Privacy News: January 9
Lots of surveillance stories, fines for Facebook, Google, and Apple, and much much more!
Lots of surveillance stories, fines for Facebook, Google, and Apple, and much much more!
Surveillance
Fighting ‘Big Brother’: Anti-surveillance advocates in New York seek to halt creeping proliferation of cameras and tracking software
Ben Brachfeld on amNewYork (amny.com)
Anti-surveillance activists are working with progressive lawmakers in Albany seeking to curtail the proliferation of “Big Brother” as as government and corporate surveillance become an increasing part of everyday life. The coalition plans to unveil on Monday a 10-point blueprint to make New York a “sanctuary state” against surveillance, starting with bills to ban “geofence warrants” and prohibit police from using fake social media accounts to ensnare suspects.
Conservative group targets migrant cell phone data at NGOs, raising privacy concerns
Pablo De La Rosa on Texas Public radio (tpr.org)
The Heritage Foundation locked on to the locations of at least 30,000 cell phones at non-government (NGO) migrant aid shelters and Customs and Border Protection (CBP) facilities. The Washington D.C.-based conservative think-tank then continued tracking the movement of the devices across the country over the course of at least a month in January 2022. Catholic Charities of the Rio Grande Valley and the Del Rio and Val Verde CBP processing stations in Texas were among the more than 30 migrant facilities that were “geofenced” for data tracking in a report released in December by Heritage.
San Francisco Police Are Using Driverless Cars as Mobile Surveillance Cameras
Aaron Gordon on vice.com
“Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads,” an internal training document states.
Tracked, detained, vilified: How China throttled anti-covid protests
Cate Cadell on The Washington Post (washingtonpost.com)
After widespread protests, China relaxed its strict covid controls. But on the protesters themselves, the government unleashed a police state brimming with new surveillance technology.
Controversial Facial Recognition Software Has Been Implemented At Airports Across America - How Will Travelers Respond?
Will McGough on Forbes (forbes.com)
The program claims to make security screening faster and safer. But there are privacy and data concerns as well.
Facebook, Google, and Apple fined
Meta prohibited from use of personal data for advertisment
noyb (noyb.eu)
This is a big one, because the Irish Data Protection Commission not only handed out a big fine, it required Facebook, Instagram and WhatsApp to get opt-in consent to use the personal data of users for behavioral advertizing in the EU. Of course, Facebook et al will no doubt try to come up with another legal basis for using the data, at which point there will be another court case, but this is the biggest threat yet to their business model. Kudos to noyb, which first brought the complaint five years ago!
ALSO:
- €390M fine strikes blow to Meta’s ad-fueled business model, Vincent Manancourt on POLITICO (politico.eu)
- The Slow Death of Surveillance Capitalism Has Begun, Morgan Meaker on WIRED on (wired.com)
- Meta’s Ad Practices Ruled Illegal Under E.U. Law, Adam Satariano on NYTimes (nytimes.com)
- Refresher: The GDPR’s Six Legal Bases for Data Processing, Müge Fazlioglu, IAPP (iapp.org)
- Could the EU’s decision against Meta affect data privacy policies in the U.S.? Andrea Fox on Healthcare IT News (healthcareitnews.com)
- Meta to appeal £345m fine for Facebook and Instagram privacy breaches, Bill Goodwin, on ComputerWeekly.com (computerweekly.com)
- The Irish Data Protection Commission's announcement
- How Meta Uses Legal Bases for Processing Ads in the EU, Meta's laughable response
Apple fined €8M in French privacy case
Laura Kayali on POLITICO (politico.eu)
France’s data protection authority CNIL has fined Apple €8 million for privacy violations. The regulator found that the U.S. tech giant did not "obtain the consent of French iPhone users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals," according to a statement released Wednesday.
ALSO:
- CNIL Fines Apple 8 Million Euros Over Personalized Ads, Hunton Andrews Kurth’s Privacy and Cybersecurity on The National Law Review (natlawreview.com)
Google to Pay $23 Million in Search Privacy Deal With Users
Andrea Vittorio on Bloomberg Law (news.bloomberglaw.com)
Alphabet Inc.’s Google agreed to pay $23 million to resolve a long-running lawsuit brought by consumers who claimed its search engine shared their queries with advertisers or other third parties without their permission.
ALSO:
- Google Agrees to Pay $23 Million Over Privacy Issues, Report Says, Oscar Gonzalez on CNET (cnet.com)
State privacy law
All things ‘California Privacy Law’ with Lothar Determann
on International Association of Privacy Professionals (iapp.org)
IAPP Editorial Director Jedidiah Bracy, CIPP, chats with Lothar Determann about the new edition of ‘California Privacy Law.’
ALSO:
- California Privacy Law, Fifth Edition (Digital), Lothar Determann, the new edition
And ...
Twitter leak: 200m+ account database now free to download
Jessica Lyons Hardcastle on The Register (theregister.com)
No passwords, but planety of stuff for social engineering and doxxing.
ALSO:
- Data From 200 Million Twitter Users Offered For Free On Hacker Forum, Peter Suciu on Forbes (forbes.com)
Meet The Spy Tech Companies Helping Landlords Evict People
Nick Keppler on vice.com
The growing ‘proptech’ industry is now explicitly marketing surveillance tech as a way to evict tenants and raise rent.
Adobe will use your work to train its AI algorithms
Katyanna Quach on The Register (theregister.com)
Content analysis system scans data stored on its Creative Cloud services
Advancing ethics review practices in AI research - Nature Machine Intelligence
Madhulika Srikumar on Nature (nature.com)
The implementation of ethics review processes is an important first step for anticipating and mitigating the potential harms of AI research. Its long-term success, however, requires a coordinated community effort, to support experimentation with different ethics review processes, to support experimentation with different ethics review processes, to study their effect, and to provide opportunities for diverse voices from the community to share insights and foster norms.
It’s 2023, and tech is still pushing unsafe products
Tatum Hunter on The Washington Post (washingtonpost.com)
CES brings a flood of new products for consumers — often with little vetting from their makers.
Back into the Trenches of the Crypto Wars
Julia Angwin on The Markup (themarkup.org)
A conversation with Meredith Whittaker
Apple wins US biometric privacy case on appeal
Jim Nash on BiometricUpdate.com (biometricupdate.com)
Apple does not violate BIPA by offering owners of its mobile devices the ability to unlock the operating system using their fingerprint or face.
Global Spyware Scandal: Exposing Pegasus
on FRONTLINE (pbs.org)
“Global Spyware Scandal: Exposing Pegasus,” a 2-part documentary from FRONTLINE and Forbidden Films, reveals how the NSO Group’s Pegasus spyware was used on journalists, activists, and others.
The Hidden Cost of Cheap TVs
Justin Pot on The Atlantic (theatlantic.com)
Screens have gotten inexpensive—and they’re watching you back.
5 reasons why data privacy compliance must take center stage in 2023
Ameesh Divatia, Baffle, Inc. on VentureBeat (venturebeat.com)
Companies that are proactive in their data privacy and security compliance approaches will find themselves in an enviable position in 2023.
You must now verify your drivers license to watch Pornhub in Louisiana
Amanda Silberling on TechCrunch (techcrunch.com)
At the start of the year, a new law went into effect in Louisiana that requires age verification checks on porn sites.
The ‘godfather of crypto’ wants to create a privacy-focused CBDC: Here’s how
Erhan Kahraman on Cointelegraph (cointelegraph.com)
David Chaum explains his game plan to create a central bank digital currency (CBDC) that would also be appreciated by the crypto ecosystem in an exclusive interview.
Facial recognition error led to wrongful arrest of Black man, report says
Jon Brodkin on Ars Technica (arstechnica.com)
Lawyer says police didn’t check man’s height, weight—or the mole on his face.
Crystal ball privacy in 2023: US states, kids and AI
on International Association of Privacy Professionals (iapp.org)
Goodwin Procter Partner and IAPP Senior Fellow Omer Tene offers a look ahead at privacy in the U.S. for the upcoming year.
The Silicon Ceiling: How Artificial Intelligence Constructs an Invisible Barrier to Opportunity
See all articles by Elana Zeide on papers.ssrn.com
Algorithmic assessments increasingly shape individuals’ success in education and employment. Schools, recruiters, and companies now rely on automated platforms
Apple’s Illinois Biometric Privacy Win Expands Compliance Tools
Skye Witley on Request a Free Demo (news.bloomberglaw.com)
Companies gained a limited new edge in defending their compliance with Illinois’ biometric privacy law, following a recent state appeals court ruling that Apple Inc.’s face and finger identification tools don’t violate the statute.
California’s Sephora Settlement Puts Consumer Privacy First
Jonathan Joseph on Security Boulevard (securityboulevard.com)
Last fall, California drew first blood when it agreed to a $1.2 million settlement with Sephora over the cosmetics company’s violations of the California
Billie Eilish Got Doxxed on the Citizen App
The A.V. Club on Gizmodo (gizmodo.com)
The Citizen app reportedly sent a push notification with Billie Eilish’s address to 78,000 people as her home was being burglarized.
Controversy illuminates rise of facial recognition in private sector
ABC News on ABC News (abcnews.go.com)
Facial recognition software was used bar an audience member from a New York City theater.
Health authority failed to properly report privacy breach, N.W.T. privacy commissioner says
CBC on Yahoo News (ca.news.yahoo.com)
The N.W.T. information and privacy commissioner said the territory’s health authority failed to properly report a privacy breach involving personal medical information that was mistakenly shared with the wrong patient. The commissioner found that the department violated the Health Information Act by…
The latest lesson on biometric data privacy could cost people’s lives
Jim Nash on BiometricUpdate.com (biometricupdate.com)
Two United States government documents about the use of biometric identification in occupied Afghanistan lack any mention of data security on the ground.
Pivotal Moments In Data Privacy History
Brandon Taylor on InformationWeek (informationweek.com)
In the last 18 years, the internet has evolved at warp speed to keep up with busier lives and a craving for mobility, while also trading access for privacy.
Germany could become MEPs’ ally in AI Act negotiations
Luca Bertuzzi on EURACTIV (euractiv.com)
Inter-institutional negotiations on the AI Act are expected later this year, and while the EU Council has reached its position, Germany has reservations on certain points that bring it closer to the European Parliament’s position than that of other member states.
Researchers Could Track the GPS Location of All of California’s New Digital License Plates
on vice.com
After gaining access to a powerful administrative account, the researchers could perform all sorts of tasks inside Reviver, the sole company that sells the digital plates in California.
How do ‘technical’ design-choices made when building algorithmic decision-making tools for criminal justice authorities create constitutional dangers? (Part I)
See all articles by Karen Yeung on papers.ssrn.com
This two-part paper argues that seemingly ‘technical’ choices made by developers of machine-learning based algorithmic tools used to inform decisions by crimina
Meta fined $414m for using personal data without consent
Brandon Vigliarolo on The Register (theregister.com)
Facebook, Insta told to pay up, make changes to data slurping process within 3 months
Palantir’s Covid-era UK health contract extended
Lindsay Clark on The Register (theregister.com)
US spy-tech firm’s controversial work with patient data pushed out 6 months due to delayed data platform procurement
ALSO:
- NHS Palantir contract extension may mean more legal threats, Lindsay Clark on The Register (theregister.com)
The Silicon Ceiling: How Artificial Intelligence Constructs an Invisible Barrier to Opportunity
See all articles by Elana Zeide on papers.ssrn.com
Algorithmic assessments increasingly shape individuals’ success in education and employment. Schools, recruiters, and companies now rely on automated platforms
No more holidays for US telcos, FCC is cracking down
Brandon Vigliarolo on The Register (theregister.com)
Also, LastPass faces class action, and Louisiana says that, while the internet may be for porn, ID is still required
Image Credit: Privacy by Nick Youngson licensed under CC BY-SA 3.0 from Alpha Stock Images via Picpedia.