Privacy.News 

"Informing You Without Watching you."
editor@dp.news  @digitalprivacy

EFF, Wed 09/28:
EFF urges FTC to address security and privacy problems in daycare and early education apps

SAN FRANCISCO—The Federal Trade Commission must review the lack of privacy and security protections among daycare and early education apps, the Electronic Frontier Foundation (EFF) urged Wednesday in a letter to Chair Lina Khan. Of 42 daycare apps that privacy experts researched, 13 companies did not specify the data they collect in their privacy policies. The Family Educational Rights and Privacy Act also falls short: It restricts schools from disclosing students’ “education records” to certain third parties without parental consent, but does not regulate the actions of third parties who may receive that data, such as daycare apps.

Read full article here:
eff.org/../eff-urges-ftc-address-s..
(It's EFF - safe to visit)



The Guardian (UK), Wed 09/28:
Apple removes Russian Facebook competitor VK from App Store

Apple has removed VK, Russia’s homegrown Facebook competitor, from its App Store globally, citing conflicts with British sanctions. In a statement on the social network’s website, the company said the app would continue to work on smartphones that had already installed it before the takedown, but warned users that “there may be difficulties with notifications and payments” as a result. Sign up to Business Today Free daily newsletter Get set for the working day – we'll point you to the all the business news and analysis you need every morning Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. “Today’s sanctions will target those behind these sham votes, as well as the individuals that continue to prop up the Russian regime’s war of aggression.

Read full article here:
theguardian.com/../vk-apple-remove..
(warning: ads & trackers)



The Guardian (UK), Wed 09/28:
Optus customers, not the company, are the real victims of massive data breach | Justin Warren

The Optus data breach has brought data security into the forefront of every Australian’s mind. Privacy harm is real

Straight after the breach, Optus made claims that it was “not currently aware of any customers having suffered harm”. This suggests that Optus doesn’t consider the widespread damage to people’s privacy harmful. Yet the specifics of how the breach happened don’t really matter. Overblown claims about online predators are used to pass ever-more intrusive surveillance laws that compel private companies to spy on us on their behalf. When companies like Optus collect data they don’t need, keep it for too long, or fail to protect it, there should be meaningful consequences. 00:43 Attorney general says FBI is working on Optus data breach – video

Those with power in Australia must be compelled to value our privacy more than their own power, money, or status or we will continue to see data breaches like this. We have pleaded, begged, and asked nicely for decades and have been ignored.

Read full article here:
theguardian.com/../optus-customers..
(warning: ads & trackers)



The Guardian (UK), Tue 09/27:
The droids you’re looking for: how Ukrainian AI recreated Darth Vader’s voice

Artificial intelligence developed in Kyiv is taking over one of the most treasured roles in film, as James Earl Jones steps back as the voice of Darth Vader. Photograph: Chip East/Reuters

“Lucasfilm came to us, essentially through word of mouth,”, said Dmytro Bielievtsov, Respeecher’s chief technical officer. “ We convert them with different varieties of the models, and then the client takes a listen and sees if the performance is right. For more information see our Newsletters may contain info about charities, online ads, and content funded by outside parties.

Read full article here:
theguardian.com/../the-droids-your..
(warning: ads & trackers)



Politico (Europe), Tue 09/27:
US expected to publish Privacy Shield executive order next week

The White House is expected to publish its long-awaited executive order on transatlantic data transfers next week, according to three officials with knowledge of the matter. The order is designed to address European concerns over surveillance practices in the United States and may be signed by President Joe Biden and then published as early as October 3, one of the officials said. Once made public next week, the executive order will kick off a ratification process by the European Commission, which is expected to take as long as six months.

Read full article here:
politico.eu/../us-expected-to-publ..
(warning: ads & trackers)



EFF, Mon 09/26:
Ban Government Use of Face Recognition In the UK

In 2015, Leicestershire Police scanned the faces of 90,000 individuals at a music festival in the UK and checked these images against a database of people suspected of crimes across Europe. In the years since, the surveillance technology has been frequently used throughout the country with little government oversight and no electoral mandate. Face recognition presents an inherent threat to individual privacy, free expression, information security, and social justice. Of course, even if overnight the technology somehow had 100% accuracy, it would still be an unacceptable tool of invasive surveillance capable of identifying and tracking people on a massive scale. That’s why we are calling for a ban on government use of face recognition in the UK. London-based civil liberties group Big Brother Watch has been driving the fight to end government-use of face recognition across the country. Police Scotland has reported its intention to introduce LFR by 2026. In particular, the court found that the police had too much discretion in determining the location of video cameras and the composition of watchlists. Images on the PND are predominantly sourced from people who have been arrested, … cont

Read full article here:
eff.org/../ban-government-use-face..
(It's EFF - safe to visit)



Gizmodo, Mon 09/26:
TikTok May Have Illegally Used Kids’ Data, UK's ICO Says

The UK’s privacy regulator, the Information Commissioner’s Office (ICO), has today served TikTok with notice that it believes the app may have breached UK data protection law, including processing the data of children under the age of 13 without parental consent. Internal documentation, obtained by Gizmodo and dating back to the time that the ICO believes TikTok may have breached children’s privacy rules, advises employees in the company’s PR department to say that “The app is only for users aged 13 and over, according to our terms and conditions. Advertisement

The reason the ICO is so cagey in not definitively declaring wrongdoing is that it has been down this path before with a big tech company. In the end, both parties settled in October 2019, with Facebook admitting no liability to the ICO about mishandling user data. “My main thought is that I think it shows poor judgment” on behalf of the ICO, says Tim Turner, a UK-based data protection expert. “ Advertisement

“The announcement doesn’t tell us anything concrete,” adds Turner. “ We don’t know how big the fine is going to be or even if there’s going to be one. Previously, TikTok advised its public r… cont

Read full article here:
gizmodo.com/../tiktok-kids-data-uk..
(warning: ads & trackers)



The Verge, Mon 09/26:
Australia to overhaul privacy laws after massive data breach

Following one of the biggest data breaches in Australian history, the government of Australia is planning to get stricter on requirements for disclosure of cyber attacks. Reporting from ABC News Australia suggested the breach may have resulted from an improperly secured API that Optus developed to comply with regulations around providing users multifactor authentication options. The hacker also released a number of free “sample files,” which they said contained the full address information of 10,000 Optus users.

Read full article here:
theverge.com/../australian-hack-di..
(warning: ads & trackers)



The Hill, Mon 09/26:
TikTok could face $29 million fine from UK over kids’ data privacy violations

TikTok could face a fine of 27 million pounds, or roughly $29 million, over allegations of violating the United Kingdom’s children’s data privacy protection standards, a U.K. agency said Monday. TikTok allegedly breached the U.K.’s protections for children’s data privacy between May 2018 and July 2020, in part by processing the data for children under 13 without appropriate parental consent, according to an investigation by the U.K.’s Information Commissioner’s Office (ICO). TikTok and other social media platforms have been targeted over how they handle the data of minors.

Read full article here:
thehill.com/../3661303-tiktok-coul..
(warning: ads & trackers)



The Guardian (UK), Mon 09/26:
TikTok could face £27m fine for failing to protect children’s privacy

TikTok is facing the prospect of a £27m fine for failing to protect the privacy of children, the UK’s data watchdog has said. “Companies providing digital services have a legal duty to put those protections in place but our provisional view is that TikTok fell short of meeting that requirement.” For more information see our Newsletters may contain info about charities, online ads, and content funded by outside parties. In May, the ICO fined the facial recognition company Clearview AI £7.5m– the third largest it has imposed – for collecting images of people from social media platforms and the web to add to a global database.

Read full article here:
theguardian.com/../tiktok-fine-pro..
(warning: ads & trackers)



The Guardian (UK), Sun 09/25:
Optus data breach: Cybersecurity reforms expected to enable companies to rapidly inform financial institutions

The minister for home affairs and cybersecurity, Clare O’Neil, is expected to announce reforms that would enable Optus to inform financial institutions about the data compromised in its recent cyber-attack. O’Neil is expected to announce reforms in the coming week that would enable companies such as Optus to more rapidly provide data to banks following security breaches. Details including names, dates of birth, phone numbers, email addresses, home addresses, and passport and driver’s licence numbers have been stolen. Optus chief executive, Kelly Bayer Rosmarin said on Friday that the company was not sure exactly how many customers had their details compromised, but said 9.8 million was the “worst case scenario”. In the past, the telco has proposed changes to privacy laws that would enable customers to request their data be destroyed.

Read full article here:
theguardian.com/../optus-data-brea..
(warning: ads & trackers)



The Tribune (India), Sun 09/25:
Dealing with digital invasion of privacy

Renu Sud Sinha

“THe Internet has become the central lifeline of our day-to-day life that we can’t leave. Checks and balances Senior Supreme Court advocate Vibha Datta Makhija suggests common toilets to be device-free zones in educational institutions, hostels. Even after all precautions, if any breach happens, report immediately to police. The recent Chandigarh University video leak case has brought into focus the issue of privacy invasion in the digital age. We have begun to take the Internet for granted but forget that it never forgets. In Himachal Pradesh, cyber crime cases have gone up in the past two to three years, particularly during the lockdown, says Narvir Singh Rathaur, Additional SP, cyber crime, Shimla. A high conviction rate would have acted as a deterrent, but it remains quite low. Most of the time there is a delay in providing information to us,” says the HP cyber cop. The key lies in creating awareness and sensitising people about cyber security, says Prajakta Ahvad, a Kharar-based lawyer who also runs an NGO that works with adolescent girls. “ Law definitely provides a remedy but prevention is more important and that can come only through education… cont

Read full article here:
tribuneindia.com/../dealing-with-d..
(warning: ads & trackers)



The Guardian (UK), Fri 09/23:
Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over their data

Optus has repeatedly opposed a proposed change to privacy laws that would give customers the right to request their data be destroyed, with the telco arguing there were “significant hurdles” to implementing such a system and it would come at “significant cost”. Any substantial changes to the act would “place a further drag on innovation and limit the benefits of digitisation,” the company said. For more information see our Newsletters may contain info about charities, online ads, and content funded by outside parties. In its response in January this year, Optus reiterated its opposition to the proposals, arguing the existing processes for consumer complaints were more “flexible”.

Read full article here:
theguardian.com/../optus-cyber-att..
(warning: ads & trackers)



EFF, Fri 09/23:
Study of Electronic Monitoring Smartphone Apps Confirms Advocates’ Concerns of Privacy Harms

Researchers at the University of Washington and Harvard Law School recently published a groundbreaking study analyzing the technical capabilities of 16 electronic monitoring (EM) smartphone apps used as “alternatives” to criminal and civil detention. The way it works is simple: in lieu of incarceration/detention or an ankle monitor, a person agrees to download an EM app on their own phone that allows the agency to track the person’s location and may require the person to submit to additional conditions such as check-ins involving face or voice recognition. The low costs associated with requiring a person to use their own device for EM likely explains the explosion of EM apps in recent years. Such a high usage calls for a greater need for public understanding of these apps and the information they collect, retain, and share. Information Flows

The study aimed to capture the kinds of network traffic these apps sent during normal operation, but was limited by not having active accounts for any of the apps (either because the researchers could not create their own accounts or did not do so to avoid agreeing to terms of service). Even still, by installing software that al… cont

Read full article here:
eff.org/../study-electronic-monito..
(It's EFF - safe to visit)



The Verge, Fri 09/23:
San Francisco police can now watch private surveillance cameras in real time

Sundar Pichai addressed employees’ questions about Google’s spending changes at an all-hands this week, according to CNBC. In the all-hands, Google’s head of finance also asked staff to try not to go “over the top” for holiday parties.

Read full article here:
theverge.com/../san-francisco-poli..
(warning: ads & trackers)



The Guardian (UK), Fri 09/23:
Optus cyber-attack leaves customers feeling ‘powerless’ over risk of identity theft

Optus customers caught up in a cyber-attack that may have exposed the personal information of 9.8 million people say they are angry and concerned about having been exposed to the risk of identity fraud. The messages, addressed from the Optus chief executive, Kelly Bayer Rosmarin, were labelled as an “urgent update from Optus about your personal information” and began with Rosmarin expressing her “great disappointment” about the data breach before outlining what information had been taken – and what had not. The email said Optus was “currently not aware of customers having suffered any harm” but offered a checklist for people to follow to protect themselves. Then just a number for a call centre that no doubt is flooded.” For more information see our Newsletters may contain info about charities, online ads, and content funded by outside parties. But they said the responsibility ultimately lay with the government for requiring corporations to collect so much data in order to access a basic necessity of modern life.

Read full article here:
theguardian.com/../optus-cyber-att..
(warning: ads & trackers)



The Guardian (UK), Fri 09/23:
Apple says it prioritizes privacy. Experts say gaps remain

For years, Apple has carefully curated a reputation as a privacy stalwart among data-hungry and growth-seeking tech companies. Of those 7,122 requests, the iPhone maker challenged or rejected 261 requests. The company’s positive response rate is largely in line with, and at times slightly higher than that of counterparts like Facebook and Google. That’s more than six times the number of law enforcement requests Apple received in a comparable time frame. That’s because the amount of data Apple collects on its users pales in comparison with other players in the space, said Jennifer Golbeck, a computer science professor at the University of Maryland. Apple’s drafted detailed guidelines outlining exactly what data authorities can obtain and how it can get it – a level of detail, the company says, which is in keeping with best practices. “iCloud content, as it exists in the customer’s account” can be handed over to law enforcement in response to a search warrant, Apple’s law enforcement guidelines read. When we say they’re better than everyone else, it’s more an indictment of what everyone else is doing Erica Portnoy, Electronic Frontier Foundation

“[Apple’s] hardware is… cont

Read full article here:
theguardian.com/../apple-user-data..
(warning: ads & trackers)



Gizmodo, Thu 09/22:
TikTok Company's New VR Headset Competes with Meta on Price and Privacy

Meta is terrified of TikTok’s domineering presence in the social media market, and now it seems the company behind the app, ByteDance, is coming for Meta’s own stake in the Metaverse with a headset that’s the closest we’ve seen in price to the Quest 2. Considering Meta’s already contracted with Qualcomm for custom chipsets, it will be interesting to see how powerful this device will be compared to future Quests. Buy for $90 from Amazon Advertisement

The headband is just a single strap, but Pico is promoting that the weight of the device is balanced due to the 5300mAh battery sitting behind the head. The four buttons used in most modern games are shared between both controllers. Of course, the company did not show off this feature in-action. It was a deal that mirrored Facebook when it purchased Oculus back in 2014. Pico seems to be going after Meta and its metaverse directly with its “Avatar System.” The company also boasts its device’s ability to track facial muscles that will be reproduced on player’s avatars.

Read full article here:
gizmodo.com/../tiktok-vr-bytedance..
(warning: ads & trackers)



epic.org, Thu 09/22:
The Rise of Chinese Surveillance Technology in Africa (part 5 of 6)

Personal Data Vulnerabilities in Africa

By Bulelani Jili, EPIC Scholar-in-Residence

Digital initiatives have widened the range of personal data collected by African states. This digitization initiative was justified as a way to bolster tax recovery, streamline administrative processes, and strengthen national security priorities. This disagreement was never resolved since the ambitious plan for a panoptic biometric registration, announced by the government in the early 2010s, ultimately never came to pass. Following this outcome, Safaricom launched their micro-loan program, M-Shwari. The database contains information, including biometric information, on Kenyan citizens and foreign residents in the country. Accordingly, the court ruled to pause the rollout of Huduma Namba because (i) there was no practical legislation in place to guarantee the security and safety of the biometric data processed by the state and its corporate partners and (ii) there were no means to ensure that the systems would not deprive access to historically marginalized groups in Kenya. These trends in the application of administrative and surveillance tools are particularly prevale… cont

Read full article here:
epic.org/../the-rise-of-chinese-su..
(warning: ads & trackers)