The Cat Herder

Some entirely normal behaviour from the Irish state as it attempts to bring its data retention regime   July 3 · Issue #187 · View online Some entirely normal behaviour from the Irish state as it attempts to bring its data retention regime into compliance with EU law. In the US a slow dawning realisation that perhaps what Google and the rest of the adtech and data broker ecosytems do shouldn’t be legal, or permitted. 😼 Helen🏳️‍⚧️✊🏻💕 @mimmymum Imagine if the headline was “Every girl who has had an abortion on NHS in past decade will have medical records scrutinised to see how many regret the procedure”…!!?? 😣 This is an absolute VIOLATION of medical data privacy taken without CONSENT!! 😣 ➡️ https://t.co/PHtckGv9cB https://t.co/xMGYW6vN2H 5:45 PM - 30 Jun 2022 This week saw a pincer manouevre of sorts by the Irish state on the issue of data retention. One arm of the pincer was the chaotic attempt to force the Communications (Retention of Data) (Amendment) Bill 2022 through the Oireachtas without any oversight whatsoever. Minister for Justice Helen McEntee had asked the committee to waive this stage in the legislative process as part of efforts to have the Bill passed by the Oireachtas before the impending summer recess. The committee refused, with chairman James Lawless later saying “for us to merely rubber-stamp something as complex as this would be a dereliction of duty”. A pre-legislative scrutiny meeting was held on Thursday morning and the committee’s expedited report was finalised later in the evening. Concern at ‘rushed’ nature of proposed law to deal with fallout from Dwyer appeal on data – The Irish Times www.irishtimes.com – Share Representative of Data Protection Commission told Oireacthas committee his office was given General Scheme of Bill eight days ago and raised a number of concerns The department’s wishes to avoid pre-legislative scrutiny having been thwarted by the committee, at the meeting we were treated to an official from the department admitting that the prior consultation with the DPC required by Article 36 GDPR was not adequate, that the department had not carried out a data protection impact assessment as required by Article 35 GDPR, and concluding with the opinion that, well, the Bill was not going to serve its one and only purpose. Simon McGarr @Tupp_Ed Department accepts that their proposed emergency data retention Bill is not 'everything that needs to be done in the area' of complying with CJEU caselaw. That rather seems to acknowledge that the data retention regime will continue to be non-compliant, which is astonishing. 11:50 AM - 30 Jun 2022 This Justice Committee meeting which was held for the one and only purpose of performing pre-legislative scrutiny of the Bill was rather hampered by the fact the department had not deigned to publish the Bill in advance. At about two minutes to 11am Deputy Thomas Pringle told the committee his staff had just been informed that amendments to the as-yet unpublished Bill had to be submitted before 11am. Which prompted a suspension of the meeting as various people headed off in various directions in a search for clarity. It was hard at this point to think the Department of Justice was taking the entire process as seriously as it should be. Karlin Lillington 🦇 @klillington Really, if for no other reason than retaining *some* shred of national dignity, Ireland does NOT want to end up back in front of the CJEU for a third time, to be slapped down yet again for poorly conceived and implemented data retention legislation 10:09 PM - 30 Jun 2022 The second arm of the pincer dropped a couple of days later when the designated judge with responsibility for supervising Ireland’s non-compliant data retention regime (the one which is supposed to be brought into compliance by the passing of the Communications (Retention of Data) (Amendment) Bill 2022) decided to use his annual report to put forward an argument for more surveillance. TJ McIntyre has a thread on Twitter with more on this. TJ McIntyre @tjmcintyre The full report is here - https://t.co/PhN4ITJiGu - and, yet again, it is a joke. Quick thread. 1/ https://t.co/auhv5QuABn 11:50 AM - 2 Jul 2022 Coinbase Tracer allows clients, in both government and the private sector, to trace transactions through the blockchain, a distributed ledger of transactions integral to cryptocurrency use. While blockchain ledgers are typically public, the enormous volume of data stored therein can make following the money from spender to recipient beyond difficult, if not impossible, without the aid of software tools. Coinbase markets Tracer for use in both corporate compliance and law enforcement investigations, touting its ability to “investigate illicit activities including money laundering and terrorist financing” and “connect [cryptocurrency] addresses to real world entities.” Cryptocurrency Titan Coinbase Providing “Geo Tracking Data” to ICE theintercept.com – Share ICE is now able to track transactions made through nearly a dozen different digital currencies, including Bitcoin, Ether, and Tether. The CNIL had its €35 million fine imposed on Amazon in 2020 confirmed by the Council of State, and in doing so the Council of State also “confirmed the competence of the CNIL to impose sanctions on cookies outside the one-stop shop mechanism provided for by the RGPD [GDPR]” “Sexual and reproductive health and abortion pills makes it feel like [tracking] should be more private. But, legally, it’s no different than your potato chip preference or what shoes you like to buy,” said India McKinney, director of federal affairs for the Electronic Frontier Foundation. “There is nothing that they are doing that is illegal. That is the problem.” From ‘Online Abortion Pill Provider Hey Jane Used Tracking Tools That Sent Visitor Data to Meta, Google, and Others’ by Jon Keegan and Dara Kerr for The Markup. “The sheer volume of Google’s surveillance also makes it likely the most attractive police target. Across all topics, it received more than 40,000 subpoenas and search warrants in the United States in the first half of 2021 alone. That means whatever Google does next, it can’t remain neutral — and will set the tone for how the entire industry balances our rights with the business imperative to grab more data. Google didn’t make an executive available for an interview. “We’ve long focused on minimizing the data we use to make our products helpful and on building tools that allow people to control and delete data across our platforms,” emailed spokesman Matt Bryant.” From ‘Google should protect our privacy and rights by deleting intimate data’ by Geoffrey Fowler for the Washington Post (paywalled) | → text-only version “The pandemic created all these new justifications for using facial recognition technology,” says Mark Andrejevic, a professor of media studies at Monash University in Melbourne and the author of a forthcoming book titled Facial Recognition. “Everything went online and organisations were trying to make things work very quickly. But the implications haven’t been thought through. Do we want to live in a world where everything is rendered and there are no private spaces? It creates a whole new level of stress that does not lead to a healthy society.” From ‘The nation where your 'faceprint’ is already being tracked’ by Jessica Mudditt for the BBC. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Some entirely normal behaviour from the Irish state as it attempts to bring its data retention regime into compliance with EU law. In the US a slow dawning realisation that perhaps what Google and the rest of the adtech and data broker ecosytems do shouldn’t be legal, or permitted.

😼

This week saw a pincer manouevre of sorts by the Irish state on the issue of data retention. One arm of the pincer was the chaotic attempt to force the Communications (Retention of Data) (Amendment) Bill 2022 through the Oireachtas without any oversight whatsoever.

Representative of Data Protection Commission told Oireacthas committee his office was given General Scheme of Bill eight days ago and raised a number of concerns

The department’s wishes to avoid pre-legislative scrutiny having been thwarted by the committee, at the meeting we were treated to an official from the department admitting that the prior consultation with the DPC required by Article 36 GDPR was not adequate, that the department had not carried out a data protection impact assessment as required by Article 35 GDPR, and concluding with the opinion that, well, the Bill was not going to serve its one and only purpose.

This Justice Committee meeting which was held for the one and only purpose of performing pre-legislative scrutiny of the Bill was rather hampered by the fact the department had not deigned to publish the Bill in advance.

At about two minutes to 11am Deputy Thomas Pringle told the committee his staff had just been informed that amendments to the as-yet unpublished Bill had to be submitted before 11am. Which prompted a suspension of the meeting as various people headed off in various directions in a search for clarity.

It was hard at this point to think the Department of Justice was taking the entire process as seriously as it should be.

The second arm of the pincer dropped a couple of days later when the designated judge with responsibility for supervising Ireland’s non-compliant data retention regime (the one which is supposed to be brought into compliance by the passing of the Communications (Retention of Data) (Amendment) Bill 2022) decided to use his annual report to put forward an argument for more surveillance.

TJ McIntyre has a thread on Twitter with more on this.

ICE is now able to track transactions made through nearly a dozen different digital currencies, including Bitcoin, Ether, and Tether.

The CNIL had its €35 million fine imposed on Amazon in 2020 confirmed by the Council of State, and in doing so the Council of State also “confirmed the competence of the CNIL to impose sanctions on cookies outside the one-stop shop mechanism provided for by the RGPD [GDPR]”

• “Sexual and reproductive health and abortion pills makes it feel like [tracking] should be more private. But, legally, it’s no different than your potato chip preference or what shoes you like to buy,” said India McKinney, director of federal affairs for the Electronic Frontier Foundation. “There is nothing that they are doing that is illegal. That is the problem.” From ‘Online Abortion Pill Provider Hey Jane Used Tracking Tools That Sent Visitor Data to Meta, Google, and Others’ by Jon Keegan and Dara Kerr for The Markup.
• “The sheer volume of Google’s surveillance also makes it likely the most attractive police target. Across all topics, it received more than 40,000 subpoenas and search warrants in the United States in the first half of 2021 alone. That means whatever Google does next, it can’t remain neutral — and will set the tone for how the entire industry balances our rights with the business imperative to grab more data. Google didn’t make an executive available for an interview. “We’ve long focused on minimizing the data we use to make our products helpful and on building tools that allow people to control and delete data across our platforms,” emailed spokesman Matt Bryant.” From ‘Google should protect our privacy and rights by deleting intimate data’ by Geoffrey Fowler for the Washington Post (paywalled) | → text-only version
• “The pandemic created all these new justifications for using facial recognition technology,” says Mark Andrejevic, a professor of media studies at Monash University in Melbourne and the author of a forthcoming book titled Facial Recognition. “Everything went online and organisations were trying to make things work very quickly. But the implications haven’t been thought through. Do we want to live in a world where everything is rendered and there are no private spaces? It creates a whole new level of stress that does not lead to a healthy society.” From ‘The nation where your 'faceprint’ is already being tracked’ by Jessica Mudditt for the BBC.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.