Despicable, patronising, discriminatory | The Cat Herder, Volume 4, Issue 36
|
WhatsApp appeals. Anonymised data rarely is anonymised. The Department of Children flounders around and in the process undermines its own argument.
😼
Most don’t have bank passwords. Few have credit scores yet.
—
Apple spent the entire summer telling the public that they were confident they could resist government pressure, when defending their CSAM scanning system. Today they’re pulling voting guides from the Russian App Store. What changed in a month? https://t.co/C8TbL4z66V
— Matthew Green (@matthew_d_green) September 17, 2021
WhatsApp is appealing not just the amount of the fine handed out to it by the DPC but the entire decision. Judging by the story below WhatsApp aims to contest almost everything bar the existence of the island of Ireland.
The Facebook-owned company has launched judicial review proceedings against the penalty in the High Court.
The only certainty as of right now is that this will drag on for years. Despite the amount of the fine being lower than WhatsApp itself had apparently anticipated.
It’s perhaps worth pointing out that this type and scale of response to a DPC decision was first successfully trialled in this country by the Department of Social Protection. After the DPC’s report into elements of the PSC system was completed the then Minister for Employment Affairs and Social Protection rather bizarrely announced she would be challenging all the findings of the report, including ones which had found in her favour. As a time-wasting exercise this has proved exceptionally fruitful for the Department since we’re more than two years out from the publication of the report and the case has yet to be heard in the Circuit Court, the result of which will doubtless be appealed to a higher court and so on.
‘Government ‘will not comply’ with findings on Public Services Card’, The Irish Times, September 17th 2019
The Department of Children continues to struggle with fail to meet its obligations under the GDPR. It’s over six months since this Department became the data controller for these records. Yet people still are not able to access their records without insulting and unlawful obstacles being placed in their way. This is all being done by officials whose minister has spent the entire year telling anyone who’ll listen that he’s very focussed on regaining the trust of those affected by this issue.
One can only marvel at the department’s sense of timing in writing to people and asking them to submit FOI requests to route around the department’s own inept handling of subject access requests, coming as it does at the tail end of a political scandal which has highlighted yet again just how unfit for purpose the FOI system is in this country.
Uncomfortable with or unwilling to meet its obligations under EU law the department has taken refuge behind an inapplicable domestic S.I. and is now attempting to funnel people into the deeply flawed domestic FOI system.
— Article Eight Advocacy (@ArticleEightIE) September 16, 2021
Rather than simply giving people access to their own data https://t.co/9KKraw9ZEG
Survivors of mother and baby institutions have been told to submit FOI requests to get access to their records, despite already applying under GDPR.
As Simon McGarr points out in this thread on Twitter, the department has unwittingly scuppered its argument that it is somehow necessary to withhold people’s medical records from them until they nominate a medical professional.
It is past time the DPC took a more active role in dealing with this shambles. These are the most high profile access requests made in this country in recent years. What’s happening to other access requests being made to other public sector bodies which are not in the spotlight?
The Garante asked the DPC to ask Facebook to demonstrate that a pinprick sized LED will provide sufficient notification that they’re being filmed or photographed to everyone in the environment of a Facebook glasses-wearer. Which seems like a bit of a half-hearted approach to take to Facebook’s creepy product. Will it involve Nick Clegg (now an adjective) dropping around to the DPC’s offices and demonstrating the LED switching on and off?
‘Data Protection Commission statement concerning Facebook View (glasses)’
—
The DPC also launched two own-volition inquiries into TikTok.
- “While some scholars confine their work to peer-reviewed journals, Gilliard posts prolifically on Twitter, wryly skewering consumer tech launches and flagging the latest example of what he sees as blinkered techno-optimism or surveillance creep. (Among his aphorisms: “Automating that racist thing is not going to make it less racist.”) It’s an irony of the world Silicon Valley has constructed that an otherwise obscure rhetoric and composition teacher with a Twitter habit could emerge as one of its sharpest foils.” From ‘A Detroit community college professor is fighting Silicon Valley’s surveillance machine. People are listening.’ by Will Oremus for The Washington Post.
- “In other words, with reverse search warrants law enforcement is still looking for their suspect and they’re asking tech companies to give them a list of people to investigate. For geofence warrants, anyone in a certain place at a certain time becomes a suspect and is subject to further investigation which could mean giving police even more of their user data. For keyword search warrants, another relatively new mechanism to obtain user information that has emerged, anyone who searched for a certain phrase or address becomes a suspect. The latter is potentially more far-reaching than geofence warrants, Kenyon argues, because keyword search warrants are not necessarily geographically or tangibly tied to a specific crime and could make suspects out of people around the world who happened to search for specific terms. “It’s what I would frame more of as a true digital warrant, without any ties or connections or tethers to the physical world,” he said.” From ‘The new warrant: how US police mine Google for your location and search history’ by Johana Bhuiyan for The Guardian.
- “The availability of multiple data sets compounds the problem of re-identification, warns Wang. "There’s a lot of information that you can collect from different sources and correlate them together,” she says. Taken individually, each data set might seem innocuous enough. Put them together, and you can cross-reference that information. “Then you can figure out a lot of information that’s going to surprise you,” she adds. The problem, as the UK’s ICO outlines in its own Anonymisation Code (PDF), is that you can never be sure what other data is out there and how someone might map it against your anonymous data set. Neither can you tell what data will surface tomorrow, or how re-identification techniques might evolve. Data brokers readily selling location access data without the owners’ knowledge amplifies the dangers.“ From ‘De-identify, re-identify: Anonymised data’s dirty little secret’ by Danny Bradbury for The Register.
Endnotes & Credits
- The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
- As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
- The image used in the header is by Krystian Tambur on Unsplash.
- Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
- Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.