The Cat Herder

Nervously, yet with a sense that her whole life had been building towards this moment, the chairperso   April 7 · Issue #28 · View online Nervously, yet with a sense that her whole life had been building towards this moment, the chairperson of the Communications Committee slowly approached the makeshift throne which had been installed in the Merrion Hotel for the duration of the all-powerful’s visit. She clutched the offering of children’s retinal scans and PPS numbers close. The best advice available to her had recommended this offering as being the most likely to - temporarily at least - sate his appetite for personal information. 😼 You go away for a week and come back to discover that public representatives have been busy lowering the bar. Unprompted. In what could best be described as an extravagantly dimwitted solution to a problem that doesn’t really exist, Deputy Hildegarde Naughton suggested that in order to prevent those aged under 13 gaining illicit access to Facebook all Irish people should be required to provide the grand Zuckhole with their passport or PPS number or perhaps even a retinal scan. First off, teenagers have no interest in Facebook. Secondly, and far more importantly, the deputy in question has been chairperson of the Oireachtas Communications committee for a considerable amount of time and is also a member of the International Grand Committee on Disinformation and ‘Fake News’. In the year since the Cambridge Analytica story broke it is not unreasonable to expect public representatives with a particular focus on this area to have grasped the basics of the problem with Facebook and the platform economy more generally. Unfettered collection of personal data and unsupervised sharing of that personal data among multitudes of third parties. To suddenly suggest that a solution to this problem is to hand over yet more personal data to companies which have, over and over, proven themselves to be entirely untrustworthy as guardians of that personal data is stupid. To compound that by hinting at mandatory capture and storage of biometric data by Facebook is somewhere far, far away in a galaxy beyond stupidity. Once more, with feeling: in the event of this data leaking, passwords can be changed. PPS numbers can be changed. Passport numbers can be changed. Retinas cannot be changed, or at least not in a way that isn’t highly uncomfortable for those involved. Carl Kinsella @TVsCarlKinsella FACEBOOK: We are here to discuss our last few data protection scandals and fuck ups- IRISH POLITICIANS: Take the passports and PPS numbers of our children, please. 11:05 AM - 2 Apr 2019 The Irish Council for Civil Liberties issued a statement on Deputy Naughton’s brainwave. Like us, they weren’t impressed. A dangerous proposition: ICCL on Naughton suggestion that facebook should require passport or PPS numbers - Irish Council for Civil Liberties www.iccl.ie – Share Yes it did, before we even finished the first draft of this issue. When throwing around ideas earlier in the week about what to put into this section we decided to include Sidney Fussell’s piece for The Atlantic, ‘Airbnb Has A Hidden-Camera Problem’. Guess what? It did happen here. Airbnb apologises to family who were live streamed by hidden camera in Cork property www.irishexaminer.com – Share Headline Airbnb apologises to family who were live streamed by hidden camera in Cork property We also considered including a story about the use of facial recognition in Chinese classrooms in this section. Jason is a 16-year-old student at Niulanshan First Secondary School in Beijing. He wears a pair of black-framed glasses and likes to read DC comics so much that he chose to use the name of one of his favorite characters for the sake of anonymity. If he hadn’t seen that image online, he wouldn’t have questioned the presence of the tiny white surveillance camera installed above his classroom’s blackboard. After all, Niulanshan never informed him — or any of its 3,300 other students — that facial recognition cameras were capturing their every move in class. In fact, it’s unlikely that the combined 28,000 students in the six other schools testing the same system know they are part of China’s grand artificial intelligence (AI) experiment. Guess what? While not exactly the same, but also dovetailing neatly with Deputy Naughton’s desire to scan the retinas of children, it turns out an Irish startup is “analysing data from schoolchildren for our cybersecurity programme” and has “recently launched a pilot study with St Andrew’s College in Booterstown, Co Dublin.” iKey reveals biometric vision for safety and health on smartphones www.siliconrepublic.com – Share iKey has developed a biometric technology that can verify a child’s age but also spot potential eye disease. The school does not appear to have responded to some reasonable queries about this pilot project yet. Rossa McMahon @rossamcmahon @standrewsdublin @ElaineEdwards @psneeze It was reported that the school was engaged in a pilot project of iKey technology. - Was a data protection impact assessment done by iKey or the school? - What was the legal basis for processing biometric personal data of minors? 12:51 PM - 2 Apr 2019 Public sector privacy pratfalls Speaking of Data Protection Impact Assessments, would anyone like to guess whether the relevant public bodies involved in this project have carried one out? Use of drones part of plan to combat illegal dumping www.rte.ie – Share Government funding is being made available for the purchase and operation of drones to survey and identify people who are dumping illegally. For the umpteenth time, don’t give your DNA to a private company unless you have a very, very good reason to. FamilyTreeDNA Deputizes Itself, Starts Pitching DNA Matching Services To Law Enforcement | Techdirt www.techdirt.com – Share In what will turn out to be very bad news for businesses based on scraping personal data from the internet and any organisations operating at one or more removes from the individuals whose personal data they are processing, the Polish DPA fined a digital marketing company and also required them to meet their Article 14 obligations to inform data subjects. But the decision also requires it contact the close to six million people it did not already reach out to in order to fulfil its Article 14 information notification obligation, with the DPA giving the company three months to comply. Bisnode previously estimated it would cost around €8M (~$9M) in registered postal costs to send so many letters, never mind the burden of handling any related admin. So, as ever, the strength of data protection enforcement under GDPR is a lot more than the deterrent of top-line fines. It’s accompanying orders that can really rearrange business practices. Covert data-scraping on watch as EU DPA lays down ‘radical’ GDPR red-line – TechCrunch techcrunch.com – Share — Johnny Ryan continued his brave battle against the Mos Eisley that is adtech, lodging complaints with the Data Protection Commission against IAB Europe’s consent guidance to its members and the cookie wall on its website — The Danish Data Protection Authority recommended a taxi company be fined for retaining people’s phone numbers for no good reason. — From recent adventures in Subject Access Requests, a note to newspapers attempting to rely on the journalistic exemption to process personal data for marketing purposes: not the cleverest of ideas. ‘Hacker Eva Galperin Has A Plan To Eradicate Stalkerware’ by Andy Greenberg for Wired. ‘Facebook is partnering with a big UK newspaper to publish sponsored articles downplaying 'technofears’ and praising the company’ by Rob Price for Business Insider. In the New York Times Chris Buckley, Paul Mozur and Austin Ramzy show us what it’s like to live as a minority in Xinjiang, the ultimate manifestation of China’s authoritarian surveillance state. The Tactical Technology Collective ask “What happens when the techniques of the marketing industry become the tools that influence our democracy?” in their Personal Data: Political Persuasion project, a year long investigation into the personal data-driven tools and techniques used to influence voters around the world. —- Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. This newsletter won’t appear next weekend. See you in April. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Nervously, yet with a sense that her whole life had been building towards this moment, the chairperson of the Communications Committee slowly approached the makeshift throne which had been installed in the Merrion Hotel for the duration of the all-powerful’s visit. She clutched the offering of children’s retinal scans and PPS numbers close. The best advice available to her had recommended this offering as being the most likely to - temporarily at least - sate his appetite for personal information.

😼

You go away for a week and come back to discover that public representatives have been busy lowering the bar. Unprompted. In what could best be described as an extravagantly dimwitted solution to a problem that doesn’t really exist, Deputy Hildegarde Naughton suggested that in order to prevent those aged under 13 gaining illicit access to Facebook all Irish people should be required to provide the grand Zuckhole with their passport or PPS number or perhaps even a retinal scan.

First off, teenagers have no interest in Facebook. Secondly, and far more importantly, the deputy in question has been chairperson of the Oireachtas Communications committee for a considerable amount of time and is also a member of the International Grand Committee on Disinformation and ‘Fake News’. In the year since the Cambridge Analytica story broke it is not unreasonable to expect public representatives with a particular focus on this area to have grasped the basics of the problem with Facebook and the platform economy more generally. Unfettered collection of personal data and unsupervised sharing of that personal data among multitudes of third parties.

To suddenly suggest that a solution to this problem is to hand over yet more personal data to companies which have, over and over, proven themselves to be entirely untrustworthy as guardians of that personal data is stupid.

To compound that by hinting at mandatory capture and storage of biometric data by Facebook is somewhere far, far away in a galaxy beyond stupidity.

Once more, with feeling: in the event of this data leaking, passwords can be changed. PPS numbers can be changed. Passport numbers can be changed. Retinas cannot be changed, or at least not in a way that isn’t highly uncomfortable for those involved.

The Irish Council for Civil Liberties issued a statement on Deputy Naughton’s brainwave. Like us, they weren’t impressed.

When throwing around ideas earlier in the week about what to put into this section we decided to include Sidney Fussell’s piece for The Atlantic, ‘Airbnb Has A Hidden-Camera Problem’. Guess what? It did happen here.

Headline Airbnb apologises to family who were live streamed by hidden camera in Cork property

We also considered including a story about the use of facial recognition in Chinese classrooms in this section.

Guess what? While not exactly the same, but also dovetailing neatly with Deputy Naughton’s desire to scan the retinas of children, it turns out an Irish startup is “analysing data from schoolchildren for our cybersecurity programme” and has “recently launched a pilot study with St Andrew’s College in Booterstown, Co Dublin.”

iKey has developed a biometric technology that can verify a child’s age but also spot potential eye disease.

The school does not appear to have responded to some reasonable queries about this pilot project yet.

Speaking of Data Protection Impact Assessments, would anyone like to guess whether the relevant public bodies involved in this project have carried one out?

Government funding is being made available for the purchase and operation of drones to survey and identify people who are dumping illegally.

For the umpteenth time, don’t give your DNA to a private company unless you have a very, very good reason to.

In what will turn out to be very bad news for businesses based on scraping personal data from the internet and any organisations operating at one or more removes from the individuals whose personal data they are processing, the Polish DPA fined a digital marketing company and also required them to meet their Article 14 obligations to inform data subjects.

—

Johnny Ryan continued his brave battle against the Mos Eisley that is adtech, lodging complaints with the Data Protection Commission against IAB Europe’s consent guidance to its members and the cookie wall on its website

—

The Danish Data Protection Authority recommended a taxi company be fined for retaining people’s phone numbers for no good reason.

—

From recent adventures in Subject Access Requests, a note to newspapers attempting to rely on the journalistic exemption to process personal data for marketing purposes: not the cleverest of ideas.

• ‘Hacker Eva Galperin Has A Plan To Eradicate Stalkerware’ by Andy Greenberg for Wired.
• ‘Facebook is partnering with a big UK newspaper to publish sponsored articles downplaying 'technofears’ and praising the company’ by Rob Price for Business Insider.
• In the New York Times Chris Buckley, Paul Mozur and Austin Ramzy show us what it’s like to live as a minority in Xinjiang, the ultimate manifestation of China’s authoritarian surveillance state.
• The Tactical Technology Collective ask “What happens when the techniques of the marketing industry become the tools that influence our democracy?” in their Personal Data: Political Persuasion project, a year long investigation into the personal data-driven tools and techniques used to influence voters around the world.

—-

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

This newsletter won’t appear next weekend. See you in April.

If you know someone who might enjoy this newsletter do please forward it on to them.