Join now - be part of our community!

Suspected breach of GDPR on Xperia 10 VI / questionable data privacy policy

profile.country.GB.title
14geronimo
New

Suspected breach of GDPR on Xperia 10 VI / questionable data privacy policy

I am raising these issues with Sony's practice on data privacy matters to the attention of Sony's DPO. As this is of general interest to all Sony customers, esp. those using Sony phones, I'm hoping to share their reply here shortly.

 
1) Data privacy breach / noncompliance with the GDPR:
 
Explicit consent is required from me to agree to send usage data and I had *denied* permission for both purposes of diagnosrics and marketing. Yet after install, I went to these two menus:
- About phone > Xperia service settings > Marketing data usage
- About phone > Detailed diagnostics
only to find that they were both checked, overriding my express wishes and without so much as informing me of the change.
 
I don't know if this is an issue with the installation procedure or the subsequent system updates that were applied after install.
 
@DPO: Could you give me assurance that this will be looked at and keep us updated on the resolution please?
 
2) Data privacy policy for the UK
 
The consent for Sony to monitor the "artist name, the number of music and albums" that I listen to does not obviously relate to diagnostics data for the purpose of fine-tuning Sony tech or support. This sounds more like an overreach.
 
@DPO: Could you please explain the rationale for collecting musical tastes data in context of the stated purpose?
 
Please also confirm whether the data collected for detailed diagnostics includes browsing history (i.e. websites visited)? The policy is ambiguous on that topic.
4 REPLIES 4
profile.country.GB.title
SatoruGojo
Community Team

Hey @14geronimo try to follow this link

profile.country.GB.title
14geronimo
New

  • @SatoruGojo please read my questions and follow the link I included in my post, which is the policy that applies to the UK not the EU. Then if you know relevant points please share specifics about the two issues I'm raising. The lack of response from Sony's DPO (here or via email) makes me consider raising a complaint with the  ICO as my next step.
profile.country.GB.title
TheRealOG
Community Team

@14geronimo knowing the music you listen to helps them personalize your experience and allows them to give recommendations that enhance your joy using their products in general.

profile.country.GB.title
14geronimo
New

My point exactly. The stated purpose of the consent is to facilitate support of the device, not giving musical recommendations. This is a clear-cut case of overreach that is against the GDPR. I am going to escalate these issues formally.