A privacy news aggregator brought to you by the team at DP.News - "Informing You Without Watching you."

News Crawler!

• Australia's digital minister avoiding legislating AI ethics and will remain voluntary framework
  July 28, 2021
  Australia's Minister for Superannuation, Financial Services and the Digital Economy Jane Hume has assured the country's AI ethics framework will remain voluntary for the foreseeable future. "AI is simply a technology that's being imposed upon an existing business. The federal government developed the national AI ethics framework in 2019, following the release of a discussion paper by Data61, the digital innovation arm of the Commonwealth Scientific and Industrial Research Organisation (CSIRO). "I think that we would like to see the broader industry, whatever industry that's adopting AI technologies, to sign up to those frameworks, voluntarily, rather than having something that's top down and imposed." "It was great to see that the AI principles sat really neatly with the control and governance frameworks that the bank already had in place.
• New EU Consumer Complaints for WhatsApp Over High-Pressure Privacy Update
  July 27, 2021
  A contentious WhatsApp privacy update, first announced earlier this year, is continuing to cause problems for the Facebook-owned messaging giant. WhatsApp privacy update creates multiple headaches for the companyThe consumer complaints allege that WhatsApp messages users about accepting the privacy update far too often, and uses confusing and unclear terms to describe the changes to how data is shared with Facebook. The consumer complaints have been organized by the Brussels-based European Consumer Organisation (BEUC). This is not the first legal issue that the new privacy update has triggered in the EU. #respectdataClick to TweetFacebook was one of the first to be hit with consumer complaints as the GDPR went active in 2018.
• EFF Sues U.S. Postal Service For Records About Covert Social Media Spying Program
  July 27, 2021
  Postal Service and its inspection agency seeking records about a covert program to secretly comb through online posts of social media users before street protests, raising concerns about chilling the privacy and expressive activity of internet users. Postal Inspection Service (USPIS), the Postal Service’s law enforcement arm, sorted through massive amounts of data created by social media users to surveil what they were saying and sharing, according to media reports. “We’re filing this FOIA lawsuit to shine a light on why and how the Postal Service is monitoring online speech. “Monitoring and gathering people’s social media activity chills and suppresses free expression,” said Aaron Mackey, EFF senior staff attorney. A government effort to scour people’s social media accounts is a threat to our civil liberties.”For the complaint:https://www.eff.org/document/eff-v-usps-complaintFor more on this case:https://www.eff.org/cases/eff-v-usps-social-media-monitoring-icopFor more on social media surveillance:https://www.eff.org/issues/social-media-surveilance
• CDT Joins EFF, Demand Progress, Others in Urging Congress to Support Amendment Ending Section 702 Warrantless Backdoor Searches
  July 27, 2021
  ***July 26, 2021RE: Civil Liberties Groups Urge Members to Support the Lofgren-Massie Amendment to H.R. This amendment would prohibit the use of funds for the warrantless search of United States persons’ communications acquired under Section 702 of the Foreign Intelligence Surveillance Act of 1978 (FISA), the controversial foreign intelligence authority that acquires an untold number of Americans’ Fourth Amendment protected information. Ending this unconstitutional practice is imperative to ensure that foreign intelligence surveillance does not swallow Americans’ privacy rights. In previous years, this amendment garnered the broad, bipartisan support of a majority of members of the House of Representatives. Recently released opinions by the Foreign Intelligence Surveillance Court (FISC) underscore the need for a warrant requirement to protect the privacy of those whose communications are “incidentally” collected.
• CDT Joins Civil Society Orgs and Independent Experts Calling for Investigation and Regulation of the Sale, Transfer and Use of Surveillance Technology
  July 27, 2021
  Today, the Center for Democracy & Technology joined scores of civil society organizations and experts around the world in urging governments to regulate the export, sale and use of technology being used to break into cell phones and other digital devices. The open letter, spearheaded by Access Now and Amnesty International, follows revelations that Pegasus spyware made by the Israel-based NSO Group has been found on the phones of activists, journalists and heads of state. It was also found on the phones of members of the family of Jamal Khashoggi, a Saudi journalist and lawful permanent resident of the U.S. who was murdered in 2018 in the Embassy of Saudi Arabia in Istanbul, Turkey. The letter calls on governments to investigate the sale and export of such technology, to require human rights due diligence and transparency by companies that manufacture it, to subject such companies to independent oversight, and to establish or strengthen redress mechanisms for people who are harmed by unlawful surveillance. Read the full letter here.
• Breaking up with Venmo: The best payment apps for privacy and low fees
  July 27, 2021
  To debit another person, you’ll need to add their name to the group or expense. Find people who already use the app by searching their name, number or email address under “Add friends.” The app will also ask to access your contacts. In this case, that might actually be a good call, because it lets you invite new users quickly. To repay someone, tap an expense and select “Settle up.” You can tap buttons to open Venmo, or for payments under $500, PayPal — or just log a cash payment. I wish Splitwise integrated with more digital payment services, but the app’s good points are worth the Venmo partnership.
• In some California privacy cases, analytics trackers are in the crosshairs
  July 27, 2021
  Now, as enforcement letters stream out to advertisers, social media sites, data brokers and ad tech firms from the California Attorney General’s office, it is clear that California Consumer Privacy Act enforcement is not just about data breaches. It’s about cookies and tracking technologies — including analytics trackers. Analytics trackers are “definitely something to pay attention to”In one case example published by the AG’s office, an unnamed social media firm was accused of non-compliance after sharing personal information about people’s website activities with third-party analytics providers without providing appropriate notice or opt-out capabilities. This sign that data sharing via analytics trackers could constitute a data sale “is definitely something to pay attention to [because] this is something that the AG is looking at,” said Kagan. Lee said there are a variety of factors the AG might take into consideration when assessing compliance when it comes to analytics trackers — such as which entities are involved in data flows, what analytics trackers are used for and whether they are tracking people across multiple sites or offline.
• Few sites are making it easy for visitors to opt out of data collection
  July 26, 2021
  Using a desktop computer located in New York State, Digiday visited sites belonging to the media properties in the Comscore 50. By 2023, about two thirds of the U.S. population will be covered by a patchwork of different state privacy laws. Just 11% of the sites Digiday examined offered visitors a one-click way to opt out of tracking. The site visitors who were savvy enough to engage with the sites’ consent management tools weren’t given an easy path to opting out either. Just 15% of the sites immediately gave people an opportunity to opt out after choosing to “manage” their settings.
• Google unveils timeline for a more 'responsible' cookie death clock
  July 24, 2021
  Q3 2023: As announced previously, support of third-party cookies in Chrome will phase out in late 2023. As announced previously, support of third-party cookies in Chrome will phase out in late 2023. It’s all part of what Google calls a more “responsible pace” for upending the technological underpinnings of digital advertising. In the second stage starting in the third quarter of 2023, the official death clock countdown will intensify as support for third-party cookies in Chrome is phased out. It promised the CMA it would disclose testing information to “help to overcome the asymmetry of information between Google and third parties regarding the development of the Privacy Sandbox Proposals.”Could this change?
• Shares of Snap close up 23% day after earnings beat
  July 23, 2021
  Shares of Snap soared to close up 23% Friday, as the company continued to ride its strong second-quarter earnings beat. The company posted 293 million global daily active users, compared to the 290.3 million expected per StreetAccount. That's also up more than 23% compared with the 238 million daily users the company reported a year prior. Snap's ad growth was also a key highlight, with concerns around potential Apple iOS privacy changes largely alleviated during the quarter. Snap said the company was not impacted by the iOS 14.5 privacy changes as it had anticipated that it would be.
• New industry tool for opt-out from email-based tracking misses ID tech
  July 23, 2021
  The email address has become an increasingly important piece of information used to identify people for advertising, particularly as the efficacy of cookies and other tracking tech declines. Now, the Network Advertising Initiative has introduced a new way for people to opt-out from ad targeting and tracking that employs email matching. Now, the NAI wants to expand the privacy options it gives people into that realm of audience matching beyond just blocking tracking cookies. People who want to opt-out of audience matching for ads must visit the NAI site and — yes — supply their email address. Notably, some of the biggest audience matching players are not included, because they are not NAI members: Facebook and LiveRamp.
• Council of Europe’s Actions Belie its Pledges to Involve Civil Society in Development of Cross Border Police Powers Treaty
  July 23, 2021
  But the treaty’s drafting process has been deeply flawed, with civil society groups, defense attorneys, and even data protection regulators largely sidelined. While the Terms of Reference allow the T-CY to invite individual subject matter experts on an ad hoc basis, key voices such as data protection authorities, civil society experts, and criminal defense lawyers were mostly sidelined. Civil society organizations were not included in the plenary groups and subgroups where text development actually occurs, nor was our input meaningfully incorporated. For instance, it could have included external stakeholders from civil society and from privacy regulators in its drafting process, as it had been urged to do on multiple occasions. It is important to get it right, and ensure that concerns from civil society and privacy regulators are taken seriously and directly incorporated into the text.
• Venmo Takes Another Step Toward Privacy
  July 21, 2021
  As part of a larger redesign, the payment app Venmo has discontinued its public “global” feed. That means the Venmo app will no longer show you strangers’ transactions—or show strangers your transactions—all in one place. If Venmo and parent company PayPal are taking privacy seriously, the app should make privacy the default, not just an option still buried in the settings. That would squander the opportunity it has right now to finally be responsive to the concerns of Venmo users, journalists, and advocates like EFF and Mozilla. We were pleased to see Venmo recently take the positive step of giving users settings to hide their friends lists.
• The Nightmare of Our Snooping Phones
  July 21, 2021
  “Data privacy” is one of those terms that feels stripped of all emotion. At least until America’s failures to build even basic data privacy protections carry flesh-and-blood repercussions. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went. This is about a structural failure that allows real-time data on Americans’ movements to exist in the first place and to be used without our knowledge or true consent. This case shows the tangible consequences of practices by America’s vast and largely unregulated data-harvesting industries.
• Venmo Gets More Private—but It's Still Not Fully Safe
  July 21, 2021
  Venmo’s global feed has for years been a font of voyeuristic insights into the financial habits of total strangers. The visibility of Venmo transactions and other user data has been criticized by privacy and consumer advocates for years. “This commitment to this weird corporate bit, this corporate DNA, of a social payment app is a huge liability,” says Gennie Gebhart, activism director at the Electronic Frontier Foundation, a digital rights group. The removal of the global feed extends that work, by making it incrementally harder to snoop on total strangers. Soon, the social element of the app will be limited to what your Venmo contacts are up to.
• India’s Draconian Rules for Internet Platforms Threaten User Privacy and Undermine Encryption
  July 21, 2021
  The Indian government’s new Intermediary Guidelines and Digital Media Ethics Code (“2021 Rules”) pose huge problems for free expression and Internet users’ privacy. Though WhatsApp and others are challenging the rules in court, the 2021 Rules have already gone into effect. 2021 Rules contain two provisions that are particularly pernicious: the Rule 4(4) Content Filtering Mandate and the Rule 4(2) Traceability Mandate. The 2021 Rules’ unstated requirement to break encryption goes beyond the mandate of the Information Technology (IT) Act, which authorized the 2021 Rules. The key principle of end-to-end encryption is that a message gets securely to its destination, without interception by eavesdroppers.
• Coalition of Privacy-Focused Tech Companies Calls for Ban on Surveillance Advertising Technologies
  July 19, 2021
  A coalition of some of the biggest names in privacy-focused tech companies is seeking a ban on advertising technologies that use surveillance techniques to track people across the internet. The signatories point out that they are all running profitable companies without relying on advertising technologies that are intrusive. The letter calls surveillance advertising anti-competitive and anti-democratic, and asserts that it harms content creators in spite of the seeming benefits to them. Early moves against intrusive advertising technologiesThus far, calls to ban surveillance advertising technologies are mostly coming from consumer protection and privacy groups such as this one. Coalition points out that they are all running profitable companies without relying on #advertising technologies that are intrusive.
• Court Rules that Warrantless Persistent Aerial Surveillance Is Unconstitutional
  July 19, 2021
  The BPD argued that the case against it was moot because the surveillance program had not been renewed, and most of the images from it had been disposed of. The Fourth Circuit was badly split in this case, voting 8-7 to find a Fourth Amendment violation. The application of the Fourth Amendment in the digital age requires an assessment of the real-life impact of surveillance. We know that in today’s world of big data, data aggregation is what provides that intimate window. We should not ignore that reality in applying the Fourth Amendment.
• Spyware: The software that watches you
  July 19, 2021
  Rights activists, journalists and lawyers around the world have been targeted with Pegasus phone malware sold to authoritarian governments by an Israeli surveillance firm called NSO, media reports say. NSO denies any wrongdoing. The BBC’s cyber reporter, Joe Tidy, explains what spyware is, and agrees to be spied on by his producer to show how it works.
• Steps to Protect Student Privacy & Support Equity in the New School Year
  July 19, 2021
  As schools return to in-person learning, education leaders will be developing processes for managing technology adopted during the pandemic and for handling new data to transition away from remote learning and reopen schools in-person. Leaders should consider five steps in implementing those processes to protect privacy and promote equity in the new school year:Develop robust data governanceEngage the communityPromote equityBuild stakeholder capacity and digital literacyComply with legal rulesThe return to in-person learning will likely not look and feel the same as prior to the pandemic. To help schools, families, and students navigate all of this, CDT’s Equity in Civic Technology Project is releasing an infographic and two checklists on promoting equity and protecting privacy while transitioning away from remote learning to connected in-person learning. Find the checklist on “Transitioning to Connected In-Person Learning” here. Find the checklist on “Transitioning Away from Remote Learning” here.