The Ultimate Goal | The Cat Herder, Volume 4, Issue 46

Adtech action. Well, kind of. A public consultation on the sharing of health data. A hearing date is   November 28 · Issue #159 · View online Adtech action. Well, kind of. A public consultation on the sharing of health data. A hearing date is set for the Department of Social Protection’s appeal and the tension mounts - will the department find a way to delay proceedings once again? 😼 Tusla, the Child and Family Agency and still to the best of my knowledge the body which has been sanctioned most often by the DPC since the introduction of the GDPR, remains diligent in its misinterpretations and misapplications of data protection law. Claire McGettrick (born Lorraine Hughes) @cmcgettrick This is what the SI in question says in relation to the release of data. Needless to say I will be asking precisely what harm Tusla believes may be caused to me if I am given my personal data. Why does Tusla believe that I need to be managed in this way? https://t.co/MnuwRUSQxS 7:02 PM - 27 Nov 2021 WhatsApp is making changes while appealing everything it possibly can in every forum available to it. OK then. WhatsApp changes privacy policy after €225m watchdog fine - Independent.ie www.independent.ie – Share WhatsApp is changing the privacy policy of its messaging service for users across Europe after being fined €225m by the Data Protection Commissioner (DPC) in August. It might now the Germans have committed to it. Melissa Heikkilä @Melissahei BREAKING: The new German government backs a full ban on the use of biometric identification technologies such as facial recognition in public places. https://t.co/t5S4exO87z 4:52 PM - 24 Nov 2021 The Health Information and Quality Authority is running a public consultation on its ‘Draft recommendations on a consent model for the collection, use and sharing of health information in Ireland’, announced with little fanfare earlier in the week. Submissions to the consultation can be made until January 10th, spanning the Christmas period. The “ultimate goal” isn’t revealed until page 25 of the recommendations document (emphasis added). The position paper clearly identified that the lack of legislation is hindering overall coordination between the key health information entities and organisations involved in using health information, and in particular the collection, use and sharing of information across the public and private sector. This is vital to promote high-quality and safe health and social care services, but also to realise the huge potential and benefit to using health information beyond direct care. The ultimate goal is to collect health information once and reuse it many times for different purposes. This seems at first, second, and third readings to be a little broad and sweeping. If you want to have your say on this, the press release with a link to the consultation - which can be filled out as an online form or downloaded as a PDF is here. The draft recommendations document is here [PDF] and the evidence synthesis document is here [PDF]. — The DPC embarked on a two-year investigation of the card in October 2017 after expressing itself dissatisfied with assurances from the department that the card was fully in accordance with data protection legislation. That investigation, when finalised in August 2019, concluded that the card is illegal when made compulsory for accessing non-welfare services, and that the department must destroy records it unlawfully held on3.2m cardholders in the State. The next hearing in the State’s case against the DPC concerning that ruling is scheduled for December 7. Public services card cost soars to €98m www.irishexaminer.com – Share Public services card cost soars to €98m Coincidentally this date is almost two years to the day since the DPC served the then Department of Employment Affairs and Social Protection with an enforcement notice in this matter. Which came more than two years after the formal investigation commenced. Which came after several years of the DPC making inquiries about the system. The DPC and Max Schrems continued their public battles over what documents Schrems can and cannot publish. If you’re interested in that sort of drama there’s plenty of coverage. The Register: ‘Max Schrems files corruption complaint against Irish DPA’ The Irish Times: ‘Publication of documents risk undermining fairness of Facebook investigation – DPC’ The Business Post (€): ‘DPC says Schrems must clarify plans for Facebook complaint documents as matter of ‘urgency’’ — The DPC announced during the week that it has “successfully completed the most recent stage in its Data Protection Officer (DPO) enforcement programme, aimed at improving compliance with Article 37 of the GDPR.” — An updated guidance note on the use of domestic CCTV was also issued by the DPC during the week. Katherine O'Keefe of Castlebridge talked through the guidance with Newstalk on Wednesday. — The Autorité de protection des données AKA the Belgian DPA sent its draft decision in the case against IAB Europe to its counterparts as part of the Article 60 cooperation process. 27 other supervisory authorities have expressed an interest and have four weeks to provide feedback on the draft decision. — Coincidentally the ICO published an opinion by the outgoing commissioner titled ‘ICO calls on Google and other companies to eliminate existing privacy risks posed by adtech industry’. The whole thing is here [PDF] if you want to read it in full. — The European Data Protection Board (EDPB), an expert steering body which advises EU lawmakers on how to interpret rules wrapping citizen’s personal data, has warned the bloc’s legislators that a package of incoming digital regulations risks damaging people’s fundamental rights — without “decisive action” to amend the suite of proposals. Techcrunch: ‘Ban tracking ads, says EU’s data protection adviser’ “I struggle the most when those fundamental rights are positioned as expendable, not fundamental. As rights which are no longer relevant - "analogue thinking” in a digital age - rather than recognising them for what they are: fundamental, especially in a digital age. My view is that, if you’ve only got a solution which is inconsistent with fundamental rights, you don’t have a viable solution. You can’t simply treat fundamental rights as a political inconvenience or red tape, to be brushed aside to ensure that your plan can deliver.What makes this a difficult pill for some to swallow is that measures which can do good things - and there’s no denying that some of the proposals put forward could, or should, do good things - might, or will, also do bad things, things which are inconsistent with fundamental rights.“ From ‘Online safety, doing good, and inconvenient "fundamental rights”’ by Neil Brown. “… Denham is merely restating requirements that are derived from standards that already exist in UK law — and wouldn’t need reiterating had her office actually enforced the law against adtech breache®s. But this is the regulatory dance she has preferred. This latest ICO salvo looks more like an attempt by the outgoing commissioner to claim credit for wider industry shifts as she prepares to leave office — such as Google’s slow-mo shift toward phasing out support for third party cookies (aka, it’s ‘Privacy Sandbox’ proposal, which is actually a response to evolving web standards such as competing browsers baking in privacy protections; rising consumer concern about online tracking and data breaches; and a big rise in attention on digital matters from lawmakers) — than it is about actually moving the needle on unlawful tracking. If Denham wanted to do that she could have taken actual enforcement action long ago.” Natasha Lomas has some ideas about the motivation behind the ICO’s opinion mentioned above in ‘UK privacy watchdog warns adtech the end of tracking is nigh’ for Techcrunch. “The achievements of which Edwards is most proud across those seven-and-a-half years are “probably not the ones that race around the world after an idle tweet”, he said. “They’re very often the ones that aren’t noticed at all.” The daily work of interacting with ministers, commenting on cabinet papers and submitting on legislation are where the important work happens. “We see a dumb idea, and if we’re able to get in and say, ‘look, this is uncalled for and it’s a solution that doesn’t fit the problem, it’s disproportionate, it’s going to hurt people’ – If we can do that without any fanfare and without the tweets and without claiming any credit, then that’s something we’ve achieved. We’ve done a lot of that. The stuff that we do crow about is the tip of the iceberg of our influence.” From a profile of John Edwards, the UK’s incoming Information Commissioner, by Toby Manhire for The Spinoff. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Adtech action. Well, kind of. A public consultation on the sharing of health data. A hearing date is set for the Department of Social Protection’s appeal and the tension mounts - will the department find a way to delay proceedings once again?

😼

Tusla, the Child and Family Agency and still to the best of my knowledge the body which has been sanctioned most often by the DPC since the introduction of the GDPR, remains diligent in its misinterpretations and misapplications of data protection law.

WhatsApp is making changes while appealing everything it possibly can in every forum available to it. OK then.

WhatsApp is changing the privacy policy of its messaging service for users across Europe after being fined €225m by the Data Protection Commissioner (DPC) in August.

The Health Information and Quality Authority is running a public consultation on its ‘Draft recommendations on a consent model for the collection, use and sharing of health information in Ireland’, announced with little fanfare earlier in the week. Submissions to the consultation can be made until January 10th, spanning the Christmas period.

The “ultimate goal” isn’t revealed until page 25 of the recommendations document (emphasis added).

This seems at first, second, and third readings to be a little broad and sweeping.

If you want to have your say on this, the press release with a link to the consultation - which can be filled out as an online form or downloaded as a PDF is here. The draft recommendations document is here [PDF] and the evidence synthesis document is here [PDF].

—

Public services card cost soars to €98m

Coincidentally this date is almost two years to the day since the DPC served the then Department of Employment Affairs and Social Protection with an enforcement notice in this matter. Which came more than two years after the formal investigation commenced. Which came after several years of the DPC making inquiries about the system.

The DPC and Max Schrems continued their public battles over what documents Schrems can and cannot publish. If you’re interested in that sort of drama there’s plenty of coverage.

• The Register: ‘Max Schrems files corruption complaint against Irish DPA’
• The Irish Times: ‘Publication of documents risk undermining fairness of Facebook investigation – DPC’
• The Business Post (€): ‘DPC says Schrems must clarify plans for Facebook complaint documents as matter of ‘urgency’’

—

The DPC announced during the week that it has “successfully completed the most recent stage in its Data Protection Officer (DPO) enforcement programme, aimed at improving compliance with Article 37 of the GDPR.”

—

An updated guidance note on the use of domestic CCTV was also issued by the DPC during the week. Katherine O'Keefe of Castlebridge talked through the guidance with Newstalk on Wednesday.

—

The Autorité de protection des données AKA the Belgian DPA sent its draft decision in the case against IAB Europe to its counterparts as part of the Article 60 cooperation process. 27 other supervisory authorities have expressed an interest and have four weeks to provide feedback on the draft decision.

—

Coincidentally the ICO published an opinion by the outgoing commissioner titled ‘ICO calls on Google and other companies to eliminate existing privacy risks posed by adtech industry’. The whole thing is here [PDF] if you want to read it in full.

—

Techcrunch: ‘Ban tracking ads, says EU’s data protection adviser’

• “I struggle the most when those fundamental rights are positioned as expendable, not fundamental. As rights which are no longer relevant - "analogue thinking” in a digital age - rather than recognising them for what they are: fundamental, especially in a digital age. My view is that, if you’ve only got a solution which is inconsistent with fundamental rights, you don’t have a viable solution. You can’t simply treat fundamental rights as a political inconvenience or red tape, to be brushed aside to ensure that your plan can deliver.What makes this a difficult pill for some to swallow is that measures which can do good things - and there’s no denying that some of the proposals put forward could, or should, do good things - might, or will, also do bad things, things which are inconsistent with fundamental rights.“ From ‘Online safety, doing good, and inconvenient "fundamental rights”’ by Neil Brown.
• “… Denham is merely restating requirements that are derived from standards that already exist in UK law — and wouldn’t need reiterating had her office actually enforced the law against adtech breache®s. But this is the regulatory dance she has preferred. This latest ICO salvo looks more like an attempt by the outgoing commissioner to claim credit for wider industry shifts as she prepares to leave office — such as Google’s slow-mo shift toward phasing out support for third party cookies (aka, it’s ‘Privacy Sandbox’ proposal, which is actually a response to evolving web standards such as competing browsers baking in privacy protections; rising consumer concern about online tracking and data breaches; and a big rise in attention on digital matters from lawmakers) — than it is about actually moving the needle on unlawful tracking. If Denham wanted to do that she could have taken actual enforcement action long ago.” Natasha Lomas has some ideas about the motivation behind the ICO’s opinion mentioned above in ‘UK privacy watchdog warns adtech the end of tracking is nigh’ for Techcrunch.
• “The achievements of which Edwards is most proud across those seven-and-a-half years are “probably not the ones that race around the world after an idle tweet”, he said. “They’re very often the ones that aren’t noticed at all.” The daily work of interacting with ministers, commenting on cabinet papers and submitting on legislation are where the important work happens. “We see a dumb idea, and if we’re able to get in and say, ‘look, this is uncalled for and it’s a solution that doesn’t fit the problem, it’s disproportionate, it’s going to hurt people’ – If we can do that without any fanfare and without the tweets and without claiming any credit, then that’s something we’ve achieved. We’ve done a lot of that. The stuff that we do crow about is the tip of the iceberg of our influence.” From a profile of John Edwards, the UK’s incoming Information Commissioner, by Toby Manhire for The Spinoff.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.