July 10, 2022
"The pattern in Ireland is unsettling" | The Cat Herder, Volume 5, Issue 26
| |
| July 10 · Issue #188 · View online |
|
|
More data retention. Continued lawlessness. A very large data breach. TikTok’s legitimate interests. 😼
|
|
|
Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters
A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history.
|
|
|
|
|
“The EU is really having a rule of law problem here, because governments knowingly ignore the case law because they don’t like it. And the Commission refuses to enforce it”
|
The Irish state’s reckless relationship with data retention is accurately described as follows:
|
The pattern in Ireland is unsettling. Dublin sets up a data retention regime, the court then kills it after years of slow legal proceedings that go up to the European level, only to see the government reboot a similar regime, with some tweaks, that risks violating the same rights and principles that brought down the earlier one.
|
On Thursday Karlin Lillington had a piece in The Irish Times on the same theme:
|
Astonishing as it is, yet again, the Irish authorities seem to believe they can whisk into oblivion the facts they dislike, if they only ignore them hard enough. The department’s ongoing moves around data retention seem a self-destructive attempt to provoke — oh please no — a third case referral to the European court.
|
Ireland’s slapdash approach to data retention legislation sinks to new low – The Irish Times
Emergency legislation has been rushed through with little oversight. European court, here we come (for a third time)
|
|
|
|
|
Mr Justice Hunt, seemingly unaware of how mobile phones work, “said that there is no evidence for the court’s finding that mobile phone data would "possibly reveal a significant amount of the private life of the person concerned,” a view which he said is “not universally held outside the membership of the Court of Justice.”
|
In the United States after Roe v Wade was overturned by the Supreme Court many (extremely belated) attempts are being made by lawmakers to protect personal data and make it more difficult for law enforcement to access it. They appear to hold the same view as the European Court of Justice. |
Sens. Amy Klobuchar (D-MN) and Tammy Baldwin (D-WI) were some of the first lawmakers to urge the FTC to protect reproductive health data in a May letter. They requested that the agency detail any steps it was taking and the resources it may need to counter the risks posed by the Supreme Court’s ruling. Shortly after, Sen. Elizabeth Warren (D-MA) introduced the Health and Location Protection Act in June that would impose a sweeping ban on the sale of sensitive health and location-tracking data.
|
Returning to Ireland it seems an appeal is a certainty in the Cooney case.
|
Cooney’s counsel Giollaíosa Ó Lideadha SC has said his client will appeal the conviction. The grounds of appeal are likely to include arguments the trial judge erred in permitting the admission of CCTV and mobile phone evidence and in how he charged the jury. Counsel strongly objected to the judge describing arguments against the admissibility of CCTV evidence as “spurious”, saying those relied on several authorities of the European and Irish courts.
|
Lawyers caution against reading too much into first ruling on phone evidence after Dwyer victory – The Irish Times
New Bill over phone metadata retention expected to become law next week
|
|
|
TikTok recently announced some changes to the legal basis it will use to process personal data of people in the EU. The European Consumer Organisation BEUC wrote to the EDPB about this.
|
BEUC would like to express serious concerns about TikTok’s change of legal basis to processpersonal data for surveillance advertising. TikTok recently revealed that as of 13 July 2022 the company will start resorting to legitimate interests instead of consent. We consider this new policy to be in potential breach of Articles 5, 6 and 7 of the GDPR and also Article 5 of the ePrivacy Directive. The EDPB has repeatedly stated in its guidelines that legitimate interest would be very difficult to justify for “intrusive profiling and tracking practices for marketing or advertising purposes”. Even if legitimate interest were to be considered as an acceptable legal basis, BEUC has serious doubts TikTok could meet the three criteria outlined under CJEU case c-40/17 Fashion ID.
|
|
|
|
|
|
|
The DPC “on Thursday informed its counterparts in Europe that it will block Facebook-owner Meta from sending user data from Europe to the U.S. The Irish regulator’s draft decision cracks down on Meta’s last legal resort to transfer large chunks of data to the U.S., after years of fierce court battles between the U.S. tech giant and European privacy activists”, according to Politico. The DPC hasn’t said anything about the content of the draft decision and Facebook thinks it’ll all be fixed by the provisional child of Privacy Shield: “This draft decision, which is subject to review by European Data Protection Authorities, relates to a conflict of EU and U.S. law which is in the process of being resolved,” a Meta spokesperson said on Thursday. |
|
|
The DPC also formally reprimanded Twitter for breaches of articles 5(1)©, 6(1), 12(3) and 17(1) of the GDPR. Note to data controllers: if you don’t have a lawful basis to ask people for copies of their photo ID before you’ll agree to handle a subject access request, you will get in trouble. |
|
|
|
|
|
|
|
|
|
|
-
“This is important for your legal certainty. It is important that the government is predictable, reliable and can be scrutinized. So that you know where you stand. The basis for this is that the government abides by the law. It’s also important for democracy and the rule of law. We must be able to hold the government to account, question it and dismiss it. When the government is much more powerful than its citizens, for example because it has a lot of information about its citizens, this becomes more difficult. Therefore we set limits on how much information the government can collect about its citizens and how it can use that information.” From ‘Good news: Dutch secret services destroy unlawfully stored information on millions of innocent citizens’ by Evelyn Austin for the EDRi.
-
“The devices we hold in our hands are generally designed to extract as much personal information from us as they possibly can,” said Deibert. But a documented history of police abusing surveillance tools in the country meant that the recent admissions of the use of mercenary spyware should be enough to trigger an investigation into whether there is proper oversight to prevent abuse, he added. “Private companies and banks presumably know a lot about your preferences, but only the government can take away your freedom and put you in jail. Only the government can end your life in some jurisdictions,” he said. “That’s why there should be a higher threshold for public accountability and transparency when these tools are used by state agencies.” From ‘Asleep at the wheel’: Canada police’s spyware admission raises alarm’ by Leyland Cecco for The Guardian.
-
“The most basic value that privacy gives us is the space to determine our identities. In other words, it helps us figure out who we are, and what we believe in. This is why teenagers close their bedroom doors and why libraries have fought for the confidentiality of library records. It’s because when we’re watched, we act and behave differently. And we’ve long understood from books like “1984” that privacy is essential to democratic freedom. When the government is watching, we act differently. In addition, as the Cambridge Analytica scandal revealed, human information can be a powerful tool for electoral manipulation. Developments in information technology mean that privacy is going to be even more important to sustainable democratic self-governance in the future than it has been in the past.” Neil Richards in an interview with Julia Angwin, ‘Why Privacy Matters’.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
More data retention. Continued lawlessness. A very large data breach. TikTok’s legitimate interests.
😼
A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history.
On Wednesday Politico ran a feature called ‘Europe’s state of mass surveillance’ as part of its ‘Lawless Europe" series. The piece closed with a quote from Patrick Breyer:
The Irish state’s reckless relationship with data retention is accurately described as follows:
On Thursday Karlin Lillington had a piece in The Irish Times on the same theme:
Emergency legislation has been rushed through with little oversight. European court, here we come (for a third time)
→ archived version
As if to prove a point, on Friday Mr Justice Tony Hunt delivered a ruling “on the controversial use of mobile phone data in the trial of Wayne Cooney, who was convicted on Tuesday of murdering 22-year-old Jordan Davis.”
Mr Justice Hunt, seemingly unaware of how mobile phones work, “said that there is no evidence for the court’s finding that mobile phone data would "possibly reveal a significant amount of the private life of the person concerned,” a view which he said is “not universally held outside the membership of the Court of Justice.”
In the United States after Roe v Wade was overturned by the Supreme Court many (extremely belated) attempts are being made by lawmakers to protect personal data and make it more difficult for law enforcement to access it. They appear to hold the same view as the European Court of Justice.
Returning to Ireland it seems an appeal is a certainty in the Cooney case.
New Bill over phone metadata retention expected to become law next week
TikTok recently announced some changes to the legal basis it will use to process personal data of people in the EU. The European Consumer Organisation BEUC wrote to the EDPB about this.
BEUC letter to Dr. Andrea Jelinek, EDPB Chair [direct link to PDF]
Definitely one to watch.
The DPC “on Thursday informed its counterparts in Europe that it will block Facebook-owner Meta from sending user data from Europe to the U.S. The Irish regulator’s draft decision cracks down on Meta’s last legal resort to transfer large chunks of data to the U.S., after years of fierce court battles between the U.S. tech giant and European privacy activists”, according to Politico. The DPC hasn’t said anything about the content of the draft decision and Facebook thinks it’ll all be fixed by the provisional child of Privacy Shield: “This draft decision, which is subject to review by European Data Protection Authorities, relates to a conflict of EU and U.S. law which is in the process of being resolved,” a Meta spokesperson said on Thursday.
—
The DPC also formally reprimanded Twitter for breaches of articles 5(1)©, 6(1), 12(3) and 17(1) of the GDPR. Note to data controllers: if you don’t have a lawful basis to ask people for copies of their photo ID before you’ll agree to handle a subject access request, you will get in trouble.
—
The CNIL fined Total Energies Électricité et Gaz France €1 million for failing to comply with articles 12, 14, 15 and 21 of the GDPR and the French Postal and Electronic Communications Code.
—
In a decision that may be of interest to the HSE the Norwegian DPA fined the municipality of Østre Toten 4 million Norwegian Kroner (~€400,000) for flawed information security which permitted a cyberattack in which 30,000 documents which documents “contained in part highly sensitive information about the municipality’s residents and employees” were affected.
-
“This is important for your legal certainty. It is important that the government is predictable, reliable and can be scrutinized. So that you know where you stand. The basis for this is that the government abides by the law. It’s also important for democracy and the rule of law. We must be able to hold the government to account, question it and dismiss it. When the government is much more powerful than its citizens, for example because it has a lot of information about its citizens, this becomes more difficult. Therefore we set limits on how much information the government can collect about its citizens and how it can use that information.” From ‘Good news: Dutch secret services destroy unlawfully stored information on millions of innocent citizens’ by Evelyn Austin for the EDRi.
-
“The devices we hold in our hands are generally designed to extract as much personal information from us as they possibly can,” said Deibert. But a documented history of police abusing surveillance tools in the country meant that the recent admissions of the use of mercenary spyware should be enough to trigger an investigation into whether there is proper oversight to prevent abuse, he added. “Private companies and banks presumably know a lot about your preferences, but only the government can take away your freedom and put you in jail. Only the government can end your life in some jurisdictions,” he said. “That’s why there should be a higher threshold for public accountability and transparency when these tools are used by state agencies.” From ‘Asleep at the wheel’: Canada police’s spyware admission raises alarm’ by Leyland Cecco for The Guardian.
-
“The most basic value that privacy gives us is the space to determine our identities. In other words, it helps us figure out who we are, and what we believe in. This is why teenagers close their bedroom doors and why libraries have fought for the confidentiality of library records. It’s because when we’re watched, we act and behave differently. And we’ve long understood from books like “1984” that privacy is essential to democratic freedom. When the government is watching, we act differently. In addition, as the Cambridge Analytica scandal revealed, human information can be a powerful tool for electoral manipulation. Developments in information technology mean that privacy is going to be even more important to sustainable democratic self-governance in the future than it has been in the past.” Neil Richards in an interview with Julia Angwin, ‘Why Privacy Matters’.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
