May 23, 2021
Intransigence | The Cat Herder, Volume 4, Issue 19
| |
| May 23 · Issue #132 · View online |
|
|
Some glitches in the surveillance devices, an ‘inadvertent’ leak (as opposed to a deliberate one?) and some sage advice on what to do in the event that personal data is published by the HSE ransomware attackers.
😼
|
|
|
“Basically I could see every camera, their front door and backdoor bells, master bedroom, living room, garage, kitchen, their motion recordings, everything,” one Eufy owner noted. “I was wondering what was going on as it still had my email and name as signed in and noticed that some unknown email, I’m guessing of the Hawaii owner, was in my shared guest account.”
|
Server glitch allowed Eufy owners to see through other homes’ cameras - The Verge
The home security camera product suffered a server error on May 16th, exposing random home camera feeds to other users on the service.
|
|
|
A large number of customer files which were uploaded onto the MyHome.ie “customer relationship management (CRM) system” from 2014 were also, “unbeknownst” to the company, “automatically stored in a temporary folder on the MyHome.ie server”.
|
Personal data of MyHome.ie customers 'inadvertently' leaked online
The Data Protection Commissioner has been notified.
|
|
|
Intransigence is the correct word to use here. The GDPR became law over five years ago and will have been in effect for three years the day after tomorrow. Yet State bodies still appear unwilling to accept that the regulation imposes obligations on them.
|
“Even the most benign parent will eventually lose their patience,” he said of the DPC’s tolerance for State bodies’ intransigence on GDPR compliance. He said the context is a decision by the Data Protection Commissioner Helen Dixon last month to fine the Irish Credit Bureau €90,000 for a 2018 data breach which saw 1,062 incorrect account records disclosed to financial institutions. It was at the time the largest individual fine applied to an Irish company under GDPR.
|
HSE could face €1m fine for GDPR failings over cyber attack
HSE breach may see Data Protection Commission utilise the full extent of its fining powers on a State body for the first time, says expert
|
This is a widespread problem.
|
|
|
|
This phrasing in a news story exemplifies a widespread attitude towards data protection law by public authorities in Ireland. It is something to be 'got around', not complied with. https://t.co/RZyZxP4aXj
|
|
|
|
|
|
Motorola Solutions’ suite of products in its “safe schools solutions” line includes automated license plate readers, watch lists that send automatic alerts when people enter a building, and anonymous “tip” submission apps for students, according to a copy of the brochure shared with Motherboard. The document also advertises artificial intelligence-powered camera systems that purportedly detect “unusual motion,” track individuals using facial recognition as they move around a school, and allow staff to search through hours of video to find footage of a person simply by typing in their “physical descriptors.”
|
Tech Companies Want Schools to Use COVID Relief Money on Surveillance Tools
As schools reopen with billions in federal aid, surveillance vendors are hawking expensive tools like license plate readers and facial recognition.
|
|
Oh yes we did
|
Today's headlines: All political parties in State face probe over voter data use and Indian variant less contagious than feared - Independent.ie
Data Protection Commissioner Helen Dixon is to begin an unprecedented audit of all political parties following the controversy surrounding Sinn Féin’s secret internal voter database, the Abú system.
|
|
|
“Without robust data protection safeguards, there is a risk that the (trust in the) digital economy would not be sustainable. In other words, data re-use, sharing and availability may generate benefits, but also various types of risk of damages to the persons concerned and society as a whole, impacting individuals from an economic, political and social perspective.” The EDPB released a statement on the proposed Data Governance Act [ direct link to PDF].
|
|
|
The European Parliament adopted a resolution on data transfers after the Schrems II ruling which also “expresses disappointment with the Irish Data Protection Commission (‘DPC’) and its decision to initiate the Schrems court case instead of independently triggering enforcement procedures based on GDPR rules, while also criticising the DPC’s long processing times. Further to this, the resolution calls on the Commission to launch infringement procedures against Ireland for failing to effectively enforce the GDPR, and asks that national authorities across Europe halt transfers of data that could be accessed in bulk in the US if the Commission reaches an adequacy decision regarding that country.”
|
|
|
The ICO fined a company called Tested.me Ltd. £8,000 because, after participating in contact tracing by collecting personal data on behalf of businesses, which could be regarded as a good thing, it then found itself unable to resist doing a bad thing and sending the people whose data it had collected 84,000 marketing emails without consent. |
|
|
-
“So, for people who think this won’t matter to them and are not worried: that’s nice. I hope it stays fine for you. But for everyone else: all I can suggest is don’t let the worry consume you over the coming days. Save your energy for the alertness you will need later.” From an excellent Twitter thread by Daragh O Brien on how to prepare for the possible publication of personal information by those responsible for the HSE ransomware attack.
-
“Loss of privacy is a common dark pattern harm. For example, “today we treat personal information as currency — a depletable asset. We are trading that information to get all sorts of goods and services,” said Dr. Kelly Quinn. “It’s a form of deception.” Once that personal information is traded, you can’t get it back — and this is the dilemma. While there may not be obvious harm upon sharing that information in exchange for using the service in the moment, there may be more severe consequences later, as the information is aggregated or potentially leaked to bad actors. Additionally, “collective harms arise from the collection, aggregation, and use of data” which can lead to “predictions and inferences that can be made about a zip code or an area code,” explained Dr. McNealy.” From a recap of an FTC workshop panel discussion by Stephanie Nguyen and Jasmine McNealy, ‘The Impact of Dark Patterns on Communities of Color’.
- This Twitter thread by Nandini Jammi on the intersection of adtech and surveillance capitalism. “The smartest minds in America are figuring out how to get people to click on ads. The smartest minds in other countries are figuring out how to exploit our lax privacy standards to gain access to Americans’ personal data and further undermine our democracy.”
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Some glitches in the surveillance devices, an ‘inadvertent’ leak (as opposed to a deliberate one?) and some sage advice on what to do in the event that personal data is published by the HSE ransomware attackers.
😼
The home security camera product suffered a server error on May 16th, exposing random home camera feeds to other users on the service.
—
The Data Protection Commissioner has been notified.
Intransigence is the correct word to use here. The GDPR became law over five years ago and will have been in effect for three years the day after tomorrow. Yet State bodies still appear unwilling to accept that the regulation imposes obligations on them.
HSE breach may see Data Protection Commission utilise the full extent of its fining powers on a State body for the first time, says expert
This is a widespread problem.
As schools reopen with billions in federal aid, surveillance vendors are hawking expensive tools like license plate readers and facial recognition.
Data Protection Commissioner Helen Dixon is to begin an unprecedented audit of all political parties following the controversy surrounding Sinn Féin’s secret internal voter database, the Abú system.
“Without robust data protection safeguards, there is a risk that the (trust in the) digital economy would not be sustainable. In other words, data re-use, sharing and availability may generate benefits, but also various types of risk of damages to the persons concerned and society as a whole, impacting individuals from an economic, political and social perspective.” The EDPB released a statement on the proposed Data Governance Act [direct link to PDF].
—
The European Parliament adopted a resolution on data transfers after the Schrems II ruling which also “expresses disappointment with the Irish Data Protection Commission (‘DPC’) and its decision to initiate the Schrems court case instead of independently triggering enforcement procedures based on GDPR rules, while also criticising the DPC’s long processing times. Further to this, the resolution calls on the Commission to launch infringement procedures against Ireland for failing to effectively enforce the GDPR, and asks that national authorities across Europe halt transfers of data that could be accessed in bulk in the US if the Commission reaches an adequacy decision regarding that country.”
—
The ICO fined a company called Tested.me Ltd. £8,000 because, after participating in contact tracing by collecting personal data on behalf of businesses, which could be regarded as a good thing, it then found itself unable to resist doing a bad thing and sending the people whose data it had collected 84,000 marketing emails without consent.
-
“So, for people who think this won’t matter to them and are not worried: that’s nice. I hope it stays fine for you. But for everyone else: all I can suggest is don’t let the worry consume you over the coming days. Save your energy for the alertness you will need later.” From an excellent Twitter thread by Daragh O Brien on how to prepare for the possible publication of personal information by those responsible for the HSE ransomware attack.
-
“Loss of privacy is a common dark pattern harm. For example, “today we treat personal information as currency — a depletable asset. We are trading that information to get all sorts of goods and services,” said Dr. Kelly Quinn. “It’s a form of deception.” Once that personal information is traded, you can’t get it back — and this is the dilemma. While there may not be obvious harm upon sharing that information in exchange for using the service in the moment, there may be more severe consequences later, as the information is aggregated or potentially leaked to bad actors. Additionally, “collective harms arise from the collection, aggregation, and use of data” which can lead to “predictions and inferences that can be made about a zip code or an area code,” explained Dr. McNealy.” From a recap of an FTC workshop panel discussion by Stephanie Nguyen and Jasmine McNealy, ‘The Impact of Dark Patterns on Communities of Color’.
- This Twitter thread by Nandini Jammi on the intersection of adtech and surveillance capitalism. “The smartest minds in America are figuring out how to get people to click on ads. The smartest minds in other countries are figuring out how to exploit our lax privacy standards to gain access to Americans’ personal data and further undermine our democracy.”
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
