Going Around | The Cat Herder, Volume 6, Issue 01
Happy New Year. A reasonably short one to ease back into the swing of things. Facial recognition, data breaches, tracking, surveillance. All the usual. The latest instalment in one part of the Facebook enforcement saga.
😼
--------
Futuendi Gratia
According to the UNCW emails, which Ricanek was copied on, his research assistants gave away access to the raw materials of the database to other researchers—including one project which involved distributing the images to be labeled by users on Amazon Mechanical Turk. Ricanek had previously maintained that all that was ever given out were the images themselves and a Google Doc that listed the YouTube links. But the Dropbox file is described as being “more than 1gb,” in the emails.
What Could Possibly Go Wrong?
The letter stated that, at an upcoming appointment, the ankle tag would be removed and replaced by a fingerprint scanner, adding that the device was “easy to use” and would enable the carrier to verify their identity and location “in seconds”. It also stated: “The device is lightweight and is small enough to keep with you at all times while you are doing daily activities.” The man was also told he would need to charge the scanner for one hour per day and that the data obtained through the electronic monitor would be shared. The Home Office stipulates that the collection of location data is “necessary to monitor compliance during your electronic monitoring conditions and therefore for the administration of the lawful enforcement of your immigration bail conditions”.
The Guardian: ‘UK plans GPS tracking of potential deportees by fingerprint scanners’
It Could Never Happen Here
As the first tranche of government-approved neo-bedsits open for business this kind of surveillance certainly could never happen here, could it?
“No one has exact numbers, but we’ve seen growing amounts of surveillance on buildings big and small,” Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project (STOP), told Motherboard. Cahn says that some examples include facial recognition and biometrics, automated noise and gunshot detection devices, and other systems that attempt to measure activity or movement inside private residences. “For me, it’s really alarming, because when you see the sales pitch for some of these products, it’s far more invasive than just seeing who’s at the front door,” he said.
VICE: ‘Meet The Spy Tech Companies Helping Landlords Evict People’
Policy Wonkery
The CJEU issued a significant judgment earlier in the week in Case C-154-21, RW v Österreichische Post. The headline on the press release [PDF] provides a good summary: “Every person has the right to know to whom his or her personal data have been disclosed”
The full judgment is here.
Regulators
The DPC fined Meta’s Facebook €210 million and Instagram €190 million and ordered them to bring their processing into compliance. The DPC also intimated it would be taking the EDPB to court. We were promised a WhatsApp decision too but it has not yet materialised. Links to the all the reading are below.
DPC: ‘Data Protection Commission announces conclusion of two inquiries into Meta Ireland’
The CNIL fined Apple €8 million for failing to get consent of French iPhone users before “depositing and/or writing identifiers used for advertising purposes on their terminals.”
The CNIL fined TikTok €5 million for failing to allow users to reject cookies as easily as they could accept them, and for not informing users in enough detail of the purposes of the cookies used by the platform.
The Finnish Supervisory Authority fined Viking Line €230,000 for unlawfully retaining the health data of employees.
What We’re Reading
-
“Put very simply, we’re going around the Irish regulator. We are going to court in the U.K. My case is based on some of the learning we’ve had over the last few years. Specifically, Facebook has consistently argued that it does not need to gather people’s consent for tracking and targeted advertising—despite what GDPR says. It essentially argues, “We don’t need your consent because you signed a contract, and the contract you signed means we are actually beholden to you—we’re contractually obliged to provide you with a personalized advertising experience.” What I’m doing with my case is basically taking the ball into a different playing field. I am drawing on a different right within GDPR, Article 21.2, which gives us all an absolute right to object to the use of our data for direct marketing. Under this provision, it doesn’t matter what contract I signed—or any other legal basis Facebook can argue—because the right is absolute. It simply allows me to say stop at any time to the profiling and ad targeting.” From an interview with Tanya O’Carroll by Julia Angwin for The Markup.
-
“As the debate between data protection advocates and critics becomes more polarised, it is more important than ever to establish a baseline for discussions by taking stock of current tracking practices. This briefing illustrates how leading internet companies track users across devices and services. It reviews the latest research and answers questions such as: Do companies track my browsing behaviour? Do mobile phones and apps share data in idle mode? Is my phone listening? Are recent anti-tracking features effective? The briefing is thematically related to the e-privacy regulation, artificial intelligence act and European digital identity (e-ID) framework proposals.” From a briefing document entitled ‘Unpacking ‘commercial surveillance’: The state of tracking [direct link to PDF] prepared by Hendrik Mildebrath of the European Parliamentary Research Service.
-
“The Board also dubbed the relationship between Meta and its users “imbalanced”, citing “grave breaches” of transparency obligations it said had “impacted the reasonable expectations of the users”, as well as criticizing the tech giant for presenting its services to users “in a misleading manner” — which led to the EDPB also finding a breach of the GDPR’s fairness principle as well as transparency failings.” Despite the misleading headline - Meta’s ads were not found unlawful - this is a decent piece of commentary from Natasha Lomas in Techcrunch on the DPC decisions on Facebook and Instagram.