Invented by Len Barlik, William Bayless Bracker, Matthew Edwin Carothers, Donald W. Johnson, Michael J. Pacifico, Jemin Thakkar, Christian Ulf Welin, Cox Communications Inc
The Cox Communications Inc invention works as followsSystems and methods for a comprehensive, streamlined data privacy opt-in and opt-out solution using computer-readable media.” Data privacy laws (also known as consumer privacy laws or data protection laws) prohibit the misuse or disclosure of private information. A second device can send a request to a first device. The request may be associated with an individual user. A privacy regulation can be determined by the first device based on a user. The device can determine the setting that is associated with privacy regulation. The device can send the setting to the second device.
Background for Data privacy opt-in/out solution
In recent years, data privacy laws have been passed in many countries around the world. These laws prohibit the misuse or disclosure of private information. The European Union, for example, recently passed the General Data Protection Regulation, which severely restricts the collection, storage, and use personal data. California, in the United States is about to pass the California Consumer Privacy Act. This act will restrict the use of personal information. Data privacy compliance is becoming increasingly important as a result of the increasing adoption of data privacy laws in various jurisdictions and the potential high penalties and fines levied against companies and individuals that fail to comply.
Example embodiments” described herein provide systems, methods and devices that enable a data opt-in and opt-out solution. Online commerce involves many stakeholders who have access to data about users, such as their browsing habits on the Internet, purchase histories, preferences, and information obtained via social media. Although not all sensitive data is available, it can have negative effects on individuals or companies whose sensitive data has been collected. This includes selling, renting or releasing sensitive data to third parties for financial gain.
Data privacy compliance is becoming increasingly important due to the potential for huge penalties and fees levied against companies and individuals that fail to comply with various comprehensive data privacy legislation. Media outlets love to report on data privacy breaches that result in misuse of personally identifiable info. These breaches can cause severe damage to the reputation of a company. A company or organization who collected personal data and was required to keep it confidential and secure may face a high liability risk and expensive remedial measures. These breaches can result in financial losses, as well as loss of trust, credibility and confidence from stakeholders and individuals.
It can be challenging to ensure data privacy compliance, because each jurisdiction has its own unique laws and compliance requirements. A given pool of customers may be subject to different data privacy regulations, such as from state to states. This complicates matters even further. “Without a streamlined approach, maintaining compliance with various data privacy laws could be extremely expensive in terms of capital cost, operating costs and employee time (e.g. compliance officer).
Some jurisdictions have privacy legislation that allows online users to remove some information from their history of online activity. To comply with privacy laws, it may be necessary to identify information associated with a user online and delete some information. It may take a lot of time and resources to identify all the relevant information about an online user. Multiple computer systems that have access to online user information may need to identify and delete the information. This can be inefficient and may require an online person to ask multiple services to remove their information. A data privacy solution that allows users to opt in or out of receiving information about them could improve the efficiency with which requests are processed.
Embodiments” of the disclosure are devices, systems and methods, computer-readable mediums, techniques and methodologies that provide a streamlined method for managing dynamically opt ins/outs of data privacy for any number of individuals. Certain embodiments offer new techniques to track and manage an individual’s opt-ins/outs in any number of privacy laws. “Although described primarily within the context of California’s Consumer Privacy Act and the General Data Protection Regulation of the European Union, aspects of the invention can be applied to other types of data privacy laws in any jurisdiction.
In one or more embodiments a compliance service can facilitate compliance with laws and regulations of computer systems by acting as a clearinghouse for multiple computer system, which could include other clearinghouses. The clearinghouse compliance service, for example, may identify a request from an online user to opt in to data privacy protection (e.g. to opt out of certain data collection capabilities by computer systems) and may communicate with multiple computer systems (e.g. online services), that the online users has requested deletion of certain information (e.g. Internet browsing habits or purchase histories, or even information provided or acquired through social media or likes and dislikes). The online user does not have to send requests to every service in order to opt out of the data collection capabilities. When the clearinghouse notifies an online service that a user has chosen to opt out from data collection or targeted content, then the online service will need to adjust its processes in order to avoid data gathering and/or targeting content to comply with the laws and regulations and/or the user preferences.
In one or more embodiments of the technology, when an online service identifies a user, it may ask the clearinghouse service for confirmation that the user has consented to data collection and/or content targeted. When an online user signs in to an account or enters search queries, the computer services may need a confirmation that the user has consented to data collection and/or content targeted. This will allow the computer services determine if they can collect, analyze and share information about the user and if they are able present targeted content. The computer service can request an opt-in or opt-out confirmation from the clearinghouse services, and they will respond with information about which privacy protections and privacy settings have been selected by the online user. The clearinghouse can notify computer services that a user has chosen to opt in or out of privacy options.
In one or more embodiments an online user can select an opt-in/out option on a device. The device will then send this opt-in/out choice to the clearinghouse or another service, device or network that could provide the user’s opt-in/out preference to the clearinghouse. The clearinghouse service can be informed of any privacy settings before the computer service asks for the user’s privacy.
In one or more embodiments the clearinghouse service can identify the Internet Protocol (IP) address of an online user, their account or any other information about them or their device. Clearinghouse services can manage privacy settings on one or more IPs, user account contact information, billing addresses or other data. The clearinghouse can identify an online user by identifying the IP address of the online service or any other information. A clearinghouse service can determine the location of an online user (with the consent of the user and in compliance with all laws and regulations), based upon a user account. Based on the user’s current location, the clearinghouse service can determine if the user has chosen to opt into or out any privacy laws or regulations applicable for that location. The clearinghouse can use browser cookies to determine a user. This allows the clearinghouse to be independent of Internet service provider (ISP).
In one or more embodiments a clearinghouse may have access ISP data such as online users, their residences and IP addresses. The clearinghouse service can identify online users based on their IP addresses or ISPs. It may also determine which opt-ins and opt-outs the online user has selected and whether they are relevant to the user’s location. The clearinghouse service can receive a user’s ISP from a third-party service. The clearinghouse service can determine a user’s location by logging into the ISP account or clearinghouse service.
In one or more embodiments a clearinghouse may store rules that are associated with laws and regulations applicable to any jurisdiction. The clearinghouse service can determine rules for an online user’s place of residence (e.g.) when it identifies the online users. These rules may include privacy, data-sharing, and content-targeting rules. The clearinghouse service can determine whether an online user has made any opt-in or opt-out selections for any rules, and it may indicate to one or more computers services that they may or may be able to collect, analyze or share information or content with the online users based on their selections.
In one or more embodiments with the consent of computer services concerned, the clearinghouse service can analyze whether any computer service is in compliance with privacy, data sharing, or targeting laws or regulations. The clearinghouse service can send messages to online users asking for feedback on whether a computer system complies with laws and regulations. For example, messages may ask online users if they have noticed any violations (e.g. whether an online user has observed tracking or content targeted by an online service). The clearinghouse service can request that computer services confirm that privacy settings for online users have been implemented. The clearinghouse service can collect data and metrics from online users or computer systems, analyze them to determine if there are any issues with non-compliance, what laws and regulations were violated, in which jurisdictions they occurred, which computer services caused the non-compliance, and to calculate metrics like percentage compliance. The clearinghouse service can report metrics to online users or computer services.
In one or more embodiments the clearinghouse services may create test clients, such as robot clients, to monitor compliance. An online user, for example, could use an application or tool running on a device to execute and inspect their online traffic through one or more computer systems (e.g. web browsers or social media or online merchants). The tool or application may give feedback to the clearinghouse service, indicating whether or not the online user has selected opt-ins or opt-outs. A web browser tool, for example, may be executed with a browser to indicate whether or not the online user’s selections of opt in and out are implemented.
In one or more embodiments multiple clearinghouse services can perform clearinghouse service action to monitor and facilitate the use of online privacy opt ins. A main clearinghouse service can be used to request online user opt-in and opt-out information for any number of services (e.g. a network). Clearinghouse services can, for example, tell computer services from which clearinghouse service they should request information about online user opt-ins and opt-outs. Clearinghouse services can communicate to receive and request information about online users opt ins and opt outs. One clearinghouse service, for example, may give information about an online user or a specific jurisdiction to another clearinghouse.
The above descriptions were provided for illustration purposes only and not to limit. There are many other examples, configurations and processes that may exist. Some of these are described below in more detail. “Example embodiments are now described in detail with reference to the accompanying figure.
FIG. The schematic diagram 1 illustrates an example system architecture that provides a streamlined opt-in/opt-out data privacy management in accordance with a number of embodiments. As shown in FIG. As shown in FIG. Clearinghouse 112 (also known as a “data policy clearinghouse” or a “policy server?” “), and a data base 114 that stores one or more records of users 116.
In some embodiments, consumers or users may access one of The user device 102 can be used directly or through the The user device may be any processor-driven device, including The user device 102 can include, for example, Desktop computer (PC), mobile computer (PCS), P A mobile internet device (MID), a mobile phone, Device or computing device. A device that supports dynamically This list may include other devices, such as smart devices like
The third-party systems 110 can include, for instance, a destination (e.g. a web address visited by the user of the device 102) or an advertiser (e.g. an advertiser who is associated with an advert displayed on a webpage visited by the device 102) or any other system from a third-party (e.g. a company collecting data that’s protected by at least one data privacy law). Third party systems 110 can provide websites, social media platforms and other online content. Third party systems 110 can track online user behaviors (e.g. which websites an internet user visited, what content they viewed, or interacted with in other ways, and which items an online consumer purchased, etc.). Third party systems 110 can track online user behavior, share the information with other systems and create targeted ads or content based on that data. The clearinghouse 112 may ask the third-party systems 110 if they can perform this tracking and analysis. Third party systems 110 can request online user settings, such as opt-ins and opt-outs, with regard to privacy rules and regulation. The requests can identify an online user as well as a location to enable the clearinghouse 112 determine whether or not the online users has opted in or out for respective rules and regulations associated with their location. Clearinghouse 112 may provide online user settings to third-party systems 110. These settings may be used to determine if the third-party systems 110 can collect, analyze or monitor online user activity. According to the settings of the online users, the third-party systems 110 might have to delete certain online user data for compliance. They may also activate or deactivate tracking, analysis and content generation functions. The clearinghouse 112 may instruct the third party systems 110 which clearinghouse service to use in order to request online user privacy preferences. The clearinghouse 112. may choose to monitor and/or analyze the compliance of the third-party systems 110. They may also provide compliance information to clearinghouse 112.
In some embodiments, the user device 102 is required to provide or otherwise identify one or more data privacy law opt in or opt out indicators prior to or when attempting to access the one or more resources (e.g., the Internet, a cable access network, the networks 108, the third party systems 110, etc.). In some embodiments, each of the data privacy law opt in or opt out indicators are associated with a particular data privacy law and/or a specific permission associated with a particular data privacy law. For example, a first indicator (e.g., FLAG 1, as depicted in FIG. 1 ) may be associated with the California Consumer Privacy Act (CCPA) permission regarding the tracking and use of data associated with the user device 102 for monetization activity by a third party (e.g., the third party systems 110). The indicator may have a first value (e.g., a single bit equal to ?0?) to designate an opt in with respect to the particular permission, and may have a second value (e.g., ?1?) to designate an opt out with respect to the particular permission. In other words, the value of the FLAG1 indicator may depend on whether the consumer has opted in to allow their activity on the user device 102 to be tracked or, alternatively, whether the consumer has opted out to prevent the tracking of their activity. While discussed with respect to the CCPA, it is understood that the opt in and opt out indicators may be associated with any data privacy law and with any particular data privacy law permission.
Records of the opt-in/out decision by the user can be kept on the device or in a central data base.” In some embodiments the user device stores the opt in/out indicators in one of more device records 104. Device records 104 can include one or multiple data fields 104a with values 104b. The device record 104, as shown in the illustration, includes an ‘ID’. The?ID?DATA field has a value of “ID1abc” “and various opt-in or opt-out permission indicator fields (e.g. FLAG1, FLAG2, and FLAG N), with various opt-in or optout permission values (0, 1, 1 respectively).
Click here to view the patent on Google Patents.