"Cheap CGI Beef Jerky" | The Cat Herder, Volume 5, Issue 39

An issue shot through with a strong sense of déjà vu . 😼   October 9 · Issue #201 · View online An issue shot through with a strong sense of déjà vu . 😼 “Plus ça change, plus c'est la même chose.” Data Protection Law Database @DPL_rewind on this day in 1997 the @nytimes reported that the @EU_Commission had 'rejected proposals by the United States aimed at insuring that police agencies can crack coded messages over telephone and computer networks' https://t.co/uSE6c4RoxC 5:24 AM - 9 Oct 2022 The White House released to the world its much anticipated latest solution to the decades-long problem of data transfers between the EU and the US, an Executive Order signed by President Biden on Friday. Not everyone was enthused. Biden Executive Order Says We'll Be More Careful When We Use European Data for Spy Stuff gizmodo.com – Share The White House laid out guidelines for data intelligence activities to comply with European privacy law. Experts are skeptical it goes far enough. Max Schrems 🇪🇺 @maxschrems Nicely put: The new EO defines the wording of your "judgment" by this "court" before you even file a complaint... 😂 https://t.co/FK6yXUO583 https://t.co/Nv8EQW8jcK 4:57 PM - 7 Oct 2022 The Irish State has a history of replying to criticism from UN Special Rapporteurs with a mixture of wounded disbelief and something approaching belligerence, as covered in Volume 3, Issue 15 of this newsletter from April 2020. Then it was in relation to the mandatory but not compulsory Public Services Card, now it’s facial recognition technology for the Gardaí. As an aside, it would be interesting to try and ascertain whether Simon Coveney ever did respond to Professor Alston’s invitation to point out the alleged factual errors in his report. Anyway, that was criticism from one Special Rapporteur. This time it’s four Special Rapporteurs, all at the same time. ICCLtweet 🏳️‍🌈 @ICCLtweet Very significant from the UN! Four Special Rapporteurs have jointly raised concerns about the Govt's plans to introduce Facial Recognition Technology (FRT) through the Garda (Recording Devices) Bill. UN letter https://t.co/cl9IfS5h3v? and State response https://t.co/NBk2r32B9C 5:01 PM - 6 Oct 2022 The UN Letter. The Irish State’s reponse. 🎧 Fionnuala Ní Aoláin, the UN’s Special Rapporteur on counter-terrorism and human rights, spoke to Morning Ireland during the week about the Government’s plans and the dim view of them the Special Rapporteurs were taking. Kris Shrishak of the ICCL wrote a short Twitter thread on what he diplomatically terms the State’s “disappointing” response. Simon McGarr also wrote about the State’s response and the possible reasons behind the sudden tearing hurry to introduce legislation which has had no scrutiny whatsoever. ‘Let’s ask those guys, the ones who sell the thing, if the thing would be any good. And not ask anybody else.’ the Commission cited Meta and Thorn’s commercial product Safer as the providers of the data EU assessment of child abuse detection tools based on industry data – EURACTIV.com www.euractiv.com – Share The Commission used data on the accuracy and precision of AI tools to detect child sexual abuse material (CSAM) online exclusively from Meta and another tech company, a FOI request by former MEP Felix Reda has shown.  The ICO fined a catalogue retailer named Easylife Ltd. £1,350,000 (~€1.54 million) “for using personal information of 145,400 customers to predict their medical condition and target them with health-related products without their consent.” — The ICO let the Home Office in the UK off with a warning after “sensitive documents … which … included two Extremism Analysis Unit Home Office reports and a Counter Terrorism Policing report” that “contained personal data, including that of Metropolitan Police staff” were “found at a public LOndon venue.” — The EDPB’s Coordinated Supervision Committee published its biannual report. “Most companies, including digitally native ones, have an underdeveloped and unsophisticated approach to privacy and data governance … From the deepest trenches all the way up to the Board and across every branch of business from tech to marketing and data to B2B, the perception that people have of privacy compliance work is that it is perfunctory, pro forma, and useless. It feels fake, often because it is. People go along with it because it’s protected by the Don’t Feed The Lawyers mystique. No one wants to touch that kind of privacy work for fear that it will suck out all of your life force until you look like cheap CGI beef jerky.” From ‘Privacy as Product’ by Robin Berjon. “To see for myself, I conducted an informal experiment. I went to a bunch of websites I don’t normally visit, opted out of tracking using whatever tools were provided, and then navigated the sites acting like someone they’d really want to advertise to. I watched videos about the companies’ products, clicked links, and added stuff to my cart that I then “forgot” to buy. Then I went back to my normal browsing habits and kept a watch out for ads. If the opt-outs worked, I shouldn’t have been shown targeted ads from those brands on other websites. But I saw plenty of them.” From ‘I Said No to Online Cookies. Websites Tracked Me Anyway’ by Thomas Germain for Consumer Reports. “This seems to be an ingenious ploy by the US to limit the CJEU’s capabilities to strike down the new DPF. Any CJEU decision about the DPF will be taken under enormous political pressure from the EU Member States, as it may not only mean that the protections of the Executive Order will be out of the window for their citizens, but behind the scenes the US may stop sharing valuable US national intelligence information, which the EU Member States cannot afford to lose. This shifts the power balance over international data transfers in favour of the US. Although I can imagine the European Commission willing to issue an adequacy decision for the new DPF, I predict fierce opposition from the EU Member States, maybe even the European Council blocking it.” From Jeroen Terstegge‘s post on LinkedIn about the White House’s Executive Order on Transatlantic data transfers. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

An issue shot through with a strong sense of déjà vu .

😼

“Plus ça change, plus c'est la même chose.”

The White House released to the world its much anticipated latest solution to the decades-long problem of data transfers between the EU and the US, an Executive Order signed by President Biden on Friday.

Not everyone was enthused.

The White House laid out guidelines for data intelligence activities to comply with European privacy law. Experts are skeptical it goes far enough.

The Irish State has a history of replying to criticism from UN Special Rapporteurs with a mixture of wounded disbelief and something approaching belligerence, as covered in Volume 3, Issue 15 of this newsletter from April 2020. Then it was in relation to the mandatory but not compulsory Public Services Card, now it’s facial recognition technology for the Gardaí.

As an aside, it would be interesting to try and ascertain whether Simon Coveney ever did respond to Professor Alston’s invitation to point out the alleged factual errors in his report.

Anyway, that was criticism from one Special Rapporteur. This time it’s four Special Rapporteurs, all at the same time.

The UN Letter.

The Irish State’s reponse.

🎧 Fionnuala Ní Aoláin, the UN’s Special Rapporteur on counter-terrorism and human rights, spoke to Morning Ireland during the week about the Government’s plans and the dim view of them the Special Rapporteurs were taking.

Kris Shrishak of the ICCL wrote a short Twitter thread on what he diplomatically terms the State’s “disappointing” response.

Simon McGarr also wrote about the State’s response and the possible reasons behind the sudden tearing hurry to introduce legislation which has had no scrutiny whatsoever.

‘Let’s ask those guys, the ones who sell the thing, if the thing would be any good. And not ask anybody else.’

The Commission used data on the accuracy and precision of AI tools to detect child sexual abuse material (CSAM) online exclusively from Meta and another tech company, a FOI request by former MEP Felix Reda has shown. 

The ICO fined a catalogue retailer named Easylife Ltd. £1,350,000 (~€1.54 million) “for using personal information of 145,400 customers to predict their medical condition and target them with health-related products without their consent.”

—

The ICO let the Home Office in the UK off with a warning after “sensitive documents … which … included two Extremism Analysis Unit Home Office reports and a Counter Terrorism Policing report” that “contained personal data, including that of Metropolitan Police staff” were “found at a public LOndon venue.”

—

The EDPB’s Coordinated Supervision Committee published its biannual report.

• “Most companies, including digitally native ones, have an underdeveloped and unsophisticated approach to privacy and data governance … From the deepest trenches all the way up to the Board and across every branch of business from tech to marketing and data to B2B, the perception that people have of privacy compliance work is that it is perfunctory, pro forma, and useless. It feels fake, often because it is. People go along with it because it’s protected by the Don’t Feed The Lawyers mystique. No one wants to touch that kind of privacy work for fear that it will suck out all of your life force until you look like cheap CGI beef jerky.” From ‘Privacy as Product’ by Robin Berjon.
• “To see for myself, I conducted an informal experiment. I went to a bunch of websites I don’t normally visit, opted out of tracking using whatever tools were provided, and then navigated the sites acting like someone they’d really want to advertise to. I watched videos about the companies’ products, clicked links, and added stuff to my cart that I then “forgot” to buy. Then I went back to my normal browsing habits and kept a watch out for ads. If the opt-outs worked, I shouldn’t have been shown targeted ads from those brands on other websites. But I saw plenty of them.” From ‘I Said No to Online Cookies. Websites Tracked Me Anyway’ by Thomas Germain for Consumer Reports.
• “This seems to be an ingenious ploy by the US to limit the CJEU’s capabilities to strike down the new DPF. Any CJEU decision about the DPF will be taken under enormous political pressure from the EU Member States, as it may not only mean that the protections of the Executive Order will be out of the window for their citizens, but behind the scenes the US may stop sharing valuable US national intelligence information, which the EU Member States cannot afford to lose. This shifts the power balance over international data transfers in favour of the US. Although I can imagine the European Commission willing to issue an adequacy decision for the new DPF, I predict fierce opposition from the EU Member States, maybe even the European Council blocking it.” From Jeroen Terstegge‘s post on LinkedIn about the White House’s Executive Order on Transatlantic data transfers.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.