The Cat Herder

Amid the usual collection of 'what on earth were they thinking?' we are glad to bring you a ray of li   January 19 · Issue #66 · View online Amid the usual collection of ‘what on earth were they thinking?’ we are glad to bring you a ray of light. The report published and complaints filed by the Forbrukerradet in Norway show that the mechanisms for civil society advocacy provided in the GDPR are working well, and may prove the most prompt way in which some of the most alarming, egregious and concealed excesses of data controllers can be curbed. 😼 Here we have a spokesperson for a French supermarket chain being questioned about why said supermarket is collecting fingerprints. Fingerprints. The response is some spectacular waffle about banks. You’re not a bank, you’re a supermarket. And banks don’t collect their customers’ fingerprints. Yet. Belgian Data Protection Authority warns supermarket chain Carrefour about biometric data collection | Biometric Update www.biometricupdate.com – Share The Belgian Data Protection Authority is accusing the French supermarket chain of illegally collecting customer fingerprints. It could, it really could. Equally alarming and happening now on a vast scale: a man has created “a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.” The Secretive Company That Might End Privacy as We Know It - The New York Times www.nytimes.com – Share A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says. This dramatic report from Kashmir Hill in The New York Times comes in the same week that it was reported the EU is considering a suspension of all facial recognition in public places until adequate safeguards can be guaranteed the folks in charge over at the National Children’s Hospital in Ireland let us know they have (a) imagined a future in which routine baby-snatching will occur and (b) planned accordingly by purchasing very spendy facial recognition kit from a company with a dubious record when it comes to human rights violations. There has been no mention as yet of where or how they will be acquiring the requisite database of known baby-snatchers in order for this system to work as described. As cars become like two-tonne rolling smartphones – always online, anticipating your needs, listening to your voice, tracking your movements and loaded with apps that have access to your credit card information – what your car knows about you and who has access to that data for what purpose could become an increasingly contentious issue. “People should be aware that any connected devices – appliances, vehicles – come with massive collection of data, much of which will be personal data,” Scassa advises. “Now, this data also has an enormous commercial value, not just directly in relation to the services being provided, but in all kinds of other applications.” What kind of data is my new car collecting about me? Nearly everything it can, apparently - The Globe and Mail www.theglobeandmail.com – Share New cars have more radar sensors and cameras than a typical smartphone, and more connections to send that data elsewhere Duncan Minty @duncanminty @tnhh And there's more..... some insurers have been taking the data from how you drive your car, using it to assess how stressed a person you might be, and then using it to re-underwrite your life and health insurance. 5:00 PM - 15 Jan 2020 In a speech in Croatia on Thursday the European Data Protection Supervisor Wojciech Wiewiórowski appeared to deliver a prod to the ICO and the trajectory of its long-running investigation into adtech by saying “the UK data protection authority has said, in effect, that the online advertising ecosystem involves systematic violations of the GDPR”. Unfortunately this was followed on Friday by an announcement from the ICO that it would continue using an engaged approach to yet again not do anything much just yet. Complainants Jim Killock, Johnny Ryan and Michael Veale issued a joint statement in reaction to this news. Dr Michael Veale said: “When an industry is premised and profiting from clear and entrenched illegality that breach individuals’ fundamental rights, engagement is not a suitable remedy. The ICO cannot continue to look back at its past precedents for enforcement action, because it is exactly that timid approach that has led us to where we are now“. For anyone hoping 2020 might see the end of can-kicking from regulators tasked with protecting the fundamental rights of individuals this isn’t a bright start. — The EDPS also published its first newsletter of the year during the week. “In this report, we demonstrate how every time we use our phones, a large number of shadowy entities that are virtually unknown to consumers are receiving personal data about our interests, habits, and behaviour. This week’s must read is the Out Of Control report from the Forbrukerradet, as mentioned up above. "It’s impossible to be alive in this decade and not find something unsettling in the idea of our cities becoming “smart” … In the “internet of things,” we’re promised technology that will allow us to project our will on to our surroundings, changing our lighting or unlocking our doors or adjusting our thermostats from anywhere in the world. But anyone who’s used these technologies for more than a few minutes quickly starts to suspect that they are also a thing, just another thing to be sensed and acted upon from a distance, generally by unaccountable algorithms seeking to corral us into altering our conduct to maximise returns to their manufacturers’ shareholders.” Cory Doctorow makes ‘The case for … cities that aren’t dystopian surveillance states’. In a chapter titled ‘Regulating the Information Society: Data Protection and Ireland’s Internet Industry’ from the forthcoming book The Oxford Handbook of Irish Politics, TJ McIntyre argues “that the state has yet to properly engage with the wider issues presented by its new role as a key jurisdiction for the internet industry, with data protection being just one of the aspects which needs more attention as Irish regulation increasingly has spillover effects into other jurisdictions” —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Amid the usual collection of ‘what on earth were they thinking?’ we are glad to bring you a ray of light. The report published and complaints filed by the Forbrukerradet in Norway show that the mechanisms for civil society advocacy provided in the GDPR are working well, and may prove the most prompt way in which some of the most alarming, egregious and concealed excesses of data controllers can be curbed.

😼

Here we have a spokesperson for a French supermarket chain being questioned about why said supermarket is collecting fingerprints. Fingerprints. The response is some spectacular waffle about banks. You’re not a bank, you’re a supermarket. And banks don’t collect their customers’ fingerprints. Yet.

The Belgian Data Protection Authority is accusing the French supermarket chain of illegally collecting customer fingerprints.

Equally alarming and happening now on a vast scale: a man has created “a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.”

A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.

This dramatic report from Kashmir Hill in The New York Times comes in the same week that

• it was reported the EU is considering a suspension of all facial recognition in public places until adequate safeguards can be guaranteed
• the folks in charge over at the National Children’s Hospital in Ireland let us know they have (a) imagined a future in which routine baby-snatching will occur and (b) planned accordingly by purchasing very spendy facial recognition kit from a company with a dubious record when it comes to human rights violations. There has been no mention as yet of where or how they will be acquiring the requisite database of known baby-snatchers in order for this system to work as described.

New cars have more radar sensors and cameras than a typical smartphone, and more connections to send that data elsewhere

In a speech in Croatia on Thursday the European Data Protection Supervisor Wojciech Wiewiórowski appeared to deliver a prod to the ICO and the trajectory of its long-running investigation into adtech by saying “the UK data protection authority has said, in effect, that the online advertising ecosystem involves systematic violations of the GDPR”.

Unfortunately this was followed on Friday by an announcement from the ICO that it would continue using an engaged approach to yet again not do anything much just yet.

Complainants Jim Killock, Johnny Ryan and Michael Veale issued a joint statement in reaction to this news.

For anyone hoping 2020 might see the end of can-kicking from regulators tasked with protecting the fundamental rights of individuals this isn’t a bright start.

—

The EDPS also published its first newsletter of the year during the week.

• “In this report, we demonstrate how every time we use our phones, a large number of shadowy entities that are virtually unknown to consumers are receiving personal data about our interests, habits, and behaviour. This week’s must read is the Out Of Control report from the Forbrukerradet, as mentioned up above.
• "It’s impossible to be alive in this decade and not find something unsettling in the idea of our cities becoming “smart” … In the “internet of things,” we’re promised technology that will allow us to project our will on to our surroundings, changing our lighting or unlocking our doors or adjusting our thermostats from anywhere in the world. But anyone who’s used these technologies for more than a few minutes quickly starts to suspect that they are also a thing, just another thing to be sensed and acted upon from a distance, generally by unaccountable algorithms seeking to corral us into altering our conduct to maximise returns to their manufacturers’ shareholders.” Cory Doctorow makes ‘The case for … cities that aren’t dystopian surveillance states’.
• In a chapter titled ‘Regulating the Information Society: Data Protection and Ireland’s Internet Industry’ from the forthcoming book The Oxford Handbook of Irish Politics, TJ McIntyre argues “that the state has yet to properly engage with the wider issues presented by its new role as a key jurisdiction for the internet industry, with data protection being just one of the aspects which needs more attention as Irish regulation increasingly has spillover effects into other jurisdictions”

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.