August 30, 2020
The Cat Herder
|
August 30 · Issue #97 · View online |
|
Number plates and quiet scrapping of discriminatory data processing are themes this week. Also a device that listens to the tone of your voice and a police force that reckons it can judge your mood by looking at CCTV pictures of you. 😼
|
|
|
The answer to the question “When should you send nude / semi-nude pictures of yourself to a corporation?” is never.
|
|
An Amazon device that:
• You wear 24/7
• Has a permanently-on microphone "listening to the tone of your voice"
• Makes you upload nudes to "calculate your body fat" using clearly-bullshit computer vision
• Is somehow not a prop from Black Mirror
https://t.co/ltubfjo9uy
|
|
|
Amazon Halo: a fitness band and app that scans your body, listens to your voice - The Verge
Amazon is creating an entirely new fitness band and health service, called Halo. The Halo Band is a simple gadget with no display, but the Halo app is more interesting. It can use your camera to create a 3D scan of your body and calculate your body fat. It also listens to the tone of your voice.
|
|
It has now emerged that anyone in possession of a ‘garage code’, a password delivered to garages and dealerships for the use of the online system (known as MotorTrans), can access the details of any vehicle with a registration plate.
|
Technical loophole that allows access to details of vehicle owners 'an utter disaster'
Access that may represent major data breach described as ‘utter disaster’
|
|
“He was shaking and wanted to leave the beach and keep his head down away from any publicity so we found a small tea room as I thought the tea would help the shock. "My details were taken because of contact tracing and we watched as the rescue helicopter came onto the beach. "After the rescue, someone came into the tearoom to see if Michéal was there and got my details.
|
Holiday hero who helped in Co Kerry rescue identified via Covid tracking measures
Holiday hero who helped in Co Kerry rescue identified via Covid tracking measures
|
Hero or not, this is a data breach. Presumably the DPC’s inbox is filling up with complaints about these sorts of things as the number of accidental data controllers in the hospitality sector increases (see below).
|
|
|
A couple of genuinely surprising entries this week
|
Councils are quietly scrapping the use of computer algorithms in helping to make decisions on benefit claims and other welfare issues, the Guardian has found, as critics call for more transparency on how such tools are being used in public services. It comes as an expert warns the reasons for cancelling programmes among government bodies around the world range from problems in the way the systems work to concerns about bias and other negative effects. Most systems are implemented without consultation with the public, but critics say this must change.
|
Councils scrapping use of algorithms in benefit and welfare decisions | The Guardian
Call for more transparency on how such tools are used in public services as 20 councils stop using computer algorithms
|
|
It was a huge reversal for Facebook, which has been defending its racial ad categories—which it calls “multicultural affinity”—against charges of illegal discrimination for the past several years.
|
|
|
As mentioned over the last few issues of this newsletter, the department of education certainly will not be able to say nobody saw the enormous problems with its plans for generating estimated grades for the Leaving Certificate. But still we have seen no indication that these plans might be scrapped. The opportunity to scrap them quietly has now passed.
|
|
|
"To me it seems like they don't want us to make a fuss, that they're not giving us all the information so we won't know until we're affected the same as the UK."
@, @ (@) + @ on calculated Leaving Cert grades.
https://t.co/E673MJQaqz
|
|
|
|
|
Covid tracker app deleted 500,000 times
The HSE is unable to confirm how many people who have the app on their phones are using it correctly, that is, with bluetooth and GPS enabled.
|
|
Airplane mode and prepaid SIMs: some Israelis dodge COVID-19 tracking - Reuters
Israel’s cellphone surveillance for coronavirus contact-tracing may have overcome challenges by privacy watchdogs, but the state tracking policy is hard put to deal with low-tech evasion methods seemingly lifted from TV cop shows.
|
|
The names and personal information of numerous German politicians also appear in the leak, reported Bayerischer Rundfunk (BR) and Norddeutscher Rundfunk (NDR). One example was a member of the Social Democratic Party (SPD) in Hamburg whose email as well as postal address were made visible, along with the fact that he met a colleague in a cafe on July 15 at 12:33 p.m.
|
Germany: Coronavirus contact data from restaurant visits vulnerable to hacking | Deutsche Welle
A major flaw in the security system of a German software company has left vast amounts of private information vulnerable to hackers. Data collected for coronavirus contact tracking forms has also been affected.
|
|
It could, you know. Bad ideas know no borders.
|
This does not work, is a waste of money and will no doubt lead to erroneous conclusions being drawn about individuals.
|
British police to trial facial recognition system that detects your mood
Lincolnshire police plan to test facial recognition and behavioral tech that infers people’s moods and expressions by analyzing CCTV footage.
|
|
|
[The CNIL] indicated that ANPR devices can be used for the purposes of monitoring vehicles regarding parking systems in order to, for instance, calculate parking payments and fines. However, CNIL added that the collection and processing of photographs of vehicles and number plates by local authorities for general law enforcement purposes is not permitted under the current regulations.
|
|
|
On August 24, 2020, the data protection authority of the German state of Baden-Württemberg (the “DPA”) published guidance (the “Guidance”) on international transfers of personal data following the Schrems II judgment (which we have previously covered here). This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the Schrems II decision. As well as including a Schrems II compliance checklist, it provides some recommendations on modifying the Standard Contractual Clauses (‘SCCs’) to allow the parties to document their intent to act in accordance with the law.
|
|
|
An administrative order on information regarding the biometric processing of personal data has been issued against Clearview AI and its facial recognition software by The Hamburg Commissioner for Data Protection and Freedom of Information (Hmb BfDI), the institution announced.
|
|
|
|
-
“Speaking as a user, WTF?” another employee said, in additional documentation obtained by the Arizona Mirror. “More specifically I **thought** I had location tracking turned off on my phone. So our messaging around this is enough to confuse a privacy focused (Google software engineer). That’s not good.” ‘Unredacted suit shows Google’s own engineers confused by privacy settings’, Kate Cox for Ars Technica
-
“BEUC recommends that the European Democracy Action Plan must be backed by a robust framework protecting citizens from business practices involving collection and use of data in ways which currently evade the protection framework afforded by the GDPR. A holistic approach is needed and should comprise, inter alia, strict enforcement of the GDPR, the adoption of a strong ePrivacy regulation and measures to fight disinformation at its source, including a competiton law sector inquiry into the links between the advertising revenue of platforms and the dissemination of disinformation.” BEUC, The European Consumer Organisation, published a response to the European Democracy Action Plan called ‘The manipulated consumer, the vulnerable citizen’ (direct link to PDF).
-
“Whilst proportionality in this case was discussed in the context of Article 8(2) of the Convention, it is still a crucial consideration for those using AFT in the private sector. Most of the lawful bases for processing under the EU General Data Protection Regulation (GDPR) require processing to be “necessary”. This means that the use of AFT must be targeted and proportionate. Those using AFT in the private sector should therefore remember that the proportionality test must be conducted objectively and not solely from the business’ perspective. To assist with this, organisations should document in the DPIA their assessment of alternative measures that have been considered and explain why they were not appropriate.” Lara White and Janine Regan, ‘Key takeaways for the private sector from The Bridges v South Wales police facial recognition case’
—
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Number plates and quiet scrapping of discriminatory data processing are themes this week. Also a device that listens to the tone of your voice and a police force that reckons it can judge your mood by looking at CCTV pictures of you.
😼
The answer to the question “When should you send nude / semi-nude pictures of yourself to a corporation?” is never.
Amazon is creating an entirely new fitness band and health service, called Halo. The Halo Band is a simple gadget with no display, but the Halo app is more interesting. It can use your camera to create a 3D scan of your body and calculate your body fat. It also listens to the tone of your voice.
—
Access that may represent major data breach described as ‘utter disaster’
—
Holiday hero who helped in Co Kerry rescue identified via Covid tracking measures
Hero or not, this is a data breach. Presumably the DPC’s inbox is filling up with complaints about these sorts of things as the number of accidental data controllers in the hospitality sector increases (see below).
Call for more transparency on how such tools are used in public services as 20 councils stop using computer algorithms
—
Julia Angwin / The Markup: ‘Facebook Quietly Ends Racial Ad Profiling’
—
As mentioned over the last few issues of this newsletter, the department of education certainly will not be able to say nobody saw the enormous problems with its plans for generating estimated grades for the Leaving Certificate. But still we have seen no indication that these plans might be scrapped. The opportunity to scrap them quietly has now passed.
The HSE is unable to confirm how many people who have the app on their phones are using it correctly, that is, with bluetooth and GPS enabled.
—
Israel’s cellphone surveillance for coronavirus contact-tracing may have overcome challenges by privacy watchdogs, but the state tracking policy is hard put to deal with low-tech evasion methods seemingly lifted from TV cop shows.
—
A major flaw in the security system of a German software company has left vast amounts of private information vulnerable to hackers. Data collected for coronavirus contact tracking forms has also been affected.
This does not work, is a waste of money and will no doubt lead to erroneous conclusions being drawn about individuals.
Lincolnshire police plan to test facial recognition and behavioral tech that infers people’s moods and expressions by analyzing CCTV footage.
DataGuidance.com: ‘CNIL prohibits automating ticketing through use of ANPR, issuing formal warnings to four municipalities’
—
Daniel Felz and Paul Greaves, Alston & Bird: ‘German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs’
—
Biometric Update: ‘Hamburg data protection commissioner demands answers on biometric dataset from Clearview AI’
-
“Speaking as a user, WTF?” another employee said, in additional documentation obtained by the Arizona Mirror. “More specifically I **thought** I had location tracking turned off on my phone. So our messaging around this is enough to confuse a privacy focused (Google software engineer). That’s not good.” ‘Unredacted suit shows Google’s own engineers confused by privacy settings’, Kate Cox for Ars Technica
-
“BEUC recommends that the European Democracy Action Plan must be backed by a robust framework protecting citizens from business practices involving collection and use of data in ways which currently evade the protection framework afforded by the GDPR. A holistic approach is needed and should comprise, inter alia, strict enforcement of the GDPR, the adoption of a strong ePrivacy regulation and measures to fight disinformation at its source, including a competiton law sector inquiry into the links between the advertising revenue of platforms and the dissemination of disinformation.” BEUC, The European Consumer Organisation, published a response to the European Democracy Action Plan called ‘The manipulated consumer, the vulnerable citizen’ (direct link to PDF).
-
“Whilst proportionality in this case was discussed in the context of Article 8(2) of the Convention, it is still a crucial consideration for those using AFT in the private sector. Most of the lawful bases for processing under the EU General Data Protection Regulation (GDPR) require processing to be “necessary”. This means that the use of AFT must be targeted and proportionate. Those using AFT in the private sector should therefore remember that the proportionality test must be conducted objectively and not solely from the business’ perspective. To assist with this, organisations should document in the DPIA their assessment of alternative measures that have been considered and explain why they were not appropriate.” Lara White and Janine Regan, ‘Key takeaways for the private sector from The Bridges v South Wales police facial recognition case’
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.