"Absurd levels of incompetence" | The Cat Herder, Volume 2, Issue 7

Much hilarity this week. Cameras and microphones in all sorts of unexpected places and when questione   February 24 · Issue #23 · View online Much hilarity this week. Cameras and microphones in all sorts of unexpected places and when questioned about them none of the organisations who control the cameras and microphones have any plans to use them. Fancy that. The very best people are working on the fallout from a very large data breach in Sweden. No really, the best people. 😼 It’s really difficult to pick a favourite from the list of excuses and explanations blurted out by a range of people involved in what appears to be Sweden’s largest-ever personal data breach. We’re going with “Internet cord” for now. Tommy Ekström said they have now pulled the Internet cord and closed the server off from the Internet 2.7 million medical calls breached in Sweden, and it’s pure comedy medium.com – Share On Monday, news outlet Computer Sweden broke the news that millions of calls to a national Swedish health care adviser were openly available on the internet. Here is a summary in English. In short… — Perhaps as a reaction to being called a digital gangster by a House of Commons Committee in a report published on Monday, Mark Zuckerberg took his first tentative steps towards a career in stand-up comedy by proclaiming on Wednesday that Facebook is an “innovator in privacy”. This came during a discussion with Professor Jonathan Zittrain about how best to fix the problems Zuckhole and others have created through their industrial scale abuses of privacy. At one point Mark, a bit like Google below, even forgot his social surveillance monopsony sells a product with a microphone and camera which is designed to sit in your living room. Casey Newton @CaseyNewton The highlight through 36 minutes is Zuckerberg saying “We definitely don’t want a society where there’s a camera in everyone’s living room watching the content of everyone’s conversations” and Zittrain reminding him that Portal exists https://t.co/m6Iet4EFky 4:54 PM - 20 Feb 2019 Social surveillance company in hilarious oversight. Imagine, they put a microphone in devices which are installed in people’s homes and just plain forgot to tell people about the microphone. Google admits error over hidden microphone - BBC News www.bbc.com – Share Google apologises for not disclosing its home alarm system contained a microphone. It appears the Sideshow Bob Rake Department has decided it can act with impunity despite being under investigation by the Data Protection Commission, and manufactured the removal of the DEASP Data Protection Officer. Read this thread by Simon McGarr for an explanation (one-page version) Simon McGarr @Tupp_Ed Now. Article 38.3 of the GDPR creates a series of protections for a Data Protection Officer’s independence. They can’t be told to do anything.They can’t be penalised for saying unwelcome things. They can’t be dismissed from their duties. These are unique, critical protections. https://t.co/lMY00bN53j 5:35 PM - 23 Feb 2019 The law is very clear about that. The DPO can’t be dismissed for doing his or her job. If it is the case that the Department has removed the DPO and does not subsequently face consequences for doing so then this sends a message to all data controllers that the independence of a DPO will not be supported by the regulator. More: Article 38 GDPR — Some of the ads for the new MyWelfare.ie service now running across a broad spectrum of media mention that some sort of integration of health data might be coming soon. This story from the UK just coincidentally popped up during the week. Guess who's working on a health data-slurping digital tool? Bzzt! Nope, it's the UK Department for Work and Pensions • The Register www.theregister.co.uk – Share The Data Protection Commission put a podcast out into the world. This is a good thing. Raising awareness of data protection and privacy issues is what they should be doing. Not so good is the idiosyncratic and incorrect definition of personal data which is used in the podcast. Fred Logue @FredPLogue Sorry @DPCIreland information "which relates to a living person which can be used to identify that person" is not the definition of personal data and never was. https://t.co/xTd19PuQjN 2:51 PM - 21 Feb 2019 “The cameras are probably not used now,” he tweeted. “But if they are wired, operational, bundled with mic, it’s a matter of one smart hack to use them on 84+ aircrafts and spy on passengers.” Airline seats now equipped with cameras — aimed at passengers - MarketWatch www.marketwatch.com – Share Some planes operated by American, United and Singapore Airlines have cameras in seat-back entertainment systems. Back in 2017 Panasonic provided some fantastical and laughable possible uses for these cameras: “If visual cues suggest a passenger is feeling dehydrated, for example, the system would cue a flight attendant to offer the passenger a bottle of water.” This is such a paper-thin attempt at justifying this level of intrusiveness that we’re surprised they even bothered. In ‘Mark Zuckerberg Promised A Clear History Tool Almost A Year Ago. Where Is It?’ Ryan Mac steps us through Facebook’s well worn process for dealing with privacy and data protection issues - evasion, apologies and vague promises. What you understand to be the meaning of the verb ‘to sell’ and what Google and Facebook understand it to be are not the same says Chris Hoofnagle in ‘Facebook and Google Are the New Data Brokers’. Rita Heimes explores ‘How opt-in consent really works’ for the IAPP. —- Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster this newsletter will be in your inbox again next weekend. See you then. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Much hilarity this week. Cameras and microphones in all sorts of unexpected places and when questioned about them none of the organisations who control the cameras and microphones have any plans to use them. Fancy that. The very best people are working on the fallout from a very large data breach in Sweden. No really, the best people.

😼

It’s really difficult to pick a favourite from the list of excuses and explanations blurted out by a range of people involved in what appears to be Sweden’s largest-ever personal data breach. We’re going with “Internet cord” for now.

On Monday, news outlet Computer Sweden broke the news that millions of calls to a national Swedish health care adviser were openly available on the internet. Here is a summary in English. In short…

—

Perhaps as a reaction to being called a digital gangster by a House of Commons Committee in a report published on Monday, Mark Zuckerberg took his first tentative steps towards a career in stand-up comedy by proclaiming on Wednesday that Facebook is an “innovator in privacy”. This came during a discussion with Professor Jonathan Zittrain about how best to fix the problems Zuckhole and others have created through their industrial scale abuses of privacy.

At one point Mark, a bit like Google below, even forgot his social surveillance monopsony sells a product with a microphone and camera which is designed to sit in your living room.

Social surveillance company in hilarious oversight. Imagine, they put a microphone in devices which are installed in people’s homes and just plain forgot to tell people about the microphone.

Google apologises for not disclosing its home alarm system contained a microphone.

It appears the Sideshow Bob Rake Department has decided it can act with impunity despite being under investigation by the Data Protection Commission, and manufactured the removal of the DEASP Data Protection Officer. Read this thread by Simon McGarr for an explanation (one-page version)

The law is very clear about that. The DPO can’t be dismissed for doing his or her job.

If it is the case that the Department has removed the DPO and does not subsequently face consequences for doing so then this sends a message to all data controllers that the independence of a DPO will not be supported by the regulator.

More:

• Article 38 GDPR

—

Some of the ads for the new MyWelfare.ie service now running across a broad spectrum of media mention that some sort of integration of health data might be coming soon. This story from the UK just coincidentally popped up during the week.

The Data Protection Commission put a podcast out into the world. This is a good thing. Raising awareness of data protection and privacy issues is what they should be doing. Not so good is the idiosyncratic and incorrect definition of personal data which is used in the podcast.

Some planes operated by American, United and Singapore Airlines have cameras in seat-back entertainment systems.

Back in 2017 Panasonic provided some fantastical and laughable possible uses for these cameras: “If visual cues suggest a passenger is feeling dehydrated, for example, the system would cue a flight attendant to offer the passenger a bottle of water.”

This is such a paper-thin attempt at justifying this level of intrusiveness that we’re surprised they even bothered.

• In ‘Mark Zuckerberg Promised A Clear History Tool Almost A Year Ago. Where Is It?’ Ryan Mac steps us through Facebook’s well worn process for dealing with privacy and data protection issues - evasion, apologies and vague promises.
• What you understand to be the meaning of the verb ‘to sell’ and what Google and Facebook understand it to be are not the same says Chris Hoofnagle in ‘Facebook and Google Are the New Data Brokers’.
• Rita Heimes explores ‘How opt-in consent really works’ for the IAPP.

—-

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster this newsletter will be in your inbox again next weekend. See you then.

If you know someone who might enjoy this newsletter do please forward it on to them.