A Digital Beat Cop | The Cat Herder, Volume 5, Issue 37

To lose one server may be regarded as a misfortune; to lose two looks like carelessness. To lose fort   September 25 · Issue #199 · View online To lose one server may be regarded as a misfortune; to lose two looks like carelessness. To lose forty two is really something quite special. More bad news for Facebook, another data retention law bites the dust, the EDPS goes to court. 😼 Philip Stafford @staffordphilip Morgan Stanley sells off hardware that turns up on auction sites, accidentally loses 42 servers too. https://t.co/wxWk7gf7Le https://t.co/lwJChberkm 1:39 PM - 20 Sep 2022 Morgan Stanley hired a moving and storage company with “no experience or expertise in data destruction services,” according to the SEC and failed to properly monitor the moving company’s work. Some of the hard drives were later found on an internet auction site with customers’ personal data still stored within. Morgan Stanley to pay $35M after hard drives with 15M customers' personal data turn up in auction • TechCrunch techcrunch.com – Share The SEC said the banking giant failed to properly dispose of thousands of hard drives and servers over a five-year period. The CJEU found yet another member state’s telecoms data retention laws to be, well, unlawful. EU court rules against German data collection law - Insider Paper insiderpaper.com – Share A German law requiring telecoms companies to retain customer data is a breach of EU legislation, a European court ruled Tuesday, prompting. Don’t worry though, nothing to see here, “Google will abide by “binding commitments” that it made with global regulators in order to get the acquisition through. This includes ensuring “Fitbit users’ health and wellness data won’t be used for Google Ads.” Fitbit will require a Google Account to use new devices and features from 2023 onward 9to5google.com – Share “Fitbit by Google” was introduced last month, but the integration is getting deeper from 2023 when Google Accounts will be required… The EDPS announced it has requested that the CJEU annul “two provisions of the newly amended Europol Regulation, which came into force on 28 June 2022.” Wojciech Wiewiórowski, EDPS, said: “The contested provisions of the amended Europol Regulation retroactively legalise processing operations that were found to be in violation of the 2016 Europol Regulation. In doing so, they retroactively deprive individuals of the safeguards that the EDPS enforced. The EDPS had to apply for an annulment of Articles 74a and 74b of the amended Europol Regulation for two reasons. Firstly, to protect legal certainty for individuals in the highly sensitive field of law enforcement where the processing of personal data implies severe risks for data subjects. Secondly, to make sure that the EU legislator cannot unduly ‘move the goalposts’ in the area of privacy and data protection, where the independent character of the exercise of a supervisory authority’s enforcement powers requires legal certainty of the rules being enforced.” The Register, ‘Privacy watchdog steps up fight against Europol’s hoarding of personal data’ “From the beginning, Social Sentinel’s co-founder, Margolis, said publicly that the service could not be used to surveil individual people. In emails to clients, the company had a different message. “I hear that you are interested in uploading usernames, user accounts, etc to follow known threats,” one employee wrote to former North Carolina State University Police Chief Jack Moorman in August 2015. “We recently released that feature, and you can now upload a list of Twitter authors.” “I appreciate the information on the feature of uploading the accounts of individuals that we want to follow,” Moorman wrote back. “This should be a great benefit to ongoing threat assessment cases.” From ‘Tracked: How one company’s AI surveillance tool helps colleges monitor protests’ by Ari Sen and Derêka K. Bennett for the Dallas News. "Russia’s and China’s growing surveillance systems seem more dangerous and intrusive than America’s increasing surveillance of our workers because the information Russia and China collect can stifle dissent. But are the surveillance systems really that far apart? Big corporations that gather loads of data on exactly what their workers do all day (and sometimes into the night) — including in their purview the growing ranks of remote or gig workers — can stifle workers’ efforts to form labor unions or show any disgruntlement at all. Russia’s and China’s surveillance of their inhabitants and America’s surveillance of our workers are starting to overlap because the technologies are starting to overlap.” From ‘Is America’s Surveillance Capitalism So Different from Russia’s and China’s Surveillance States’ by Robert Reich for LA Progressive. “In his Opinion delivered today, Advocate General Athanasios Rantos, first, takes the view that, while a competition authority does not have jurisdiction to rule on an infringement of the GDPR, it may nevertheless, in the exercise of its own powers, take account of the compatibility of a commercial practice with the GDPR. In that respect, the Advocate General emphasises that the compliance or non-compliance of that conduct with the provisions of the GDPR may, in the light of all the circumstances of the case, be an important indication of whether that conduct amounts to a breach of competition rules” From the press release [PDF] accompanying Advocate General Rantos‘ Opinion in the case of Meta, formerly Facebook v the Bundeskartellamt. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

To lose one server may be regarded as a misfortune; to lose two looks like carelessness. To lose forty two is really something quite special. More bad news for Facebook, another data retention law bites the dust, the EDPS goes to court.

😼

The SEC said the banking giant failed to properly dispose of thousands of hard drives and servers over a five-year period.

The CJEU found yet another member state’s telecoms data retention laws to be, well, unlawful.

A German law requiring telecoms companies to retain customer data is a breach of EU legislation, a European court ruled Tuesday, prompting.

Don’t worry though, nothing to see here, “Google will abide by “binding commitments” that it made with global regulators in order to get the acquisition through. This includes ensuring “Fitbit users’ health and wellness data won’t be used for Google Ads.”

“Fitbit by Google” was introduced last month, but the integration is getting deeper from 2023 when Google Accounts will be required…

The EDPS announced it has requested that the CJEU annul “two provisions of the newly amended Europol Regulation, which came into force on 28 June 2022.”

The Register, ‘Privacy watchdog steps up fight against Europol’s hoarding of personal data’

• “From the beginning, Social Sentinel’s co-founder, Margolis, said publicly that the service could not be used to surveil individual people. In emails to clients, the company had a different message. “I hear that you are interested in uploading usernames, user accounts, etc to follow known threats,” one employee wrote to former North Carolina State University Police Chief Jack Moorman in August 2015. “We recently released that feature, and you can now upload a list of Twitter authors.” “I appreciate the information on the feature of uploading the accounts of individuals that we want to follow,” Moorman wrote back. “This should be a great benefit to ongoing threat assessment cases.” From ‘Tracked: How one company’s AI surveillance tool helps colleges monitor protests’ by Ari Sen and Derêka K. Bennett for the Dallas News.
• "Russia’s and China’s growing surveillance systems seem more dangerous and intrusive than America’s increasing surveillance of our workers because the information Russia and China collect can stifle dissent. But are the surveillance systems really that far apart? Big corporations that gather loads of data on exactly what their workers do all day (and sometimes into the night) — including in their purview the growing ranks of remote or gig workers — can stifle workers’ efforts to form labor unions or show any disgruntlement at all. Russia’s and China’s surveillance of their inhabitants and America’s surveillance of our workers are starting to overlap because the technologies are starting to overlap.” From ‘Is America’s Surveillance Capitalism So Different from Russia’s and China’s Surveillance States’ by Robert Reich for LA Progressive.
• “In his Opinion delivered today, Advocate General Athanasios Rantos, first, takes the view that, while a competition authority does not have jurisdiction to rule on an infringement of the GDPR, it may nevertheless, in the exercise of its own powers, take account of the compatibility of a commercial practice with the GDPR. In that respect, the Advocate General emphasises that the compliance or non-compliance of that conduct with the provisions of the GDPR may, in the light of all the circumstances of the case, be an important indication of whether that conduct amounts to a breach of competition rules” From the press release [PDF] accompanying Advocate General Rantos‘ Opinion in the case of Meta, formerly Facebook v the Bundeskartellamt.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.