The Cat Herder

"Ah sure don't mind us, we just went a bit mad for a while there" says state agency. What an evergree   July 28 · Issue #44 · View online “Ah sure don’t mind us, we just went a bit mad for a while there” says state agency. What an evergreen sentence that is. 😼 This week it was the visitor books in tourist attractions around Ireland. First they were gone, then they were rather sheepishly returned. Tuesday: ‘Signing off: Visitor books banned from major tourist sites amid GDPR fears’, Irish Times Thursday: ‘Visitor books to be returned to heritage sites after privacy fears clarified’, Irish Times Daragh O Brien of Castlebridge did more unpicking of this story than it probably deserved. Make sure to read the postscript because sensational coverage of humorous data protection stories is being favoured over serious coverage of stories in which the rights of very large numbers of individuals are being infringed, with the potential for severe harm to be caused. At the intersection of state surveillance and surveillance capitalism it turns out an incentivised police force can be a motivated sales force. “Amazon’s home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows. The agreement also requires police to “keep the terms of this program confidential.”” Amazon Requires Police to Shill Surveillance Cameras in Secret Agreement - VICE www.vice.com – Share The Lakeland, Florida police department is required to “encourage adoption” of Ring products as part of a secret agreement with the company. Buzzfeed reports that in the UK The Department for Education is holding named records detailing the sexual orientation and religious beliefs of more than 3 million students and graduates, thousands of whom were not told that their sensitive data had been shared. Thousands Of Students Weren't Told The Government Would Keep A Database Of Their Names And Sexual Orientation www.buzzfeed.com – Share Exclusive: Freedom of Information data obtained by BuzzFeed has revealed the enormous amount of highly sensitive personal information held by government bodies, often without the knowledge of the students involved. — In further public sector data shenanigans in the UK, it appears the National Crime Agency has been - potentially illegally - copying EU alerts from the Schengen Information System into UK policing databases, “increasing the risk of further data breaches”. As part of this process private “contractors like IBM hired by the UK government were also given access” More: ‘Brexit: key strands of British policing 'in jeopardy’ because of no-deal risk’, The Guardian The CNIL fined an insurance broker €180,000 for exposing the personal data of customers on its website. The number of individuals potentially impacted by multiple security failings (hackable URLs, password / username combinations sent in unencrypted emails) exceeded 140,000. Source (in French) | English translation (Google Translate link) — The Federal Trade Commission fined Facebook $5 billion for “violating consumers’ privacy”. Facebook responded to the the imposition of what the FTC grandly calls “new restrictions and a modified corporate structure” by appointing a marketing executive as its Chief Privacy Officer and, as Sarah Frier and Kurt Wagner put it in Bloomberg, “agreeing to ‘changes’ its already made”. The Facebook share price responded by rising. ashkan soltani @ashk4n 4) If this were a game of chess, Facebook just checkmated FTC, flipped the board so it couldn't be played again, and covered the whole thing up with a blanket.... #FacebookVFTC 4:04 PM - 24 Jul 2019 Somewhat overwhelmed by the reporting of the fine was the news that The FTC has opened an antitrust investigation of Facebook Facebook was fined $100 million by the Securities and Exchange Commission for making “misleading disclosures” relating to Cambridge Analytica Facebook data was sold to Cambridge Analytica, something Facebook has long denied A ‘Facebook design flaw let thousands of kids join chats with unauthorized users’ The European Commission published a report “looking at the impact of the EU data protection rules, and how implementation can be improved further”. ‘General Data Protection Regulation shows results, but work needs to continue’ ‘It’s gotten to the point where the tech giants know more about you than the government does. Take it from Yael Eisenstat, who served as a CIA officer, a diplomat in East Africa, and an adviser to Vice President Biden before joining Facebook in 2018 to tackle its election meddling problem. “I get to make this joke—not everyone does, having been in both places—but Facebook knows you better than the CIA ever will,” she says. “Facebook knows more about you than you know about yourself.”’ From Matt Simon in Wired. Charlie Warzel in The New York Times lays out how it’s impossible for the US government’s regulatory authorities to adequately deal with the current crop of social surveillance companies. “here in 2019 on Earth-One, this month’s fines aren’t shows of strength but telling admissions of weakness. When it comes to funding, influence and size, the government is simply outmatched by the internet’s largest data guzzlers.” The European Data Protection Supervisor recently published ‘Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies’. Although specifically prepared for the EU institutions it’s well worth a read by anyone involved with data protection functions in an organisation of any nature (or size). —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

“Ah sure don’t mind us, we just went a bit mad for a while there” says state agency. What an evergreen sentence that is.

😼

This week it was the visitor books in tourist attractions around Ireland. First they were gone, then they were rather sheepishly returned.

Tuesday: ‘Signing off: Visitor books banned from major tourist sites amid GDPR fears’, Irish Times

Thursday: ‘Visitor books to be returned to heritage sites after privacy fears clarified’, Irish Times

Daragh O Brien of Castlebridge did more unpicking of this story than it probably deserved. Make sure to read the postscript because sensational coverage of humorous data protection stories is being favoured over serious coverage of stories in which the rights of very large numbers of individuals are being infringed, with the potential for severe harm to be caused.

At the intersection of state surveillance and surveillance capitalism it turns out an incentivised police force can be a motivated sales force.

The Lakeland, Florida police department is required to “encourage adoption” of Ring products as part of a secret agreement with the company.

Buzzfeed reports that in the UK

Exclusive: Freedom of Information data obtained by BuzzFeed has revealed the enormous amount of highly sensitive personal information held by government bodies, often without the knowledge of the students involved.

—

In further public sector data shenanigans in the UK, it appears the National Crime Agency has been - potentially illegally - copying EU alerts from the Schengen Information System into UK policing databases, “increasing the risk of further data breaches”. As part of this process private “contractors like IBM hired by the UK government were also given access”

More: ‘Brexit: key strands of British policing 'in jeopardy’ because of no-deal risk’, The Guardian

The CNIL fined an insurance broker €180,000 for exposing the personal data of customers on its website. The number of individuals potentially impacted by multiple security failings (hackable URLs, password / username combinations sent in unencrypted emails) exceeded 140,000.

Source (in French) | English translation (Google Translate link)

—

The Federal Trade Commission fined Facebook $5 billion for “violating consumers’ privacy”. Facebook responded to the the imposition of what the FTC grandly calls “new restrictions and a modified corporate structure” by appointing a marketing executive as its Chief Privacy Officer and, as Sarah Frier and Kurt Wagner put it in Bloomberg, “agreeing to ‘changes’ its already made”. The Facebook share price responded by rising.

https://twitter.com/ashk4n/status/1154044727496286208

Somewhat overwhelmed by the reporting of the fine was the news that

1. The FTC has opened an antitrust investigation of Facebook
2. Facebook was fined $100 million by the Securities and Exchange Commission for making “misleading disclosures” relating to Cambridge Analytica
3. Facebook data was sold to Cambridge Analytica, something Facebook has long denied
4. A ‘Facebook design flaw let thousands of kids join chats with unauthorized users’

• The European Commission published a report “looking at the impact of the EU data protection rules, and how implementation can be improved further”. ‘General Data Protection Regulation shows results, but work needs to continue’
• ‘It’s gotten to the point where the tech giants know more about you than the government does. Take it from Yael Eisenstat, who served as a CIA officer, a diplomat in East Africa, and an adviser to Vice President Biden before joining Facebook in 2018 to tackle its election meddling problem. “I get to make this joke—not everyone does, having been in both places—but Facebook knows you better than the CIA ever will,” she says. “Facebook knows more about you than you know about yourself.”’ From Matt Simon in Wired.
• Charlie Warzel in The New York Times lays out how it’s impossible for the US government’s regulatory authorities to adequately deal with the current crop of social surveillance companies. “here in 2019 on Earth-One, this month’s fines aren’t shows of strength but telling admissions of weakness. When it comes to funding, influence and size, the government is simply outmatched by the internet’s largest data guzzlers.”
• The European Data Protection Supervisor recently published ‘Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies’. Although specifically prepared for the EU institutions it’s well worth a read by anyone involved with data protection functions in an organisation of any nature (or size).

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.