Smile At The Incomplete Data Protection Notice | The Cat Herder, Volume 5, Issue 15

A peculiar interpretation of a CJEU judgment, the tracking and surveillance continues to scale up, so   April 24 · Issue #177 · View online A peculiar interpretation of a CJEU judgment, the tracking and surveillance continues to scale up, some cookie changes come to Google. 😼 Miss IG Geek (she/her) 🏳️‍🌈 @MissIG_Geek Privacy notice FAIL - where’s the contact info for more details and exercising data subject rights?! @LBofBromley did you run this past your DPO before signing off? https://t.co/W6WFFumuDJ 11:28 AM - 24 Apr 2022 Those doors just keep on revolving. Palantir (PLTR) Hires AI Chief From U.K.’s NHS As It Bids to Expand - Bloomberg www.bloomberg.com – Share Palantir Technologies Inc., the U.S. data analytics company, has hired the former head of artificial intelligence at the digital wing of Britain’s National Health Service as it looks to sign a lucrative new contract with the U.K. government. According to audiovisual recordings of an A6 presentation reviewed by The Intercept and Tech Inquiry, the firm claims that it can track roughly 3 billion devices in real time, equivalent to a fifth of the world’s population. The staggering surveillance capacity was cited during a pitch to provide A6’s phone-tracking capabilities to Zignal Labs, a social media monitoring firm that leverages its access to Twitter’s rarely granted “firehose” data stream to sift through hundreds of millions of tweets per day without restriction. With their powers combined, A6 proposed, Zignal’s corporate and governmental clients could not only surveil global social media activity, but also determine who exactly sent certain tweets, where they sent them from, who they were with, where they’d been previously, and where they went next. This enormously augmented capability would be an obvious boon to both regimes keeping tabs on their global adversaries and companies keeping tabs on their employees. American Phone-Tracking Firm Demo’d Surveillance Powers by Spying on CIA and NSA theintercept.com – Share Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button. The mood music in relation to the Graham Dwyer judgment changed rather dramatically in a piece in The Irish Times during the week. Where the initial reaction from law enforcement proxy spokespeople had been dismay at the emininently foreseeable conclusions of the judgment, this piece spoke of the gardaí gaining “strong and wide-ranging options to indiscriminately capture data for use as evidence in cases or as an investigative tool” due to “new investigation methods being introduced in the wake of a European Court ruling in favour of convicted murderer Graham Dwyer.” On reading further it turned out these new methods did not exist yet but would “become clear only when legislation providing for it was enacted.” It’s the whole indiscriminate thing the court has a problem with, lads. So it might be best for you not to go telling a newspaper you’re going to continue to “indiscriminately capture data”. Google is adding a ‘Reject All’ button to its cookie banners in Europe. In the blog post announcing this Google forgot to mention the €150 million fine imposed on it by the CNIL earlier this year. Funny that. — The European Parliament announced an investigation into the use of Pegasus and other spyware. “In 2019 it was revealed that the Dutch tax authorities had used a self-learning algorithm to create risk profiles in an effort to spot child care benefits fraud. Authorities penalized families over a mere suspicion of fraud based on the system’s risk indicators. Tens of thousands of families — often with lower incomes or belonging to ethnic minorities — were pushed into poverty because of exorbitant debts to the tax agency. Some victims committed suicide. More than a thousand children were taken into foster care. The Dutch tax authorities now face a new €3.7 million fine from the country’s privacy regulator. In a statement released April 12, the agency outlined several violations of the EU’s data protection rulebook, the General Data Protection Regulation, including not having a legal basis to process people’s data and hanging on to the information for too long.” From ‘Dutch scandal serves as a warning for Europe over risks of using algorithms’ by Melissa Heikkilä for Politico. “We now have a decision from the DPC that tells us that data quality errors will amount to a personal data breach if they result in an impact on the integrity of data as a result of personal data being altered. The alteration can include the linking of data erroneously or the creation of incorrect inferences within data. But it can also, very simply, relate to the integrity of data as it moves through an organisation’s processes. The DPC has also determined that the disclosure of data that is inaccurate or which is outside the scope of a statutory basis that might apply to processing means that it is disclosed without authorisation.” From ‘Data Quality, Data Breach, and the DPC’ by Daragh O Brien of Castlebridge. “Documents obtained for the report show that Google directly lobbied the Commission in a series of high level meetings with top commissioners between November and early January in which the adtech giant raised concerns about the European Parliament’s proposals on advertising — suggesting limits on trackings would be detrimental to SMEs and harm news publishers. “This marked a continuation of Google and Facebook’s strategy throughout the whole discussion on new digital regulations — trying to reframe it away from Big Tech’s immense profits and business model and to instead hype up potential negative impacts for smaller businesses and consumers,” the report notes. “As Google’s leaked lobbying strategy showed, one of its priorities was to focus the discussion on the costs to the economy and consumers.”” From ‘Report reveals Big Tech’s last minute lobbying to weaken EU rules’ by Natasha Lomas for Techcrunch. If you’re in Ireland you may have noticed the slightly odd radio ads from Google about how beneficial Google is to everybody and everything which have been running for the last few weeks. Entirely coincidental no doubt. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

A peculiar interpretation of a CJEU judgment, the tracking and surveillance continues to scale up, some cookie changes come to Google.

😼

Those doors just keep on revolving.

Palantir Technologies Inc., the U.S. data analytics company, has hired the former head of artificial intelligence at the digital wing of Britain’s National Health Service as it looks to sign a lucrative new contract with the U.K. government.

Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button.

The mood music in relation to the Graham Dwyer judgment changed rather dramatically in a piece in The Irish Times during the week. Where the initial reaction from law enforcement proxy spokespeople had been dismay at the emininently foreseeable conclusions of the judgment, this piece spoke of the gardaí gaining “strong and wide-ranging options to indiscriminately capture data for use as evidence in cases or as an investigative tool” due to “new investigation methods being introduced in the wake of a European Court ruling in favour of convicted murderer Graham Dwyer.”

On reading further it turned out these new methods did not exist yet but would “become clear only when legislation providing for it was enacted.”

It’s the whole indiscriminate thing the court has a problem with, lads. So it might be best for you not to go telling a newspaper you’re going to continue to “indiscriminately capture data”.

Google is adding a ‘Reject All’ button to its cookie banners in Europe. In the blog post announcing this Google forgot to mention the €150 million fine imposed on it by the CNIL earlier this year. Funny that.

—

The European Parliament announced an investigation into the use of Pegasus and other spyware.

• “In 2019 it was revealed that the Dutch tax authorities had used a self-learning algorithm to create risk profiles in an effort to spot child care benefits fraud. Authorities penalized families over a mere suspicion of fraud based on the system’s risk indicators. Tens of thousands of families — often with lower incomes or belonging to ethnic minorities — were pushed into poverty because of exorbitant debts to the tax agency. Some victims committed suicide. More than a thousand children were taken into foster care. The Dutch tax authorities now face a new €3.7 million fine from the country’s privacy regulator. In a statement released April 12, the agency outlined several violations of the EU’s data protection rulebook, the General Data Protection Regulation, including not having a legal basis to process people’s data and hanging on to the information for too long.” From ‘Dutch scandal serves as a warning for Europe over risks of using algorithms’ by Melissa Heikkilä for Politico.
• “We now have a decision from the DPC that tells us that data quality errors will amount to a personal data breach if they result in an impact on the integrity of data as a result of personal data being altered. The alteration can include the linking of data erroneously or the creation of incorrect inferences within data. But it can also, very simply, relate to the integrity of data as it moves through an organisation’s processes. The DPC has also determined that the disclosure of data that is inaccurate or which is outside the scope of a statutory basis that might apply to processing means that it is disclosed without authorisation.” From ‘Data Quality, Data Breach, and the DPC’ by Daragh O Brien of Castlebridge.
• “Documents obtained for the report show that Google directly lobbied the Commission in a series of high level meetings with top commissioners between November and early January in which the adtech giant raised concerns about the European Parliament’s proposals on advertising — suggesting limits on trackings would be detrimental to SMEs and harm news publishers. “This marked a continuation of Google and Facebook’s strategy throughout the whole discussion on new digital regulations — trying to reframe it away from Big Tech’s immense profits and business model and to instead hype up potential negative impacts for smaller businesses and consumers,” the report notes. “As Google’s leaked lobbying strategy showed, one of its priorities was to focus the discussion on the costs to the economy and consumers.”” From ‘Report reveals Big Tech’s last minute lobbying to weaken EU rules’ by Natasha Lomas for Techcrunch. If you’re in Ireland you may have noticed the slightly odd radio ads from Google about how beneficial Google is to everybody and everything which have been running for the last few weeks. Entirely coincidental no doubt.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.