The Cat Herder

Tiktok backtracks, the Online Safety Bill falters, the DPC is urged to act and the household listenin   July 17 · Issue #189 · View online Tiktok backtracks, the Online Safety Bill falters, the DPC is urged to act and the household listening devices keep on listening and recording. 😼 Ryan Mac 🙃 @RMac18 The two main ads dominating LA right now are the Apple billboards about privacy with people's phones covering their faces and the Meta/Facebook adverts for Ray-Ban sunglasses that can record other people's faces without them knowing. 5:48 PM - 15 Jul 2022 The Government’s bid to address the fallout from convicted murderer Graham Dwyer’s successful challenge to mobile phone metadata retention laws here faces another hurdle with the Data Protection Commission being urged to act immediately over alleged continuing illegal retention of data by service providers. There is also speculation in legal circles that a Bill rushed through the Oireachtas this week as a stopgap following the judgment of the European Court of Justice (CJEU) upholding Dwyer’s challenge could yet be referred by President Michael D Higgins to the Supreme Court for a determination on its constitutionality. The Data Protection Commission has been asked by solicitors for Digital Rights Ireland (DRI) — which in 2014 won a significant CJEU decision ultimately leading to the striking down of Ireland’s 2011 data retention law in the case by Dwyer — to take “immediate” action against telecommunications companies who are continuing to process national scale data on all Irish users over the 2011 law. Data Protection Commission urged to act over alleged illegal retention of data – The Irish Times www.irishtimes.com – Share Government Bill aimed at addressing aftermath of Graham Dwyer case goes to President → archived version After some stern finger-wagging from regulators TikTok has backtracked on switching the lawful basis of it’s personal data processing from consent to legitimate interests. TikTok ‘pauses’ privacy policy switch in Europe after regulatory scrutiny – TechCrunch techcrunch.com – Share Privacy experts had also questioned the appropriateness of TikTok using a legitimate interest ground to run behavioral advertising. — As of today, it’s not clear whether owners would ever know that their Ring camera footage, as one example, was accessed by police and potentially saved for months or years afterward. Do they get told afterwards? It’s not clear who at Amazon would make these good faith determinations, or whether Amazon employees watch the footage or just trust law enforcement to do so. We asked these questions, but Amazon spokesperson Mai Nguyen said they couldn’t answer them, instead writing that “It’s simply untrue that Ring gives anyone unfettered access to customer data or video” — something we didn’t suggest — while repeating the company’s belief that it’s authorized to provide this information if it believes there’s a life-threatening emergency or the threat of serious injury. Today I learned Amazon has a form so police can get my data without permission or a warrant - The Verge www.theverge.com – Share Police have obtained Ring videos 11 times after an “emergency” request — The UK government’s Online Safety Bill finally collapsed under the weight of its own preposterousness. Or alternatively its progress has been temporarily suspended pending the appointment of a new Prime Minister, depending on who you ask. But the truth depends on who sits in No 10 at that time, because the candidates for Conservative party leader have been actively engaged in the same vibes-based analysis as everyone else. Kemi Badenoch, who attacked it as “legislating for hurt feelings”, would be likely to push for a very different version of the bill to Penny Mordaunt, who once launched a collection of “good manners emoji” aimed at encouraging people to be kind online. The delay to the online safety bill won’t make it any easier to please everyone | Alex Hern | The Guardian www.theguardian.com – Share The Conservatives have kicked the sprawling document, which aimed for a political Goldilocks zone and ended up a hot mess, firmly down the road The Hellenic Data Protection Authority fined Clearview AI €20 million, ordered it to delete the personal data it has collected on people in Greece and ordered it to appoint a representative in the EU. — The EDPB and EDPS adopted a joint opinion on the European Commission’s Proposal for the European Health Space. Press release | Full opinion [PDF] — The Spanish DPA fined the operator of a commercial website €1,800 for processing personal data without a legal basis, using cookies without a legal basis and not providing sufficient information to the data subject. “There are a myriad [of] threats posed by eavesmining in terms of privacy, surveillance and discrimination. Individualized recommendations, such as informational privacy education and digital literacy training, will be ineffective in addressing these problems and place too great a responsibility on families to develop the necessary literacies to counter eavesmining in public and private spaces. We need to consider the advancement of a collective framework that combats the unique risks and realities of eavesmining. Perhaps the development of a Fair Listening Practice Principles — an auditory spin on the “Fair Information Practice Principles” — would help evaluate the platforms and processes that impact the sonic lives of children and families.” From “Hey Siri’ Virtual assistants are listening to children and then using the data’ by Stephen J. Neville and Natalie Coulter for The Conversation. "These acts state they do not intend to diminish the protection to personal data offered by the GDPR and in case of discrepancy between GDPR provisions and these acts, the GDPR prevails (see Recital 4 of the Data Governance Act). According to the European Commission, there should not be a discrepancy between the GDPR and these acts since the latter are building on and complementing the GDPR. However, not everybody shares this viewpoint, as evidenced by the opinions issued by the European Data Protection Board and the European Data Supervisor on the proposals for these acts coming out of the European Commission.” From ‘Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?’ by Jetty Tielemans for the IAPP. “Second, the importance of transparency and public consultation was emphasised by all stakeholders, but the practical effect of such emphasis was not always positive. On the one hand, obtaining active and informed public understanding through a structured process – such as a ‘citizens’ jury’ – could provide valuable information on which to base policy. But too often public and private authorities were relying on the public’s partially understood purported consent; an ill-defined assessment of public opinion; or the mere fact of an election victory, as a broad mandate for intrusive collection and use of the public’s biometric data.” From the foreword to ‘The Ryder Review: Independent legal review of the governance of biometric data in England and Wales’ by Matthew Ryder for the Ada Lovelace Institute. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Tiktok backtracks, the Online Safety Bill falters, the DPC is urged to act and the household listening devices keep on listening and recording.

😼

Government Bill aimed at addressing aftermath of Graham Dwyer case goes to President

→ archived version

After some stern finger-wagging from regulators TikTok has backtracked on switching the lawful basis of it’s personal data processing from consent to legitimate interests.

Privacy experts had also questioned the appropriateness of TikTok using a legitimate interest ground to run behavioral advertising.

—

Police have obtained Ring videos 11 times after an “emergency” request

—

The UK government’s Online Safety Bill finally collapsed under the weight of its own preposterousness. Or alternatively its progress has been temporarily suspended pending the appointment of a new Prime Minister, depending on who you ask.

The Conservatives have kicked the sprawling document, which aimed for a political Goldilocks zone and ended up a hot mess, firmly down the road

The Hellenic Data Protection Authority fined Clearview AI €20 million, ordered it to delete the personal data it has collected on people in Greece and ordered it to appoint a representative in the EU.

—

The EDPB and EDPS adopted a joint opinion on the European Commission’s Proposal for the European Health Space. Press release | Full opinion [PDF]

—

The Spanish DPA fined the operator of a commercial website €1,800 for processing personal data without a legal basis, using cookies without a legal basis and not providing sufficient information to the data subject.

• “There are a myriad [of] threats posed by eavesmining in terms of privacy, surveillance and discrimination. Individualized recommendations, such as informational privacy education and digital literacy training, will be ineffective in addressing these problems and place too great a responsibility on families to develop the necessary literacies to counter eavesmining in public and private spaces. We need to consider the advancement of a collective framework that combats the unique risks and realities of eavesmining. Perhaps the development of a Fair Listening Practice Principles — an auditory spin on the “Fair Information Practice Principles” — would help evaluate the platforms and processes that impact the sonic lives of children and families.” From “Hey Siri’ Virtual assistants are listening to children and then using the data’ by Stephen J. Neville and Natalie Coulter for The Conversation.
• "These acts state they do not intend to diminish the protection to personal data offered by the GDPR and in case of discrepancy between GDPR provisions and these acts, the GDPR prevails (see Recital 4 of the Data Governance Act). According to the European Commission, there should not be a discrepancy between the GDPR and these acts since the latter are building on and complementing the GDPR. However, not everybody shares this viewpoint, as evidenced by the opinions issued by the European Data Protection Board and the European Data Supervisor on the proposals for these acts coming out of the European Commission.” From ‘Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?’ by Jetty Tielemans for the IAPP.
• “Second, the importance of transparency and public consultation was emphasised by all stakeholders, but the practical effect of such emphasis was not always positive. On the one hand, obtaining active and informed public understanding through a structured process – such as a ‘citizens’ jury’ – could provide valuable information on which to base policy. But too often public and private authorities were relying on the public’s partially understood purported consent; an ill-defined assessment of public opinion; or the mere fact of an election victory, as a broad mandate for intrusive collection and use of the public’s biometric data.” From the foreword to ‘The Ryder Review: Independent legal review of the governance of biometric data in England and Wales’ by Matthew Ryder for the Ada Lovelace Institute.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.