May 9, 2021
The Cat Herder
| |
| May 9 · Issue #130 · View online |
|
‘Twas a week of announcements, among other things. Microsoft announced it will allow data controllers in Europe to store all the personal data they hold in Europe. Google announced privacy information labels are coming to the Play Store next year. Twitter announced a Tip Jar which sends your address to whoever you’re tipping. The guards announced an app which realised a vision.
😼
|
|
|
An Garda Síochána did a press launch thingummy on Thursday for its inscrutably-named Active Mobility App. (Could one have an Inactive Mobility App? Or an Active Immobile App?) This gave rise to some impenetrable quotes which a VC-backed tech company would be proud of.
|
The Active Mobility App gives “every garda the ability to be technically a data station”, according to Assistant Commissioner David Sheahan.
|
“Our vision [is] for every garda to be equipped with a mobile device in their pocket so they scan be active in the community without going back to the station [to check records] has now been realised,” he said. [sic, for this entire paragraph]
He said the the only data collected from the public was in relation to breaches of the law and there was no breach of GDPR legislation. If a car registration was scanned and failed to indicate any breach of regulations then that data would not be stored, he said.
|
The act of scanning is processing of personal data. Scanning everyone on the basis that they might have breached the law sounds as if it’s getting into Perpetual Lineup territory. |
Biggest policing change ‘in 20 years’ via new Garda app
Technology being rolled out among community gardaí, regular units and immigration officers
|
|
|
|
|
|
Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @ on Twitter w/ PayPal and he did in fact get my address I tipped him. https://t.co/R4NvaXRdlZ https://t.co/r8UyJpNCxu
|
|
|
|
|
|
It is crucial to recall from the outset that no unjustified discrimination can occur based on the fact that a person has not been vaccinated, due to possible health risks or due to not wanting to be vaccinated. Therefore, all measures introduced must be in accordance with the principles of necessity, proportionality and non-discrimination. Keeping in mind the importance of combatting the pandemic, it should also be recalled that alternatives to the use of such digital tools need to be made available, and that their use cannot be made mandatory.
|
From a Council of Europe Statement: ‘Covid-19 vaccination, attestations and data protection’ [ direct link to PDF]. |
|
|
It never takes long for surveillance networks established for one purpose - in this case including public health surveillance related to the pandemic - to be repurposed by law enforcement.
|
Officials hailed Moscow’s massive facial-recognition camera network as a benign aid to residents that would enforce quarantine restrictions, catch criminals and even let them pay subway fares. Now it’s being deployed to crush dissent against President Vladimir Putin.
|
In Moscow, Big Brother Is Watching and Recognizing Protesters - Bloomberg
Officials hailed Moscow’s massive facial-recognition camera network as a benign aid to residents that would enforce quarantine restrictions, catch criminals and even let them pay subway fares. Now it’s being deployed to crush dissent against President Vladimir Putin.
|
|
|
Anivar Aravind, a software engineer who petitioned against the mandatory use of the application in the Karnataka high court, said contact tracing apps have proven to be ineffective. “There is no data on how effective these apps have been,” he said. “In Iceland, it did not help; in Singapore also, it is evaluated. In 2021, the question we need to ask is why do contact tracing apps still exist.” Aravind added that Aarogya Setu was an experiment that failed. “This was nothing but technology theatre. Aarogya Setu was a distraction and now we have Co-WIN. I presume that the app will likely make a reappearance as an immunity passport as we go along.”
|
Aarogya Setu fades into background as India deals with second Covid-19 wave | Hindustan Times
Nearly 100 million people began using the app, the government’s contact tracing app, within a month and a half of its launch last year. It had over 150 million users by the end of September last year, the government told Parliament
|
|
|
In the UK the general NHS App will have vaccine passport functionality bolted on to it.
|
|
|
NHS App to serve as from May 17th, with test status to follow. Practical solution, but with so many data types feeding the app, will it become like an ID card?
https://t.co/tAtR9WRvAI
|
|
|
|
|
|
The figures on how many people want the apps on their phones to track them keep rolling in. Not many at all.
|
After update, only 4 percent of iOS users in U.S. let apps track them
New data shows that, when given the choice, people would rather not be tracked.
|
|
|
The Norwegian DPA has informed commenting platform Disqus it intends to fine Disqus €2.5 million “for failures to comply with requirements in Europe’s General Data Protection Regulation (GDPR) on accountability, lawfulness and transparency.” |
|
|
|
|
|
|
-
“But does the Department understand what they are promoting? The DCMS Minister responsible, Oliver Dowden said in Parliament on December 15th 2020: “Clearly, if it was up to individuals within those companies to identify content on private channels, that would not be acceptable—that would be a clear breach of privacy. He’s right. It is. And yet he and his Department are promoting it … there is reluctance to address the key question: what is the lawful basis for monitoring children in school, at home, in- or out-side school hours?” Jen Persson picks apart the troubling ‘Rise of Safety Tech’.
-
"While Zudan Arif Fakrulloh, the director-general of Indonesia’s civil registry, has denied allegations of discrimination against vulnerable communities and minorities, many experts take a different view. “As the country is relying more on a digital ecosystem, undocumented people are simply invisible,” said Sukamdi, lecturer and researcher at Center for Population and Policy Studies at Gadjah Mada University. “They don’t exist in the online database, and the inability of undocumented citizens to provide proof of identity impacts nearly every aspect of their lives.” From ‘Indonesia’s invisible people face discrimination, and sometimes death, by database’ by Adi Renaldi for Rest of World.
-
"Garvie, who used PimEyes on an image of her own face, noticed that most of the results that were not her were of similar-looking White women in their 30s. This type of misidentification is common across facial-recognition algorithms, she said, and also makes it more likely that a person who sees those results will then make a misidentification. PimEyes’ technology could hurt people in other ways, too, such as by outing people who are transgender — intentionally or not. When Rachel Thorn, a professor at Kyoto Seika University, uploaded a recent photo of herself to PimEyes, she encountered other recent images of herself. There were also older images, she said, where she presented as masculine. She looks very different today, she said, but guessed that PimEyes may have picked up on similarities between facial features in a recent photo and old photos.” Rachel Metz does some digging on freely-available facial recognition tool PimEyes for CNN.
-
“The Dutch Data Protection Authority (“DPA”) issued a formal warning to a Dutch supermarket for use of facial recognition technology (“FRT”) in its stores. The supermarket claimed to be using FRT to protect its customers and employees, and to prevent shoplifting. However, the deputy chair of the DPA warned that FRT makes us all “walking bar codes” and highlighted the need for customers to give explicit consent in the absence of any necessity for authentication or security purposes. In another recent FRT decision, the Swedish DPA found that the Swedish Police Authority had processed personal data in breach of the Swedish Criminal Data Act, when utilising Clearview AI to identify individuals. The Swedish DPA’s investigation revealed that the Swedish Police had used Clearview AI on a number of occasions, and had unlawfully processed biometric data for facial recognition as well as having failed to conduct a data protection impact assessment which was required. An administrative fine of SEK 2,500,000 (approximately EUR 250,000) was imposed on the Swedish Police for infringements of the Criminal Data Act. To add salt to the Swedish Police’s wounds, they were ordered to inform all data subjects whose data has been disclosed to [[Clearview]] AI, where confidentiality rules allowed it. They were also ordered to ensure, to the extent possible, that any personal data transferred to Clearview AI was erased.” From “Walking bar codes”, Swedish Police and the use of Facial Recognition Technology by Eleanor Ludlam for DAC Beachcroft.
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
‘Twas a week of announcements, among other things. Microsoft announced it will allow data controllers in Europe to store all the personal data they hold in Europe. Google announced privacy information labels are coming to the Play Store next year. Twitter announced a Tip Jar which sends your address to whoever you’re tipping. The guards announced an app which realised a vision.
😼
An Garda Síochána did a press launch thingummy on Thursday for its inscrutably-named Active Mobility App. (Could one have an Inactive Mobility App? Or an Active Immobile App?) This gave rise to some impenetrable quotes which a VC-backed tech company would be proud of.
The act of scanning is processing of personal data. Scanning everyone on the basis that they might have breached the law sounds as if it’s getting into Perpetual Lineup territory.
Technology being rolled out among community gardaí, regular units and immigration officers
—
From a Council of Europe Statement: ‘Covid-19 vaccination, attestations and data protection’ [direct link to PDF].
—
It never takes long for surveillance networks established for one purpose - in this case including public health surveillance related to the pandemic - to be repurposed by law enforcement.
Officials hailed Moscow’s massive facial-recognition camera network as a benign aid to residents that would enforce quarantine restrictions, catch criminals and even let them pay subway fares. Now it’s being deployed to crush dissent against President Vladimir Putin.
—
Nearly 100 million people began using the app, the government’s contact tracing app, within a month and a half of its launch last year. It had over 150 million users by the end of September last year, the government told Parliament
—
In the UK the general NHS App will have vaccine passport functionality bolted on to it.
The figures on how many people want the apps on their phones to track them keep rolling in. Not many at all.
New data shows that, when given the choice, people would rather not be tracked.
The Norwegian DPA has informed commenting platform Disqus it intends to fine Disqus €2.5 million “for failures to comply with requirements in Europe’s General Data Protection Regulation (GDPR) on accountability, lawfulness and transparency.”
—
To mark Europe Day the EDPB and EDPS have published a nice overview of data protection in Europe. Necessity, proportionality, data protection =/= privacy, independence of Supervisory Authorites and so on.
-
“But does the Department understand what they are promoting? The DCMS Minister responsible, Oliver Dowden said in Parliament on December 15th 2020: “Clearly, if it was up to individuals within those companies to identify content on private channels, that would not be acceptable—that would be a clear breach of privacy. He’s right. It is. And yet he and his Department are promoting it … there is reluctance to address the key question: what is the lawful basis for monitoring children in school, at home, in- or out-side school hours?” Jen Persson picks apart the troubling ‘Rise of Safety Tech’.
-
"While Zudan Arif Fakrulloh, the director-general of Indonesia’s civil registry, has denied allegations of discrimination against vulnerable communities and minorities, many experts take a different view. “As the country is relying more on a digital ecosystem, undocumented people are simply invisible,” said Sukamdi, lecturer and researcher at Center for Population and Policy Studies at Gadjah Mada University. “They don’t exist in the online database, and the inability of undocumented citizens to provide proof of identity impacts nearly every aspect of their lives.” From ‘Indonesia’s invisible people face discrimination, and sometimes death, by database’ by Adi Renaldi for Rest of World.
-
"Garvie, who used PimEyes on an image of her own face, noticed that most of the results that were not her were of similar-looking White women in their 30s. This type of misidentification is common across facial-recognition algorithms, she said, and also makes it more likely that a person who sees those results will then make a misidentification. PimEyes’ technology could hurt people in other ways, too, such as by outing people who are transgender — intentionally or not. When Rachel Thorn, a professor at Kyoto Seika University, uploaded a recent photo of herself to PimEyes, she encountered other recent images of herself. There were also older images, she said, where she presented as masculine. She looks very different today, she said, but guessed that PimEyes may have picked up on similarities between facial features in a recent photo and old photos.” Rachel Metz does some digging on freely-available facial recognition tool PimEyes for CNN.
-
“The Dutch Data Protection Authority (“DPA”) issued a formal warning to a Dutch supermarket for use of facial recognition technology (“FRT”) in its stores. The supermarket claimed to be using FRT to protect its customers and employees, and to prevent shoplifting. However, the deputy chair of the DPA warned that FRT makes us all “walking bar codes” and highlighted the need for customers to give explicit consent in the absence of any necessity for authentication or security purposes. In another recent FRT decision, the Swedish DPA found that the Swedish Police Authority had processed personal data in breach of the Swedish Criminal Data Act, when utilising Clearview AI to identify individuals. The Swedish DPA’s investigation revealed that the Swedish Police had used Clearview AI on a number of occasions, and had unlawfully processed biometric data for facial recognition as well as having failed to conduct a data protection impact assessment which was required. An administrative fine of SEK 2,500,000 (approximately EUR 250,000) was imposed on the Swedish Police for infringements of the Criminal Data Act. To add salt to the Swedish Police’s wounds, they were ordered to inform all data subjects whose data has been disclosed to [[Clearview]] AI, where confidentiality rules allowed it. They were also ordered to ensure, to the extent possible, that any personal data transferred to Clearview AI was erased.” From “Walking bar codes”, Swedish Police and the use of Facial Recognition Technology by Eleanor Ludlam for DAC Beachcroft.
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
