Important Updates to Viki’s Privacy and Cookies Policies

I have no idea how many of you have ever read Viki’s Privacy and Cookies Policies, but with the new transparency changes, you really should.

Of course, it’s written in such a manner to have you believe that everything is perfectly natural and that there’s nothing to worry. There is, though, reason to worry.

Viki uses analytical tools to record the information and activity of its every user alongside the device that is used to access its website or app. This data is then sent off to its parent company, Rakuten. Pretty much all companies do this.
It doesn’t stop there, unfortunately.
Two things in particular are very worrisome:

Asset purchasers. If anyone else should purchase Viki or parts of it, the company will also sell off its user database. In fact, when Rakuten bought Viki, it didn’t just buy a company with some servers and a website. Rakuten bought an entire database full of users that could be used for profit, namely to sell you things and send you ads.
I know. Ads are used to sell you things, so why did I keep them separated? Well, here comes the second worrisome thing that I’ve noticed:

Third Party Advertisers. If you don’t have a Viki pass or a free, uninterrupted experience as a volunteer, Viki will send you ads before and during a drama or movie. The problem is that Viki outright states that it has zero control over these ads. If it’s something sensitive or meant to deceive you, Viki takes no responsibility. Keep that in mind.

There’s much more, of course, so please read Viki’s Policies:
https://www.viki.com/privacy

https://www.viki.com/cookie

I don’t think that any of these are unexpected or out of the norm.
As long as they don’t start sending ads to my email inbox, I understand these things as necessary evils and won’t mind them.

As a volunteer or Viki pass subscriber, which I recommend everyone become one or the other, users don’t have to worry about ads. The problem is with these “asset purchases.” This whole privacy debacle began when Facebook user information was sold off to some company involved in political schemes. Scary stuff!!
Why is Viki doing the same? Facebook didn’t get away with it, and it’s Facebook. It’s a giant.

I’m afraid Facebook has gotten away with it, mainly for two reasons:

1. The technology and the abuse of it are developing faster than the laws can be written, voted on and accepted;

2. Facebook operates internationally and thus far there are no laws which can operate internationally, as well.

But yes, we should at east know what we are signing when we say we agree with Viki’s Terms of Use. I think even Viki would like us to be acquainted with those.

I just got a pop up on facebook to check the new setting for the new standard in the EU. I really value my privacy and don’t want my info to be sold or shared but then you should go off the internet all together so that made me think what can they actually do with that info? Spam me more? I can always delete it.

I remember that back in the day, before we had internet at home and before all the social media, I was a member various Michael Jackson fanclubs based in The Netherlands and every once in a while I recieved letters from other MJ fanclubs in Europe. If I liked them I looked into them if I didn’t I just threw it away. I think this is the same kind of thing except now it’s all digital so you can just hit delete and ignore it.

I understand what you mean. I tried to translate this into a physical shop situation. The shop owner decides to sell, and sells the shop, the furniture, the stock, sometimes the name, together with something in Greece is called “the air”. It sounds funny, but it means the intangible assets like the reputation it has acquired in the neighbourhood and the fact that there are regular clients visiting it - some may stop being clients when the management changes, but some may stay. This “air” is sold quite dearly, depending on the shop’s location, reputation and the number of years or decades it’s been there.
If that shop included a database of clients with their names, addresses and phone numbers (because they maybe ordered stuff to be delivered at home), would it pass this to the new owner together with the rest? I suppose not, but I’m not very sure of what are the laws on that.
But even without such a written database, being a physical shop, the clients are included in the “air”. They will come anyway, at least once, before they are aware of the management change. Or even after, out of curiosity. I know I would. Now of course the ball is on the new manager’s court: will he or she be able to keep them by giving consistent quality, equal to that they had been used to, or not?
(When my old dentist retired he left his practice to his daughter whom he recommended to us with warm words. Well, I never went to her. She may have been a great dentist, for all I know, but I didn’t even try her)

It’s a bit of a grey area.

It would be appreciated to have a translated version + FAQ or concrete examples with name of countries and where users are located. What’s the use of a document if it’s not understandable for people it was meant for?

https://dwworld.co.uk/wp-content/uploads/2018/02/GDPR-data.jpeg

Because of the new EU norm “GDPR” General Data Protection Regulation that will apply in 1 month, they have to update their data protection policies (penalties like 4% of their turnover - max 20 million).
The EU was in talks for this regulation since a few years ago:
If you’re a company in the EU => you have to follow the GDPR (set up process and procedures…)
If you’re a company not in the EU but you manipulate EU data (from EU users) => you also have to follow the GDPR for EU data (and not data that does not concern EU citizens).

You can find more info on the official EU GDPR website and what companies have to do and your rights here: https://www.eugdpr.org/key-changes.html

I don’t know if non European users will be concerned on Viki.
It feels like it’s purposely blurry, not translated and click there and there to make people confused and to make them give up, as always in this type of document. I read in 6 b “i. Rights applicable to EU users” and “ii. Rights applicable to California Rights”. Where is the rest of the world? And then data transfer, what is it about? You click there https://corp.rakuten.co.jp/privacy/en/bcr.html you found at least something in your language.
I don’t understand: if our data is moved to another company of the group, the intern law is applying. But which intern law? The law of the location of the customer or the law of the location of the company it is transfered to? Is it up to date?

For GAFAM that will be impacted: I didn’t read anything about Apple, Amazon.
On Facebook, they decided to apply it to European users and since their Irish subsidiary (in EU so the GPDR is applying) was the data center for users located in Australia, Africa and Asia, they decided to move this data center to their headquarter in Silicon Valley so they don’t have these limitiations for people from these continents, countries.
Articles here:
https://www.theguardian.com/technology/2018/apr/04/facebook-gdpr-stronger-privacy-protections-eu-data-protection-law-mark-zuckerberg
https://www.politico.eu/article/facebook-europe-privacy-data-protection-mark-zuckerberg-gdpr-general-data-protection-regulation-eu-european-union/

Maybe, that would explain our recent bugs (data processing for the GDPR).

For advertisement:
" For more information about how the online advertising industry uses information it collects to provide you with tailored advertisement, and to control whether you want to receive those relevant advertisement from Our third-party advertisers, please review the information at the following links: The Network Advertising Initiative; and Your Ad Choices."
I tried to look at the latter one, and I didn’t know that it existed.
I don’t know who their 3rd party advertisers are. Are they the same as their cookies tiers?
Google decided to develop ads that don’t use personal data.
About advertisement, there’s a thing on the GDPR (I didn’t read it). But if it’s not Viki who’s responsible for their ads, then the 3rd party advertiser is?

For privacy on the internet to every party, I think it’s utopia.
If you share info to another server and it stores it up on a database, it’s not “yours” only anymore.
Internet provider, government, NSA, social studies, antivirus, when you install an app on mobile phone, shopping data (you suscribe for a magazine and you receive mails from unknown companies the day after, your collection of loyalty cards), suscribing to a service, following people or “Like” on Instagram (Facebook), using Whatsapp (Facebook), Occulus (Facebook) or Youtube (Google), GPS!
So whenever you use a product involving internet and sharing data between 2 devices.
Against hacking: either you don’t use internet and you won’t be afraid of pirates hacking other websites that you use (but since NSA was hacked…), either you use it and hope that their shield is strong enough.

There was this report about leaving less trace of you on the internet (2 or 3 years ago?), I don’t remember well but it was like using some browsers like Duckduckgo, but we don’t find every website. And for mobile, it was using a satellite mobile XD

We’re a “data-driven economy”:
http://theconversation.com/the-data-war-behind-net-neutrality-89644

What I find difficult is the limit between individual rights of private life and legitimate interest of companies to use, storage the data and use it for prospective goals. Is it compatible?

@irmar I think “the air” is referring to the “goodwill”. An owner of a client database can sell it.
https://www.investopedia.com/terms/g/goodwill.asp

It’s not really the same, though. You can’t ignore your own personal data being moved from one place to another and sold off as goods. The moment you go online, everything you type, search for, shop, hand out like email and address and phone number is permanently stored on various servers by various companies that use such information to make a profit. Worse is when such information is used for political schemes, which in fact is what started all of this.

On Facebook please check the settings for your ads: https://www.facebook.com/help/568137493302217?ref=shareable

And privacy: https://www.facebook.com/help/213802165366955?ref=shareable

You will be surprised to know how much FB knows about you.

You can do the same with your Google account: https://privacy.google.com

On Viki all you can do is to keep your personal info safe. Don’t share your account with anyone for whatever reason, especially if you have a valid credit card attached to it.

But did he also leave the phone numbers and addresses and medical files of his patients to her? If he did, he automatically broke the confidentiality between patient and medic, which is governed by EU laws. It doesn’t matter that is was his daughter. If he didn’t turn over the files and just handed them out to his daughter, he broke the law.

Imagine then Viki doing the same with its user database when it was purchased by Rakuten.

The point isn’t to change anything. Just as @bozoli mentioned, “technology and the abuse of it are developing faster than the laws can be written, voted on and accepted.”

Viki is just informing you, the user, that your data will be transferred to their servers in Japan and Singapore and the U.S. and that it might also be sold off. It’s just one big FYY. Even if it’s translated into another language, it will be the same content. “If you don’t like it, leave.” It’s the same with Facebook. During his Senate hearing, Mark Zuckerberg clearly states that users are “always free to delete their account.” Problem solved, as it were.

All you can do you is to just check your Facebook and Google privacy and ads settings.

Facebook ads: https://www.facebook.com/help/568137493302217?ref=shareable

Facebook privacy: https://www.facebook.com/help/213802165366955?ref=shareable

Google settings:https://privacy.google.com/

It would be good if Viki made a more serious effort to explain their position.

Is this just a standard disclaimer or do they simply not care about putting in an effort?

There are two main possibilities in my mind:

1. It’s a standard disclaimer because it’s impossible to control every situation but Viki/Rakuten will try to avoid using unscrupulous online advertising companies.

2. They don’t care about trying to protect their users from malicious advertising that could potentially result in viruses.

Of course there are a ton more possibilities but those are the two main ones that come to mind for me.

This is an opportunity for Viki and Rakuten to make their position clear. “As you can see we make sure the online advertising companies we choose to provide the ads have been vetted and must ensure they meet certain standards so our users do not end up with malware on their computer if they click on a part an advertisement”

Zuckerberg just promised USA Congress he will extend those protections that EU citizens enjoy to all USA citizens. No timetable was given, however.

USA Congress is also “caring” about this for five minute.

The compromise we accept to join a truly global society is one we cannot hesitate to question…yet likely not escape the consequences of our choosing to join the world.

Secrets of the Three Untouchable Crunchy Donuts all for Denisse

There’s a difference between medical records (sensitive) and clients database

• Doctors don’t have clients but patients and have to get the consent of the patient to transfer his medical records to another doctor or the patient picks his own doctor (in France and in USA too for doctors or radiologists: https://www.aafp.org/practice-management/administration/finances/start-close-practice.html
  http://www.hcpro.com/content/42948.pdf). I didn’t know for America! Wonder how it is in Korea or China!

• Commercial professions that have a clients database (except some areas like bank): they can sell it if they get our consent. In general, when we suscribe for a product/service, they inform us in their terms and we just accept them if we want to suscribe.

I agree with Bozoli and you that law is long to release and some are archaïc
That the selling part won’t change.

The other languages translations for people who don’t understand English XD (especially on this international website where many foreigners Vikipass buyers need other languages subtitles to understand). In the new regulation, they’re talking about:“an intelligible and easily accessible form, using clear and plain language.”

“The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.”

Their updated version, because of this new regulation, is clearer, better, but it’s not in my mind enough “clear and plain language”. If I didn’t speak English but one popular language on Viki and I wanted to buy a Vikipass, I find thess policies, would I be able to know my rights by reading them or what Viki does about privacy or cookies?
Even with an English version, I’m not sure being able to find the correct terms with a dictionnary and not to mix notions. But then if a big % of people has to translate it, does the website provides a version that is clear enough?

Compared to the previous version (that mentionned selling, discussion here on a post 1 or 2 years ago), this one is clearer about our rights and what they do.with third party involved. I like this one better.
For me, the change is in the info they provide (it’s a little more transparent than before)

• EU citizens (not just 1 country alone or mine) have more rights on some websites that collect their data consequently to this new regulation (the transfer of data to other countries outside EU mustn’t undermine the level of protection of individuals afforded by the GDPR". I found my answer here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/)
  On rights whom this regulation allows to protect:
  

(For profiling, targeted advertisement, maybe they might give more precisions https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/rights-related-to-automated-decision-making-including-profiling/)
I also
-it gives a limit of time to how long different types of data can be kept.
-it puts restrictions to our data’s use depending on the type of data and the interest of the company.
-If they transfer our data outside EU, they have to provide appropriate safeguards so our protection is still maintained.
-They have to inform us if our data have been hacked.
-It’s better to know that they have to implement processes, employ someone to take care of our protection (DPO), updated their Viki’s Privacy and cookies to make it clearer.

It wasn’t mentionned in the previous policies and for me, it’s a sign that the data security is more taken care of by Viki (they had to deploy extra ressources to comply with the regulation).

Have a good night!