I am raising these issues with Sony's practice on data privacy matters to the attention of Sony's DPO. As this is of general interest to all Sony customers, esp. those using Sony phones, I'm hoping to share their reply here shortly.
1) Data privacy breach / noncompliance with the GDPR:
Explicit consent is required from me to agree to send usage data and I had *denied* permission for both purposes of diagnosrics and marketing. Yet after install, I went to these two menus:
- About phone > Xperia service settings > Marketing data usage
- About phone > Detailed diagnostics
only to find that they were both checked, overriding my express wishes and without so much as informing me of the change.
I don't know if this is an issue with the installation procedure or the subsequent system updates that were applied after install.
@DPO: Could you give me assurance that this will be looked at and keep us updated on the resolution please?
2) Data privacy policy for the UK
The consent for Sony to monitor the "artist name, the number of music and albums" that I listen to does not obviously relate to diagnostics data for the purpose of fine-tuning Sony tech or support. This sounds more like an overreach.
@DPO: Could you please explain the rationale for collecting musical tastes data in context of the stated purpose?
Please also confirm whether the data collected for detailed diagnostics includes browsing history (i.e. websites visited)? The policy is ambiguous on that topic.