Bins | The Cat Herder, Volume 2, Issue 16

May Bank Holiday edition, so plenty of reading if you have the time. 😼   May 6 · Issue #32 · View online May Bank Holiday edition, so plenty of reading if you have the time. 😼 We’ve thought about this since the story broke and still can’t figure out what the logic behind removing the bins from the GPO was. Anyone? Office of Data Protection Commissioner says GPO can keep their bins as public litter is not in breach of GDPR rules - Independent.ie www.independent.ie – Share The Office of the Data Protection Commissioner has moved to reassure An Post that any litter collected in their public bins at the GPO would not be subjected to GDPR laws. Amazon's facial-recognition AI is supercharging police in Oregon. But what if Rekognition gets it wrong? - The Washington Post www.washingtonpost.com – Share The artificial-intelligence system has transformed a corner of suburban Oregon into a testing ground for the future of criminal justice. In very directly related news, Techcrunch had a peek into the workings of a Chinese smart city surveillance system which someone left exposed on the web. While artificial intelligence-powered smart city technology provides insights into how a city is operating, the use of facial recognition and surveillance projects have come under heavy scrutiny from civil liberties advocates. Despite privacy concerns, smart city and surveillance systems are slowly making their way into other cities both in China and abroad, like Kuala Lumpur, and soon the West. Security lapse exposed a Chinese smart city surveillance system – TechCrunch techcrunch.com – Share A doorbell company owned by Amazon wants to start producing “crime news” and it’ll definitely end well » Nieman Journalism Lab www.niemanlab.org – Share Because what good is a panopticon if you can’t generate some clicks? kate colleary @KateColleary “Large scale investigation in relation to the role of the #DPO undertaken by the @DPCIreland arising from issue with Irish government Dept.” “Investigation into Facebook’s storing of passwords in plain text initiated which concerns fundamental issues in GDPR.” Helen Dixon #GPS19 2:57 PM - 2 May 2019 Which government department could she possibly be talking about? In other ‘public body collects biometric data in breach of data protection law’ news, HMRC had to delete five million voice files. HMRC has been told by the UK’s Information Commissioner’s Office (ICO) that it was not adhering to the data protection rules. In effect, it had automatically pushed people into the system without explicit consent. The commissioner is issuing the first enforcement notice of its kind to HMRC, under GDPR rules, to ensure the data is deleted. As a result, no fine will be levied. HMRC forced to delete five million voice files - BBC News www.bbc.com – Share The UK’s tax authority broke a privacy law and is told to delete recordings of taxpayers’ voices. The DPC announced it was opening a statutory inquiry into Quantcast. Some publishers may find out at the conclusion of this inquiry that outsourcing aspects of their data protection responsibilities to third parties in the tracking business may not have been the wisest of ideas. The DPC also announced an informal Data Protection Officer consultation forum, which is certainly a good idea. An ‘Examination of Right to Rectification’ complaints was also published by the office. Busy week. How much does responding to a Data Subject Access Request cost? One quarter of one million of your finest British Pounds, according to one source. Imagine the trouble there’d be if they got a few of those in one week. If this is the case then someone, somewhere, is doing something very badly wrong. Subject access requests are not new. Organisations processing personal data must be set up to respond to them. If it is costing this much then the fault does not lie with the regulation or the data subjects making the requests. Jeroen Terstegge @PrivaSense Hazel Grant at #GPS19: "Dealing with a single data subject access request may cost an organization as much as a quarter of a million British Pounds" #GDPR #DSAR #privacy https://t.co/E8rxBnhMSN 7:27 PM - 1 May 2019 “Regulators are trying to address Facebook as if it’s like companies they have encountered before. But Facebook presents radically new challenges. It is unlike anything else in human history – with the possible exception of Google.” Siva Vaidhyanathan on what to do with Facebook for The Guardian. Charlie Warzel solicited ideas from readers on the same subject and wrote them up in his column. ‘Is Ireland the tech giants’ darling, or is it doing its part to protect data?’ asks RT. A number of interviewees provide a range of answers. “These aren’t matters where we can take in a complaint today and tomorrow make a conclusion on it,” Dixon, Ireland’s data protection commissioner, said during an interview at POLITICO’s Washington-area headquarters. “They’re not overnight, and anyone who understands anything about the process understands it takes time.” Nancy Scola interviews Helen Dixon for Politico. “According to Advocate General Szpunar a service such as that provided by the AIRBNB portal constitutes an information society service”. The CJEU published the Opinion of Advocate General Szpunar in Case C‑390/18. TJ McIntyre had a few quick thoughts on the Opinion and the headaches it may cause for the DPC. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

May Bank Holiday edition, so plenty of reading if you have the time.

😼

We’ve thought about this since the story broke and still can’t figure out what the logic behind removing the bins from the GPO was. Anyone?

The Office of the Data Protection Commissioner has moved to reassure An Post that any litter collected in their public bins at the GPO would not be subjected to GDPR laws.

The artificial-intelligence system has transformed a corner of suburban Oregon into a testing ground for the future of criminal justice.

In very directly related news, Techcrunch had a peek into the workings of a Chinese smart city surveillance system which someone left exposed on the web.

Because what good is a panopticon if you can’t generate some clicks?

Which government department could she possibly be talking about?

In other ‘public body collects biometric data in breach of data protection law’ news, HMRC had to delete five million voice files.

The UK’s tax authority broke a privacy law and is told to delete recordings of taxpayers’ voices.

The DPC announced it was opening a statutory inquiry into Quantcast. Some publishers may find out at the conclusion of this inquiry that outsourcing aspects of their data protection responsibilities to third parties in the tracking business may not have been the wisest of ideas.

The DPC also announced an informal Data Protection Officer consultation forum, which is certainly a good idea.

An ‘Examination of Right to Rectification’ complaints was also published by the office. Busy week.

How much does responding to a Data Subject Access Request cost?

One quarter of one million of your finest British Pounds, according to one source. Imagine the trouble there’d be if they got a few of those in one week.

If this is the case then someone, somewhere, is doing something very badly wrong. Subject access requests are not new. Organisations processing personal data must be set up to respond to them. If it is costing this much then the fault does not lie with the regulation or the data subjects making the requests.

• “Regulators are trying to address Facebook as if it’s like companies they have encountered before. But Facebook presents radically new challenges. It is unlike anything else in human history – with the possible exception of Google.” Siva Vaidhyanathan on what to do with Facebook for The Guardian.
• Charlie Warzel solicited ideas from readers on the same subject and wrote them up in his column.
• ‘Is Ireland the tech giants’ darling, or is it doing its part to protect data?’ asks RT. A number of interviewees provide a range of answers.
• “These aren’t matters where we can take in a complaint today and tomorrow make a conclusion on it,” Dixon, Ireland’s data protection commissioner, said during an interview at POLITICO’s Washington-area headquarters. “They’re not overnight, and anyone who understands anything about the process understands it takes time.” Nancy Scola interviews Helen Dixon for Politico.
• “According to Advocate General Szpunar a service such as that provided by the AIRBNB portal constitutes an information society service”. The CJEU published the Opinion of Advocate General Szpunar in Case C‑390/18. TJ McIntyre had a few quick thoughts on the Opinion and the headaches it may cause for the DPC.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.