October 31, 2021
The Cat Herder
| |
| October 31 · Issue #155 · View online |
|
No, data protection isn’t out to kill anyone. But you wouldn’t know what an inscrutable orb might have planned.
😼
|
|
|
|
|
Who could have predicted that using something called "the orb" to harvest 1 billion retinal scans from residents of the global south in exchange for digital funny money would generate a backlash! https://t.co/uL5cuBYsMB
|
|
|
|
|
|
|
|
|
|
The latest coup in the layperson’s GDPR interpretation: The Secretary General of the German Society for Orthopedics and Trauma Surgery (DGOU) Dietmar Pennig warns that the GDPR could endanger human life – for example if an unconscious patient who has had an accident does not consent to the transfer of quickly needed medical data such as blood or ECG values from the ambulance can be sent to the treating hospital and valuable time is lost as a result. He calls for a corresponding adaptation of the data protection rules.
|
Comment: data protection kills. Not. - Market Research Telecast
It is well known that we Germans have a tendency to overshoot the target. As a result, European laws and regulations in this country are…
|
One of the lawful bases for processing personal data is the vital interests of the data subject. It’s right there in Article 6 of the GDPR. “Processing shall be lawful only if … processing is necessary in order to protect the vital interests of the data subject or of another natural person”. I’d wager staying
alive is regarded by most people as a fairly vital interest. |
|
|
|
|
|
This one is new! Unless you log in to Google, only "SafeSearch" for you. This is likely only the first step in encouraging the whole world to stay signed in permanently, for when the third party cookies go. https://t.co/PcPuCCG6ir
|
|
|
|
|
|
After attracting a lot of publicity for their plans to use facial recognition on schoolchildren it seems North Ayrshire Council has backed down. For now at least. Why is it that these projects are always merely paused rather than scrapped entirely for being absolutely appalling, intrusive and unnecessary ideas?
|
Nine schools in North Ayrshire have paused use of facial recognition technology days after introducing it, following UK’s Information Commissioner’s Office (ICO) inquiries. The schools wanted pupils to use the system for contactless lunch payments. However, North Ayrshire Council said it had “temporarily paused” the rollout. Separately, Great Academy Ashton, in Ashton-under-Lyne, has decided to completely drop its rollout of a facial recognition system.
|
|
|
|
|
You still can’t app your way out of a pandemic. But the least the HSE and the Department of Health could do is conduct the reviews they committed to do when launching this app.
|
The initial Data Protection Impact Assessment (DPIA) for the Covid Tracker stated that an assessment of the app’s effectiveness could take place no earlier than six months after its deployment, with evaluation criteria such as the number of contacts identified, levels of uptake, and the prevalence of Covid-19. It is as yet unclear if such a review has ever taken place. “You would probably imagine that the HSE knows it’s not working particularly well,” Stephen Farrell told the Irish Examiner. “But this is not a particularly new trend. The app wasn’t working well six months ago either,” he said.
|
Just 6% of positive cases being notified to Covid tracker app
Going by the HSE’s own usage numbers for the application, there are around 1.3 million users
|
|
|
Elsewhere in the world of Covid-related apps …
|
Docket lets residents download and carry a digital copy of their immunizations by pulling their vaccination records from their state’s health authority. The digital copy has the same information as the COVID-19 paper card, but is digitally signed by the state to prevent forgeries. Docket is one of several so-called vaccine passports in the U.S., allowing residents to show their vaccination records — or a scannable QR code — for getting into events, restaurants or crossing into countries where vaccines are required.
|
But for a time, the app allowed anyone access to the QR codes of other vaccinated users — and all the personal and vaccine information encoded within. That included names, dates of birth and information about a person’s COVID-19 vaccination status, such as which type of vaccine they received and when.
|
A security bug in health app Docket exposed COVID-19 vaccine records – TechCrunch
The bug, now fixed, allowed access to other people’s vaccination records.
|
|
It certainly could.
|
By default, the use of biometrics raises some privacy questions. Delta stresses that it only takes the image to send it to the TSA to validate your identity. And to be fair, if you opt in to PreCheck or Global Entry, the TSA already knows what you look like and when you travel. Forbes also noted that Delta itself doesn’t touch any of the biometric data but leaves that up to its partners who provide the technology for it. The security of their technology has been validated by the government, but we all know that there is no system that is guaranteed to be 100% secure.
|
|
|
|
|
|
|
|
|
- This Twitter thread by Piet Eeckhout on the primacy of EU law. It will no doubt come in useful some time in the not-too-distant future because public sector bodies in Ireland have great difficulty in grasping the concept.
-
‘But Wachter points out that the security systems guarding our biometric data is only state-of-the-art until the day they are breached. “The idea of a data breach is not a question of if, it’s a question of when,” she said. “Welcome to the internet: everything is hackable.” We should, she says, be cautious about rolling out technology just because it promises to make our lives easier. “The idea is that as soon as something is developed, it has a place in society,” she said. “But sometimes the price we pay is too high.”’ From ‘‘Conditioning an entire society’: the rise of biometric data technology’ by Rob Davies for the Guardian.
-
“Hospital stays are immensely sensitive events, and very private information is discussed in hospital rooms. That has implications for Alexa, especially given that all the processing necessary for the service happens on Amazon servers. In order to maintain patient privacy, hospital patients will not be able to contact family members using the Echo. “Amazon doesn’t have any personal information about either the resident or patient that’s using the service, to us its an anonymous user,” says Rubenson. “By design, this solution is anonymous just given the particular nature of these interactions.”’ From ‘Amazon’s Alexa is coming to a hospital near you’ by Ruth Reader for Fast Company. It would be very interesting to find out just what definition of anonymous Mr Rubenson is using here. Because anonymity is hard and vendors are extremely fond of claiming their solutions provide anonymity when they don’t.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
No, data protection isn’t out to kill anyone. But you wouldn’t know what an inscrutable orb might have planned.
😼
https://twitter.com/SilvermanJacob/status/1452609739389558791
Orb context: ‘Sam Altman’s Worldcoin wants to scan eyeballs in exchange for crypto’, Techcrunch
—
It is well known that we Germans have a tendency to overshoot the target. As a result, European laws and regulations in this country are…
One of the lawful bases for processing personal data is the vital interests of the data subject. It’s right there in Article 6 of the GDPR. “Processing shall be lawful only if … processing is necessary in order to protect the vital interests of the data subject or of another natural person”. I’d wager staying
alive is regarded by most people as a fairly vital interest.
—
After attracting a lot of publicity for their plans to use facial recognition on schoolchildren it seems North Ayrshire Council has backed down. For now at least. Why is it that these projects are always merely paused rather than scrapped entirely for being absolutely appalling, intrusive and unnecessary ideas?
BBC News: ‘Schools pause facial recognition lunch plans’
TES: ‘Sturgeon rejects facial recognition tech in schools’
You still can’t app your way out of a pandemic. But the least the HSE and the Department of Health could do is conduct the reviews they committed to do when launching this app.
Going by the HSE’s own usage numbers for the application, there are around 1.3 million users
—
Elsewhere in the world of Covid-related apps …
The bug, now fixed, allowed access to other people’s vaccination records.
Techcrunch: ‘Delta Air Lines partners with TSA PreCheck to launch biometrics-based bag drops’
The Norwegian DPA fined a palace €10,000 for unlawful use of CCTV. No lawful basis and inadequate transparency information. Granted, it was a Waxing Palace but the same rules apply to everyone.
- This Twitter thread by Piet Eeckhout on the primacy of EU law. It will no doubt come in useful some time in the not-too-distant future because public sector bodies in Ireland have great difficulty in grasping the concept.
-
‘But Wachter points out that the security systems guarding our biometric data is only state-of-the-art until the day they are breached. “The idea of a data breach is not a question of if, it’s a question of when,” she said. “Welcome to the internet: everything is hackable.” We should, she says, be cautious about rolling out technology just because it promises to make our lives easier. “The idea is that as soon as something is developed, it has a place in society,” she said. “But sometimes the price we pay is too high.”’ From ‘‘Conditioning an entire society’: the rise of biometric data technology’ by Rob Davies for the Guardian.
-
“Hospital stays are immensely sensitive events, and very private information is discussed in hospital rooms. That has implications for Alexa, especially given that all the processing necessary for the service happens on Amazon servers. In order to maintain patient privacy, hospital patients will not be able to contact family members using the Echo. “Amazon doesn’t have any personal information about either the resident or patient that’s using the service, to us its an anonymous user,” says Rubenson. “By design, this solution is anonymous just given the particular nature of these interactions.”’ From ‘Amazon’s Alexa is coming to a hospital near you’ by Ruth Reader for Fast Company. It would be very interesting to find out just what definition of anonymous Mr Rubenson is using here. Because anonymity is hard and vendors are extremely fond of claiming their solutions provide anonymity when they don’t.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
