlier.

Finally, an increase in identifying self-excluded players was stressed, because effective verification by operators will mean that a customer will not be verified, and therefore unable to gamble, until they provide correct details. These details will then be checked against both the operator's own self-exclusion database and the verified data held by Gamstop.

Set to come into force on Tuesday 7 May, further new rules come as a result of a number of complaints to contact centre staff, regarding licensees not allowing a customer to withdraw funds until they submit certain forms of ID.

The new rules require remote licensees to:

• Verify, as a minimum, the name, address and date of birth of a customer before allowing them to gamble
• Ask for any additional verification information promptly
• Inform customers, before they can deposit funds, of the types of identity documents or other information that might be required, the circumstances in which the information might be required, and how it should be supplied to the licensee
• Take reasonable steps to ensure that information on their customers' identities remains accurate.

Google has been fined 50 million euros by the French data censor CNIL, for a breach of the EU's data protection rules.

CNIL said it had levied the record fine for lack of transparency, inadequate information and lack of valid consent regarding ads personalisation. It judged that people were not sufficiently informed about how Google collected data to personalise advertising and that Google had not obtained clear consent to process data because essential information was disseminated across several documents. The relevant information is accessible after several steps only, implying sometimes up to five or six actions, CNIL said.

In a statement, Google said it was studying the decision to determine its next steps.

The first complaint under the EU's new General Data Protection Regulation (GDPR) was filed on 25 May 2018, the day the legislation took effect.The filing groups claimed Google did not have a valid legal basis to process user data for ad personalisation, as mandated by the GDPR.

Many internet companies rely on vague wording such as 'improving user experience' to gain consent for a wide range of data uses but the GDPR provides that the consent is 'specific' only if it is given distinctly for each purpose.

Perhaps this fine may help for the protection of data gathered on UK porn users under the upcoming age verification requirements. Obtaining consent for narrowly defined data usages may mean actions could be taken to prevent user identity and browsing history from being sold on.

A US federal judge has thrown out a lawsuit that Google's non-consensual use of facial recognition technology violated users' privacy rights, allowing the tech giant to continue to scan and store their biometric data.

The lawsuit, filed in 2016, alleged that Google violated Illinois state law by collecting biometric data without their consent. The data was harvested from their pictures stored on Google Photos.

The plaintiffs wanted more than $5 million in damages for hundreds of thousands of users affected, arguing that the unauthorized scanning of their faces was a violation of the Illinois Biometric Information Privacy Act, which completely outlaws the gathering of biometric information without consent.

Google countered claiming that the plaintiffs were not entitled to any compensation, as they had not been harmed by the data collection. On Saturday, US District Judge Edmond E. Chang sided with the tech giant, ruling that the plaintiffs had not suffered any concrete harm, and dismissing the suit.

As well as allowing Google to continue the practice, the ruling could have implications for other cases pending against Facebook and Snapchat. Both companies are currently being sued for violating the Illinois act.