July 18, 2021
"the glacial game of GDPR enforcement" | The Cat Herder, Volume 4, Issue 27
| |
| July 18 · Issue #140 · View online |
|
|
An urgency procedure is deemed not urgent but “a matter of priority” nonetheless, the BBC deploys illegitimate interests, most people don’t like Facebook tracking them. 😼
|
|
|
|
|
|
|
|
BBC now facilitating cookie/fingerprint profiling of users on the basis of legitimate interest, in breach of consent reqs under PECR when there is storage or access of information on a web browser. UK users should write to the BBC and then complain to the ICO. https://t.co/UO0gFSRj9m
|
|
|
|
|
|
Dumb and intrusive and a really weird attempt to crowbar engagement and ranking metrics borrowed from online advertising and the attention economy into the display of art, this deserves a whole new category of prize.
|
|
|
|
Using cameras to monitor people looking at artwork, researchers hope that the data can help define "attraction value" for specific works of art, leading to changes in museum and gallery layout and exhibit scheduling https://t.co/LSzbYG1SfW https://t.co/F9aQcMuCfx
|
|
|
|
|
|
The culture within an organisation is set at the top. So this isn’t really all that surprising.
|
|
|
|
In just a short timespan, Facebook fired over 50 employees for abusing their data access. The vast majority of fired engineers were men looking up the personal data of women they were interested in https://t.co/Q0h4TPFBHh https://t.co/ugttWXpdMz
|
|
|
|
|
|
Officials from the DPC appeared before the Oireachtas Joint Committee on Children, Disability, Equality, Integration and Youth during the latest session of pre-legislative scrutiny of the general scheme of the Birth Information and Tracing Bill and said some vague and unsatisfactory things about both the draft Bill and the Department of Children’s current behaviour in handling Subject Access Requests.
|
In a strange attempt at impartiality the DPC appears to have simply accepted that denying people access to their own birth certificate, which in Ireland is a public document, is a policy position worthy of consideration and continued along that line of thought in its submission.
|
No transcript of the session is available yet but it was covered by The Journal, a video recording is available here and the DPC’s written submission is available here. |
|
|
More than 35 organizations are demanding top US retailers cease using facial recognition to identify shoppers and employees in their stores, which companies have used to deter theft and identify shoplifters. The campaign is aptly named Ban Facial Recognition in Stores, and has identified stores that have committed to not using facial recognition, like Walmart, Home Depot, and Target. It is now pressuring companies currently using the technology, or those who might use it in the future. Some companies that are currently using the technology, according to the website, include Apple, Lowe’s, Albertsons, Macy’s, and Ace Hardware. Apple tells The Verge that it does not use facial recognition in its stores.
|
Retail stores are packed with unchecked facial recognition, civil rights organizations say
|
|
|
A Facebook spokesman declined to share what percentage of its users have accepted the company’s tracking prompt, but roughly 75% of the world’s iPhone users have downloaded the newest operating system, according to Branch. Seufert estimated that in the first full quarter users see the prompt, the iOS changes could cut Facebook’s revenue by 7% if roughly 20% of users agree to be tracked. If just 10% of users grant Facebook tracking permission, revenue could be down as much as 13.6%, according to his models. The first full quarter with the prompt is the third quarter.
|
Facebook (FB) Advertisers Impacted By Apple (AAPL) Privacy iOS 14 Changes - Bloomberg
People give iOS apps permission to track their behavior just 25% of the time
|
|
|
In what came as a surprise to many the ICO suddenly hurled itself - possibly unwisely - into a political scandal.
|
Homes raided in inquiry into Matt Hancock CCTV leak - BBC News
Investigators want to know who obtained images of the ex-minister kissing an aide in his office.
|
|
|
The EDPB gave the DPC an elbow in the ribs and asked it to investigate the WhatsApp Terms of Service and Privacy Policy change “as a matter of priority”.
|
The EDPB adopted its first urgent binding decision pursuant to Art. 66(2) GDPR following a request from the Hamburg supervisory authority (DE-HH SA), after the SA had adopted provisional measures towards Facebook Ireland Ltd (Facebook IE) on the basis of Art. 66 (1) GDPR. The DE-HH SA ordered a ban on processing WhatsApp user data by Facebook IE for their own purposes following a change in the Terms of Service and Privacy Policy applicable to European users of WhatsApp Ireland Ltd.
The EDPB decided that the conditions to demonstrate the existence of an infringement and an urgency are not met. Therefore, the EDPB decided that no final measures need to be adopted by the IE SA against Facebook IE in this case.
|
… the EDPB requests the IE SA to carry out, as a matter of priority, a statutory investigation to determine whether such processing activities are taking place or not, and if it is the case, whether they have a proper legal basis under Article 5(1)(a) and Article 6(1) GDPR.
|
EDPB adopts urgent binding decision: Irish SA not to take final measures but to carry out statutory investigation | European Data Protection Board
|
|
|
|
|
|
|
|
|
-
“Contrary to its European counterpart, the US Government is happy to regularly announce alleged “progress” in negotiations for a new deal. However, there seems to be little to no appetite to change the root of the problem: overreaching US surveillance laws. Unless the US industry heavily lobbies Washington to improve protections for foreign customers, it is unlikely that US surveillance laws will change. In conversations I had, US industry was rather clear: without the threat of serious enforcement in the EU or a mass exodus of EU customers, the US industry will not spend its political capital in Washington on fighting for privacy protections for foreigners.“ From Max Schrems‘ statement on the anniversary of the 'Schrems II’ judgment.
-
"Despite major concerns being raised about the policy update — within Europe and globally — Facebook’s lead EU data supervisor did not open a formal investigation and has not raised any public objections to the update. Back in January when we asked about concerns over the update, the DPC told TechCrunch it had obtained a “confirmation” from Facebook-owned WhatsApp that there was no change to data-sharing practices that would affect EU users — reiterating Facebook’s line that the update didn’t change anything, ergo “nothing to see here”.” Natasha Lomas unpicks the tortuous route to the EDPB’s urgent-binding-decision-which-isn’t-actually-urgent mentioned above.
-
“Most of the technology we use is built around English as the default language, even if the coding that provides the basis for final platforms and applications is in specific computer languages. In many countries, even the rules that we develop to rein in the worst online behavior are often conceived in English. So Kenya has a data protection law, but Kiswahili, one of its official languages, has no standardized term for “data protection.”” From ‘What Will Be the Language of Our Digital Future?’ by Nanjala Nyabola for The Nation.
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
An urgency procedure is deemed not urgent but “a matter of priority” nonetheless, the BBC deploys illegitimate interests, most people don’t like Facebook tracking them.
😼
Et tu, BBC?
—
Dumb and intrusive and a really weird attempt to crowbar engagement and ranking metrics borrowed from online advertising and the attention economy into the display of art, this deserves a whole new category of prize.
—
The culture within an organisation is set at the top. So this isn’t really all that surprising.
https://twitter.com/josephfcox/status/1414990090703568896
Officials from the DPC appeared before the Oireachtas Joint Committee on Children, Disability, Equality, Integration and Youth during the latest session of pre-legislative scrutiny of the general scheme of the Birth Information and Tracing Bill and said some vague and unsatisfactory things about both the draft Bill and the Department of Children’s current behaviour in handling Subject Access Requests.
In a strange attempt at impartiality the DPC appears to have simply accepted that denying people access to their own birth certificate, which in Ireland is a public document, is a policy position worthy of consideration and continued along that line of thought in its submission.
No transcript of the session is available yet but it was covered by The Journal, a video recording is available here and the DPC’s written submission is available here.
People give iOS apps permission to track their behavior just 25% of the time
—
In what came as a surprise to many the ICO suddenly hurled itself - possibly unwisely - into a political scandal.
Investigators want to know who obtained images of the ex-minister kissing an aide in his office.
The EDPB gave the DPC an elbow in the ribs and asked it to investigate the WhatsApp Terms of Service and Privacy Policy change “as a matter of priority”.
—
The EDPB adopted final versions of Guidelines on the concepts of Controller and Processor, complete with handy flowchart at the end of the document (Press release | Guidelines [direct link to PDF]) and Guidelines on Virtual Voice Assistants [direct link to PDF]
Draft Guidelines on the use of Codes of Conduct as a tool for transfers were published and are open for comment until October 1st.
-
“Contrary to its European counterpart, the US Government is happy to regularly announce alleged “progress” in negotiations for a new deal. However, there seems to be little to no appetite to change the root of the problem: overreaching US surveillance laws. Unless the US industry heavily lobbies Washington to improve protections for foreign customers, it is unlikely that US surveillance laws will change. In conversations I had, US industry was rather clear: without the threat of serious enforcement in the EU or a mass exodus of EU customers, the US industry will not spend its political capital in Washington on fighting for privacy protections for foreigners.“ From Max Schrems‘ statement on the anniversary of the 'Schrems II’ judgment.
-
"Despite major concerns being raised about the policy update — within Europe and globally — Facebook’s lead EU data supervisor did not open a formal investigation and has not raised any public objections to the update. Back in January when we asked about concerns over the update, the DPC told TechCrunch it had obtained a “confirmation” from Facebook-owned WhatsApp that there was no change to data-sharing practices that would affect EU users — reiterating Facebook’s line that the update didn’t change anything, ergo “nothing to see here”.” Natasha Lomas unpicks the tortuous route to the EDPB’s urgent-binding-decision-which-isn’t-actually-urgent mentioned above.
-
“Most of the technology we use is built around English as the default language, even if the coding that provides the basis for final platforms and applications is in specific computer languages. In many countries, even the rules that we develop to rein in the worst online behavior are often conceived in English. So Kenya has a data protection law, but Kiswahili, one of its official languages, has no standardized term for “data protection.”” From ‘What Will Be the Language of Our Digital Future?’ by Nanjala Nyabola for The Nation.
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
