January 30, 2022
High-fives and Handstands | The Cat Herder, Volume 5, Issue 03
| |
| January 30 · Issue #165 · View online |
|
|
An unplanned data-sharing / further processing / ‘my data is going where?’ special. The strange rage of the county councillor. The ongoing struggles of the Irish state to grasp the basics of data protection law in the form of the Birth Information and Tracing Bill. 😼
|
|
|
|
|
The nonprofit “may have legal consent, but do they have actual meaningful, emotional, fully understood consent?” asked Jennifer King, the privacy and data policy fellow at the Stanford University Institute for Human-Centered Artificial Intelligence. Those disclosure terms also note that Meta’s Facebook Messenger and WhatsApp services can access the content of conversations taking place through those platforms. (Before this article was published, Meta confirmed that it has access to that data but says it does not use any of it, except for cases involving risk of imminent harm. After publication, WhatsApp clarified that it and Meta have no access to the contents of messages occurring via WhatsApp.) Former federal regulator Jessica Rich said she thought it would be “problematic” for third-party companies to have access even to anonymized data, though she cautioned that she was unfamiliar with the companies involved. “It would be contrary to what the expectations are when distressed consumers are reaching out to this nonprofit,” said Rich, a former director of the Federal Trade Commission’s Bureau of Consumer Protection. She later added: “The fact that the data is transferred to a for-profit company makes this much more troubling and could give the FTC an angle for asserting jurisdiction.”
|
Suicide hotline shares data with for-profit spinoff, raising ethical questions - POLITICO
The Crisis Text Line’s AI-driven chat service has gathered troves of data from its conversations with people suffering life’s toughest situations.
|
|
|
|
|
|
I downloaded all the data Amazon has on me, and honestly the creepiest thing about it is that they sent me the *actual audio files* of every time I spoke* to Amazon Alexa
*years ago when I was young and foolish about surveillance https://t.co/XH4Lp4bDob
|
|
|
|
|
|
Selling data from the Muslim prayer apps could subject those who use them to surveillance, said Jamal Ahmed, the CEO of the privacy consultancy firm Kazient Privacy. “As Muslim organizations, when you are collecting information or when you are developing technology, you have to uphold that trust … that individuals are handing over to you,” Ahmed said. “You have a moral and religious obligation to do that, especially if you think about how targeted Muslims are around the world right now.” Other sensitive apps also sold data to X‑Mode, including Bro, which accesses location data to find other users in the area to connect with. Eric Silverberg, CEO of the gay dating app SCRUFF, said apps that serve the LGBTQ+ community shouldn’t share or sell such data. “Any use of that data beyond that service poses unique and disproportionate risks and threats to any minority community, period. Especially the LGBTQ+ community, because we face unique risks in places all over the world, and in the United States,” he said.
|
Gay/Bi Dating App, Muslim Prayer Apps Sold Data on People’s Location to a Controversial Data Broker – The Markup
The Markup identified 107 apps that sold data to X‑Mode in 2018 and 2019
|
|
|
The fury over Limerick City and County Council’s failure to operate a widespread surveillance system lawfully continued during the week. Angry councillors blamed MEPs and suggested that investigations of possible breaches of the law should not extend to anything which had happened in the past. Which if applied across the board would presumably delight the criminals who another councillor claimed were “dancing in their cells”.
|
|
|
|
|
The European Commission said today that it’s written to WhatsApp asking it to clarify the changes and explain how — or, well, whether — they comply with the bloc’s consumer protection law. It added that WhatsApp must better inform consumers about its use of their data. A complaint against WhatsApp’s updated T&Cs was filed by a number of EU-based consumer protection organizations back in July. It called out how aggressively the Facebook/Meta-owned messaging giant has been pushing the opaque terms on users, via “persistent, recurrent and intrusive notifications”, and (at least initially) giving people little time to consider what the changes might mean and whether they wanted to agree to them. |
|
|
|
|
The EDPB published its draft guidelines for public consultation which we mentioned last week. You can read them here [direct link to PDF]. |
|
|
|
|
-
“The Bill restricts the type of information that TUSLA and the AAI must provide to those who request their personal files. By way of two examples: the Bill states that information provided to a person about their siblings will not include siblings’ identities; and ‘care information’ provided will not identify a parent or other relative who made contact with or enquired after a child. The Bill also creates a parallel, restrictive process of access to publicly registered birth certificates: while the general public continue to be entitled automatically to retrieve any person’s birth record from the General Register Office, certain adopted people and people formerly in ‘care’ as a child will be forced into a lengthy, intrusive and discriminatory information sharing procedure and ‘information session’ to instruct them about others’ privacy rights.” From ‘Birth Information and Tracing Bill: An Analysis’ by Maeve O'Rourke.
-
“This investigation reveals gambling platforms operating in conjunction with a wider network of third parties. Even limited browsing of 37 visits to gambling websites led to 2,154 data transmissions to 83 domains controlled by 44 different companies that range from well-known platforms like Facebook and Google to lesser-known surveillance technology companies like Signal and Iovation, enabling these actors to embed imperceptible monitoring software during a user’s browsing experience. A number of these third-party companies receive behavioural data from gambling platforms in real-time, including information on how often individuals gambled, how much they were spending, and their value to the company if they returned to gambling after lapsing. Several third-party companies, including Signal, MediaMath, Facebook, Google and Microsoft, also received detailed behavioural data from SBG on activities, for example, when a cash amount had been deposited. Along with this data, several companies also received personal identifiers. Several companies also received the customer ID or the SBG username, whereas another company received data on every spin.” From ‘Investigation reveals scale of behavioural surveillance by online gambling firms’, authored by Wolfie Christl for Cracked Labs in conjunction with Clean Up Gambling.
-
“The eleven categories of data misuse demonstrate that access to personal information can be a powerful instrument (and sometimes even a necessary precondition) for harming, discriminating, influencing, and oppressing people. Importantly, many of these threats are independent from the victim’s law-abidance and may therefore also affect people who supposedly have “nothing to hide”. In conclusion, the protection of personal data and the regulation of its use are issues of enormous importance that should concern all of society. The ultimate purpose of personal data protection is not to protect data, but to protect people against the harms resulting from data disclosure and misuse.” From ‘How Data Can Be Used Against People: A Classification of Personal Data Misuses’ by Jacob Leon Kröger, Milagros Miceli, and Florian Müller.
-
“This enables the adtech company, who Alice has probably never heard of, to target ads to Alice based on her past behaviour on multiple different websites. Some of these vectors for tracking — the browser, the search engine, the adtech company — might also be owned and operated by the same company, enabling it to track Alice’s activities in multiple ways. With the advent of smartphones and internet-of-things devices, the vectors for tracking have increased; now Alice might be tracked in physical space by the apps (and operating system) accessing the GPS system on her phone, and her conversations might be listened in on by the smart speaker in her living room. All of this activity is increasingly tied together across these different devices to build ever-more detailed and proliferating personal profiles.” From ‘Tracking on the Web, Mobile and the Internet-of-Things’ by Reuben Binns.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
https://www.limerickleader.ie/news/home/729910/limerick-councillor-claims-criminals-are-celebrating-cctv-data-ruling.html
|
|
https://www.limerickleader.ie/news/home/729910/limerick-councillor-claims-criminals-are-celebrating-cctv-data-ruling.html
|
|
https://www.limerickleader.ie/news/home/729910/limerick-councillor-claims-criminals-are-celebrating-cctv-data-ruling.html
|
Limerick councillor claims ‘criminals are celebrating CCTV data ruling’ - Limerick Leader
“CRIMINALS are doing high-fives and handstands,” declared Fine Gael councillor Liam Galvin. “We cannot protect our towns and villages without C…
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
An unplanned data-sharing / further processing / ‘my data is going where?’ special. The strange rage of the county councillor. The ongoing struggles of the Irish state to grasp the basics of data protection law in the form of the Birth Information and Tracing Bill.
😼
The Crisis Text Line’s AI-driven chat service has gathered troves of data from its conversations with people suffering life’s toughest situations.
The Markup identified 107 apps that sold data to X‑Mode in 2018 and 2019
The fury over Limerick City and County Council’s failure to operate a widespread surveillance system lawfully continued during the week. Angry councillors blamed MEPs and suggested that investigations of possible breaches of the law should not extend to anything which had happened in the past. Which if applied across the board would presumably delight the criminals who another councillor claimed were “dancing in their cells”.
Limerick Leader: ‘Limerick councillor claims ‘criminals are celebrating CCTV data ruling’’
Techcrunch: ‘WhatsApp quizzed over consumer protection concerns in EU’
—
The EDPB published its draft guidelines for public consultation which we mentioned last week. You can read them here [direct link to PDF].
—
-
“The Bill restricts the type of information that TUSLA and the AAI must provide to those who request their personal files. By way of two examples: the Bill states that information provided to a person about their siblings will not include siblings’ identities; and ‘care information’ provided will not identify a parent or other relative who made contact with or enquired after a child. The Bill also creates a parallel, restrictive process of access to publicly registered birth certificates: while the general public continue to be entitled automatically to retrieve any person’s birth record from the General Register Office, certain adopted people and people formerly in ‘care’ as a child will be forced into a lengthy, intrusive and discriminatory information sharing procedure and ‘information session’ to instruct them about others’ privacy rights.” From ‘Birth Information and Tracing Bill: An Analysis’ by Maeve O'Rourke.
-
“This investigation reveals gambling platforms operating in conjunction with a wider network of third parties. Even limited browsing of 37 visits to gambling websites led to 2,154 data transmissions to 83 domains controlled by 44 different companies that range from well-known platforms like Facebook and Google to lesser-known surveillance technology companies like Signal and Iovation, enabling these actors to embed imperceptible monitoring software during a user’s browsing experience. A number of these third-party companies receive behavioural data from gambling platforms in real-time, including information on how often individuals gambled, how much they were spending, and their value to the company if they returned to gambling after lapsing. Several third-party companies, including Signal, MediaMath, Facebook, Google and Microsoft, also received detailed behavioural data from SBG on activities, for example, when a cash amount had been deposited. Along with this data, several companies also received personal identifiers. Several companies also received the customer ID or the SBG username, whereas another company received data on every spin.” From ‘Investigation reveals scale of behavioural surveillance by online gambling firms’, authored by Wolfie Christl for Cracked Labs in conjunction with Clean Up Gambling.
-
“The eleven categories of data misuse demonstrate that access to personal information can be a powerful instrument (and sometimes even a necessary precondition) for harming, discriminating, influencing, and oppressing people. Importantly, many of these threats are independent from the victim’s law-abidance and may therefore also affect people who supposedly have “nothing to hide”. In conclusion, the protection of personal data and the regulation of its use are issues of enormous importance that should concern all of society. The ultimate purpose of personal data protection is not to protect data, but to protect people against the harms resulting from data disclosure and misuse.” From ‘How Data Can Be Used Against People: A Classification of Personal Data Misuses’ by Jacob Leon Kröger, Milagros Miceli, and Florian Müller.
-
“This enables the adtech company, who Alice has probably never heard of, to target ads to Alice based on her past behaviour on multiple different websites. Some of these vectors for tracking — the browser, the search engine, the adtech company — might also be owned and operated by the same company, enabling it to track Alice’s activities in multiple ways. With the advent of smartphones and internet-of-things devices, the vectors for tracking have increased; now Alice might be tracked in physical space by the apps (and operating system) accessing the GPS system on her phone, and her conversations might be listened in on by the smart speaker in her living room. All of this activity is increasingly tied together across these different devices to build ever-more detailed and proliferating personal profiles.” From ‘Tracking on the Web, Mobile and the Internet-of-Things’ by Reuben Binns.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
“CRIMINALS are doing high-fives and handstands,” declared Fine Gael councillor Liam Galvin. “We cannot protect our towns and villages without C…
