imported from PExbj62V4jE
https://groups.google.com/forum/#!msg/tosdr/PExbj62V4jE/MSYh8dXJvSUJ
Dear ToS;DN community,
As I am a new user, this is my occasion to introduce myself. I am a
designer and a Ph.D student researching in the area of user privacy issues
in digital services and embedded sensing technologies.
Since my research interests covers ToS and Privacy policies I would like to
use the ToS;DN platform as a tool to understand privacy issues related to
the usage of some 'smart devices' such as the ones listed here
.
My first experiment is with Mimo's Privacy policy
. In order to better understand
Privacy Policy (PP) I will forward my rating proposals using the new
ToS;DN's platform form (when I will be able to use it
). In
addition, I have an open question regarding a particular aspect of the PP,
for those in the community interested to answer.
I apologize for the length of my email.
In order to ease the reading I have put some descriptors.
*The final questions are at the end* (/// questions).
Thanks in advance to everyone that will take this into consideration and
give their opinion.
/// What is Mimo
Mimo is a cloud base baby monitor that, using the company's words: “[helps
parents to] get real-time audio and insights about [their] baby’s sleep
activity, right on [the] smart device, from anywhere in the world”.
/// brief introduction to Mimo's Privacy Policy
It seems that Rest Device Inc., who is the organization owning Mimo,
collects 3 principal kind of user information: (1) *personal information*,
(2) *aggregated information* and (3) *profile*, which is a combination of
both the information gathered from users and acquired from third parties.
Even though privacy policy (PP) related to Personal Information are clear
and well explained, PP for ‘Profile’ looks to be more ambiguous.
(1) *Personal Information* "means information that specifically identifies
an individual (such as a name, address, telephone number, mobile number or
e-mail address) or other information about that individual that is directly
linked to Personal Information. Except for some 'features that give [users]
the option to share certain of your information with friends and other
third parties, [the service] do not share Personal Information with third
parties. Moreover, Personal Information does not include "aggregate"
information’.
(2) *Aggregated information* are not linked to Personal Information but can
be shared with affiliates organizations and business associates e.g.
'aggregated demographic information about our user'.
The situation is more complicated for the *Profile* (3). As claimed by the
company: It is made ' by storing 'information that we collect through
cookies, log files, clear gifs, and/or third party sources to create a
"profile" of your preferences'. Moreover, Profile information is shared
with third parties in aggregated form only.
Again, at least for the moment Mimo 'does not tie users Personal
Information, or purchasing history, to information in the profile, in order
to provide tailored promotions' etc. that it should means that Profile and
Personal Information are kept separately.
/// the controversial part
The more controversial part came at this point: 'To *enrich our profiles*
of individual customers, we tie [information purchased *from third parties*]
to the *Personal Information* [that users/individual customers] have
provided to us. For me, such sentence sounds like a negation of what has
been claimed above, when the company told that Profile and Personal
Information are not tied together, and now they are.
/// questions
*[1] If that is true it means that Profile is a combination of Personal
Information and aggregated data that was not supposed to be linked together
(?).*
*[2] Finally, even though Profile is shared with third parties in
aggregated form only, does it mean that Rest Device Inc. does not share
users personal data* with third parties?*
I am sorry if I made some ingenuity during my explanation and/or if my
summary of the Mimo's privacy policy is not so clearly explained.
*with ‘Personal Data’ I am taking into consideration the definitions in
Article 2 of EU Directive 95/46/EC: Any information relating to an
identified or identifiable natural person (“data subject”); an identifiable
person is one who can be identified, directly or indirectly, in particular
by reference to an identification number or to one or more factors specific
to his physical, physiological, mental, economic, cultural or social
identity.
--
tosdr.org | twitter.com/tosdr | github.com/tosdr
---
You received this message because you are subscribed to the Google Groups "Terms of Service; Didn't Read" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tosdr+unsubscribe@googlegroups.com.
To post to this group, send email to tosdr@googlegroups.com.
Visit this group at http://groups.google.com/group/tosdr.
For more options, visit https://groups.google.com/d/optout.
scripted message: please link to a quote
scripted message: moving this point to Michiel
DECLINED
Point automatically declined as no activity have been monitored over a course of 2 months
Previous Title: No changes recorded
Updated Title: No changes recorded
Previous Analysis: No changes recorded
Updated Analysis: No changes recorded
Previous Status: CHANGES REQUESTED
Updated Status: DECLINED
Previous Title:
Updated Title: Mimo Privacy Policy | Open question
Previous Analysis:
Updated Analysis: Mimo Privacy Policy | Open question
Previous Status:
Updated Status: PENDING