Privacy: Family Organizer can see Authorized Device locations (and IP addresses) of members
Being the Family Organizer (FO) I can see all the Authorized Devices of the members in my account, including the (town?) location and IP address that was last used per device. Although it might help to identify the devices, IMHO this is a breach of privacy of the members. Within my family we do trust each other, but we also respect each others privacy to have their own personal life, especially as the members are adults. I guess this is also valid for near-adult members.
IMHO, each member should be the first person responsible to maintain his/her authorized devices (and as such have access to the location info), and if they cannot fix it, the FO or administrator should step in after obtaining the mandatory approval(s). I.e., the member or some authority above the admin should allow/grant access to this sensitive personal data. That is how it works in my and many other organizations: administrators must needs request access and be authorized to fix things and/or to access sensitive data, and their activities are being audited.
I also have a Business or Teams 1Password account, and I wonder what my adminstrators can see of my locations. Are they able to see the last use locations of my devices as well?
As I reside in the EU, I wonder: is this location display in line with the GDPR of the EU?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
First of all, thank you very much for raising this @fc34. We want to be as clear as possible about what data is made available to whom.
You can read about what Activity Logs to see what is available to Business team administrators. Note that only limited activities are logged. These activity logs do not keep a record of every time someone connects.
We do try to make this (and many other things clear) in our Privacy statement, but we know that most people won't read through such things.
On data controllers and processors
Let me walk through an analogy to help clarify some of the legal and moral concerns here. Suppose Alice, an EU resident, works for Yoyodyne Industries. Yoyodyne wants its employees to connect to various internal resources through a VPN. They use VPNs-R-Us to host the VPN operations.
VPNs-R-Us will acquire Alice's IP addresses at various times and will retain some of that information, but that data will be available to Yoyodyne. In this scenario VPNs-R-Us is a data processor for Yoyodyne, which is the data controller. Both VPNs-R-Us and Yoyodyne have responsibilities to protect Alice's subject data. And Yoyodyne has a responsibility to only use data processors which commit to protecting Alice's subject data. The top of the chain of responsibility lies with Yoyodyne. And it is Alice's relation with Yoyodyne that drives the legitimacy (or not) of the collection and processing of that data in the first place.
Can this be abused?
In that example, VPNs-R-Us can't check that Yoyodyne is handling Alice's data correctly. Perhaps they can check in any individual case, but they can't check for each of the hundreds of thousands of customers that they may have. Any organization that contracts with VPNs-R-Us may be mishandling the data of their team members. Indeed, some entities might be set up deliberately to do so. So now imagine some entity called SuperSeckrt which effectively acts as a reseller for VPNs-R-Us but without letting VPNs-R-Us knowing that that is what they are doing. From VPNs-R-Us's point of view SuperSeckrt is just another data controller. But SuperSeckrt's real business is in deliberately misusing the data that they gather through VPNs-R-Us.
While we can't be expected to check up on our customers, we don't want to be enabling such abuse either. I can't predict exactly how we would respond if abuse of that nature came to our attention, as that would involve lawyers and specific details of the case.
0
