"creepy talking doorball spy" | The Cat Herder, Volume 4, Issue 24

People in Massachusetts and Costa Rica are surprised to be reminded their pocket computers ultimately   June 27 · Issue #137 · View online People in Massachusetts and Costa Rica are surprised to be reminded their pocket computers ultimately belong to the operating system owner. Guidance on vaccination status, guidance for estate agents. Doorbells. 😼 Mark Hurst @markhurst Surprised to see Google using its LinkNYC surveillance towers to divulge its corporate strategy. https://t.co/GyDsKAkVkG 1:27 PM - 23 Jun 2021 — Over the weekend, Google and the state of Massachusetts managed to make creepy COVID tracking apps even creepier by automatically installing them on people’s Android phones. Numerous reports on Reddit, Hacker News, and in-app reviews claim that “MassNotify,” Massachusetts’ COVID tracking app, silently installed on their Android device without user consent. Even creepier COVID tracking: Google silently pushed app to users’ phones [Updated] | Ars Technica arstechnica.com – Share Massachusetts launched a COVID tracking app, and uh, it was automatically installed?! On June 11, Costa Ricans awoke to a mysterious new app icon, reading “Ministerio de Salud de Costa Rica,” appearing on their Android phones without their permission. The reaction among right-wing and other government-skeptical crowds was particularly pointed. “Go fuck yourself, you can’t break into private property,” wrote one Twitter user. Google automatically installed a Covid-19 tracker on phones in Costa Rica - Rest of World restofworld.org – Share The move sparked fears about big tech and government surveillance and fueled conspiracy theories. To do this once may be regarded as a misfortune; to do it twice looks like carelessness. Or worse. On Monday the Irish Times reported “90% of businesses want guidance on worker vaccination data”. Later in the week the DPC published the guidance these businesses wanted. Of interest in the Irish Times article was the following The survey follows data released last week showing that nearly 60 per cent of employers would like the right to ask an employee if they have received a Covid-19 vaccine. A study by human resource organisation CIPD Ireland and Industrial Relations News also found that 39 per cent of employers believe they should have the right to ask a worker for proof of vaccination. Personal data can only be processed with a lawful basis. Wishes and likes ascertained through a survey are not lawful bases. More Lewis Silkin: ‘Ireland - Collecting Employee Vaccine Data – Latest Guidance’ The Journal: ‘No clear legal basis’ for processing information around employee vaccine status, DPC says A “broad coalition of consumer rights organizations, civil rights groups, NGOs, and academics” published an open letter to lawmakers on both sides of the Atlantic calling for them to consider a ban of surveillance-based advertising. [direct link to PDF] — The Dutch Consumentenbond and the Take Back Your Privacy Foundation have demanded TikTok pay damages to children whose personal data it unlawfully processed. The Take Back Your Privacy Foundation and the Consumentenbond demand that the ByteDance group, the company behind TikTok, ceases its unlawful behavior vis-à-vis Dutch children. Moreover, the company must pay compensation to the victims. The total damages claim can be in excess of EUR 1.5 billion. TikTok confronted with Dutch legal claim of EUR 1.5 billion for violating children's privacy in the Netherlands www.consumentenbond.nl – Share TikTok must pay Dutch children damages for the unlawful processing of their personal data. The company must also delete the illegally collected personal data, and comply with the law going forward. This is what the Consumentenbond and Take Back Your Privacy Foundation demand from TikTok. The DPC published ‘Guidance on the Collection of Personal Data Prior to Viewing a Property’. It’s fairly unambiguous: “The DPC does not consider there can be any justification (COVID-19 related restrictions included) for the extensive collection of personal data such as financial statements, proof of funds, utility bills, PPS numbers etc. from prospective purchasers at the initial stages of advertising or hosting viewings of a property.” — In Luxembourg the CNPD imposed an €18,000 fine on an organisation for failing to provide adequate resources to its DPO, failing to adequately involve the DPO “in informing and advising on obligations under the GDPR and other EU law” and not sufficiently involving the DPO at an operational level. “A thing like Ring belongs on the entire spectrum of Amazon’s move towards surveillance and control – not only of workers, but also of consumers, and of space in general,” he says. “The intent is to create a massive web of surveillance in an attempt to try to shape the way people live their lives. It’s an attempt to replace a real sense of community with a notion of community that’s mediated by Amazon.” From ‘I spy: are smart doorbells creating a global surveillance network?’ by Sam Wollaston for the Guardian. “The idealism of Silicon Valley requires believing that technology companies can best solve the world’s problems, one line of code at a time. That line of thinking also glosses over an uncomfortable truth: To achieve cheap or even free services requires justifying a range of behavior that often isn’t in the best interests of consumers … Technology companies’ blithe disregard for consumer desires is an outgrowth of decades of permissive or nonexistent government oversight. Regulators ought to consider how Big Tech’s monopoly power further empowers the companies to ignore their own customers, in part by gobbling up competitors that offer more consumer-friendly services. Whatever the outcome of the Arizona case, if Google and others are willing to continue offering users choices, they should also be willing to respect them.” From ‘Google’s Privacy Backpedal Shows Why It’s So Hard Not to Be Evil’ by Greg Bensinger for the New York Times. “Colleges and universities should abandon remote proctoring software, and apply the lessons from this failed experiment to their other existing or potential future uses of surveillance technologies and automated decision-making systems that threaten students’ privacy, access to important life opportunities, and intellectual freedom … Remote proctoring software also provides a stark example of the inadequacy of consent as a privacy safeguard, as students have negligible choice around their useof the software, and the consent they provide cannot serve as a meaningful exercise of agency.” From ‘Rejecting Test Surveillance in Higher Education’ by Lindsay Barrett. Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

People in Massachusetts and Costa Rica are surprised to be reminded their pocket computers ultimately belong to the operating system owner. Guidance on vaccination status, guidance for estate agents. Doorbells.

😼

—

Massachusetts launched a COVID tracking app, and uh, it was automatically installed?!

The move sparked fears about big tech and government surveillance and fueled conspiracy theories.

To do this once may be regarded as a misfortune; to do it twice looks like carelessness. Or worse.

On Monday the Irish Times reported “90% of businesses want guidance on worker vaccination data”. Later in the week the DPC published the guidance these businesses wanted.

Of interest in the Irish Times article was the following

Personal data can only be processed with a lawful basis. Wishes and likes ascertained through a survey are not lawful bases.

More

Lewis Silkin: ‘Ireland - Collecting Employee Vaccine Data – Latest Guidance’

The Journal: ‘No clear legal basis’ for processing information around employee vaccine status, DPC says

A “broad coalition of consumer rights organizations, civil rights groups, NGOs, and academics” published an open letter to lawmakers on both sides of the Atlantic calling for them to consider a ban of surveillance-based advertising. [direct link to PDF]

—

The Dutch Consumentenbond and the Take Back Your Privacy Foundation have demanded TikTok pay damages to children whose personal data it unlawfully processed.

TikTok must pay Dutch children damages for the unlawful processing of their personal data. The company must also delete the illegally collected personal data, and comply with the law going forward. This is what the Consumentenbond and Take Back Your Privacy Foundation demand from TikTok.

The DPC published ‘Guidance on the Collection of Personal Data Prior to Viewing a Property’. It’s fairly unambiguous: “The DPC does not consider there can be any justification (COVID-19 related restrictions included) for the extensive collection of personal data such as financial statements, proof of funds, utility bills, PPS numbers etc. from prospective purchasers at the initial stages of advertising or hosting viewings of a property.”

—

In Luxembourg the CNPD imposed an €18,000 fine on an organisation for failing to provide adequate resources to its DPO, failing to adequately involve the DPO “in informing and advising on obligations under the GDPR and other EU law” and not sufficiently involving the DPO at an operational level.

• “A thing like Ring belongs on the entire spectrum of Amazon’s move towards surveillance and control – not only of workers, but also of consumers, and of space in general,” he says. “The intent is to create a massive web of surveillance in an attempt to try to shape the way people live their lives. It’s an attempt to replace a real sense of community with a notion of community that’s mediated by Amazon.” From ‘I spy: are smart doorbells creating a global surveillance network?’ by Sam Wollaston for the Guardian.
• “The idealism of Silicon Valley requires believing that technology companies can best solve the world’s problems, one line of code at a time. That line of thinking also glosses over an uncomfortable truth: To achieve cheap or even free services requires justifying a range of behavior that often isn’t in the best interests of consumers … Technology companies’ blithe disregard for consumer desires is an outgrowth of decades of permissive or nonexistent government oversight. Regulators ought to consider how Big Tech’s monopoly power further empowers the companies to ignore their own customers, in part by gobbling up competitors that offer more consumer-friendly services. Whatever the outcome of the Arizona case, if Google and others are willing to continue offering users choices, they should also be willing to respect them.” From ‘Google’s Privacy Backpedal Shows Why It’s So Hard Not to Be Evil’ by Greg Bensinger for the New York Times.
• “Colleges and universities should abandon remote proctoring software, and apply the lessons from this failed experiment to their other existing or potential future uses of surveillance technologies and automated decision-making systems that threaten students’ privacy, access to important life opportunities, and intellectual freedom … Remote proctoring software also provides a stark example of the inadequacy of consent as a privacy safeguard, as students have negligible choice around their useof the software, and the consent they provide cannot serve as a meaningful exercise of agency.” From ‘Rejecting Test Surveillance in Higher Education’ by Lindsay Barrett.

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.