"you should not surveil a baby" | The Cat Herder, Volume 2, Issue 27

State authorities creating very large databases containing their citizens' personal data is not a goo   July 21 · Issue #43 · View online State authorities creating very large databases containing their citizens’ personal data is not a good idea and can lead to all too predictable consequences. The more data you store and the longer you store it for the more likely it is to leak. Also, just like learning a language, the sooner you start surveilling children the quicker they’ll become comfortable with it. 😼 nilay patel @reckless I promise you none of this is necessary and you should not surveil a baby https://t.co/rdgkR5vJPz 3:25 PM - 18 Jul 2019 The story Nilay is referring to in this tweet is Pampers announcing their Lumi smart nappy range. “A video monitor is included with the system and integrated into the app.” While you can choose not to surveil a baby, you can’t choose to still your beating heart. Which is unfortunate if you don’t want to be surveilled since apparently the Pentagon can now identify you at a distance of two hundred meters using your heartbeat. In Bulgaria: A 20-year-old Bulgarian cybersecurity worker has been arrested and charged with hacking the personal and financial records of millions of taxpayers, officials said on Wednesday, as police continue to investigate the country’s biggest-ever data breach. 'Wizard' cybersecurity expert charged with record hack of Bulgarian tax agency - Reuters www.reuters.com – Share When reporting on the data breach a TV station accidentally included a download link to the half of the personal data which had been disclosed to the media. Catalin Cimpanu @campuscodi Per 4chan, Bulgaria's NRA DB leaked after a local Bulgarian television accidentally included the download link in a TV report. https://t.co/TsBqhRwTUk 9:12 PM - 18 Jul 2019 The password to this was duly cracked and the personal data is now reportedly being shared on hacking forums. At the same time, in India: India has proposed creating a national database for medical records linked to its controversial Aadhar biometric identity scheme to unify and digitise its fragmented public health system, in a move that has alarmed privacy activists. ‘India plan to merge ID with health records raises privacy worries’, Financial Times (€) Meanwhile in Ireland the Irish Council for Civil Liberties published the results of a survey of the 164(!) public bodies authorised to use the Public Services Card. Of the 42 bodies which responded, 91 per cent said their office did not specifically benefit from the PSC, 73 per cent said they had no further intention of implementing it, and nine per cent said they would seek to limit any further roll-out of the card. That only around a quarter of the bodies responded is alarming in itself. Transparency is a principle of data protection and many, many arms of the Irish state continue to struggle with this. If you want to do something with people’s personal data you have to tell ‘em what you’re doing with it and why. More: ‘Government agencies using PSC not convinced it’s useful’, ICCL press release ‘Public service card may be illegal, fears ICCL’, Irish Examiner ‘ICCL says government agencies using PSC are not convinced it’s useful’, Executive director of the ICCL Liam Herrick interviewed on Morning Ireland 🐦 A Twitter thread from yours truly on the interview above. The Information Commissioner’s Office in the UK  fined a London estate agency £80,000 for leaving 18,610 customers’ personal data exposed for almost two years. — Coincidentally the Data Protection Commission in Ireland published guidance for landlords and letting agents on proper handling of the personal data they request from prospective tenants. — The Commissioner for Data Protection and Freedom of Information in the German state of Hesse declared that Microsoft’s Windows 10 and Office 365 are not GDPR compliant for use in schools. — The Dutch data protection authority, the Autoriteit Persoonsgegevens, fined a hospital €460,000 for failing to properly secure access to patient records. Original, in Dutch | Translation (Google Translate) The European Data Protection Board’s guidelines on processing of personal data through video devices. These are open for public comment until September. 🐦 Rossa McMahon posted a good thread on Twitter teasing out a few of the issues around these guidelines. “But most importantly, we have the power to unite and transform. The Internet and the future built upon it could be a collective of action-driven critical thinkers. We can change the course of our path. The future is not a given: our actions and decisions will take us where we want to go.” Valentina Pavel has a go at imagining ‘Our Data Future’ for Privacy International. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

State authorities creating very large databases containing their citizens’ personal data is not a good idea and can lead to all too predictable consequences. The more data you store and the longer you store it for the more likely it is to leak. Also, just like learning a language, the sooner you start surveilling children the quicker they’ll become comfortable with it.

😼

The story Nilay is referring to in this tweet is Pampers announcing their Lumi smart nappy range. “A video monitor is included with the system and integrated into the app.”

While you can choose not to surveil a baby, you can’t choose to still your beating heart. Which is unfortunate if you don’t want to be surveilled since apparently the Pentagon can now identify you at a distance of two hundred meters using your heartbeat.

In Bulgaria:

When reporting on the data breach a TV station accidentally included a download link to the half of the personal data which had been disclosed to the media.

The password to this was duly cracked and the personal data is now reportedly being shared on hacking forums.

At the same time, in India:

‘India plan to merge ID with health records raises privacy worries’, Financial Times (€)

Meanwhile in Ireland the Irish Council for Civil Liberties published the results of a survey of the 164(!) public bodies authorised to use the Public Services Card.

That only around a quarter of the bodies responded is alarming in itself. Transparency is a principle of data protection and many, many arms of the Irish state continue to struggle with this. If you want to do something with people’s personal data you have to tell ‘em what you’re doing with it and why.

More:

‘Government agencies using PSC not convinced it’s useful’, ICCL press release

‘Public service card may be illegal, fears ICCL’, Irish Examiner

‘ICCL says government agencies using PSC are not convinced it’s useful’, Executive director of the ICCL Liam Herrick interviewed on Morning Ireland

🐦 A Twitter thread from yours truly on the interview above.

The Information Commissioner’s Office in the UK  fined a London estate agency £80,000 for leaving 18,610 customers’ personal data exposed for almost two years.

—

Coincidentally the Data Protection Commission in Ireland published guidance for landlords and letting agents on proper handling of the personal data they request from prospective tenants.

—

The Commissioner for Data Protection and Freedom of Information in the German state of Hesse declared that Microsoft’s Windows 10 and Office 365 are not GDPR compliant for use in schools.

—

The Dutch data protection authority, the Autoriteit Persoonsgegevens, fined a hospital €460,000 for failing to properly secure access to patient records.

Original, in Dutch | Translation (Google Translate)

• The European Data Protection Board’s guidelines on processing of personal data through video devices. These are open for public comment until September.
• 🐦 Rossa McMahon posted a good thread on Twitter teasing out a few of the issues around these guidelines.
• “But most importantly, we have the power to unite and transform. The Internet and the future built upon it could be a collective of action-driven critical thinkers. We can change the course of our path. The future is not a given: our actions and decisions will take us where we want to go.” Valentina Pavel has a go at imagining ‘Our Data Future’ for Privacy International.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.