Barred | The Cat Herder, Volume 2, Issue 20

Yet another Bank Holiday edition. Hopefully the sun is shining wherever you are because it is here, f   June 3 · Issue #36 · View online Yet another Bank Holiday edition. Hopefully the sun is shining wherever you are because it is here, for once. 😼 Poor ol’ Mark Zuckhole. Nowadays all he wants to do is talk about privacy. Write op-eds about it. Stand in front of enormous signs emblazoned with the word. Yet pesky lawyers employed by Mark Zuckhole have spoiled this by arguing during the week that there is no such thing as privacy. The Supreme Court in Ireland chucked out an innovative time-wasting wheeze another bunch of lawyers employed by Mark Zuckerberg had come up with. — Yes they did. Of course they did. A recent study appears to show that massively intrusive surveillance and profiling of readers isn’t exactly paying off for publishers. It is, however, paying off for the hydra-like array of adtech middlemen. Now might be a good time for publishers to reassess the financial risks and the risk to their brands in continuing to front for the adtech ecosystem. When the inevitable datapocalypse happens in this area and data subjects are looking for someone to blame it’ll be the media brands they point fingers at, not the mostly unknown intermediaries. Is that ~4% increase in ad revenues worth the continuing exposure to possible sanctions, compensation claims and serious reputational damage? + ‘Behavioral Ad Targeting Not Paying Off for Publishers, Study Suggests’, Wall Street Journal + ‘Online Tracking and Publishers’ Revenues:An Empirical Analysis’ [direct PDF link], Veronica Marotta, Vibhanshu Abhishek and Alessandro Acquisti — In related news the largest casino owner in town has announced steps will be taken to ensure everyone gets a losing seat at the roulette table, whether they like it or not. Chrome to limit full ad blocking extensions to enterprise users - 9to5Google 9to5google.com – Share In a response to negative feedback, Google shared that Chrome’s current ad blocking capabilities for extensions will soon be restricted to enterprise users. It most likely will This ID Scanner Company is Collecting Sensitive Data on Millions of Bargoers onezero.medium.com – Share We’ve all seen it, and some of us have lived it: A bar patron mouths off to a bouncer, tags a wall, gets in a fight, or is just too drunk and disorderly. They’re not just kicked out for the night… Nearly all applicants for US visas will have to submit their social media details under newly adopted rules. The State Department regulations say people will have to submit social media names and five years’ worth of email addresses and phone numbers. What “five years’ worth of email addresses and phone numbers” means is anyone’s guess but it sounds extraordinarily broad, intrusive and utterly disproportionate to the stated purpose. (((Greg Siskind))) @gsiskind If any journalists need a screenshot of the new visa question, please use this one as I took it myself versus the one I posted which was passed to me by a colleague and I'm not sure of the origin. This one actually shows more detail anyway. https://t.co/iDZvk3LIOv 12:55 AM - 1 Jun 2019 Helen Dixon was reappointed as Data Protection Commissioner for a second term. — The grace period is over, says the CNIL. CNIL_en @CNIL_en "If the @CNIL_en was relatively tolerant over the course of last year, a transition year, we consider that it’s now up to companies to be compliant in terms of #dataprotection" Marie-Laure Denis to @POLITICOEurope 1 year #GDPR → https://t.co/oNint5ukLH https://t.co/rkHKNZACFq 8:37 AM - 27 May 2019 — The Belgian DPA issued their first fine under the GDPR. €2,000 for the misuse of personal data for election purposes. We have now received confirmation that payments have been released confirming our assertion that a PSC registration is neither mandatory nor compulsory for the purposes of accessing social welfare benefits. FP Logue secures social welfare payments for client who refused to apply for Public Services Card - FP Logue www.fplogue.com – Share This latest development in the Public Services Card saga appears to support other anecdotal evidence that the department in question is aware it has no grounds to force individuals into its biometric identity register, and will back down when challenged. Unfortunately many people will not have the resources, the time or the inclination to seek legal representation and have therefore been coerced into the department’s disproportionate database via the huge power imbalance between the State and an individual. It’s approaching 600 days since the DPC opened an investigation into the Public Services Card. The minister was yet again asked in the Dail about the progress of this investigation recently, specifically  if she will consent to the publication of the full final report of the investigation by the Data Protection Commission into the public services card following the comments by the Deputy Commissioner at the Oirechtas Joint Committee on Justice and Equality on 3 April 2019 that the DPC has no objection to the publication and that it is the legal position of the DPC that the commission must get the permission of her Department to publish the report; and if she will make a statement on the matter. The minister declined to answer this particular question, conflating it with another one and stating only that I can confirm that neither myself nor any of my officials have discussed the matter of the publication of the full final report with the Office of the Data Protection Commissioner since 3rd of April last. One interpretation of this is that the minister’s officials are still considering having a go at not publishing the report. While on the surface this might appear an attractive way of quieting some of the many unanswered questions that have stuck to this project since its inception - ‘nothing to see here, all above board, no of course you can’t see the report, just take our word for it’ - it won’t stop the questions and will create more problems for the department. A failure to publish this report is the very opposite of the data protection principle of transparency. In addition it will be very difficult for the department to show how their data processing operations are compliant with all the requirements of the GDPR, as required by the principle of accountability, if data subjects are aware that an investigation has been carried out by the relevant supervisory authority and the results of this investigation have not been published in full. “technology gets its power through control of data. Data at the micro-personal level gives technology unprecedented power to influence. Data is not the new oil – it’s the new plutonium. Amazingly powerful, dangerous when it spreads, difficult to clean up and with serious consequences when improperly used. Data deployed through next generation 5G networks is transforming passive infrastructure into veritable digital nervous systems.” Jim Balsillie‘s testimony at the hearings of the International Grand Committee on Big Data, Privacy and Democracy being held in Ottawa. (That’s the committee enthusiastic privacy advocate Mark Zuckerberg declined to appear before despite being summonsed.) James Ball asks ’What do we do when everything online is fake?’ “The photographs are convincing and the people look real but, as the name suggests, they are not. The site will instantly auto-generate virtually limitless realistic pictures of people who seem like they could be real, using a technique known as a Generative Adversarial Network. This is a machine-learning tool which trains artificial intelligence to create faces until the results can easily and routinely fool a human.” “Are we training children from a young age to accept constant surveillance?” Benjamin Herold has a look at US schools’ unthinking deployment of mass surveillance tools in ‘Schools Are Deploying Massive Digital Surveillance Systems. The Results Are Alarming’. “To overcome these shortcomings, the next level of security is likely to identify people using things which are harder to copy, such as the way they walk.” The Economist has a piece about behavioural biometrics, ‘Online identification is getting more and more intrusive’. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Yet another Bank Holiday edition. Hopefully the sun is shining wherever you are because it is here, for once.

😼

Poor ol’ Mark Zuckhole. Nowadays all he wants to do is talk about privacy. Write op-eds about it. Stand in front of enormous signs emblazoned with the word. Yet pesky lawyers employed by Mark Zuckhole have spoiled this by arguing during the week that there is no such thing as privacy. The Supreme Court in Ireland chucked out an innovative time-wasting wheeze another bunch of lawyers employed by Mark Zuckerberg had come up with.

—

A recent study appears to show that massively intrusive surveillance and profiling of readers isn’t exactly paying off for publishers. It is, however, paying off for the hydra-like array of adtech middlemen. Now might be a good time for publishers to reassess the financial risks and the risk to their brands in continuing to front for the adtech ecosystem. When the inevitable datapocalypse happens in this area and data subjects are looking for someone to blame it’ll be the media brands they point fingers at, not the mostly unknown intermediaries. Is that ~4% increase in ad revenues worth the continuing exposure to possible sanctions, compensation claims and serious reputational damage?

+ ‘Behavioral Ad Targeting Not Paying Off for Publishers, Study Suggests’, Wall Street Journal

+ ‘Online Tracking and Publishers’ Revenues:An Empirical Analysis’ [direct PDF link], Veronica Marotta, Vibhanshu Abhishek and Alessandro Acquisti

—

In related news the largest casino owner in town has announced steps will be taken to ensure everyone gets a losing seat at the roulette table, whether they like it or not.

In a response to negative feedback, Google shared that Chrome’s current ad blocking capabilities for extensions will soon be restricted to enterprise users.

We’ve all seen it, and some of us have lived it: A bar patron mouths off to a bouncer, tags a wall, gets in a fight, or is just too drunk and disorderly. They’re not just kicked out for the night…

What “five years’ worth of email addresses and phone numbers” means is anyone’s guess but it sounds extraordinarily broad, intrusive and utterly disproportionate to the stated purpose.

Helen Dixon was reappointed as Data Protection Commissioner for a second term.

—

The grace period is over, says the CNIL.

—

The Belgian DPA issued their first fine under the GDPR. €2,000 for the misuse of personal data for election purposes.

This latest development in the Public Services Card saga appears to support other anecdotal evidence that the department in question is aware it has no grounds to force individuals into its biometric identity register, and will back down when challenged. Unfortunately many people will not have the resources, the time or the inclination to seek legal representation and have therefore been coerced into the department’s disproportionate database via the huge power imbalance between the State and an individual.

It’s approaching 600 days since the DPC opened an investigation into the Public Services Card.

The minister was yet again asked in the Dail about the progress of this investigation recently, specifically

The minister declined to answer this particular question, conflating it with another one and stating only that

One interpretation of this is that the minister’s officials are still considering having a go at not publishing the report. While on the surface this might appear an attractive way of quieting some of the many unanswered questions that have stuck to this project since its inception - ‘nothing to see here, all above board, no of course you can’t see the report, just take our word for it’ - it won’t stop the questions and will create more problems for the department.

A failure to publish this report is the very opposite of the data protection principle of transparency. In addition it will be very difficult for the department to show how their data processing operations are compliant with all the requirements of the GDPR, as required by the principle of accountability, if data subjects are aware that an investigation has been carried out by the relevant supervisory authority and the results of this investigation have not been published in full.

• “technology gets its power through control of data. Data at the micro-personal level gives technology unprecedented power to influence. Data is not the new oil – it’s the new plutonium. Amazingly powerful, dangerous when it spreads, difficult to clean up and with serious consequences when improperly used. Data deployed through next generation 5G networks is transforming passive infrastructure into veritable digital nervous systems.” Jim Balsillie‘s testimony at the hearings of the International Grand Committee on Big Data, Privacy and Democracy being held in Ottawa. (That’s the committee enthusiastic privacy advocate Mark Zuckerberg declined to appear before despite being summonsed.)
• James Ball asks ’What do we do when everything online is fake?’ “The photographs are convincing and the people look real but, as the name suggests, they are not. The site will instantly auto-generate virtually limitless realistic pictures of people who seem like they could be real, using a technique known as a Generative Adversarial Network. This is a machine-learning tool which trains artificial intelligence to create faces until the results can easily and routinely fool a human.”
• “Are we training children from a young age to accept constant surveillance?” Benjamin Herold has a look at US schools’ unthinking deployment of mass surveillance tools in ‘Schools Are Deploying Massive Digital Surveillance Systems. The Results Are Alarming’.
• “To overcome these shortcomings, the next level of security is likely to identify people using things which are harder to copy, such as the way they walk.” The Economist has a piece about behavioural biometrics, ‘Online identification is getting more and more intrusive’.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.