Location Location Location | The Cat Herder, Volume 5, Issue 41

Smart meters, unjustified and non-transparent retention by the Gardaí, location data, the Catholic ch   October 23 · Issue #203 · View online Smart meters, unjustified and non-transparent retention by the Gardaí, location data, the Catholic church and the DPC, everything is adtech and yet another appearance by frequent guests on this newletter, Clearview AI. 😼 There is seemingly no end to the amount of Very Bad Ideas which are bubbling away in Westminster these days. Al Ghaff @GhaffAl 🚨🚨🚨 The Government has announced that it’ll be collecting all electricity & gas meter readings for 10 years (all linked to your identify) through Energy Price Guarantee scheme & shared across Govt, & with agencies, police etc. And no opt out!!! https://t.co/YVpIxCWoQ0 4:14 PM - 17 Oct 2022 Gov.UK: ‘Use of electricity meter and gas meter personal data collected through the Energy Price Guarantee scheme privacy notice’ An Garda Síochána is “retaining files on people who have been cleared of producing or sharing child sexual abuse material”. An Garda Síochána is also defending this practice because it has a “rationale”. Gardaí say the data is also retained as reference and intelligence material in respect of future investigations in the event that additional information is referred to An Garda Síochána concerning the data subjects. One of the rationales for the entire field of data protection is that personal data should not be collected or stored without a purpose and a lawful basis. ‘Because it might be useful later’ is not now and has never been a valid purpose or a lawful basis. This has only become more and more important over the last couple of decades as the ability to acquire large amounts of personal data has become much, much easier, and the cost of storing this data has come close to negligible. Simon McGarr goes into some detail about the rationale(s) offered up by AGS: As for the National Archives Act, the Gardaí seem to suggest that (a) a national law could compel indefinite retention of everything, over-ruling EU law so that (b) some time in the future people’s holiday snaps of their children would be deposited with the National Archives. Uh… really? The Gist: The Sandcastle Files www.thegist.ie – Share The Irish police are opening files on innocent people and their kids, unrelated to any crime, without a legal basis. This is the Gist. The Irish Council for Civil Liberties has a lot of the background information on this situation here, and has complained to the DPC about it. Every platform company becomes an ad network eventually. “Uber never misses an opportunity to push the boundaries on how extractive and exploitative a company is allowed to be,” Chris Gilliard, Just Tech Fellow at the Social Science Research Council, told Motherboard. “Using the granular details gleaned from people’s travels as fodder for advertising poses a threat to anyone who doesn’t want the intimate details of where they worship, who they date or what medical conditions they have being sold to the highest bidder. This news reaffirms that Uber is a surveillance company masquerading as a transportation company.” Uber Will Start Serving You Targeted Ads Based On Where You Go www.vice.com – Share As above, have location data, will misuse it. But the material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists. TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens www.forbes.com – Share The project, assigned to a Beijing-led team, would have involved accessing location data from some U.S. users’ devices without their knowledge or consent. A man has launched High Court proceedings over what he claims is the Data Protection Commission’s failure to complete an investigation of a complaint he made over the Catholic Church’s refusal to destroy records it has about him. Martin Meany has brought judicial review proceedings against the DPC over a complaint the court heard that he made in May 2018 about the Roman Catholic Church. Man takes court challenge over retention of data by Catholic Church www.rte.ie – Share A man has launched High Court proceedings over what he claims is the Data Protection Commission’s failure to complete an investigation of a complaint he made over the Catholic Church’s refusal to destroy records it has about him. — The CNIL fined Clearview AI €20m and ordered it “to stop collecting and using data on individuals in France without a legal basis and to delete the data already collected.” Unsurprsingly, Clearview ain’t cooperating. — “In our view, following the Opinion of the AG Sánchez-Bordona, the CJEU would put at risk the balance between the objectives of the GDPR – the protection of individuals and the free movement of personal data – favouring the latter. First, procedural burdens in disputes against economic actors would make Article 82 GDPR practically ineffective for natural persons; secondly, the opportunity to seal the data protection system with its enforcement deficit would be lost; and finally, national courts might be left with too much decisional leeway, resulting in the risk of forum shopping. That said, a data-subject-friendly interpretation and further clarifying criteria on the concept of non-material damage in the awaited judgment of the Court would be desirable.” From ‘Towards a data-subject-friendly interpretation of Article 82 GDPR’ by Hubert Bekisz and Dominik Dworniczak for Verfassungsblog. “First, it is important to understand that unauthorized location tracking is one of the most dangerous and pernicious data practices out there. This data can reveal where we live, where we work, where we worship, where our kids go to school, what healthcare we seek, and more. Location data in the hands of the wrong entity can create significant risks, including to physical safety. Stalkers and other harassers can use it to target at-risk individuals. And even the potential of being tracked can cause fear, stress, or harm.” From this Twitter thread by Alan Butler in response to the Forbes story above about TikTok’s apparently unlawful use of retained location data. “WhatsApp, on the other hand, collects the information about your profile, your profile photo, who is talking to whom, who is a group member. That is powerful metadata. It is particularly powerful — and this is where we have to back out into a structural argument — for a company to collect the data that is also owned by Meta/Facebook. Facebook has a huge amount, just unspeakable volumes, of intimate information about billions of people across the globe. It is not trivial to point out that WhatsApp metadata could easily be joined with Facebook data, and that it could easily reveal extremely intimate information about people. The choice to remove or enhance the encryption protocols is still in the hands of Facebook. We have to look structurally at what that organization is, who actually has control over these decisions, and at some of these details that often do not get discussed when we talk about message encryption overall.” From an interview with Signal president Meredith Whittaker in The Verge. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Smart meters, unjustified and non-transparent retention by the Gardaí, location data, the Catholic church and the DPC, everything is adtech and yet another appearance by frequent guests on this newletter, Clearview AI.

😼

There is seemingly no end to the amount of Very Bad Ideas which are bubbling away in Westminster these days.

Gov.UK: ‘Use of electricity meter and gas meter personal data collected through the Energy Price Guarantee scheme privacy notice’

An Garda Síochána is “retaining files on people who have been cleared of producing or sharing child sexual abuse material”.

An Garda Síochána is also defending this practice because it has a “rationale”.

One of the rationales for the entire field of data protection is that personal data should not be collected or stored without a purpose and a lawful basis. ‘Because it might be useful later’ is not now and has never been a valid purpose or a lawful basis. This has only become more and more important over the last couple of decades as the ability to acquire large amounts of personal data has become much, much easier, and the cost of storing this data has come close to negligible.

Simon McGarr goes into some detail about the rationale(s) offered up by AGS:

The Irish police are opening files on innocent people and their kids, unrelated to any crime, without a legal basis. This is the Gist.

The Irish Council for Civil Liberties has a lot of the background information on this situation here, and has complained to the DPC about it.

Every platform company becomes an ad network eventually.

As above, have location data, will misuse it.

The project, assigned to a Beijing-led team, would have involved accessing location data from some U.S. users’ devices without their knowledge or consent.

A man has launched High Court proceedings over what he claims is the Data Protection Commission’s failure to complete an investigation of a complaint he made over the Catholic Church’s refusal to destroy records it has about him.

—

The CNIL fined Clearview AI €20m and ordered it “to stop collecting and using data on individuals in France without a legal basis and to delete the data already collected.”

Unsurprsingly, Clearview ain’t cooperating.

—

• “In our view, following the Opinion of the AG Sánchez-Bordona, the CJEU would put at risk the balance between the objectives of the GDPR – the protection of individuals and the free movement of personal data – favouring the latter. First, procedural burdens in disputes against economic actors would make Article 82 GDPR practically ineffective for natural persons; secondly, the opportunity to seal the data protection system with its enforcement deficit would be lost; and finally, national courts might be left with too much decisional leeway, resulting in the risk of forum shopping. That said, a data-subject-friendly interpretation and further clarifying criteria on the concept of non-material damage in the awaited judgment of the Court would be desirable.” From ‘Towards a data-subject-friendly interpretation of Article 82 GDPR’ by Hubert Bekisz and Dominik Dworniczak for Verfassungsblog.
• “First, it is important to understand that unauthorized location tracking is one of the most dangerous and pernicious data practices out there. This data can reveal where we live, where we work, where we worship, where our kids go to school, what healthcare we seek, and more. Location data in the hands of the wrong entity can create significant risks, including to physical safety. Stalkers and other harassers can use it to target at-risk individuals. And even the potential of being tracked can cause fear, stress, or harm.” From this Twitter thread by Alan Butler in response to the Forbes story above about TikTok’s apparently unlawful use of retained location data.
• “WhatsApp, on the other hand, collects the information about your profile, your profile photo, who is talking to whom, who is a group member. That is powerful metadata. It is particularly powerful — and this is where we have to back out into a structural argument — for a company to collect the data that is also owned by Meta/Facebook. Facebook has a huge amount, just unspeakable volumes, of intimate information about billions of people across the globe. It is not trivial to point out that WhatsApp metadata could easily be joined with Facebook data, and that it could easily reveal extremely intimate information about people. The choice to remove or enhance the encryption protocols is still in the hands of Facebook. We have to look structurally at what that organization is, who actually has control over these decisions, and at some of these details that often do not get discussed when we talk about message encryption overall.” From an interview with Signal president Meredith Whittaker in The Verge.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.