PRAM! MOW! ZOW! | The Cat Herder, Volume 3, Issue 46
|
The ad lads are at it again, Microsoft wants to score you, Amazon does a callback to an earlier era of robber barons, Tusla remains Tusla.
😼
Techcrunch: ‘Digital marketing firms file UK competition complaint against Google’s Privacy Sandbox’
Back in the good ol’ days of maybe a decade ago advertising and marketing were still concerned with influencing perception and purchasing decisions. Then the Google workshop elves decided to bolt together bits of an online auction system and pieces of a high frequency trading system and lubricate the workings of the whole thing with a gloopy layer of opacity.
Now the online ad lads and other denizens of the bubble-ripe-for-bursting feel entitled - it’s not a wish anymore, it’s a demand - to track everything that everyone does, everywhere, all the time. In order to deliver them more ads and marketing messages. The primary purpose of contemporary digital marketing and advertising appears to be to do more marketing and advertising.
This doesn’t seem ethical or sustainable.
—
Microsoft would like to “harmonize productivity and well being,” “enhance organizational resiliency,” “transform meeting culture,” and “increase customer focus.” By tracking and scoring you.
Esoteric metrics based on analyzing extensive data about employee activities has been mostly the domain of fringe software vendors. Now it's built into MS 365.
— Wolfie Christl (@WolfieChristl) November 24, 2020
A new feature to calculate 'productivity scores' turns Microsoft 365 into an full-fledged workplace surveillance tool: pic.twitter.com/FC3N6KkIR3
The New Republic: ‘Do You Know Your Microsoft Productivity Score?’
Gulp. “The leak came to light after a GitHub user spotted the spreadsheet containing the passwords on the personal GitHub account of an employee of the Albert Einstein Hospital in the city of Sao Paolo” https://t.co/3986HMwUOa
— Fionna O'Leary, 🕯🇪🇺 (@fascinatorfun) November 26, 2020
ZDNet: ‘Personal data of 16 million Brazilian COVID-19 patients exposed online’
Irish Times: ‘Lack of ‘consistency’ in how Tusla operates, says chief executive’
At the risk of going blue in the face from repetition of these dates, the GDPR came into effect in May 2018, over two and a half years ago. The text of the GDPR was finalised and published two years before that. It should not take this long, and receipt of three fines and a raft of other sanctions from the DPC before basic staff training is rolled out.
Despite the wishful thinking from public sector bodies and elected representatives about changing the GDPR or arbitrarily deciding the GDPR mightn’t apply, which have been covered regularly in this newsletter over the last 110 issues, the GDPR is a European Regulation with direct effect. It isn’t going anywhere.
VICE: ‘Secret Amazon Reports Expose the Company’s Surveillance of Labor and Environmental Groups’
If you’re not familiar with Pinkerton they have plenty of previous form in strike-breaking and subversion of unions stretching back into the 19th century. Perhaps most famously on behalf of a man now better known for his libraries, Andrew Carnegie. Achieving a level of notoriety so great that the Sundry Civil Appropriations Act passed by the US Congress in 1893 in order to prevent the government from hiring mercenaries and private investigators was more commonly known as the Anti-Pinkerton Act.
The Norwegian DPA fined Østfold HF Hospital 750,000 kronor (~ €71,000) for a data breach and not having sufficient technical and organisational measures in place to secure access to special categories of personal data.
—
The Spanish DPA fined Telefonica €75,000 for processing personal data without a lawful basis.
—
The Swedish DPA fined the Stockholm Board of Education 4 million kronor (~€394,000) for failing to ensure that the personal data of students and teachers within the schools administration platform was processed securely.
—
A Swedish court rejected Google’s appeal against a decision of the Swedish DPA to fine Google 75 million kronor (~ €7 million).
—
The CNIL imposed fines of €2.25 million on Carrefour France and €800,000 on Carrefour Banque respectively.
—
- “The online advertising industry has become toxic. Internet users are tracked, surveilled, and targeted with ads that may exploit their vulnerabilities. Publishers – forced to play by the rules set by large online platforms – must prioritise content that rewards engagement, not truth or civility — and then hand up to 70% of profits over to advertising middlemen. Advertisers lose billions of dollars to bots fabricating clicks. And society at large reckons with the misinformation and polarisation that results from all this. Only big online platforms and the data brokers lurking in the background benefit.” Panoptykon has a new report titled ‘To Track or Not to Track? Towards Privacy-friendly and Sustainable Online Advertising’ written by Karolina Iwańska
- “This extra cost stems from the additional compliance obligations – such as setting up standard contractual clauses (SCCs) – on companies that want to continue transferring data from the EU to the UK,” they write in the report. “We believe our modelling is a relatively conservative estimate as it is underpinned by moderate assumptions about the firm-level cost and number of companies affected.” From ‘Brexit’s data compliance burden could cost UK firms up to £1.6BN, says think tank’ by Natasha Lomas for Techcrunch.
- “It is notable that the ICO chose to issue Experian an enforcement notice, rather than a monetary penalty notice, as it has recently issued in a number of high profile cases (e.g. to British Airways, Marriott, and Ticketmaster), on the basis that “this is the most effective and proportionate way to achieve compliance in this case, whilst still having a dissuasive and informative impact”. This perhaps reflects a view on the ICO’s part that concerns regarding systemic processing issues are best addressed via enforcement notices, by contrast to security breaches, which it considers to be better addressed by fines. Of course, in Experian’s case, subject to the Notice being upheld on appeal, the cost of complying with the enforcement notice may well significantly outweigh any fine it may otherwise have received, and may fundamentally challenge its operating model.” From ‘Make the invisible visible: Five key takeaways from the Experian enforcement action’ by Katie Hewson and Ben Sigler for Stephenson Harwood.
—
Endnotes & Credits
- The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
- As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
- The image used in the header is by Krystian Tambur on Unsplash.
- Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
- Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.