Hello Pravo Jazdy, My Old Friend | The Cat Herder, Volume 1, Issue 16

Welcome to Issue 16. We opened last week's newsletter as follows - "We do wish we didn't have to keep   November 18 · Issue #16 · View online Welcome to Issue 16. We opened last week’s newsletter as follows - “We do wish we didn’t have to keep writing about Facebook but Facebook keeps doing what Facebook does best: displaying scant regard for human rights, ethical norms and the consequences of its own actions.” Perhaps we should just keep that as a permanent introduction. If you haven’t heard the latest about Facebook then you’re possibly better off. If you really want to find out, start here. Meanwhile, on with the rest of the show. 😼 “It’s unbelievable that someone who has not touched computers is responsible for cybersecurity policies,” said opposition lawmaker Masato Imai. System error: Japan cybersecurity minister admits he has never used a computer | The Guardian www.theguardian.com – Share Yoshitaka Sakurada also seemed confused by the concept of a USB drive when asked in parliament Yes it will. London cops have broken data protection rules by using a controversial database that ranks people’s likelihood of gang-related violence but fails to distinguish between victims and perps, and low and high-risk people. Read this and marvel. It’s impossible to pick out any particularly awful parts because the entire thing is a parade of incompetence and ineptness leading to real harm to individuals. 'Unjustifiably excessive': Not even London cops can follow law with their rubbish gang database | The Register www.theregister.co.uk – Share As to the possibility of something similar happening in Ireland, we say Prawo Jazdy. In their continuing quest to keep regulators busy, Privacy International filed complaints with data protection authorities in Ireland, the UK and France about a rogues’ gallery of shadowy profilers. Oracle, Acxiom, Criteo, Quantcast, Tapad, Equifax and Experian to be exact. Household names all. “The data broker and ad-tech industries are premised on exploiting people’s data. Most people have likely never heard of these companies, and yet they are amassing as much data about us as they can and building intricate profiles about our lives,” said PI lawyer Ailidh Callander. “GDPR sets clear limits on the abuse of personal data. PI’s complaints set out why we consider these companies’ practices are failing to meet the standard—yet we’ve only been able to scratch the surface with regard to their data exploitation practices.” Privacy International Files GDPR Complaints Against Oracle and Equifax | Fortune fortune.com – Share The NGO alleges that seven data brokers, ad tech companies and credit reference outfits are breaking EU law in the way they use data. In other adtech news, the CNIL found an awful lot of unexplained personal data lying around a smallish French adtech firm’s office. Have a read of this entire thread for some more eye-popping numbers. Johnny Ryan @johnnyryan When CNIL inspected the company's offices, it found "24,688,863 advertising identifiers received by the company from bid requests". That's the personal data and location of 24.7 million people, collected illegally from RTB bid requests. https://t.co/93hNMewUZk https://t.co/mKRrK16OKh 5:52 PM - 16 Nov 2018 Robin Berjon provides some more excellent analysis here. In short, this has enormous implications for the entire invalid way the adtech industry has attempted to manage their GDPR obligations. No, you can’t hand around consent as if it’s some kind of trading card. Yes they did. Despite being slapped on the wrist last year Google is finding it impossible to keep its thirsty tentacles out of the oasis of health data its subsidiary DeepMind has questionable access to in the UK. Now that Streams is a Google product itself, that promise appears to have been broken, says privacy researcher Julia Powles: “Making this about semantics is a sleight of hand. DeepMind said it would never connect Streams with Google. The whole Streams app is now a Google product. That is an atrocious breach of trust, for an already beleaguered product.” Google 'betrays patient trust' with DeepMind Health move | Technology | The Guardian www.theguardian.com – Share Moving healthcare subsidiary into main company breaks pledge that ‘data will not be connected to Google accounts’ In a u-turn which could win awards for style, speed and shamelessness technology companies are suddenly in a tearing hurry to be regulated in the United States. Begging for federal privacy and data protection legislation. The catch being that they’d like to significantly contribute to any legislation. Intel have even gone so far as to eschew the usual channels of influence and helpful submissions and write a whole Bill of their own. As CPO Magazine reports, this would involve some sort of certification in which companies would promise they were doing only good and noble things with user data and, most importantly, would protect the companies from the prospect of civil actions resulting from misuse and loss of data. Fines would be a possible sanction, capped at $1bn. This is interesting as it indicates the large tech companies are more concerned about civil actions than administrative fines, both of which are possible under the GDPR. Is there a new DPC website yet? No When is it due? Soon When did the GDPR become enforceable? May 25th 2018 What date is it today? November 18th 2018  ‘Targeted Advertising Is Ruining the Internet and Breaking the World’ says Dr. Nathalie Maréchal in her contribution to Motherboard’s “third annual theme week dedicated to the future of hacking and cybersecurity”. While the piece itself is excellent we’re impressed with Motherboard / VICE’s dedication to their theme as the page is served up with a sizzling side order of trackers from Google, Adobe, Krux, Moat, Nielsen, comScore, AdSafe Media and New Relic. Now feels like a good time to revisit Anil Dash‘s '12 Things Everyone Should Know About Tech’ from earlier this year. None of this is inevitable. —- Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster this newsletter will be in your inbox again next weekend. See you then. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Welcome to Issue 16. We opened last week’s newsletter as follows - “We do wish we didn’t have to keep writing about Facebook but Facebook keeps doing what Facebook does best: displaying scant regard for human rights, ethical norms and the consequences of its own actions.” Perhaps we should just keep that as a permanent introduction. If you haven’t heard the latest about Facebook then you’re possibly better off. If you really want to find out, start here. Meanwhile, on with the rest of the show.

😼

Yoshitaka Sakurada also seemed confused by the concept of a USB drive when asked in parliament

Read this and marvel. It’s impossible to pick out any particularly awful parts because the entire thing is a parade of incompetence and ineptness leading to real harm to individuals.

As to the possibility of something similar happening in Ireland, we say Prawo Jazdy.

In their continuing quest to keep regulators busy, Privacy International filed complaints with data protection authorities in Ireland, the UK and France about a rogues’ gallery of shadowy profilers. Oracle, Acxiom, Criteo, Quantcast, Tapad, Equifax and Experian to be exact. Household names all.

The NGO alleges that seven data brokers, ad tech companies and credit reference outfits are breaking EU law in the way they use data.

In other adtech news, the CNIL found an awful lot of unexplained personal data lying around a smallish French adtech firm’s office. Have a read of this entire thread for some more eye-popping numbers.

Robin Berjon provides some more excellent analysis here. In short, this has enormous implications for the entire invalid way the adtech industry has attempted to manage their GDPR obligations. No, you can’t hand around consent as if it’s some kind of trading card.

Despite being slapped on the wrist last year Google is finding it impossible to keep its thirsty tentacles out of the oasis of health data its subsidiary DeepMind has questionable access to in the UK.

Moving healthcare subsidiary into main company breaks pledge that ‘data will not be connected to Google accounts’

In a u-turn which could win awards for style, speed and shamelessness technology companies are suddenly in a tearing hurry to be regulated in the United States. Begging for federal privacy and data protection legislation. The catch being that they’d like to significantly contribute to any legislation. Intel have even gone so far as to eschew the usual channels of influence and helpful submissions and write a whole Bill of their own.

As CPO Magazine reports, this would involve some sort of certification in which companies would promise they were doing only good and noble things with user data and, most importantly, would protect the companies from the prospect of civil actions resulting from misuse and loss of data.

Fines would be a possible sanction, capped at $1bn. This is interesting as it indicates the large tech companies are more concerned about civil actions than administrative fines, both of which are possible under the GDPR.

Is there a new DPC website yet? No

When is it due? Soon

When did the GDPR become enforceable? May 25th 2018

What date is it today? November 18th 2018 

‘Targeted Advertising Is Ruining the Internet and Breaking the World’ says Dr. Nathalie Maréchal in her contribution to Motherboard’s “third annual theme week dedicated to the future of hacking and cybersecurity”. While the piece itself is excellent we’re impressed with Motherboard / VICE’s dedication to their theme as the page is served up with a sizzling side order of trackers from Google, Adobe, Krux, Moat, Nielsen, comScore, AdSafe Media and New Relic.

Now feels like a good time to revisit Anil Dash‘s '12 Things Everyone Should Know About Tech’ from earlier this year. None of this is inevitable.

—-

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster this newsletter will be in your inbox again next weekend. See you then.

If you know someone who might enjoy this newsletter do please forward it on to them.