September 18, 2022
Indiscriminate Rifling | The Cat Herder, Volume 5, Issue 36
| |
| September 18 · Issue #198 · View online |
|
|
Underfunded regulators, DNA, a decision and a binding decision. Lots to read this week. 😼
|
|
|
“We are deeply concerned that the 2023 budget, if not substantially increased, will be significantly too small to allow the EDPB and the EDPS to fulfil their tasks appropriately,” Andrea Jelinek, Chair of the European Data Protection Board (EDPB), and Wojciech Wiewiórowski, European Data Protection Supervisor (EDPS), write in an Open Letter to the European Parliament and the European Council.
|
Wojciech Wiewiórowski said: “The public expects data protection authorities to deliver the promise of the GDPR. This also relies, however, on our ability to ensure effective cooperation and run robust cases, supported with high quality legal analysis. Current scarce resources create a serious obstacle - to the detriment of EU citizens. Our concerns have been echoed by civil society, academia and policymakers gathered at the EDPS Conference on The Future of Data Protection, which I take as a sign of acknowledgement of importance of adequate funding for the EDPB and the EDPS”.
|
EDPB & EDPS: “Lack of resources puts enforcement of individuals’ data protection rights at risk” | European Data Protection Supervisor
|
|
|
It is a truth universally acknowledged that a law enforcement agency in possession of a database of intimately personal information must use that database for completely unrelated and unexpected purposes.
|
Her legal filing says police had a “standard practice” of putting the DNA of victims of crime into a permanent database - without the victims knowing. “Law enforcement officers test the victims’ DNA for matches in every subsequent criminal investigation in which genetic material is recovered without any reasonable basis to suspect the victims are in any way connected to these completely unrelated crime scenes,” her lawyers write. “[She], a sexual assault survivor, was re-victimised by this unconstitutional practice.” The legal filing argues that the woman - known only by the pseudonym Jane Doe - probably had her DNA tested thousands of times over the course of six years.
|
Sexual assault victim whose DNA was used to arrest her sues San Francisco - BBC News
A woman whose DNA from a rape kit was later used to arrest her is taking San Francisco to court.
|
|
|
As something of a corollary to the above, law enforcement agencies will routinely assemble databases without any particular lawful basis, just because they can and they want to.
|
The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant — two details not previously known about the database — have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years.
|
DHS built huge database from cellphones, computers seized at border - The Washington Post
U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they’ve compiled from travelers’ devices.
|
|
|
|
|
The DPC’s decision in the Instagram investigation which led to the fine of €405 million and other sanctions has been published, as has the EDPB’s Article 65 binding decision. The former is just over 250 pages long, the latter a slimmer 65 pages.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
“There was a perception with GDPR that when it came into effect, the very next day, the DPC would start levying huge fines and start holding people to account but that ignored the reality that the DPC had to ramp up its organisation and that details of the legislation needed to be ironed out. If you look at other changes to EU law, it took competition law nearly eight years to land its first large fines and enforcements, so we’re doing reasonably well when it comes to GDPR.” Daragh O Brien of Castlebridge, quoted in ‘Reality bytes: Data watchdog bares its teeth again’ by Brian O'Donovan for RTE News.
-
“What’s challenging is that there isn’t a lot of research, especially in the space of data and technology, about the efficacy of these techniques. If there is any research that’s available, it is almost always provided by the technology company and not independently verified. Schools find themselves in a position of being asked to do more and yet are not given the tools or the information to make informed decisions. When you pair that urgency to act with a lack of information, it almost inevitably leads to poor decision-making.” From an interview with Elizabeth Laird by Julia Angwin, ‘Back to Surveillance School’.
-
“The protection of personal data is of fundamental importance to a person’s enjoyment of their right to respect for private and family life, home and correspondence, as guaranteed by Article 8 of the European Convention on Human Rights. The European Court of Human Rights has noted in its case law that technological developments with regard to the “automatic processing” of data had led, over the last decades, to enormous challenges for personal data protection, in particular with regard to modern operational possibilities of surveillance, interception of communications and/or data retention.” From the introduction to a ‘New thematic factsheet on Personal Data Protection’ published by the imposingly named Department for the Execution of the Judgments of the European Court of Human Rights.
-
“As more commerce has moved online, dark patterns have grown in scale and sophistication, allowing companies to develop complex analytical techniques, collect more personal data, and experiment with dark patterns to exploit the most effective ones. The staff report, which stems from a workshop the FTC held in April 2021, examined how dark patterns can obscure, subvert, or impair consumer choice and decision-making and may violate the law.” From the introduction to a new staff report from the Federal Trade Commission, ‘Bringing Dark Patterns to Light’.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Underfunded regulators, DNA, a decision and a binding decision. Lots to read this week.
😼
It is a truth universally acknowledged that a law enforcement agency in possession of a database of intimately personal information must use that database for completely unrelated and unexpected purposes.
A woman whose DNA from a rape kit was later used to arrest her is taking San Francisco to court.
As something of a corollary to the above, law enforcement agencies will routinely assemble databases without any particular lawful basis, just because they can and they want to.
U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they’ve compiled from travelers’ devices.
→ archived version
The DPC’s decision in the Instagram investigation which led to the fine of €405 million and other sanctions has been published, as has the EDPB’s Article 65 binding decision. The former is just over 250 pages long, the latter a slimmer 65 pages.
Data Protection Commission: ‘In the matter of Meta Platforms Ireland Limited, formerly Facebook Ireland Limited, and the “Instagram” social media network, IN-20-7-4’ [PDF, 253 pages]
European Data Protection Board: ‘Binding Decision 2/2022 on the dispute arisen on the draft decision of the Irish Supervisory Authority regarding Meta Platforms Ireland Limited (Instagram) under Article 65(1)(a) GDPR’ [PDF, 65 pages]
—
The DPC also announced it has submitted its Article 60 draft decision on an inquiry into TikTok which was commenced last September.
—
The South Korean Personal Information Protection Commission fined Google and Meta a combined 100 billion won (~€72 million) “for collecting personal information without users’ consent and using it for personalized online advertising and other purposes”.
-
“There was a perception with GDPR that when it came into effect, the very next day, the DPC would start levying huge fines and start holding people to account but that ignored the reality that the DPC had to ramp up its organisation and that details of the legislation needed to be ironed out. If you look at other changes to EU law, it took competition law nearly eight years to land its first large fines and enforcements, so we’re doing reasonably well when it comes to GDPR.” Daragh O Brien of Castlebridge, quoted in ‘Reality bytes: Data watchdog bares its teeth again’ by Brian O'Donovan for RTE News.
-
“What’s challenging is that there isn’t a lot of research, especially in the space of data and technology, about the efficacy of these techniques. If there is any research that’s available, it is almost always provided by the technology company and not independently verified. Schools find themselves in a position of being asked to do more and yet are not given the tools or the information to make informed decisions. When you pair that urgency to act with a lack of information, it almost inevitably leads to poor decision-making.” From an interview with Elizabeth Laird by Julia Angwin, ‘Back to Surveillance School’.
-
“The protection of personal data is of fundamental importance to a person’s enjoyment of their right to respect for private and family life, home and correspondence, as guaranteed by Article 8 of the European Convention on Human Rights. The European Court of Human Rights has noted in its case law that technological developments with regard to the “automatic processing” of data had led, over the last decades, to enormous challenges for personal data protection, in particular with regard to modern operational possibilities of surveillance, interception of communications and/or data retention.” From the introduction to a ‘New thematic factsheet on Personal Data Protection’ published by the imposingly named Department for the Execution of the Judgments of the European Court of Human Rights.
-
“As more commerce has moved online, dark patterns have grown in scale and sophistication, allowing companies to develop complex analytical techniques, collect more personal data, and experiment with dark patterns to exploit the most effective ones. The staff report, which stems from a workshop the FTC held in April 2021, examined how dark patterns can obscure, subvert, or impair consumer choice and decision-making and may violate the law.” From the introduction to a new staff report from the Federal Trade Commission, ‘Bringing Dark Patterns to Light’.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
