Weinstein or Dutch supermarket chain? | The Cat Herder, Volume 2, Issue 46

Algorithmically-sized uniforms is a new one. The Department of Foreign Affairs appears to be under th   December 1 · Issue #62 · View online Algorithmically-sized uniforms is a new one. The Department of Foreign Affairs appears to be under the impression that the best way to safeguard the rights and freedoms of individuals is to hand over their personal data to third parties without asking any questions. Don’t know, can’t tell. 😼 linnet taylor @linnetelwin in today's "Weinstein or Dutch supermarket chain" quiz: is it ok to demand all employees send a photo of themselves in underwear, to algorithmically size new uniforms, as long as you force everyone to officially consent first? correct, the answer is NO. #wtf #albertheijn ? https://t.co/CHyetVtxk5 8:37 AM - 26 Nov 2019 Fortunately this extremely bad idea didn’t last long once it had been publicised. Albert Heijn, the largest chain of supermarkets in the Netherlands, reportedly asked the staff at a single location to test a new app that would determine the size of an employee’s uniform after analysing a photo of the employee in their underwear or in “close-fitting sportswear.” ‘Dutch supermarket abandons app that asked for employee underwear photos for uniform’ — Once attackers have paired their smartphone to a child’s smartwatch, they can use the app’s features to track the kid via a map, or even place calls and start voice chats with children. Even worse, the attacker can change the mobile account’s password and lock the parent out from the app while they give a child wrong instructions. ‘Cheap kids smartwatch exposes the location of 5,000+ children’ TD 'can’t figure out' why Passport Office would give customer data to some State bodies www.irishexaminer.com – Share International law enforcement agencies and the Department of Social Protection are among eight bodies to whom the Passport Office routinely divulges information from its dataset, it has emerged. The Minister for Foreign Affairs responded to a subsequent parliamentary question on the same issue later in the week. It is not possible to provide the precise reason for these requests. This is due to the requirement that suitable and specific measures are taken to safeguard the fundamental rights and freedoms of data subjects, my Department is not privy as to why the information is being sought by the public authority. This is a remarkable response which uses the language of the rights, principles and risk-based GDPR in order to say that the rights of data subjects are not being respected or even considered. If the Department of Foreign Affairs, acting as the data controller for the personal data in question, does not know why information is being requested by other public bodies then it is not possible for the department to take “suitable and specific measures to safeguard the fundamental rights and freedoms of data subjects”. End of. They probably did. Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much | The Register www.theregister.co.uk – Share If an entire industry is predicated on finding ever more baroque ways of tracking individuals and increasingly elaborate ways of disguising this tracking from people then perhaps it’s time for a rethink of how that industry functions? Just a thought. (Very much) Related: This is the first study that analyses what happens behind the scenes of cookie banners when a user gives consent to tracking. We systematically collect consent stored by cookie banners and measure GDPR and ePrivacy Directive violations on hundreds of websites. As a result, we identified violations on 54% of websites we analysed. ‘Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework’ Célestin Matte, Nataliia Bielova, Cristiana Santos Amazon does not offer the ability to recognize faces in footage on its Ring doorbell cameras. But just one month after police in Chandler, Arizona, received 25 surveillance cameras for free from the company, the department’s then–assistant chief discussed using its own facial recognition technology on Ring footage at a meeting of the International Association of Chiefs of Police, according to his slideshow obtained in a public records request. ‘Ring Doesn’t Have Facial Recognition — Some Police Want To Add Their Own’ Once the surveillance infrastructure of cameras everywhere is in place it is relatively straightforward to supercharge these cameras into a wide facial recognition-enabled network. Europe’s lead data regulator has issued its first ever sanction of an EU institution — taking enforcement action against the European parliament over its use of US-based digital campaign company, NationBuilder, to process citizens’ voter data ahead of the spring elections. ‘European parliament’s NationBuilder contract under investigation by data regulator’ — The CNIL fined a data controller €500,000 for breaches of Articles 5.1, 12, 14, 21, 31 and 44 of the GDPR. “the reality is, outside of the technology industry, there is broad consensus on what is good for people: the UN Convention on Human Rights and the Sustainable Development Goals together set pretty compelling goals for humanity.” Rachel Coldicutt‘s final talk as CEO of Doteveryone, titled 'Better than ethics’. “In a 2018 memo from one such meeting, a Department of Health official wrote: “It is fair to say that [Genomics Medicine Ireland] were not overly concerned with the policy or legal context but with how the regulations impacted on what they are doing.”” Karlin Lillington‘s column this week was about the extremely unusual setup of Ireland’s national genome project. “The global surveillance industry … appears to be out of control, unaccountable and unconstrained in providing governments with relatively low-cost access to the sorts of spying tools that only the most advanced state intelligence services previously were able to use.” David Kaye, UN Special Rapporteur on Freedom of Expression in The Guardian. “people whose images are captured and processed might not know this is happening – and so cannot challenge possible misuses. The paper outlines and analyses these and other fundamental rights challenges that are triggered when public authorities deploy live FRT for law enforcement purposes. It also briefly presents steps to take to help avoid rights violations.” The European Union’s Agency for Fundamental Rights published a new paper, 'Facial recognition technology: fundamental rights considerations in the context of law enforcement’. The annual report from New Zealand’s Privacy Commissioner - roughly analagous to a European data protection supervisory authority - is very well-written and presented and provides transparent figures of real use to data subjects e.g. a breakdown of the number of complaints per government agency. Something similar in this part of the world would be nice to see. [direct link to PDF] —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Algorithmically-sized uniforms is a new one. The Department of Foreign Affairs appears to be under the impression that the best way to safeguard the rights and freedoms of individuals is to hand over their personal data to third parties without asking any questions. Don’t know, can’t tell.

😼

Fortunately this extremely bad idea didn’t last long once it had been publicised.

‘Dutch supermarket abandons app that asked for employee underwear photos for uniform’

—

‘Cheap kids smartwatch exposes the location of 5,000+ children’

International law enforcement agencies and the Department of Social Protection are among eight bodies to whom the Passport Office routinely divulges information from its dataset, it has emerged.

The Minister for Foreign Affairs responded to a subsequent parliamentary question on the same issue later in the week.

This is a remarkable response which uses the language of the rights, principles and risk-based GDPR in order to say that the rights of data subjects are not being respected or even considered.

If the Department of Foreign Affairs, acting as the data controller for the personal data in question, does not know why information is being requested by other public bodies then it is not possible for the department to take “suitable and specific measures to safeguard the fundamental rights and freedoms of data subjects”. End of.

If an entire industry is predicated on finding ever more baroque ways of tracking individuals and increasingly elaborate ways of disguising this tracking from people then perhaps it’s time for a rethink of how that industry functions? Just a thought.

(Very much) Related:

‘Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework’ Célestin Matte, Nataliia Bielova, Cristiana Santos

‘Ring Doesn’t Have Facial Recognition — Some Police Want To Add Their Own’

Once the surveillance infrastructure of cameras everywhere is in place it is relatively straightforward to supercharge these cameras into a wide facial recognition-enabled network.

‘European parliament’s NationBuilder contract under investigation by data regulator’

—

The CNIL fined a data controller €500,000 for breaches of Articles 5.1, 12, 14, 21, 31 and 44 of the GDPR.

• “the reality is, outside of the technology industry, there is broad consensus on what is good for people: the UN Convention on Human Rights and the Sustainable Development Goals together set pretty compelling goals for humanity.” Rachel Coldicutt‘s final talk as CEO of Doteveryone, titled 'Better than ethics’.
• “In a 2018 memo from one such meeting, a Department of Health official wrote: “It is fair to say that [Genomics Medicine Ireland] were not overly concerned with the policy or legal context but with how the regulations impacted on what they are doing.”” Karlin Lillington‘s column this week was about the extremely unusual setup of Ireland’s national genome project.
• “The global surveillance industry … appears to be out of control, unaccountable and unconstrained in providing governments with relatively low-cost access to the sorts of spying tools that only the most advanced state intelligence services previously were able to use.” David Kaye, UN Special Rapporteur on Freedom of Expression in The Guardian.
• “people whose images are captured and processed might not know this is happening – and so cannot challenge possible misuses. The paper outlines and analyses these and other fundamental rights challenges that are triggered when public authorities deploy live FRT for law enforcement purposes. It also briefly presents steps to take to help avoid rights violations.” The European Union’s Agency for Fundamental Rights published a new paper, 'Facial recognition technology: fundamental rights considerations in the context of law enforcement’.
• The annual report from New Zealand’s Privacy Commissioner - roughly analagous to a European data protection supervisory authority - is very well-written and presented and provides transparent figures of real use to data subjects e.g. a breakdown of the number of complaints per government agency. Something similar in this part of the world would be nice to see. [direct link to PDF]

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.