Flu Germs | The Cat Herder, Volume 1, Issue 13

Welcome to Issue 13. Have you ever heard of Colgate University? We hadn't until a few minutes ago. It   October 28 · Issue #13 · View online Welcome to Issue 13. Have you ever heard of Colgate University? We hadn’t until a few minutes ago. It’s in New York and was founded by “thirteen men with thirteen dollars, thirteen prayers and thirteen articles”. Thanks Wikipedia. Article 13 of the General Data Protection Regulation lists the “Information to be provided where personal data are collected from the data subject”. Many, many data controllers are doing this impressively incorrectly at the moment. More on that soon. Anyway, on with this week’s show. 😼 zeynep tufekci @zeynep Don't buy internet-connected anything if there's a non-internet connected version or an OVERWHELMING reason connect to the internet, part zillion. This example looks benign, but I can think of a few dozen terrible uses of this data off the top of my head. https://t.co/W4VyJ9Vmp9 https://t.co/QXnylNyEmC 4:51 PM - 24 Oct 2018 What she said. The story in question is ‘This Thermometer Tells Your Temperature, Then Tells Firms Where to Advertise’ in the New York Times. Most devices in your home have no need to ever connect to the internet. So go out of your way to get ones that don’t. You don’t know where that data might be going. Though an educated guess would lead one to think it might be ending up with Google because, just as all roads used to lead to Rome, now it seems all personal data flows to Google. Yes, they did. many people are not aware how data flows from smartphones to advertising groups, data brokers and other intermediaries, Prof Nigel Shadbolt, who lead the research team, told the BBC. “People [in businesses] are desperate to get as many eyeballs and click-throughs as they can,” he said. Associate professor Max Van Kleek added: “I don’t think there’s any notion of control.” Mobile app data sharing 'out of control' | BBC News www.bbc.com – Share Nearly 90% of apps on Google Play share data with Google parent Alphabet, researchers say. Paul Bernal @PaulbernalUK Was it ever ‘in control’? https://t.co/My4LCNp8Jp 3:30 PM - 23 Oct 2018 Joe @why0hy Alphabet companies (#Google) remind me more and more of 'flu germs. You know you're constantly being exposed to them and you're never quite sure of the consequences, but you know they won't be good. #eprivacy #GDPR https://t.co/tb0HzqIRFV 9:23 AM - 23 Oct 2018 Ladies and gentleman, it bears repeating that Google’s appetite for ALL THE DATA remains insatiable. See below … Yes it will We’re still looking at you, Limerick. But, as big tech companies continue to struggle with protecting privacy, experts have highlighted the dangers of the new plan, and answers to their questions have not yet been adequately answered. In an op-ed for the Guardian last year, Jathan Sadowski, a lecturer on the ethics of technology, wrote that handing over public entities like cities to corporations could have negative side-effects. “Mayors and tech executives exalt urban labs as sites of disruptive innovation and economic growth,” he wrote. “There’s no doubt that urban labs can help in the design of powerful, useful technologies. But building the smart urban future cannot also mean paving the way for tech billionaires to fulfill their dreams of ruling over cities. If it does, that’s not a future we should want to live in.” 'City of surveillance': privacy expert quits Toronto's smart-city project | World news | The Guardian www.theguardian.com – Share Wired neighborhood planned by Google sister company has raised questions over data protection It was showtime for EU Data Protection Authorites this past week. A large number of data geeks rolled into both Brussels and Sofia for the 40th International Conference of Data Protection and Privacy Commissioners.  Alexander Hanff @alexanderhanff #ICDPPC2018 had no external sponsors, no pay to play, no #privacy whitewashing - yet they still attracted the world's top talent & experts, met fantastic diversity goals, delivered what can only be described as the most inspirational content & attracted over 1000 delegates. 10:31 AM - 28 Oct 2018 A Declaration on ethics and data protection in artificial intelligence was adopted, along with resolutions on e-learning platforms and collaboration between Data Protection Authorities and Consumer Protection Authorities. If you’re in the mood to read any of those they’re all available here. Tim Cook showed up to say that Apple is very much into the idea of federal privacy laws which are similar to the GDPR, that the assembled audience of Europe’s data regulators are doing a great job and added that what his competitors - who he obviously didn’t name - are engaged in is “surveillance”. Apple have been making noises about using privacy as a differentiator for a while now but this is the strongest expression we’ve seen of it so far. You can watch Cook’s keynote here. The ICO took the opportunity to announce they’re fining Facebook £500,000. This is the same £500,000 fine that a lot of newspapers erroneously reported the ICO had issued in July. That was an intention to fine, this is a fine. Just so that’s clear. ICO @ICOnews We have fined Facebook the maximum amount of £500,000 for serious breaches of data protection: https://t.co/g0QJ1noX8y https://t.co/lOgMRZ90pW 9:00 AM - 25 Oct 2018 Natasha Lomas did an excellent and very comprehensive write up of the event for TechCrunch. Big tech must not reframe digital ethics in its image | TechCrunch techcrunch.com – Share Facebook founder Mark Zuckerberg’s visage loomed large over the European parliament this week, both literally and figuratively, as global privacy regulators gathered in Brussels to interrogate the human impacts of technologies that derive their power and persuasiveness from our data. Is there a new DPC website yet? No When is it due? Soon When did the GDPR become enforceable? May 25th 2018 What date is it today? October 28th 2018  In ‘Smile! The Secretive Business of Facial-Recognition Software in Retail Stores’ Nick Tabor takes a look at retailers’ quest for the ‘physical cookie’, a way to track you and your shopping preferences as effectively offline as online retailers can do across the web. The European Data Protection Supervisor Giovanni Buttarelli opened the ‘Debating Ethics’ session with a speech titled ‘Choose Humanity: Putting Dignity back into Digital’ [direct PDF link]. It can be easy to lose sight of what data protection and data privacy are all about in the midst of rapid technological change, especially when there’s a continual loud chorus from those who would set up privacy and innovation as irreconcilable opposites. (You can watch Buttarelli’s speech on YouTube here if you’d prefer.) Potentially boring legal stuff ahead … UK supermarket chain Morrisons lost a challenge to a High Court ruling of December 2017 which found it liable for a data breach in which personal details of thousands of its employees were posted online by a former senior internal auditor for the chain. The Court of Appeal upheld the High Court ruling which was the first group litigation / class action for a data breach in the UK. As organisations hold and process ever-increasing amounts of personal data belonging to very large numbers of individuals these sorts of actions will become more common. The Court of Appeal was unimpressed with Morrisons’ argument that this ruling could be potentially ruinous for many organisations. As organisations can insure against these types of events, the Court reasoned, that’s no excuse. So in addition to being a good day for individuals’ rights it will also prove to be a good day for the insurance companies as premiums rise. Robin Hopkins provides more analysis on the Panopticon blog. —- Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster this newsletter will be in your inbox again next weekend. See you then. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Welcome to Issue 13. Have you ever heard of Colgate University? We hadn’t until a few minutes ago. It’s in New York and was founded by “thirteen men with thirteen dollars, thirteen prayers and thirteen articles”. Thanks Wikipedia. Article 13 of the General Data Protection Regulation lists the “Information to be provided where personal data are collected from the data subject”. Many, many data controllers are doing this impressively incorrectly at the moment. More on that soon.

Anyway, on with this week’s show.

😼

What she said. The story in question is ‘This Thermometer Tells Your Temperature, Then Tells Firms Where to Advertise’ in the New York Times.

Most devices in your home have no need to ever connect to the internet. So go out of your way to get ones that don’t.

You don’t know where that data might be going. Though an educated guess would lead one to think it might be ending up with Google because, just as all roads used to lead to Rome, now it seems all personal data flows to Google.

Nearly 90% of apps on Google Play share data with Google parent Alphabet, researchers say.

Ladies and gentleman, it bears repeating that Google’s appetite for ALL THE DATA remains insatiable. See below …

We’re still looking at you, Limerick.

Wired neighborhood planned by Google sister company has raised questions over data protection

It was showtime for EU Data Protection Authorites this past week. A large number of data geeks rolled into both Brussels and Sofia for the 40th International Conference of Data Protection and Privacy Commissioners. 

A Declaration on ethics and data protection in artificial intelligence was adopted, along with resolutions on e-learning platforms and collaboration between Data Protection Authorities and Consumer Protection Authorities. If you’re in the mood to read any of those they’re all available here.

Tim Cook showed up to say that Apple is very much into the idea of federal privacy laws which are similar to the GDPR, that the assembled audience of Europe’s data regulators are doing a great job and added that what his competitors - who he obviously didn’t name - are engaged in is “surveillance”. Apple have been making noises about using privacy as a differentiator for a while now but this is the strongest expression we’ve seen of it so far. You can watch Cook’s keynote here.

The ICO took the opportunity to announce they’re fining Facebook £500,000. This is the same £500,000 fine that a lot of newspapers erroneously reported the ICO had issued in July. That was an intention to fine, this is a fine. Just so that’s clear.

Natasha Lomas did an excellent and very comprehensive write up of the event for TechCrunch.

Facebook founder Mark Zuckerberg’s visage loomed large over the European parliament this week, both literally and figuratively, as global privacy regulators gathered in Brussels to interrogate the human impacts of technologies that derive their power and persuasiveness from our data.

Is there a new DPC website yet? No

When is it due? Soon

When did the GDPR become enforceable? May 25th 2018

What date is it today? October 28th 2018 

In ‘Smile! The Secretive Business of Facial-Recognition Software in Retail Stores’ Nick Tabor takes a look at retailers’ quest for the ‘physical cookie’, a way to track you and your shopping preferences as effectively offline as online retailers can do across the web.

The European Data Protection Supervisor Giovanni Buttarelli opened the ‘Debating Ethics’ session with a speech titled ‘Choose Humanity: Putting Dignity back into Digital’ [direct PDF link]. It can be easy to lose sight of what data protection and data privacy are all about in the midst of rapid technological change, especially when there’s a continual loud chorus from those who would set up privacy and innovation as irreconcilable opposites. (You can watch Buttarelli’s speech on YouTube here if you’d prefer.)

Potentially boring legal stuff ahead …

UK supermarket chain Morrisons lost a challenge to a High Court ruling of December 2017 which found it liable for a data breach in which personal details of thousands of its employees were posted online by a former senior internal auditor for the chain. The Court of Appeal upheld the High Court ruling which was the first group litigation / class action for a data breach in the UK. As organisations hold and process ever-increasing amounts of personal data belonging to very large numbers of individuals these sorts of actions will become more common. The Court of Appeal was unimpressed with Morrisons’ argument that this ruling could be potentially ruinous for many organisations. As organisations can insure against these types of events, the Court reasoned, that’s no excuse. So in addition to being a good day for individuals’ rights it will also prove to be a good day for the insurance companies as premiums rise. Robin Hopkins provides more analysis on the Panopticon blog.

—-

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster this newsletter will be in your inbox again next weekend. See you then.

If you know someone who might enjoy this newsletter do please forward it on to them.