August 2, 2021
Our Intimate Enemy | The Cat Herder, Volume 4, Issue 29
| |
| August 2 · Issue #142 · View online |
|
|
Bank Holiday edition. Very Large Fines, finally, and more of the usual, naturally. 😼
|
|
|
It starts like an offer of admission from a prestigious university. “We are pleased to inform you that you have been selected…” it says. But the four-page letter from the Pasco Sheriff’s Office goes on to tell recipients they will be facing enhanced police scrutiny under the agency’s controversial intelligence program. Last year, a Tampa Bay Times investigation revealed that the Sheriff’s Office creates lists of people it considers likely to break the law based on criminal histories, social networks and other unspecified intelligence. The agency sends deputies to their homes repeatedly, often without a search warrant or probable cause for an arrest.
|
Pasco Sheriff’s Office letter targets residents for ‘increased accountability’
Critics of the agency’s intelligence programs called the letter ‘patronizing’ and ‘offensive,’ and raised continued concerns about civil rights
|
|
|
BC Health authorities breach privacy of thousands of unvaccinated BC residents | True North
The IHA targeted unvaccinated individuals and sent letters that displayed recipients’ vaccination status outside the envelope. The personal health information has now been compromised without the recipients’ consent.
|
|
|
CCPA-related enforcement letters sent to companies recently by Rob Bonta, the state’s AG, make clear his position that data tracking for advertising and analytics purposes, including cookie-based tracking, fits within the CCPA’s definition of a data “sale.” Multiple lawyers Digiday spoke to say letters companies have received, ask them to provide details about data sharing specifically in relation to their use of cookies and other tracking technologies for ads and analytics.
|
In some California privacy cases, analytics trackers are in the crosshairs — and violators could be charged by the cookie
It is clear that CCPA enforcement is not just about data breaches. It’s about cookies and tracking technologies — including analytics trackers.
|
|
|
Andreas Mundt, President of the Bundeskartellamt: “Apps on smartphones and tablets are used billions of times to communicate, shop, obtain information, plan a trip or even for gaming. In our inquiry we have found that in many cases there are serious shortcomings with regard to data protection. App users receive insufficient or no information about companies accessing their personal data and do not know who receives their data. There is a lack of intelligible information and clear and simple possibilities of control. This is in clear contradiction to what consumers want. App publishers, app stores and operating system operators need to contribute to more legal compliance and consumer friendliness in the use of mobile apps.”
|
Bundeskartellamt - Insufficient consumer protection in mobile apps: Bundeskartellamt identifies problems and proposes possible solutions
The Bundeskartellamt has today presented the results of its sector inquiry into mobile apps to examine consumer rights.
|
|
|
Amazon casually mentioned the following in its 10-Q SEC filing during the week. [ direct link to PDF, quote is from page 13] |
On July 16, 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued a decision against Amazon Europe Core S.à r.l. claiming that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation. The decision imposes a fine of €746 million and corresponding practice revisions. We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.
|
|
|
|
|
|
|
The EDPB adopted a binding decision using the dispute resolution mechanism in Article 65 GDPR. This relates to WhatsApp sharing data with its parent Facebook, the DPC’s investigation of same and the objections raised by other supervisory authorities to the DPC’s conclusions. The EDPB has found at least some of the objections to be “reasoned and relevant”. The DPC “shall adopt its final decision, addressed to the controller, on the basis of the EDPB decision, without undue delay and at the latest one month after the EDPB has notified its decision. The EDPB will publish its decision on its website without undue delay after the IE SA has notified their national decision to the controller.” |
|
|
The CNIL fined Monsanto €400,000 for profiling individuals. In a statement Wednesday, the Commission nationale de l'informatique et des libertés (CNIL) said the Bayer-owned company had infringed European privacy rules by not informing people that it had recorded their information in a lobbying file. The fine comes after several media outlets revealed that Monsanto held a file containing the personal data of more than 200 politicians, journalists, environmental activists and other figures deemed likely to influence the debate around lifting a ban on the glyphosate herbicide in Europe.
|
|
|
|
|
|
|
|
|
The Spanish DPA fined supermarket chain Mercadona €2,250,000 for using a facial recognition system in 48 of its shops across Spain with no lawful basis. “The AEPD found that none of the legal grounds available under Article 9 of the EU General Data Protection Regulation (which sets forth the legal grounds available for the processing of sensitive data, including biometric data) could be used by Mercadona for the processing of biometric data through its facial recognition system – hence, the AEPD declared the processing unlawful.” |
|
|
-
“This is no ordinary spying. Our mobile phones are our most intimate selves. They have become an extension of our brains and bodies. Illegal surveillance through mobile phones isn’t new in India. Every Kashmiri knows that. Most Indian activists do, too. However, for us to cede to governments and corporations the legal right to invade and take over our phones is to voluntarily submit ourselves to being violated … It’s like having the love of your life – or worse, having your own brain, including its inaccessible recesses – informing on you … We will have to migrate back to a world in which we are not controlled and dominated by our intimate enemy – our mobile phones.” From ‘This is no ordinary spying. Our most intimate selves are now exposed’ by Arundhati Roy for the Guardian.
-
“QR codes — essentially a kind of bar code that allows transactions to be touchless — have emerged as a permanent tech fixture from the coronavirus pandemic. Restaurants have adopted them en masse, retailers including CVS and Foot Locker have added them to checkout registers, and marketers have splashed them all over retail packaging, direct mail, billboards and TV advertisements. As a result, QR codes have allowed some restaurants to build a database of their customers’ order histories and contact information. At retail chains, people may soon be confronted by personalized offers and incentives marketed within QR code payment systems. “People don’t understand that when you use a QR code, it inserts the entire apparatus of online tracking between you and your meal,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. “Suddenly your offline activity of sitting down for a meal has become part of the online advertising empire.” From ‘QR Codes Are Here to Stay. So Is the Tracking They Allow.’ by Erin Woo for the New York Times. (archive.org link, may require captcha.)
-
“The Federal Court of Justice has rejected the Regional Court’s approach and confirmed that the right to access under Article 15 of the GDPR is in principle comprehensive, as it refers to all stored or processed data that can be linked to the person. This means that it includes internal documents and correspondence with or about this person.” Far from what some headlines claimed, this isn’t an extension of the right of access, it’s simply a restatement of what is covered by the right of access, despite what some data controllers might desire. From ‘German court rules on the right to access under the GDPR’ by Kirsten Wolgast for Pinsent Masons.
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Bank Holiday edition. Very Large Fines, finally, and more of the usual, naturally.
😼
Critics of the agency’s intelligence programs called the letter ‘patronizing’ and ‘offensive,’ and raised continued concerns about civil rights
The IHA targeted unvaccinated individuals and sent letters that displayed recipients’ vaccination status outside the envelope. The personal health information has now been compromised without the recipients’ consent.
It is clear that CCPA enforcement is not just about data breaches. It’s about cookies and tracking technologies — including analytics trackers.
—
The Bundeskartellamt has today presented the results of its sector inquiry into mobile apps to examine consumer rights.
Amazon casually mentioned the following in its 10-Q SEC filing during the week. [direct link to PDF, quote is from page 13]
While more details about the reason for the fine and the nature of the “practice revisions” are scarce, La Quadrature du Net is claiming it’s related to complaints it lodged on behalf of individuals way back in May 2018. How much of the fine Amazon ultimately pays remains to be seen. Of more interest will be finding out what the practice revisions are and whether Amazon complies with those.
The Register: Euro watchdog will try to extract $900m from Amazon for breaking data privacy laws
—
The EDPB adopted a binding decision using the dispute resolution mechanism in Article 65 GDPR. This relates to WhatsApp sharing data with its parent Facebook, the DPC’s investigation of same and the objections raised by other supervisory authorities to the DPC’s conclusions. The EDPB has found at least some of the objections to be “reasoned and relevant”. The DPC “shall adopt its final decision, addressed to the controller, on the basis of the EDPB decision, without undue delay and at the latest one month after the EDPB has notified its decision. The EDPB will publish its decision on its website without undue delay after the IE SA has notified their national decision to the controller.”
—
The CNIL fined Monsanto €400,000 for profiling individuals.
Politico: ‘French privacy regulator fines Monsanto for privacy breach’
—
The CNIL also fined La Société du Figaro €50,000 for dropping advertising cookies without obtaining the consent of users. French | English machine translation.
—
The Spanish DPA fined supermarket chain Mercadona €2,250,000 for using a facial recognition system in 48 of its shops across Spain with no lawful basis. “The AEPD found that none of the legal grounds available under Article 9 of the EU General Data Protection Regulation (which sets forth the legal grounds available for the processing of sensitive data, including biometric data) could be used by Mercadona for the processing of biometric data through its facial recognition system – hence, the AEPD declared the processing unlawful.”
-
“This is no ordinary spying. Our mobile phones are our most intimate selves. They have become an extension of our brains and bodies. Illegal surveillance through mobile phones isn’t new in India. Every Kashmiri knows that. Most Indian activists do, too. However, for us to cede to governments and corporations the legal right to invade and take over our phones is to voluntarily submit ourselves to being violated … It’s like having the love of your life – or worse, having your own brain, including its inaccessible recesses – informing on you … We will have to migrate back to a world in which we are not controlled and dominated by our intimate enemy – our mobile phones.” From ‘This is no ordinary spying. Our most intimate selves are now exposed’ by Arundhati Roy for the Guardian.
-
“QR codes — essentially a kind of bar code that allows transactions to be touchless — have emerged as a permanent tech fixture from the coronavirus pandemic. Restaurants have adopted them en masse, retailers including CVS and Foot Locker have added them to checkout registers, and marketers have splashed them all over retail packaging, direct mail, billboards and TV advertisements. As a result, QR codes have allowed some restaurants to build a database of their customers’ order histories and contact information. At retail chains, people may soon be confronted by personalized offers and incentives marketed within QR code payment systems. “People don’t understand that when you use a QR code, it inserts the entire apparatus of online tracking between you and your meal,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. “Suddenly your offline activity of sitting down for a meal has become part of the online advertising empire.” From ‘QR Codes Are Here to Stay. So Is the Tracking They Allow.’ by Erin Woo for the New York Times. (archive.org link, may require captcha.)
-
“The Federal Court of Justice has rejected the Regional Court’s approach and confirmed that the right to access under Article 15 of the GDPR is in principle comprehensive, as it refers to all stored or processed data that can be linked to the person. This means that it includes internal documents and correspondence with or about this person.” Far from what some headlines claimed, this isn’t an extension of the right of access, it’s simply a restatement of what is covered by the right of access, despite what some data controllers might desire. From ‘German court rules on the right to access under the GDPR’ by Kirsten Wolgast for Pinsent Masons.
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
