The Cat Herder
|
A decision, finally, on the lawfulness of the clouds of dust thrown up by the ad lads around their tracking operations. Guess your age. Some hefty fines.
😼
Surveillance comes to the culture wars in the US.
NEW: Iowa Republicans have introduced a bill that would put government-installed cameras in every single classroom to livestream school activities for parents to spy on teachers and children at all times of the day.
— No Lie with Brian Tyler Cohen (@NoLieWithBTC) February 2, 2022
—
If there is not enough surveillance the US will cease to exist.
https://twitter.com/_jack_poulson/status/1486134547108540419The long march through the institutions, corporate surveillance and tracking edition.
Meta, Facebook’s parent company, is investing half a million euro to find new innovations in data privacy with researchers in Ireland.
—
These relationships are always ended and the data deleted after the media coverage. Funny that.
“We understand that you don’t want Crisis Text Line to share any data,” the suicide hotline nonprofit wrote in a statement Monday.
A technology which guesses. That doesn’t sound especially reliable ¯\_(ツ)_/¯
Major chains begin testing automated age-verification, to avoid the wait for staff at self-checkouts.
The Belgian DPA decided to be the first supervisory authority make a finding of the very obvious: “The Belgian DPA has found that the Transparency and Consent Framework (TCF), developed by IAB Europe, fails to comply with a number of provisions of the GDPR. The TCF is a widespread mechanism that facilitates the management of users’ preferences for online personalised advertising, and that plays a pivotal role in the so called Real Time Bidding (RTB). The BE DPA imposed a €250.000 fine to the company, and gives IAB Europe two months to present an action plan to bring its activities into compliance.”
Press release | Decision [direct link to PDF]
Techcrunch: ‘Behavioral ad industry gets hard reform deadline after IAB’s TCF found to breach Europe’s GDPR’
As the ultimate goal of the several iterations of the wildly inappropriately named Transparency and Consent Framework was to create as much delay as possible before any sanction caught up with its users it’ll be very surprising if the IAB doesn’t explore every avenue available to it to appeal the findings.
Despite some misguided commentary this does not mean cookie consent banners are going anywhere. Unless all publishers stop using cookies which require consent overnight. Which is rather unlikely due to the forces of money and inertia.
—
The Hellenic DPA fined two telecoms companies a total of €6 million for a range of breaches.
—
The Spanish DPA fined Caixabank €3 million for failing to secure the consent of individuals to profiling for commercial purposes.
- “Although protecting citizens’ privacy and curbing unnecessary information collection has been a major policy priority of China’s internet regulators, especially with the passage of the Personal Information Protection Law last year, an investigation by Citizen Lab found that the My 2022 app collects user information and shares it with third parties: some of China’s biggest tech companies, including Huawei, Xiaomi, Tencent, and iFlytek. The app’s privacy policy specifies that it may share user information without consent in circumstances involving national security and public health concerns. The app also contains a list of keywords that can be censored, reports Citizen Lab, including those in Tibetan and Uyghur script.” From ‘The vaguely dystopian technology fueling China’s Olympic Games’ by Meaghan Toibin for Rest of World.
- “According to the BDPA, you must obtain prior consent for all the other cookies and trackers. For example, cookies used for displaying personalized or non-personalized advertising (which uses trackers to analyse the advertising audience) or for sharing on social networks. Where consent is not given (i.e. consent is refused by the user), these cookies cannot be installed and/or read on the user’s terminal. Consent must also be specific. Confirming a purchase or accepting general terms and conditions is therefore not sufficient to consider that consent has been validly given to the placement or reading of cookies. Nor can the mere “use” of cookies imply that consent has been given, without any further specification as to the data collected via these cookies or the purposes for which this data is collected.” From ‘Another cookie enforcement case Belgian privacy watchdog reconfirms cookie consent rules’ by Tom de Cordier and Thomas Dubuisson on the CMS blog.
- “It is not a particular surprise that, if a data subject wants all their data, they can have all their data (subject to exemptions), but the EDPB sets this out clearly, along with the circumstances in which a controller is justified in asking a data subject to confirm what they want … a policy of demanding a passport or driving licence in every situation is unlikely to be sustainable. Again, this one is not a particular surprise, but the clarification is welcome.” From ‘Five points to note in the EDPB’s draft guidelines on the right of access under the GDPR’ by Neil Brown.
—
Endnotes & Credits
- The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
- As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
- The image used in the header is by Krystian Tambur on Unsplash.
- Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
- Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.