Privacy.News 

"Informing You Without Watching you."
editor@dp.news  @digitalprivacy

The Guardian (UK), Mon 10/10:
Push to scrap Australia privacy exemptions for political parties due to risk of data breaches

The Albanese government is being urged to scrap “concerning” exemptions given to political parties to use voter data, as part of a review of the federal election. It argues that by extending the Privacy Act to cover political parties, they would need to meet the requirements of the Australian Privacy Principles, which would reduce the possible consequence of any future data breach. The principles would require political parties to do due diligence to ensure they are only collecting necessary personal information, as well as handling it in accordance with the protections offered by the Act. “Little has been done to address why and how political parties gather, retain and process data, including personal information,” the submission states. The government has said it intends to legislate spending caps and truth in political advertising laws after the inquiry has concluded.

Read full article here:
theguardian.com/../push-to-scrap-p..
(warning: ads & trackers)



Privacy International, Mon 10/10:
EU Ombudsman opens inquiries into FRONTEX and EEAS on their support to develop surveillance capabilities in non-EU countries

The European Ombudswoman, Emily O’Reilly, has launched two new investigations into Frontex, the European Border and Coast Guard Agency, and into the European External Action Service (EEAS), the EU’s diplomatic agency, in relation to their support to non-EU countries to develop surveillance capabilities and, in particular, their lack of prior human rights risk and impact assessments. We welcome the two additional inquiries launched by the European Ombudsman following our complaints and we hope they will eventually force EU institutions to uphold the rights of millions of citizens within and outside the EU.” Questions posed by the Ombudswoman to the EU agency mention the monitoring of the EUCAP Mali and Niger civilian missions as well as EU Common Security and Defence Policy (CSDP) civilian missions in Palestine, Somalia, Niger, Mali, Libya, and Iraq. Based on different evidence, the EU ombudsman now opened an inquiry. The EU has to assess, repsect and protect human rights in its activities.

Read full article here:
privacyinternational.org/../eu-omb..
(warning: ads & trackers)



The Guardian (UK), Mon 10/10:
Singtel confirms 2020 data breach after cyber-attack on Optus

Just weeks after Optus revealed that the records of 10 million customers had been compromised in a data breach, its parent company, Singtel, is dealing with two of its own data hacks. Singtel determined at the time that the personal information of 129,000 customers and 23 businesses had been exposed in the breach. The activity was detected on the company’s servers on 10 September and on Friday 7 October, the company found that a “very small sample” of Dialog’s data, including some employee personal information, had been published on the dark web. For more information see our Newsletters may contain info about charities, online ads, and content funded by outside parties.

Read full article here:
theguardian.com/../singtel-confirm..
(warning: ads & trackers)



epic.org, Fri 10/07:
President Biden Signs Executive Order Creating New Safeguards for U.S. Surveillance Programs

Today, President Biden signed an Executive Order (EO) which imposes new limitations on U.S. surveillance programs and creates a new redress mechanism for EU residents. While the EO does provide some privacy safeguards, it does fully bar the use of bulk collection programs by U.S. intelligence agencies. “The Administration’s new Executive Order is a meaningful improvement over the prior privacy framework which has operated to the exclusion of non-U.S. persons, but these new safeguards and redress mechanism are unlikely to persuade the CJEU that U.S. law adequately protects privacy,” EPIC Executive Director Alan Butler said. “

Read full article here:
epic.org/../president-biden-signs-..
(warning: ads & trackers)



Gizmodo, Fri 10/07:
Biden Signs Order to Limit Spies' Use of European Data

President Biden signed an executive order placing new restrictions on how U.S. intelligence agencies harness data as it flows between the U.S. and the E.U., the White House announced Friday. The order creates a new framework to comply with European privacy rules. The executive order creates a mechanism for people covered by E.U. privacy laws to seek redress if they think their data was collected unlawfully. The new framework, which is being referred to as Privacy Shield 2.0, creates an independent Data Protection Review Court made up of people from outside the U.S. government that Europeans can appeal to.

Read full article here:
gizmodo.com/../biden-executive-ord..
(warning: ads & trackers)



EFF, Fri 10/07:
Derechos Digitales Raises the Bar for Chilean ISPs' Privacy Commitments in New Report

Chile’s internet service providers (ISPs) have over the last five years improved transparency about how they protect their users’ data, thanks in large part to Latin American digital rights group Derechos Digitales shining a light on their practices through annual ¿Quien Defiende Tus Datos? ( As such, Derechos Digitales didn't give them credit in that category. annual assessments, which started in 2017, and implemented best practices in most categories covered by the reports. Certain transparency practices that once seemed unusual in Latin America have become the default among ISPs in Chile. The new criteria raises the bar on best practices, taking into account new privacy challenges and the incredibly magnified role digital technologies play in our lives compared to 1999, when Chile enacted its existing data protection law (Law No 19,628 of 1999). Claro reported only one request during the first quarter of 2022. Although the time periods differ, the discrepancy in numbers is striking. Derechos Digitales' report notes Claro’s efforts in 2019, 2020, and 2022 advocating for user notification, including carrying out actions both in Congress and before the Public Prosecutor's Office… cont

Read full article here:
eff.org/../derechos-digitales-rais..
(It's EFF - safe to visit)



The Guardian (UK), Fri 10/07:
Government considers centralising digital ID verification on myGov in wake of Optus breach

The Australian government is considering using myGov or its myGovID system to centralise digital identity authentication in the wake of the Optus data breach, but critics warn any single system could have its own cybersecurity weaknesses. The former Telstra chief executive David Thodey was recruited to audit myGov when the Albanese government came into power, and his review would now examine whether myGov could be used to prevent people needing to present ID documents multiple times, a spokesperson for the government services minister, Bill Shorten, said. The federal government will now consider whether to develop a single digital identification service that businesses could use instead. The Morrison government released draft legislation in October last year to expand the use of the myGovID system. She said the system used an identity exchange that mediates all logins, so there was a single point of failure where one server could track every time a person logged in, and every service they logged in to. For more information see our Newsletters may contain info about charities, online ads, and content funded by outside parties. A spokesperson for the ATO said more than 6.5m verifi… cont

Read full article here:
theguardian.com/../government-cons..
(warning: ads & trackers)



Gizmodo, Thu 10/06:
Thanasis Koukakis Sues Intellexa Over Predator Spyware

A Greek journalist who was targeted for surveillance with spyware has filed a lawsuit against the spyware’s proprietor, hoping to spur a criminal investigation into the malfeasance surrounding the sales and use of such spying tools. The lawsuit filed by Koukakis takes aim at Intellexa and its executive, alleging a criminal breach of privacy and communication laws, reports Haaretz. “Despite the press revelations and the pressure from the European Parliament and the European Commission, the Greek government continues to grant complete immunity to Intellexa and its shareholders,” Koukakis said recently. “ Advertisement

Greece isn’t the only European nation facing a surveillance scandal right now.

Read full article here:
gizmodo.com/../thanasis-koukakis-s..
(warning: ads & trackers)



BBC, Thu 10/06:
Elton John and Prince Harry sue Daily Mail publisher over 'privacy breach'

"So it is a gross invasion of privacy if these things occurred, and it would be absolutely right and proper if they did occur, that Associated Newspapers and hopefully some of their senior figures, are held to account."

Read full article here:
bbc.com/../uk-63164654..
(warning: ads & trackers)



Gizmodo, Wed 10/05:
Google Only Tweaks Location History Description After Lawsuit

Two years ago, the Arizona Attorney General sued Google for allegedly tricking people into giving up their location data, even after they tried to turn off the company’s location data settings. Experts and Gizmodo’s own attempts suggest the company’s success was middling at best and intentionally confusing at worst. It used to be pretty hard to figure that out; for years the company’s help page said “With Location History off, the places you go are no longer stored.” “There’s a lot of fine print when you pause location history. But if you don’t read carefully, it would be easy to adjust the Location History setting without realizing that Google would still be following you around. I am proud of this historic settlement that proves no entity, not even big tech companies, is above the law,” Arizona Attorney General Mark Brnovich said in a press release.

Read full article here:
gizmodo.com/../google-location-his..
(warning: ads & trackers)



Gizmodo, Tue 10/04:
Biden's 'AI Bill of Rights' Sounds Nice, But That's About It

The Biden Administration on Tuesday revealed a first-of-its-kind “AI bill of rights” calling on developers and policymakers to address longstanding issues of algorithmic bias and discrimination. The bill of rights, which focuses primarily on bias from AI systems deployed in the private sector, largely sidesteps growing concerns over the federal government’s own use of AI surveillance tools. G/O Media may get a commission Save 97% Prism Drive Secure Cloud Storage: Lifetime Subscription Lowest Price Ever! During a press briefing, policymakers involved in drafting the blueprint repeatedly said AI protections represent a modern extension of civil liberties protections. Advertisement

“It’s far too easy for landlords to deploy untested, unregulated, and unsafe technology we didn’t want or ask for,” Rogers said. Advertisement

Some fear the bill of rights could actually do more harm than good. Advertisement

In a statement, STOP said the bill of rights document endorses law enforcement use of AI systems during a time when advocates are calling for bans of particularly harmful AI tools.

Read full article here:
gizmodo.com/../joe-biden-ai-bill-r..
(warning: ads & trackers)



The Guardian (UK), Tue 10/04:
TikTok reports $1bn turnover across international markets

TikTok has reported a five-fold surge in turnover to $1bn (£875m) across its operations in international markets including the UK and Europe last year, as trend-setting teens and young adults continue to make the video-sharing platform the hottest social app of the moment. “The increase was primarily driven by the continued growth of our user base and enhanced monetisation tools to improve advertisers’ experience and ad performance,” the company said. As a result, TikTok UK’s wage and salary bill soared from $121m in 2020 to $391m and overall losses ballooned to $900m.

More than four-fifths of TikTok UK’s $990m annual turnover came from online advertising last year, with the remainder mostly coming from live streaming and e-commerce. Two years ago, India, one of the world’s biggest markets for social media usage, banned 59 Chinese apps, including TikTok.

Read full article here:
theguardian.com/../tiktok-reports-..
(warning: ads & trackers)



The Hill, Tue 10/04:
New Democrat Coalition backs privacy bill

The centrist New Democrat Coalition (NDC) on Tuesday backed a privacy bill — currently stalled in the House — that would create a comprehensive national privacy law to protect consumer data and prohibit discrimination based on personal information. The American Data Privacy and Protection Act (ADPPA) passed out of the House Energy and Commerce Committee over the summer with bipartisan support, but has gone nowhere since. Rep. Suzan DelBene (D-Wash.), the chairwoman of the NDC, said the “legislation is a big step forward in our effort to ensure all Americans have strong data privacy and security protections under federal law.” Our members have also prioritized advancing policies that make privacy the default and put people in control of their own information.”

Read full article here:
thehill.com/../3673175-new-democra..
(warning: ads & trackers)



epic.org, Mon 10/03:
DOJ Report Highlights Disagreements Between FBI, DOJ on Key FISA Processes and Principles

A report from the Department of Justice (DOJ) Inspector General (IG) revealed that the FBI conducted queries of data collected under foreign intelligence surveillance authorities that oversight officials within the DOJ believed were not permissible. The report also found that the FBI and DOJ disagreed over what constitutes a “material” fact that would trigger the government’s obligation to submit a notice to the FISC under Rule 13 of the FISC Rules of Procedure, thereby delaying the government’s reporting of noncompliance.

Read full article here:
epic.org/../doj-report-highlights-..
(warning: ads & trackers)



The Guardian (UK), Mon 10/03:
Guardian Essential poll: one in two Australians want stronger privacy laws after Optus breach

Australians are very concerned about the risks of scammers gaining access to their personal information, and a majority of Guardian Essential poll respondents would support more restrictions on the amount of information companies can collect. The latest survey of 1,050 voters was taken after Optus confirmed a massive data breach in which the personal information of more than 10 million customers had been exposed – with at least 2.1 million having key identity documents stolen, such as their passport, Medicare or drivers’ licence numbers. But the new data suggests Australians are worried about their privacy online. People are also concerned about scammers sending fraudulent emails and text messages (78%).

Read full article here:
theguardian.com/../guardian-essent..
(warning: ads & trackers)



The Guardian (UK), Mon 10/03:
Google UK staff earned average of more than £385,000 each in 18 months

Google UK’s staff earned an average of more than £385,000 each in the 18 months to the end of December, as the tech company gave almost £1bn in share-based payments. Google’s total staff costs hit £2.2bn in the 18-month reporting period, according to accounts filed at Companies House. While the company reported £3.4bn in turnover over its 18-month reporting period, the research firm Insider Intelligence estimates that Google made almost £8.7bn in ad revenue in the UK in 2021 alone. Sign up to Business Today Free daily newsletter Get set for the working day – we'll point you to the all the business news and analysis you need every morning Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties.

Read full article here:
theguardian.com/../google-uk-staff..
(warning: ads & trackers)



The Intercept, Mon 10/03:
Meet the Military Contractor Running Fare Collection in New York Subways — and Around the World

In a cheerfully animated promotional video, a woman narrates Cubic Transportation Systems’ vision for the future. Transit authorities have embraced tap-to-pay technology for its convenience and speed, but privacy advocates are worried that the new fare collection systems pose serious surveillance and security risks. Most of the headlines Cubic garners, though, stem from its increasingly indispensable role in public transit systems across the world. I’m deeply concerned about how the development of smart cities creates growing incentives for companies like Cubic to aggregate our data and then sell it to police, ICE, and other agencies,” said Albert Fox Cahn, founder and executive director of the Surveillance Technology and Oversight Project, referring to U.S. Immigration and Customs Enforcement. “ OMNY, a fare payment system backed by Cubic, installed on a turnstile in a Brooklyn subway station on Sept. 30, 2022. The company received $1.4 million from the U.S. Air Force in 2018 for Predator/Reaper training software, and in 2020, it signed a cooperative agreement with U.S. Special Operations for the research and development of intelligence, surveillance, and reconnaissance technol… cont

Read full article here:
theintercept.com/../cubic-military..
(warning: ads & trackers)



The Guardian (UK), Mon 10/03:
Optus commissions independent review of data breach

Optus has commissioned Deloitte to conduct an independent external review of the company’s massive data breach, with a focus on security systems and processes. The review would be in addition to the work Optus was undertaking with technical professionals within the federal government to understand how the breach occurred. In the past day, Optus has sent text messages or emails to customers who had their driver’s licence numbers taken, in every state and territory bar Victoria and Queensland. For more information see our Newsletters may contain info about charities, online ads, and content funded by outside parties. O’Neil said existing cybersecurity laws passed in the last parliament were “absolutely useless” when the Optus breach occurred, and while the government had been able to rely on powers in the Telecommunications Act to get Optus to provide the government information, she flagged the next breach might not be a telecoms company.

Read full article here:
theguardian.com/../optus-commissio..
(warning: ads & trackers)



The Tribune (India), Mon 10/03:
Open House: What steps should authorities take to protect students’ privacy?

Educational institutions should take measures such as appointing a woman attendant who must ensure that a mobile or an electronic device is not taken to common bathrooms and toiles. The height of washroom walls should be increased to ensure privacy. Self-restraint and ethical practices can help prevent an untoward situation. Violators should be punished to send a strong message to others. The government should act tough on violations of standard operating procedures for safety and security of students, especially girls. Avinash Goyal, Chandigarh

A wake-up call for institutions

The recent case of Chandigarh University should be a lesson to other institutions. They can take the help of the police to ensure better safety of students. Institutions should make sure rooms and common facilities provided to girl students are safe and secure. The university and college authorities should make sure that no such shameful act is repeated. Whosoever is involved in the video leak incident be harshly punished. MR Bhateja, Nayagaon

Monitor hostel residents’ activities

There is a need for enhanced vigilance at all stages while constructing a bu… cont

Read full article here:
tribuneindia.com/../open-house-wha..
(warning: ads & trackers)



The Guardian (UK), Sun 10/02:
Law professor Danielle Citron: ‘Privacy is essential to human flourishing’

Danielle Citron is a professor of law at the University of Virginia School of Law, where she specialises in privacy and civil rights. You highlight, for example, that our internet search history is essentially in the public realm and could be purchased by any motivated party. We don’t viscerally appreciate the ways in which companies and governments surveil our lives by amassing intimate information about our bodies, our health, our closest relationships, our sexual activities and our innermost thoughts. Companies are selling this information to data brokers, who are compiling dossiers with about 3,000 data points on each of us, including if we have been rape victims, use sex toys or have had abortions or miscarriages. If you travel across state lines or go to another town and visit a health provider or an abortion provider, your phone’s location data circumstantially tells the story that you’ve gone to get an abortion. In the UK, the online safety bill hasn’t passed yet, so victims can’t bring suits against platforms for non-consensual pornography

At the core of your book is the concept of intimate privacy. It highlights how Section 230, a piece of US legislation t… cont

Read full article here:
theguardian.com/../danielle-citron..
(warning: ads & trackers)



EFF, Sat 10/01:
California Leads on Reproductive and Trans Health Data Privacy

In the wake of the Supreme Court’s Dobbs decision, anti-choice sheriffs and bounty hunters will try to investigate and punish abortion seekers based on their internet browsing, private messaging, and phone app location data. We can expect similar tactics from state officials who claim that parents who allow their transgender youth to receive gender-affirming health care should be investigated for child abuse. This post summarizes the new California data privacy safeguards and provides a breakdown of the specific places where they change California state law. For those interested, we have included the citations to these changes. Some provisions create new exemptions from existing disclosure mandates; others create new limits on disclosure. 8, at Penal Code 1524.2(c)(1)) A “prohibited violation” is an abortion that would be legal in California but is illegal elsewhere. ( First, A.B. 1242 and S.B. 107 bar all state and local government agencies in California, and their employees, from providing information to any individual or out-of-state agency regarding:

Third, A.B. 2091 bars prison staff from disclosing medical information about an incarcerated person’s abortion, i… cont

Read full article here:
eff.org/../california-leads-reprod..
(It's EFF - safe to visit)