Skip to content

Privacy News: October 4 mega-update

Federal privacy legislation, post-Roe privacy, automated decision systems, news from "across the pond" ... and much much more

A road sign in the shape of an arrow with the word Privacy

Once again, it's been over a week since the last update so this is a loooong list. Where to start?  With federal privacy legislation, of course, followed by post-Roe privacy, automated decision systems, news from "across the pond" ... and much much more, with almost 50 links all together.

Federal privacy legislation

Passage of Federal Privacy Bill Remains Possible This Year, Remains a Continued Priority

Kristin L. Bryan, Jeffrey L. Turner, Beth L. Goldstein, and Kyle R. Fath on National Law Review (

At the Washington Post Across the Aisle livestream last Thursday – right before the House went on recess until after the election – American Data Privacy and Protection Act (ADPPA) co-sponsor Rep. Frank Pallone pointed to the upcoming "lame duck" session after the election as an opportunity to pass privacy legislation and expressed optimism.  Of course, he's got to say that, so it's hard to know what to read into it.  I'll have a longer update on ADPPA in the next few days; for now, here's the video, my live-tweeting thread, and an "unrolled" version of the thread.

House Democrats debut new bill to limit US police use of facial recognition

Zack Whittaker on TechCrunch (

The new Facial Recognition Act would require police across the United States to first obtain a warrant before using facial recognition technologies. The bill (introduced by Reps. Ted Lieu (D-CA), Sheila Jackson Lee (D-TX), Yvette Clarke (D-NY) and Jimmy Gomez (D-CA) also puts other limits on what law enforcement can use facial recognition for, such as immigration enforcement or peaceful protests, or using a facial recognition match as the sole basis for establishing probable cause for someone’s arrest.  

The announcement on Rep. Lieu's site has details as well as quotes from the sponsors and privacy advocates organizations including supporting the bill including Center for Democracy and Technology, Project on Government Oversight, Access Now, and several Commissioners on the Massachusetts Facial Recognition Commission.  Even though the bill falls short of the moratorium or ban that most privacy advocates (including me) argue is needed, warrant requirements and limits on usage an be valuable steps forward.

Post-Roe privacy

Brian Fung,Clare Duffy on CNN (

California is attempting to stymie abortion prosecutions in other states by making it illegal for Silicon Valley giants and other businesses based in the Golden State to hand over the personal information of abortion-seekers to out-of-state authorities.

Kavitha George, Alaska Public Media - Anchorage on Alaska Public Media (

As Alaskans prepare to vote in November on whether to hold a constitutional convention, the privacy clause is a major focus.

Law professor Danielle Citron: ‘Privacy is essential to human flourishing’

Laurie Clarke on The Guardian (

The American professor of law talks about her new book on the fight for data privacy, the personal dossiers brokers build on us and how, post-Roe v Wade, women’s data in the US may be weaponised.

Automated Decision Systems

AI Is Probably Using Your Images and It’s Not Easy to Opt Out

Chloe Xiang on Vice Motherboard (

In one stark example of how sensitive images can end up powering these AI tools, a user found a medical image in the LAION dataset, which was used to train Stable Diffusion and Google’s Imagen.

The EU wants to put companies on the hook for harmful AI

Melissa Heikkilä on MIT Technology Review (

The new bill, called the AI Liability Directive, will add teeth to the EU’s AI Act and allow consumers to sue companies for damages—if they can prove that a company’s AI harmed them. Katyanna Quach's  Europe considers rules for easier AI compensation claims has more.

AI Data Laundering: How Academic and Nonprofit Researchers Shield Tech Companies from Accountability

Andy Baio on (

Tech companies working with AI are outsourcing data collection and training to academic/nonprofit research groups, shielding them from potential accountability and legal liability.

Judge declares Buenos Aires’ Fugitive Facial Recognition System Unconstitutional

Maria Badillo on Future of Privacy Forum (

On September 7, a trial judge declared the implementation of the Fugitive Facial Recognition System (SRFP, for its name in Spanish) by the Government of the City of Buenos Aires unconstitutional. The decision set an important precedent for risks associated with privacy and intimacy in public spaces.

Post-Brexit privacy

Our plan for digital infrastructure, culture, media and sport

Michelle Donelan, Secretary of State for Digital, Culture, Media and Sport, on the UK Conservative Party's web site (

Key point from a privacy perspective

We inherited GDPR from the EU, and its bureaucratic nature is still limiting the potential of our businesses....  That is why today Conference, I am announcing that we will be replacing GDPR with our own business and consumer-friendly, British data protection system.... No longer will our businesses be shackled by unnecessary red tape.

Peter Thiel’s Palantir Had Secret Plan to Crack UK’s NHS: ‘Buying Our Way In’

Olivia Solon on

Palantir Technologies had a secret plan to deepen its relationship with the UK’s National Health Service without public scrutiny.  The US data-analytics company aimed to buy up smaller rivals that already had an existing relationship with the NHS, according to emails and strategy documents seen by Bloomberg. This approach would hopefully allow Palantir to avoid further scrutiny in working with one of the largest depositories of health data.

Certainly uncertain – data protection reform developments

Jon Baines on Information Rights and Wrongs (

In recent weeks the future of data protection law in the UK has been not just hard to predict, but also hard to keep up with.

And ...

US expected to publish Privacy Shield executive order next week

Vincent Manancourt on POLITICO (

The order is designed to address European concerns over surveillance practices in the US.

Authors for Libraries

Fight for the Future (

Hundreds of authors are speaking out on behalf of libraries, demanding that publishers and trade associations put the digital rights of librarians, readers, and authors ahead of shareholder profits.

Why Google Is Scrubbing Personal Info From Search Results (if You Ask)

Jody Serrano on Gizmodo (

Google’s public search liaison explained in a Q&A how the company attempted to balance users’ desire for privacy against providing information to the public.

FTC seeks more data on Amazon’s $1.7-billion deal for vacuum maker iRobot

Reuters (

The U.S. Federal Trade Commission (FTC) has asked Inc and iRobot Corp for more information on the e-commerce giant’s $1.7-billion buyout of the Roomba vacuum maker.

Tunisia: Dangerous New Presidential Decree Legitimises Invasion Of Privacy, Criminalisation Of Dissidents

Scoop News (

Geneva – Tunisian President Kais Saied’s issuance of a new decree allowing security services to violate Tunisians’ digital privacy is reprehensible and opens the door wide to restricting media work and criminalising practices related to freedom of ...

Optus security breach compromises customers’ passport details

Eileen Yu on ZDNET (

Australian operator says it is investigating “unauthorised access” of personal data belonging to its current and former customers, including dates of birth, phone numbers, and passport numbers.

Online age verification: balancing privacy and the protection of minors

on Retourner à l’accueil CNIL.FR (

Online age verification: a complex issue with significant privacy risks Verifying the age of an Internet user is hampered by the difficulty for the various technical stakeholders on the Internet to really know who is the person behind the computer or smartphone. This need to identify Internet users…

Privacy Pledge signatories dream of alternative internet

Alex Scroxton, on (

A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalisms

Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over their data

Josh Taylor on The Guardian (

In its submission to Privacy Act review telco said giving people right to erase personal data would involve ‘significant’ hurdles and costs

AI generated images face Getty ban as privacy and ownership concerns grow

Jacob Ridley on PC Gamer (

The company believes AI generated images may lead to a legal challenge of some sort.

Google’s ads privacy lead on why it’s fighting to save the ad-funded internet

Claire Norburn on The Drum (

Digital advertising needs to be safer, but giving up on an ad-supported web entirely would be a mistake writes Google’s Claire Norburn.

Would you sell your data for profit? Nearly 50% of Americans said they would

Chiara Castro on TechRadar pro (

Big tech companies already make a ton of money off your data

Uncommon Carriage

Blake E. Reid on SSRN (

As debates over the regulation of “Big Tech” Internet platforms—social media, search, and more—have swirled, scholars, advocates, and policymakers have increasingly focused their attention on the law of common carriage. Common carriage law increasingly is invoked as a talisman to justify the imposition of non-discrimination rules on platforms targeted at both economic discrimination and content moderation.  This Article challenges common carriage law’s coherence as a field and its utility for assessing contemporary Internet policy.

Nicholas LePan on Visual Capitalist (

We visualize the length of service agreements from popular apps, by counting the words and calculating how long it would take to read them.

You Have No Privacy—the Government Bought It From Big Tech

Opinion on The Daily Beast (

Congress needs to put some meaningful guardrails on law enforcement’s ability to buy our data from private entities.

Indonesia Data Protection Law Includes Potential Prison Time, Asset Seizure, Right to Compensation for Data Breaches

Scott Ikeda on CPO Magazine (

An Indonesia data protection law that has been in development since 2016 includes some of the harshest penalties yet seen in national data privacy regulations, along with a right to compensation for data breaches.

Tech firm touts new way to generate first-party data for agencies, publishers without privacy-compliance issues

Michael Bürgi on Digiday (

FullThrottle’s Audience Flume product has been in market for more than a year, but is just being formally rolled out. The company is still awaiting a formal patent.

Attorney general flags urgent privacy law changes after Optus data breach

Paul Karp on The Guardian (

Mark Dreyfus indicates potential reforms to laws regarding data breaches including higher penalties, mandatory precautions and customer notifications

Privacy issue: SC to hear plea against WhatsApp’s policy in Jan

PTI on Economic Times (

A five-judge constitution bench headed by Justice K M Joseph asked the parties to complete pleadings in the matter by December 15.

on Brave Browser (

Recent versions of Brave on iOS include many new privacy features, ensuring that Brave iOS users have the strongest available protections of any iOS browser.

Rohingya seek reparations from Facebook for role in massacre

BARBARA ORTUTAY on Associated Press (

With roosters crowing in the background as he speaks from the crowded refugee camp in Bangladesh that’s been his home since 2017, Maung Sawyeddollah, 21, describes what happened when violent hate speech and disinformation targeting the Rohingya minority in Myanmar began to spread on Facebook.

Impact on Companies of California’s Children’s Privacy Law – Effective 2024

Liisa M. Thomas on The National Law Review (

The California governor recently signed into law the California Age-Appropriate Design Code Act, which will go into effect July 1, 2024. The law applies to “businesses” (as defined by

Meta says ad-free Instagram client The OG App breaks its rules

Ivan Mehta on TechCrunch (

Apple removed The OG App, an ad-free Instagram client, from its App Store. Meanwhile, Meta says the app breaks its rules.

How to Advocate for Data Privacy and Users’ Rights

Omar L. Gallaga on WIRED (

Want to speak up against Big Tech, unjust data collection, and surveillance? Here’s how to be an activist in your community and beyond.

Brands Review Data Privacy Policies After $1.2 Million Sephora Settlement

Patrick Coffee on The Wall Street Journal (

More marketers are taking notice of California’s data privacy laws after the state said last month that cosmetics retailer Sephora had agreed to pay $1.2 million in penalties for alleged violations related to its targeted advertising practices.

Privacy, security concerns prompt GAO to call for more telehealth oversight

Jessica Davis on SC Media (

A GAO audit of the Medicaid telehealth program found that more oversight is needed of how providers are communicating the privacy and security risks to patients.

Federal cybersecurity bill threatens privacy, transparency, civil society groups say

Jim Bronskill on The Globe and Mail (

In an open letter to Public Safety Minister Marco Mendicino, the groups call for substantive amendments to ensure the legislation delivers effective cybersecurity protections while respecting democratic principles

Modeling the Privacy Catwalk: Practical Steps Forward

Carolina Alonso on JD Supra (

What’s Trending? (Privacy a la Mode) - Notable fashion brands have been engaging in a “trial period” of new technologies as privacy laws and privacy enforcement are trending – for example, exploring integrating branding into digital assets in video games, virtual reality (VR) and augmented reality (AR) technology, metaverses, and non-fungible tokens (NFTs). Fashion naturally pushes the envelope, taking on risks in the interest of not being left behind and losing relevancy and notoriety. This brings about several legal issues, such as those arising from trademark infringement by NFT creators, as well as marketing collaborations as influencers are becoming an essential component of a brand’s commercial success.

Tunisia: Dangerous New Presidential Decree Legitimises Invasion Of Privacy, Criminalisation Of Dissidents

on Scoop News (

Geneva – Tunisian President Kais Saied’s issuance of a new decree allowing security services to violate Tunisians’ digital privacy is reprehensible and opens the door wide to restricting media work and criminalising practices related to freedom of opinion, expression, and publication, Euro-Med Monitor said in a statement.

Image Credit: Privacy by Nick Youngson CC BY-SA 3.0 Alpha Stock Images via Picpedia.