February 27, 2022
Balls | The Cat Herder, Volume 5, Issue 07
| |
| February 27 · Issue #169 · View online |
|
|
Ending anonymity to vanquish the trolls, an annual report from the DPC and a mysterious web of stalkerware companies. 😼
|
|
|
The exact details of implementation will be left up to the platforms, but the government suggests they could verify users’ identities using government-issued IDs like passports and driver’s licenses. Those platforms would then offer users the option “to tick a box in their settings to receive direct messages and replies only from verified accounts.” Some experts are doubtful, though. Speaking to The i, Neil Brown of the internet-focused law firm decoded.legal, said the plans would not stop all online abuse. “Those who are already willing to harass or spread misinformation under their own names are unlikely to be affected,” said Brown. “The additional step of showing ID is unlikely to be a barrier to them.”
|
UK politician who tweeted threat to nail journalist’s balls to the floor pushes user IDs to curb online abuse - The Verge
The UK wants to force social media platforms like Facebook and Twitter to verify users’ IDs to curb online abuse. The politician spearheading the plans, Nadine Dorries, has demonstrated why this policy may not be effective.
|
The legislators in Ireland working on the equivalent to the UK’s Online Safety Bill, the Online Safety and Media Regulation Bill should be asked similar questions to that below.
|
|
|
|
@ So lawmakers ought to be prepared to answer e.g. "Should Nadine Dorries' tweet X be labelled as legal but harmful? And why/why not?" And then for 99 other examples. If they can't give rational, consistent, rule-based answers, do they have any business legislating?
|
|
|
|
|
|
But the ICO said the app was launched as planned without fully addressing its wider concerns about compliance with data protection law. An investigation followed and both have now been reprimanded over: Their initial failure to provide adequate privacy information within the app at launch to explain how people’s information was being used an ongoing failure to provide concise privacy information so the average person could realistically understand how the app was using their information The ICO said it decided to make its ruling public due to the significant public interest in the issues raised.
|
NHS Scotland's Covid Status app criticised over privacy failings - BBC News
The UK’s data watchdog reprimands the Scottish government and NHS National Services Scotland.
|
|
|
Stalker apps with appalling security? Totally unforeseeable.
|
Other than their names, the spyware apps have practically identical features under the hood, and even the same user interface for setting up the spyware. Once installed, each app allows the person who planted the spyware access to a web dashboard for viewing the victim’s phone data in real-time — their messages, contacts, location, photos, and more. Much like the apps, each dashboard is a clone of the same web software. And, when TechCrunch analyzed the apps’ network traffic, we found the apps all contact the same server infrastructure. But because the nine apps share the same code, web dashboards, and the same infrastructure, they also share the same vulnerability.
|
|
|
|
|
The Council of the EU is discussing plans to add driving licence data to an EU-wide network of police facial recognition systems, which would make the data of anyone who holds a driving licence available for cross-border searches by the police – in effect making them part of a “perpetual line-up”. The proposal has been added to the text of a new law known as ‘Prüm II’, which updates earlier rules on the cross-border searching of DNA, fingerprint and vehicle registration data, and adds a contemporary twist: the interconnection of police facial image databases, and now potentially driving licence data as well.
|
|
Statewatch | EU: Got a driving licence? You’re going in a police line-up
|
|
|
This week in ethics washing. What good is an ethics board if it’s ignored or, even worse, not consulted at all?
|
the ethics board was not consulted on the organization’s decision to share sensitive data from people’s darkest moments with its for-profit spinoff, members of the board say. Some members told Forbes they did not know about the data-sharing arrangement and that the committee itself hadn’t been convened in years. And one of its members, whose name was listed on the organization’s website until this month, died a year ago.
|
|
|
|
|
|
|
|
|
It was reported during the week that the DPC has sent Facebook a revised preliminary decision regarding transatlantic data transfers.
|
“Meta has 28 days to make submissions on this preliminary decision at which point we will prepare a draft Article 60 decision for other Concerned Supervisory Authorities (CSAs). I’d anticipate that this will happen in April,” a deputy commissioner at the Irish Data Protection Commission (DPC), Graham Doyle, told us. It’s not clear there has been any material change to the facts of the case — which hinges on the clash between European data protection law and US surveillance powers — since the earlier draft order telling the company to suspend transfers that would lead the regulator to arrive at a different conclusion now, regardless of what Meta submits at this next stage.
|
|
|
|
|
Via GDPRHub: “The Greek DPA fined two mobile telecommunications company COSMOTE and its parent company OTE, €6,000,000 and €3,250,000 respectively. The first for failing to carry out the data protection impact assessment under Article 35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1) GDPR, among others. The second for failing to implement the appropriate technical and organisational measures under Article 32 GDPR.”
|
|
|
-
“Yet the confidentiality, or non-identifiability, of a system should not be equated with the privacy it affords. Many, if not most, of the societal issues stemming from profiling, targeting and the commodification of attention are not solved by simply replicating existing adtech while mathematically blindfolding firms to the humans and communities subject to them. There are harms associated with shaping an individual’s informational world, learning about specific groups or communities or phenomena, targeting people at opportune moments when they are most suggestible … Imagine being profiled on your eye gaze, temperature or pulse, with these affecting your online experiences in real-time. But don’t panic! It’s confidential. What’s your problem?” From ‘Future of online advertising: Adtech’s new clothes might redefine privacy more than they reform profiling’ by Michael Veale for Netzpolitik.org.
-
“Political campaigns should not “scrape” data from social media for the purposes of building profiles on the electorate. If a voter is a member of the organisation or has affirmatively expressed a wish to follow a candidate or party on a social media platform, then the campaign might reasonably infer that he/she will wish to receive further communications from the candidate or party. But that inference should not be assumed, for example, for individuals who may be within the wider social network of that voter, and who have not affirmatively expressed a preference to be contacted.” From the Council of Europe‘s 'Guidelines on the Protection of Individuals with regard to the Processing of Personal Data by and for Political Campaigns’ [direct link to PDF].
-
“it risks normalising this - worryingly pervasive - view, that while anonymous people should be tolerated online, they aren’t to be trusted, or included: which is an evolution from but rooted in the same flawed thinking as ‘people with nothing to hide don’t hide anything’.” From this Twitter thread by Ellen Judson on the latest additions to the UK’s Online Safety Bill.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Ending anonymity to vanquish the trolls, an annual report from the DPC and a mysterious web of stalkerware companies.
😼
The UK wants to force social media platforms like Facebook and Twitter to verify users’ IDs to curb online abuse. The politician spearheading the plans, Nadine Dorries, has demonstrated why this policy may not be effective.
The legislators in Ireland working on the equivalent to the UK’s Online Safety Bill, the Online Safety and Media Regulation Bill should be asked similar questions to that below.
The UK’s data watchdog reprimands the Scottish government and NHS National Services Scotland.
Stalker apps with appalling security? Totally unforeseeable.
TechCrunch: ‘Behind the stalkerware network spilling the private phone data of hundreds of thousands’
This week in ethics washing. What good is an ethics board if it’s ignored or, even worse, not consulted at all?
Forbes: ‘Suicide Hotline Left Ethics Board Out Of The Loop About Data-Sharing With For-Profit Spinoff’
The DPC published its annual report for 2021 [direct link to PDF].
Coverage
Irish Examiner: ‘Data Protection Commission learning from criticism’
RTÉ: ‘DPC warns of damage to GDPR enforcement regime’
—
It was reported during the week that the DPC has sent Facebook a revised preliminary decision regarding transatlantic data transfers.
Techcrunch: ‘Meta sent a new draft decision on its EU-US data transfers’
—
Via GDPRHub: “The Greek DPA fined two mobile telecommunications company COSMOTE and its parent company OTE, €6,000,000 and €3,250,000 respectively. The first for failing to carry out the data protection impact assessment under Article 35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1) GDPR, among others. The second for failing to implement the appropriate technical and organisational measures under Article 32 GDPR.”
-
“Yet the confidentiality, or non-identifiability, of a system should not be equated with the privacy it affords. Many, if not most, of the societal issues stemming from profiling, targeting and the commodification of attention are not solved by simply replicating existing adtech while mathematically blindfolding firms to the humans and communities subject to them. There are harms associated with shaping an individual’s informational world, learning about specific groups or communities or phenomena, targeting people at opportune moments when they are most suggestible … Imagine being profiled on your eye gaze, temperature or pulse, with these affecting your online experiences in real-time. But don’t panic! It’s confidential. What’s your problem?” From ‘Future of online advertising: Adtech’s new clothes might redefine privacy more than they reform profiling’ by Michael Veale for Netzpolitik.org.
-
“Political campaigns should not “scrape” data from social media for the purposes of building profiles on the electorate. If a voter is a member of the organisation or has affirmatively expressed a wish to follow a candidate or party on a social media platform, then the campaign might reasonably infer that he/she will wish to receive further communications from the candidate or party. But that inference should not be assumed, for example, for individuals who may be within the wider social network of that voter, and who have not affirmatively expressed a preference to be contacted.” From the Council of Europe‘s 'Guidelines on the Protection of Individuals with regard to the Processing of Personal Data by and for Political Campaigns’ [direct link to PDF].
-
“it risks normalising this - worryingly pervasive - view, that while anonymous people should be tolerated online, they aren’t to be trusted, or included: which is an evolution from but rooted in the same flawed thinking as ‘people with nothing to hide don’t hide anything’.” From this Twitter thread by Ellen Judson on the latest additions to the UK’s Online Safety Bill.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
