Privacy News Roundup: February 1
Privacy after Roe, an FTC enforcement action, a federal privacy legislation update ... and more!
Privacy after Roe, an FTC enforcement action, a federal privacy legislation update ... and more!
Privacy after Roe
How US police use digital data to prosecute abortions
Runa Sandvik on TechCrunch (techcrunch.com)
Sandvik looks at court records of cases between 2011 and 2022 to examine how police in the U.S. use text messages, emails, search history to prosecute people seeking abortions. This kind of detailed examination is valuable to see whether legislation intended to protect people seeking abortions is effective – and highlights the need for Washington state's Shield Law's protections against out-of-state law investigations as well as My Health My Data's requirements for websites to get consent before sharing health information with Facebook and Google.
Automated Decision Systems
Using sensitive data to prevent AI discrimination: Does the EU GDPR need a new exception?
Marvin van Bekkum and Frederik Zuiderveen Borgesius on International Association of Privacy Professionals (iapp.org)
This article summarizes the authors' paper on whether collecting special categories of personal data could help debias artificial intelligence, and their arguments for and against a new exemption.
Assessing Impacts of AI on Human Rights: It’s Not Solely About Privacy and Nondiscrimination
Eve Gaumond and Catherine Régis on Lawfare (lawfareblog.com)
Artificial intelligence can significantly impact human rights—both positively and negatively. Human rights impact assessments conceived specifically for AI are needed to prevent potential harms and reap the benefits of the technology.
NIST Risk Management Framework Aims to Improve Trustworthiness of Artificial Intelligence
on NIST (nist.gov)
New guidance seeks to cultivate trust in AI technologies and promote AI innovation while mitigating risk.=
AI wrote a bill to regulate AI. Now Rep. Ted Lieu wants Congress to pass it.
Kate Santaliz on NBC News (nbcnews.com)
The California Democrat, one of a handful of members with a computer science background, wants a nonpartisan commission to recommend new regulations for artificial intelligence.
Enforcement
FTC Fines GoodRx $1.5M for Sending Medication Data to Facebook for Ads
Thomas Germain on Gizmodo (gizmodo.com)
As well as a $1.5 million fine, GoodRx has agreed to a first-of-its-kind provision banning the company from sharing health data with third parties for ads. As Germain reports:
"GoodRx’s privacy problems were first uncovered by this reporter in an investigation with Consumer Reports, followed by a similar report in Gizmodo. At the time, if you looked up Viagra, Prozac, PrEP, or any other medication, GoodRx would tell Facebook, Google, and a variety of companies in the ad business, such as Criteo, Branch, and Twilio. GoodRx wasn’t selling the data. Instead, it shared the information so those companies could help GoodRx target its own customers with ads for more drugs. According to the FTC, that’s illegal."
ALSO:
- FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising, the Federal Trade Commission (ftc.gov)
Calif AG puts mobile app developers on notice over privacy
Jessica Lyons Hardcastle on The Register (theregister.com)
California's attorney general Rob Bonta has sent letters to businesses with mobile apps that (allegedly) ignore opt-out requests or sell users' data. The letters focus on retail, travel and food service apps.
Big changes coming for GDPR enforcement on Big Tech in Europe?
Natasha Lomas on TechCrunch (techcrunch.com)
In what looks like a meaningful -- and long overdue -- reforming step, the European Commission has committed to dial up its monitoring of how data protection authorities at the EU Member State level enforce the bloc’s flagship data protection rules against Big Tech.
ALSO
- Europe-wide overhaul of GDPR monitoring triggered by ICCL, Johnny Ryan on Irish Council for Civil Liberties (iccl.ie)
- EU vows to get tougher on Big Tech privacy violations, Jon Fingas on Engadget (engadget.com)
Federal Privacy Legislation
A view from DC: From consumer protection to innovation and data
Cobun Zweifel-Keegan on International Association of Privacy Professionals (iapp.org)
IAPP's Managing Director discusses last week's Future of Data Privacy and Security in the 118th Congress, hosted by R Street.
"Like dormant sugar maple trees, policymakers are just beginning to wake up as the days lengthen into the new term. Whether innovation, competitiveness, safety, security or even pure privacy concerns drive the narrative, the policy discourse is tapped and ready to flow in 2023."
And ...
Child welfare algorithm faces Justice Department scrutiny
Sally Ho and Garance Burke on Associated Press (apnews.com)
The Justice Department has been scrutinizing a controversial artificial intelligence tool used by a Pittsburgh-area child protective services agency following concerns that it could result in discrimination against families with disabilities.
How surveillance tech helped protect power — and the drug trade — in Honduras
Anna-Catherine Brigida on Coda Story (codastory.com)
How big-name monitoring software from companies like Cellebrite and Palantir made Honduras a hotbed of spy tech.
Modi Is Muzzling Big Tech
Rishi Iyengar on Foreign Policy (foreignpolicy.com)
Silicon Valley has spent years courting India, but its companies face an increasingly tricky censorship minefield in the world’s largest democracy.
Google Fi says hackers accessed customers’ information
Carly Page on TechCrunch (techcrunch.com)
The virtual cell service said customers’ data was exposed following “suspicious activity” relating to its primary network provider.
Could a More Powerful Web Tracker Be Good for Your Privacy?
Thomas Germain on Gizmodo (gizmodo.com)
Full Throttle is launching a new, souped-up tracker as Google moves to kill third-party cookies.
What does GPT-3 “know” about me?
Melissa Heikkilä on MIT Technology Review (technologyreview.com)
Large language models are trained on troves of personal data hoovered from the internet. So I wanted to know: What does it have on me?
French Senate backs AI-powered video surveillance for Paris 2024 Olympics
Laura Kayali on POLITICO (politico.eu)
A majority of senators voted against introducing facial recognition.
Project Texas: The Details of TikTok’s Plan to Remain Operational in the United States
Matt Perault on Lawfare (lawfareblog.com)
Last week, senior TikTok executives held a private briefing to review the details of Project Texas and the contours of the national security agreement it is negotiating with the U.S. government.
News release: Home Depot’s failed to obtain customer consent before sharing personal data with Meta
Office of the Privacy Commissioner of Canada (priv.gc.ca)
Alberta Justice Minister Accused of Privacy Breach in Law Society Hearing
Charles Rusnell on The Tyee (thetyee.ca)
Shandro’s testimony allegedly violated the privacy of a witness by referencing secrets he gained in an official role.
Privacy and data protection too often suspended at EU borders
Wojciech Wiewiórowski on EURACTIV (euractiv.com)
Privacy and data protection are part of the human rights too often suspended at the borders of the European Union - as long as we continue treating migration as a ‘problem’, fundamental rights will remain compromised, Wojciech Wiewiórowski writes.
Highly intrusive spyware threatens the essence of human rights - Commissioner for Human Rights - publi.coe.int
Council of Europe on Council of Europe (coe.int)
Strasbourg 27/01/2023
Brazil’s Telecom Operators Made Strides and Had Shortcomings in Internet Lab’s New Report on User Privacy Practices
Karen Gullo and Veridiana Alimonti on Electronic Frontier Foundation (eff.org)
Brazil’s biggest internet connection providers made moderate advances in protecting customer data and being transparent about their privacy practices, but fell short on meeting certain requirements for upholding users’ rights under Brazil’s data protection law, according to InternetLab’s 2022 Quem..…
FTC Finalizes Order with Ed Tech Provider Chegg for Lax Security that Exposed Student Data
the Premerger Notification Office Staff on Federal Trade Commission (ftc.gov)
The Federal Trade Commission has finalized its order with education technology provider Chegg Inc.
Decoding the Hype About AI
Julia Angwin on The Markup (themarkup.org)
A conversation with Arvind Narayanan
Happy Data Privacy Day: On the Essential Link between Data Processing and Security
David Hoffman on Lawfare (lawfareblog.com)
Today is Data Privacy Day, an annual event in which I am — rather proudly — personally invested. Data Privacy Day began with a conversation at my dinner table eight years ago, when Leonardo Cervera Navas (then with the European Commission and now with the European Data Protection Supervisor’s office…
Apple sued for promising privacy, failing at it
Thomas Claburn on The Register (theregister.com)
What’s allowed for Cupertino is verboten for everyone else
Privacy-by-design can be a source of value and opportunity, not cost
Divsha Bhat on Gulf Business (gulfbusiness.com)
Privacy can become a selling point and a source of value, especially when it is implemented by design and not reactively.
States and Counties Making Fresh Progress on Privacy
Thad Rueter on GovTech (govtech.com)
This year’s Data Privacy Week drew attention to the increasing role that cybersecurity is playing for government. Public agencies are responding via new hiring but still face big challenges.
Experts, students shed light on tech user privacy concerns and online safety measures
Rebeka Zeljko on The California Aggie (theaggie.org)
An interesting article in UC Davis' campus newspaper looks at invasive technologies and how they manifest in day-to-day life, with perspectives from students as well as the school's academic associate director for academic technology services.
What’s on the Global Horizon for Data Privacy in 2023?
Shannon Knapp on JD Supra (jdsupra.com)
Expect another year of regulatory ambiguity for international data privacy laws in 2023, as the European Commission reviews the EU-US Data Privacy...
The privacy concerns at the heart of Wisconsin’s TikTok ban
Joy Powers on WUWM (wuwm.com)
Michael Zimmer, the director of the Center for Data, Ethics and Society at Marquette University, comments on the recent common bans of TikTok among U.S. governments.
Privacy assistant Jumbo tears down its paywall
Romain Dillet on TechCrunch (techcrunch.com)
Jumbo, an app that lets you control your privacy on the web, is hitting the reset button — sort of. While the company is still focused on privacy and security, users can now download and use all features for free as the premium subscription is gone. In addition to this pricing update, Jumbo’s newest…
Just 16% of shoppers feel confident in managing data privacy and security
Isabel Cameron on Latest Retail Technology News From Across The Globe - Charged (chargedretail.co.uk)
Just 16% of UK consumers feel completely confident in managing their data privacy and security online according to security company Ring.
Data Privacy and the United Nations Sustainable Development Goals
Abraham Díaz on The National Law Review (natlawreview.com)
In the frame of the International Data Privacy Day celebrated around the world every January 28, it is worthy to remember the relevance gained worldwide by this subject matter as time goes by, as well
Small business spending on data privacy up 17% in 2022, higher than medium, large firms: Cisco study
MSME Desk on Financialexpress (financialexpress.com)
Spending at larger organizations remained relatively unchanged after steep increases from 2019 to 2020, the study said. The average privacy spending was $2.7 million in 2022.
CDT Comments to NTIA on Mobile App Ecosystem Competition
George Slover on Center for Democracy and Technology (cdt.org)
CDT's comments in response to the National Telecommunications and Information Administration’s (NTIA) request for input on the state of competition in the mobile apps marketplace highlight the need for improvement, with just two platform ecosystems, Apple and Google, controlling the key delivery pipelines that connect app developers to app users.
Google Asks 9th Cir. to Reconsider Child Privacy Law Preemption Ruling
Christina Tabacco on Law Street Media (lawstreetmedia.com)
Does the federal Children’s Online Privacy Protection Act (COPPA) preempt state invasion of privacy and consumer protection laws? Google and YouTube think so. We'll see what the judge says.