Privacy Kit

Subscribe
Archives
March 29, 2020

The Cat Herder

More tracking plans, some of which are swiftly denied, download this app or else, operators being lea
 
March 29 · Issue #75 · View online
The Cat Herder
More tracking plans, some of which are swiftly denied, download this app or else, operators being leant on.
Stay safe and stay home. Print out these travel posters from Jennifer Baer. Or if you’re looking for something to do with more relevance to this newsletter, our friends at Castlebridge have a range of online data protection and data management modules at dataeducation.ie.
😼

Soumya
Soumya
@skarlamangla
apparently the city of LA notified people of their negative covid results in a mass email but didn’t bcc anyone, so all 200+ recipients could see the names of everyone else who got tested, which is a huge privacy violation
10:20 PM - 27 Mar 2020
Last week we mentioned Zoom, a tool that has seen a surge in use as more and more people work from home. During this week it was reported that Zoom was sharing personal data with Facebook, even the personal data of users who did not have a Facebook account.
This was stopped by the end of the week.
Zoom Removes Code That Sends Data to Facebook - VICE
www.vice.com – Share
The change comes after Motherboard found the Zoom iOS app was sending analytics information to Facebook when users opened the app.
—
Trinity to Track Remaining Residents Using SafeZone App – The University Times
www.universitytimes.ie – Share
The lawful basis for this is unclear. As always, saying something is “GDPR compliant” does not in any way make it so.
It is happening here
It is happening here
Apart from a mention during the Dáil debate on emergency legislation last week, there doesn’t appear to have been any effort here in Ireland to use location data to attempt to reduce the spread of Coronavirus.
This is unusual, because as we mentioned last week things are happening elsewhere across Europe.
In Poland, an alarming mandatory and compulsory app which uses both geolocation data and facial recognition. ‘“People in quarantine have a choice: either receive unexpected visits from the police, or download this app,” Karol Manys, digital ministry spokesman, told AFP.’
In the UK the NHS has apparently hired Palantir to create what sounds like a real-time business insights system. Why a company such as Palantir would be required to build out some dashboards is a mystery. “The system removes identifiers such as names and addresses in order to keep the data as anonymous as possible.” This misunderstands anonymisation. There’s no sliding scale. Personal data is either anonymised or it isn’t. 
A Vodafone lobbyist wrote some sponsored content for Politico trumpeting a heat map the telco has produced from location data and made available to authorities in Lombardy and Spain. Voda is “working hard” to “quickly roll out this capability to other countries, in line with the European Commission’s desire to have visibility across the Continent.”
According to Techcrunch the European Commission has been “leaning on” mobile operators to share users’ location data.
“We want to work with one operator per Member State to have a representative sample,” [the Commission] added. “Having one operator per Member State also means the aggregated and anonymised data could not be used to track individual citizens, that is also not at all the intention. Simply because not all have the same operator.“
The Commission has said the metadata will be used for modelling the spread of the virus and for looking at mobility patterns to analyze and assess the impact of quarantine measures.
On an even broader scale, The Guardian reported during the week that the GSM Association had been talking to “at least one company that is capable of tracking individuals globally through their mobile devices, and discussed the possible creation of a global data-sharing system.”
An official denial from the GSMA appeared promptly.
A spokesperson for GSMA strenuously denied it was currently involved in any project to create a global tracking system. “We are not involved in a project of this nature,” the GSMA spokesperson said. However the GSMA also said it would not comment on discussions that had taken place or ideas that were being explored.
Make of that what you will.
officially denied
The ICO launched a ‘Data protection and coronavirus information hub’ during the week.
—
The DPC published expanded guidance on the timelines for responding Subject Access Requests at this time, and tips for staying safe online during a pandemic.
  • “Concessions made now in the name of public health should not slide surreptitiously into a new future norm without wider debate – and clear limitations on corporate control of our data” writes Karlin Lillington in The Irish Times.
  • Susan Landau wrote a piece for Lawfare on the dubious utility of most of the surveillance and tracking measures being mooted and / or implemented. If you read just one thing this weekend make it this. “Could technology be built that could determine whether someone has been within that six- foot sphere surrounding an exposed person? Potentially, but that technology doesn’t exist now, and there would be huge privacy and civil liberties issues to resolve in building and deploying any such tool. It behooves technologists to be honest about what current technology can and can’t do—and not to push miracle drugs when they don’t exist.”
  • Where there’s a crisis there’s always an opportunity. Especially for rights-infringing technology which doesn’t do what its vendors claim it does. April Glaser looked at the boom in thermal imaging systems for NBC - “‘Fever detection’ cameras to fight coronavirus? Experts say they don’t work”
——
Endnotes & Credits
  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland

More tracking plans, some of which are swiftly denied, download this app or else, operators being leant on.

Stay safe and stay home. Print out these travel posters from Jennifer Baer. Or if you’re looking for something to do with more relevance to this newsletter, our friends at Castlebridge have a range of online data protection and data management modules at dataeducation.ie.

😼

apparently the city of LA notified people of their negative covid results in a mass email but didn’t bcc anyone, so all 200+ recipients could see the names of everyone else who got tested, which is a huge privacy violation

— Soumya (@skarlamangla) March 27, 2020

Last week we mentioned Zoom, a tool that has seen a surge in use as more and more people work from home. During this week it was reported that Zoom was sharing personal data with Facebook, even the personal data of users who did not have a Facebook account.

This was stopped by the end of the week.

The change comes after Motherboard found the Zoom iOS app was sending analytics information to Facebook when users opened the app.

—

The lawful basis for this is unclear. As always, saying something is “GDPR compliant” does not in any way make it so.

Apart from a mention during the Dáil debate on emergency legislation last week, there doesn’t appear to have been any effort here in Ireland to use location data to attempt to reduce the spread of Coronavirus.

This is unusual, because as we mentioned last week things are happening elsewhere across Europe.

In Poland, an alarming mandatory and compulsory app which uses both geolocation data and facial recognition. ‘“People in quarantine have a choice: either receive unexpected visits from the police, or download this app,” Karol Manys, digital ministry spokesman, told AFP.’

In the UK the NHS has apparently hired Palantir to create what sounds like a real-time business insights system. Why a company such as Palantir would be required to build out some dashboards is a mystery. “The system removes identifiers such as names and addresses in order to keep the data as anonymous as possible.” This misunderstands anonymisation. There’s no sliding scale. Personal data is either anonymised or it isn’t. 

A Vodafone lobbyist wrote some sponsored content for Politico trumpeting a heat map the telco has produced from location data and made available to authorities in Lombardy and Spain. Voda is “working hard” to “quickly roll out this capability to other countries, in line with the European Commission’s desire to have visibility across the Continent.”

According to Techcrunch the European Commission has been “leaning on” mobile operators to share users’ location data.

On an even broader scale, The Guardian reported during the week that the GSM Association had been talking to “at least one company that is capable of tracking individuals globally through their mobile devices, and discussed the possible creation of a global data-sharing system.”

An official denial from the GSMA appeared promptly.

Make of that what you will.

The ICO launched a ‘Data protection and coronavirus information hub’ during the week.

—

The DPC published expanded guidance on the timelines for responding Subject Access Requests at this time, and tips for staying safe online during a pandemic.

  • “Concessions made now in the name of public health should not slide surreptitiously into a new future norm without wider debate – and clear limitations on corporate control of our data” writes Karlin Lillington in The Irish Times.
  • Susan Landau wrote a piece for Lawfare on the dubious utility of most of the surveillance and tracking measures being mooted and / or implemented. If you read just one thing this weekend make it this. “Could technology be built that could determine whether someone has been within that six- foot sphere surrounding an exposed person? Potentially, but that technology doesn’t exist now, and there would be huge privacy and civil liberties issues to resolve in building and deploying any such tool. It behooves technologists to be honest about what current technology can and can’t do—and not to push miracle drugs when they don’t exist.”
  • Where there’s a crisis there’s always an opportunity. Especially for rights-infringing technology which doesn’t do what its vendors claim it does. April Glaser looked at the boom in thermal imaging systems for NBC - “‘Fever detection’ cameras to fight coronavirus? Experts say they don’t work”

——

Endnotes & Credits

  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.

Don't miss what's next. Subscribe to Privacy Kit:
X
Powered by Buttondown, the easiest way to start and grow your newsletter.