A Smile Or A Wave | The Cat Herder, Volume 5, Issue 19

Faces and payments, Google and lawsuits, adtech and accidents. 😼   May 22 · Issue #181 · View online Faces and payments, Google and lawsuits, adtech and accidents. 😼 Apart from this whole thing being a bad idea, the lack of imagination when creating company names is striking. Mastercard is partnering with both Payface and PaybyFace. PayWithFace and FacePay must be feeling hard done by. Mastercard rolls out new biometric checkout system that lets you pay with a smile or wave - Buzz.ie www.buzz.ie – Share The new system will allow shoppers to simply smile or wave at a camera to pay at the checkout without the need for a card or mobile device The present claimant, Andrew Prismall, stated he brought the suit to achieve a “fair outcome and closure” for all 1.6 million patients whose data was breached. A partner at Mishcon de Reya, the law firm representing Prismall, stated the claim could provide clarity on the extent to which tech companies could “access and make use private health information”. Google faces UK lawsuit for NHS patient data breach - JURIST - News www.jurist.org – Share A sole claimant Tuesday filed a representative action suit against Google and its artificial intelligence (AI) subsidiary DeepMind Technologies in the High Court of Justice of England and Wales for mi… — “The ownership structure behind NSO seems to have been established with the aim of concealing the factual owners and responsibilities. One of the first tasks of the Parliament’s inquiry committee must be to unravel the past and current decision-making processes behind NSO,” said Moritz Körner, a German MEP from the liberal Renew Europe grouping. NSO Group is made up of over 30 subsidiaries and units — with names like CS-Circles Solutions and Westbridge Technologies — across Israel, Luxembourg, Cyprus, Bulgaria, the United States, Hong Kong and the United Kingdom, according to a company structure shared with MEPs by investment firm Berkley Research Group (BRG), which took over management of NSO Group in the summer of 2021. Pegasus’ complex structure hinders EU spyware probe – POLITICO www.politico.eu – Share Byzantine corporate structure is hampering lawmakers’ action to stop spyware in Europe. In this case it’s already gone wrong, on a vast scale, but nobody involved is prepared to admit because the game is simply so damn lucrative. Billions of ads from reputable companies ran in the wrong places and all along the adtech chain of responsibility companies that had the information necessary to see what was going on didn’t; not a single brand noticed that their ads were not where they were supposed to be; not a single media buyer noticed that their ads were misplaced. And for nine months we can only assume that these “sophisticated” advertisers were receiving fictitious reports about the nature of their programmatic buy … We now have alarming and incontrovertible evidence - due to an accident - that we cannot trust the adtech ecosystem, and most vividly, we cannot trust the information we get from the people we pay to protect us from the uncertainties of the programmatic ad system. The Alarming Results of "Accidental"​ Research www.linkedin.com – Share Among the frustrations of digital advertising, I think it’s fair to say that near the top is not knowing who and what to believe. While online advertising technology was supposed to provide us with near perfect data on who we were reaching, where we were reaching them, and what it was costing, twent The EDPB adopted guidelines on the calculation of fines and the use of facial recognition technology in the area of law enforcement. “From now on, DPAs across the EEA will follow the same methodology to calculate fines. This will boost further harmonisation and transparency of the fining practice of DPAs. The individual circumstances of a case must always be a determining factor and DPAs have an important role in ensuring that each fine is effective, proportionate and dissuasive.” — The Icelandic DPA fined the city of Rekyavik 5 million Krona (~€36,000) for multiple breaches of the GDPR associated with the deployment of an educational system called Seesaw. — “The Dutch SA fined the Dutch Ministry of Foreign Affairs €565,000 for long-term, large-scale, serious infringements of the General Data Protection Regulation (GDPR) in its visa-issuing process. In addition to imposing a fine, the Dutch SA ordered the ministry to ensure an appropriate level of security (subject to a penalty of €50,000 per two weeks) and provide applicants with adequate information (subject to a penalty of €10,000 per week).” “By imposing a mandatory monitoring requirement for all online communications and effectively outlawing end-to-end encrypted services, the Proposal would violate children’s fundamental rights, including the rights to respect for privacy (including communications confidentiality), protection of personal data, freedom of expression and information, and integrity of the person. That is, the Proposal would violate the very rights of children that it seeks to protect.” Taken from a letter by Riana Pfefferkorn to the European Commission, ‘Feedback on the European Commission’s proposed regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse, 2022/0155 (COD)’ [PDF] “If you use a period-tracking app, and you share what could be regarded in hindsight as incriminating data, then there is very little a company can do to refuse turning over that data when it is requested by law enforcement in legally permissible ways. I’d like to remind people that the deletion of an app does not necessarily mean the erasure of the data. More often than not, the user data will be retained for a period of time, after the last engagement with the app unless otherwise requested. If people are worried, and many of them will be, the first step should be to check what needs to be done to have that data erased. This is usually in the privacy policy, but at the very least, it will require someone to send an email explicitly asking for the data to be erased. In the U.S., privacy laws rarely guarantee the right of erasure of one’s personal data.” Laura Lazaro Cabrera of Privacy International in an interview with Julia Angwin, ‘The Rise of Reproductive Surveillance’. “Amazon’s leadership team, including founder and former CEO Jeff Bezos, are being sued by a shareholder for “allowing the mishandling of users’ biometric data,” such as fingerprints and facial images collected by its devices and services. Legislation around the use of biometrics around the world is patchy, and the outcome of the case, and other court actions being brought against Amazon, could go some way to establishing what is an acceptable way to store and deploy this sensitive information. The company is accused of profiting from individuals’ biometric data, something that violates privacy laws in Washington State, where Amazon has its global headquarters. Unusually, the legal action targets the senior leadership team – including Bezos and current CEO Andy Jassy – holding them responsible for allowing Amazon to violate the law and not speaking out against the moves.” From ‘Amazon court case could help dictate future use of biometric data’ by Ryan Morrison for Tech Monitor. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Faces and payments, Google and lawsuits, adtech and accidents.

😼

Apart from this whole thing being a bad idea, the lack of imagination when creating company names is striking. Mastercard is partnering with both Payface and PaybyFace. PayWithFace and FacePay must be feeling hard done by.

The new system will allow shoppers to simply smile or wave at a camera to pay at the checkout without the need for a card or mobile device

A sole claimant Tuesday filed a representative action suit against Google and its artificial intelligence (AI) subsidiary DeepMind Technologies in the High Court of Justice of England and Wales for mi…

—

Byzantine corporate structure is hampering lawmakers’ action to stop spyware in Europe.

In this case it’s already gone wrong, on a vast scale, but nobody involved is prepared to admit because the game is simply so damn lucrative.

Among the frustrations of digital advertising, I think it’s fair to say that near the top is not knowing who and what to believe. While online advertising technology was supposed to provide us with near perfect data on who we were reaching, where we were reaching them, and what it was costing, twent

The EDPB adopted guidelines on the calculation of fines and the use of facial recognition technology in the area of law enforcement. “From now on, DPAs across the EEA will follow the same methodology to calculate fines. This will boost further harmonisation and transparency of the fining practice of DPAs. The individual circumstances of a case must always be a determining factor and DPAs have an important role in ensuring that each fine is effective, proportionate and dissuasive.”

—

The Icelandic DPA fined the city of Rekyavik 5 million Krona (~€36,000) for multiple breaches of the GDPR associated with the deployment of an educational system called Seesaw.

—

“The Dutch SA fined the Dutch Ministry of Foreign Affairs €565,000 for long-term, large-scale, serious infringements of the General Data Protection Regulation (GDPR) in its visa-issuing process. In addition to imposing a fine, the Dutch SA ordered the ministry to ensure an appropriate level of security (subject to a penalty of €50,000 per two weeks) and provide applicants with adequate information (subject to a penalty of €10,000 per week).”

• “By imposing a mandatory monitoring requirement for all online communications and effectively outlawing end-to-end encrypted services, the Proposal would violate children’s fundamental rights, including the rights to respect for privacy (including communications confidentiality), protection of personal data, freedom of expression and information, and integrity of the person. That is, the Proposal would violate the very rights of children that it seeks to protect.” Taken from a letter by Riana Pfefferkorn to the European Commission, ‘Feedback on the European Commission’s proposed regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse, 2022/0155 (COD)’ [PDF]
• “If you use a period-tracking app, and you share what could be regarded in hindsight as incriminating data, then there is very little a company can do to refuse turning over that data when it is requested by law enforcement in legally permissible ways. I’d like to remind people that the deletion of an app does not necessarily mean the erasure of the data. More often than not, the user data will be retained for a period of time, after the last engagement with the app unless otherwise requested. If people are worried, and many of them will be, the first step should be to check what needs to be done to have that data erased. This is usually in the privacy policy, but at the very least, it will require someone to send an email explicitly asking for the data to be erased. In the U.S., privacy laws rarely guarantee the right of erasure of one’s personal data.” Laura Lazaro Cabrera of Privacy International in an interview with Julia Angwin, ‘The Rise of Reproductive Surveillance’.
• “Amazon’s leadership team, including founder and former CEO Jeff Bezos, are being sued by a shareholder for “allowing the mishandling of users’ biometric data,” such as fingerprints and facial images collected by its devices and services. Legislation around the use of biometrics around the world is patchy, and the outcome of the case, and other court actions being brought against Amazon, could go some way to establishing what is an acceptable way to store and deploy this sensitive information. The company is accused of profiting from individuals’ biometric data, something that violates privacy laws in Washington State, where Amazon has its global headquarters. Unusually, the legal action targets the senior leadership team – including Bezos and current CEO Andy Jassy – holding them responsible for allowing Amazon to violate the law and not speaking out against the moves.” From ‘Amazon court case could help dictate future use of biometric data’ by Ryan Morrison for Tech Monitor.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.