So Many Awards | The Cat Herder, Volume 2, Issue 47
|
The enforcement notice for the PSC arrives. The National Children’s Hospital will come armed to the teeth with expensive facial recognition cameras which may or may not be used.
😼
If you’re in a spot of bother over flogging people’s data then adding a dash of forgery to the mix isn’t the brightest of ideas.
Party had sought retraction of journalist’s story about alleged sale of voter data
—
This is one hell of a sentence. “Chinese scientists are trying to find a way to use a DNA sample to create an image of a person’s face.”
Beijing’s pursuit of control over a Muslim ethnic group pushes the rules of science and raises questions about consent.
The DPC issued an enforcement notice regarding the Public Services Card on Friday last.
- ‘Enforcement notice on public services card issued by data commissioner’, Irish Examiner
- ‘Regulator issues enforcement notice on public services card project’, Irish Times
It’s three years to the day since Elaine Edwards wrote a piece in The Irish Times headlined ‘Government continues data-sharing projects despite EU ruling’. Daragh O Brien of Castlebridge Associates is quoted as saying
As if, yet again, nothing had changed this year threw up yet another award. After the DPC’s report was delivered the Department of Employment Affairs and Social Protection won an award for MyGovID at the eGovernment awards. The Secretary General’s eagerness to promote this on the department’s website caused consternation. “Publish today unpublish tomorrow?”.
Now we all wait to see what happens next with the Public Services Card. As pointed out in the piece in the Irish Examiner above, if this case wends its way through the courts and ultimately to the CJEU then it could be another three years before any conclusion is reached. Which is almost the lifespan of a Public Services Card and far from an ideal state of affairs when the fundamental rights of millions of data subjects are being infringed upon.
It is almost four months since the DPC’s report into the card was unwillingly published by the department. In that intervening period - and for at least eighteen months beforehand - the department has not made any effort to update the information available to data subjects about the card on the psc.gov.ie website. The response to the question “What company produces these cards and what safeguards are in place to safeguard the use of data by this company?” starts with the following
The company has changed its name and the end of 2017 has long gone. Yet nobody has bothered to update this information.
While the department cannot quickly change the legislation which they are relying on as a lawful basis for processing personal data, they can easily improve the level of transparency around the project by keeping their FAQ up to date. But they haven’t. This is sadly symptomatic of the department’s attitude to data protection.
—
Those in charge of procurement at the National Children’s Hospital appear to be suckers for a good sales presentation. Because nothing else can explain why they decided to acquire quite so much advanced facial recognition gear from Hikvision. The response to inquiries is as evasive or uninformed as ever.
If the hospital is planning on deploying facial recognition then it needs to get a database of faces from somewhere. Perhaps some eager reporter might ask the hospital where they were planning on getting their database from. As well as asking them whether they’ve carried out a Data Protection Impact Assessment. Which they must do before any data processing takes place. It’s always advisable to do the DPIA before money has been spent on shiny top-of-the-range equipment.
Exclusive: The exposed database was left unprotected without a password. None of the data was encrypted.
Dealings with international pharma raise new fears about American ambitions to access NHS.
Amazon is introducing a virtual medical scribe so doctors can spend more time with patients and less time at the computer.
The Data Protection Authority of Baden-Wuerttemberg published a template joint controller contract.
—
Facebook was fined ~$4 million dollars by Hungary’s competition authority for making the misleading claim that its services were free. This is yet another example of how competition and consumer protection laws are beginning to interact with data protection laws.
—
German Data Protection Authorities have proposed that manufacturers of hardware and software who are not themselves data controllers should be obliged to comply with the GDPR in order to strengthen the implementation of data protection by design and default.
—
The Information Commissioner’s Office in the UK launched an SME hub.
- “We don’t have any substantial proof that towns become safer when Ring enters the picture. But when Ring cameras enter a town, it’s easy for cities to equate surveillance with being a good neighbor.” From the final part of Caroline Haskins‘ series on the surveillance network Amazon are building in partnership with police departments across the US.
- “others caution that genetic tests may do more harm than good. They could miss some diseases that heel-stick testing can detect and produce false positives for others, causing anxiety and leading to unnecessary follow-up testing. Sequencing children’s DNA also raises issues of consent and the prospect of genetic discrimination.” Tanya Lewis on genetic screening for newborns: '23 and Baby’
- “The tantalizing principle of China’s offer to unstable governments is to re-assert the power of the state. China’s client governments are likely comforted by its insistence that national security means the stability of the current regime, and cybercrime can be defined as critics saying anything untoward about its members. Is this any different from how Western firms work hand-in-glove with their own governments to export political values alongside their products and services?” Maria Farrell explains how China’s Autocracy As A Service is flourishing.
- We’re watching this two minute video illustration of how difficult it is to opt-out of data collection by Google versus how very, very easy it is to opt-in.
——
Endnotes & Credits
- The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
- As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
- The image used in the header is by Krystian Tambur on Unsplash.
- Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
- Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
Barring a disaster we’ll be in your inbox again next weekend.
If you know someone who might enjoy this newsletter do please forward it on to them.