The Cat Herder

The Irish government undermines one of the most systemically important regulators in Europe, then see   October 13 · Issue #55 · View online The Irish government undermines one of the most systemically important regulators in Europe, then seems surprised to discover that doing so might make the Irish government look bad. 😼 An even more generous helping than usual in this category. The Chinese government apparently has plans to require people to pass a facial recognition test in order to apply for an internet connection. The Home Office in the UK “went ahead with a face-detection system for its passport photo checking service, despite knowing the technology failed to work well for people in some ethnic minorities.” Twitter “inadvertently” used an unknown number of email addresses and telephone numbers which had been given to it solely for safety and security purposes to target ads at users. The Austrian state’s employment agency, AMS, is “about to roll out a sorting algorithm that gives lower scores to women and the disabled”, which is “very likely illegal under current anti-discrimination law.” Temple Street Children’s Hospital in Dublin “operated a project using patient DNA information for eight months before suspending it to review its compliance with new data-processing laws”. Yes, as you probably guessed, Genomics Medicine Ireland are involved in this one. The Irish Data Protection Commission received only 27% of the budget allocation it requested in last week’s budget. Given the timing, a neutral observer could be forgiven for thinking this was the Irish state punishing the DPC in a not very subtle manner for finding against the Department of Employment Affairs and Social Affairs in the first phase of the investigation of the Public Services Card system. The motivation for withholding 73% of the requested funding from the DPC is not all that important compared to the consequences. There are immediate consequences for any users of services and products provided by the multitude of multinational technology companies who are headquartered here. The DPC is the lead supervisory authority for the majority of these companies. Therefore the DPC is responsible for safeguarding the rights and freedoms of all the users of these products and services in the European Union. If the DPC is not properly resourced by the Irish state then it cannot perform this task. There will more than likely also be consequences - presumably unforeseen - for the Irish state in failing to adequately resource the Data Protection Commission. This deliberate under-funding potentially places the state in breach of multiple EU laws and treaties. A complaint to the EU Commission have already been made. Presumably more will follow. The DPC is not a ‘normal’ regulator. It is of systemic importance to the entire European Union and the rights and freedoms enjoyed by the Union’s citizens and residents. More ‘Revealed: Data Protection Commission’s pleas for more staff and 'fit-for-purpose office’, The Journal ‘Data Protection Commission 'disappointed’ at budget allocation’, Irish Times ‘Fears over funding of top watchdog investigating Facebook’, Yahoo Finance ‘Is Ireland breaching EU rules by underfunding data regulator?’, Irish Times — CNBC reported during the week that the DPC’s investigations into WhatsApp and Twitter have concluded and are now moving into the decision-making phase. — The Hellenic DPA fined a telecommunications service provider €400,000 for failing to satisfy the right to object (Article 21.3), the accuracy principle (Article 5.1©) and data protection by design and default (Article 25). — The Dutch DPA has started an exploratory investigation into data protection and privacy in the development of smart cities. + Original (in Dutch) + English translation via Google Translate The Secretary General of the Department of Public Expenditure and reform wrote to the Public Accounts Committee singing the praises of the Public Services Card, ahead of his appearance before that committee to answer questions about the card and its database. The members of the Public Accounts Committee were mostly unmoved by this, since it seems Mr. Watt had not actually answered any of the questions which had been put to him about the project by the committee. The chairman of the Public Accounts Committee has criticised one of the country’s most senior civil servants for making “zero effort to answer the questions” posed by the committee regarding the Public Services Card. So business as usual when it comes to getting straight answers out of the people responsible for building - and continuing to extend the use of - an unlawful biometric database. They did, they really did. Is Amazon Watching You? Cloud Cam Footage Reviewed By Humans - Bloomberg www.bloomberg.com – Share Teams in India and Romania use video snippets sent by customers for troubleshooting purposes and to train artificial intelligence algorithms. “In 2015, two of the school’s computer science professors — Ira Kemelmacher-Shlizerman and Steve Seitz — and their graduate students used the Flickr data to create MegaFace. Containing more than four million photos of some 672,000 people, it held deep promise for testing and perfecting face-recognition algorithms.” Kashmir Hill and Aaron Krolik take a trip through the history of MegaFace, the facial recognition training database that is now potentially an “expensive hot potato” in Illinois. This quick analysis by Carlo Pilitz of the Baden-Württemberg DPA’s guidance on how cookie banners should be designed after the CJEU ruling in the Planet49 case. ‘Why Data Is Not The New Oil’ by Alec Stapp on Truth on the Market. “this analogy to the physical economy is fundamentally flawed. Worse, introducing regulations premised upon faulty assumptions like this will likely do far more harm than good. Here are seven reasons why “data is the new oil” misses the mark”. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

The Irish government undermines one of the most systemically important regulators in Europe, then seems surprised to discover that doing so might make the Irish government look bad.

😼

An even more generous helping than usual in this category.

The Chinese government apparently has plans to require people to pass a facial recognition test in order to apply for an internet connection.

The Home Office in the UK “went ahead with a face-detection system for its passport photo checking service, despite knowing the technology failed to work well for people in some ethnic minorities.”

Twitter “inadvertently” used an unknown number of email addresses and telephone numbers which had been given to it solely for safety and security purposes to target ads at users.

The Austrian state’s employment agency, AMS, is “about to roll out a sorting algorithm that gives lower scores to women and the disabled”, which is “very likely illegal under current anti-discrimination law.”

Temple Street Children’s Hospital in Dublin “operated a project using patient DNA information for eight months before suspending it to review its compliance with new data-processing laws”. Yes, as you probably guessed, Genomics Medicine Ireland are involved in this one.

The Irish Data Protection Commission received only 27% of the budget allocation it requested in last week’s budget. Given the timing, a neutral observer could be forgiven for thinking this was the Irish state punishing the DPC in a not very subtle manner for finding against the Department of Employment Affairs and Social Affairs in the first phase of the investigation of the Public Services Card system.

The motivation for withholding 73% of the requested funding from the DPC is not all that important compared to the consequences. There are immediate consequences for any users of services and products provided by the multitude of multinational technology companies who are headquartered here. The DPC is the lead supervisory authority for the majority of these companies. Therefore the DPC is responsible for safeguarding the rights and freedoms of all the users of these products and services in the European Union. If the DPC is not properly resourced by the Irish state then it cannot perform this task.

There will more than likely also be consequences - presumably unforeseen - for the Irish state in failing to adequately resource the Data Protection Commission. This deliberate under-funding potentially places the state in breach of multiple EU laws and treaties. A complaint to the EU Commission have already been made. Presumably more will follow. The DPC is not a ‘normal’ regulator. It is of systemic importance to the entire European Union and the rights and freedoms enjoyed by the Union’s citizens and residents.

More

‘Revealed: Data Protection Commission’s pleas for more staff and 'fit-for-purpose office’, The Journal

‘Data Protection Commission 'disappointed’ at budget allocation’, Irish Times

‘Fears over funding of top watchdog investigating Facebook’, Yahoo Finance

‘Is Ireland breaching EU rules by underfunding data regulator?’, Irish Times

—

CNBC reported during the week that the DPC’s investigations into WhatsApp and Twitter have concluded and are now moving into the decision-making phase.

—

The Hellenic DPA fined a telecommunications service provider €400,000 for failing to satisfy the right to object (Article 21.3), the accuracy principle (Article 5.1©) and data protection by design and default (Article 25).

—

The Dutch DPA has started an exploratory investigation into data protection and privacy in the development of smart cities.

+ Original (in Dutch)

+ English translation via Google Translate

The Secretary General of the Department of Public Expenditure and reform wrote to the Public Accounts Committee singing the praises of the Public Services Card, ahead of his appearance before that committee to answer questions about the card and its database.

The members of the Public Accounts Committee were mostly unmoved by this, since it seems Mr. Watt had not actually answered any of the questions which had been put to him about the project by the committee.

So business as usual when it comes to getting straight answers out of the people responsible for building - and continuing to extend the use of - an unlawful biometric database.

Teams in India and Romania use video snippets sent by customers for troubleshooting purposes and to train artificial intelligence algorithms.

• “In 2015, two of the school’s computer science professors — Ira Kemelmacher-Shlizerman and Steve Seitz — and their graduate students used the Flickr data to create MegaFace. Containing more than four million photos of some 672,000 people, it held deep promise for testing and perfecting face-recognition algorithms.” Kashmir Hill and Aaron Krolik take a trip through the history of MegaFace, the facial recognition training database that is now potentially an “expensive hot potato” in Illinois.
• This quick analysis by Carlo Pilitz of the Baden-Württemberg DPA’s guidance on how cookie banners should be designed after the CJEU ruling in the Planet49 case.
• ‘Why Data Is Not The New Oil’ by Alec Stapp on Truth on the Market. “this analogy to the physical economy is fundamentally flawed. Worse, introducing regulations premised upon faulty assumptions like this will likely do far more harm than good. Here are seven reasons why “data is the new oil” misses the mark”.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.