Privacy.News 

"Informing You Without Watching you."
editor@dp.news  @digitalprivacy

Politico (Europe), Thu 07/28:
Digital Bridge: California (privacy) dreaming — Arabic social media — Privacy Shield update

Press play to listen to this article Voiced by Amazon Polly

POLITICO’s weekly transatlantic tech newsletter for global technology elites and political influencers. By MARK SCOTT

Send tips here | Subscribe for free | View in your browser

WELCOME BACK TO ANOTHER DIGITAL BRIDGE. Now let’s break out those smartphones and get to it:

— Time is ticking down to get U.S. federal privacy rules on the books. With all things related to data protection, both California and Congress have legitimate points. In the Golden State’s defense, some (but not all) of its upcoming privacy rules are better than what Washington has proposed. Wonky issues like mandated data protection risk assessments and greater flexibility to update the state’s rules to keep up with technology should not be underestimated. That now all hinges on the standoff between California and Washington. Time is short ahead of the August recess to figure out a compromise. He’s previously helped me track ISIS sympathizers on right-wing social media platforms; outline how jihadists used an emoji-based codebook to sidestep Facebook’s content rules; and explain why Western far-right g… cont

Read full article here:
politico.eu/../california-privacy-..
(warning: ads & trackers)



austinmonitor.com, Thu 07/28:
Proposal to reinstate license plate readers for APD sparks privacy concerns - Austin Monitor

Proposal to reinstate license plate readers for APD sparks privacy concerns

Thursday, July 28, 2022 by Kali Bramble

After a two-year hiatus, City Council is reconsidering Austin Police Department’s defunct automated license plate reader program, rekindling debate over potential ramifications of the powerful surveillance tool. The software can also automatically flag plates that correspond with listed suspects in offenses like carjackings, abductions and hit-and-runs. Council Member Ann Kitchen wondered whether this control might be better handled with some checks and balances, floating the idea that data inquiries could be reviewed by a committee like the Office of Police Oversight. My understanding is that APD will have to require whoever uses this to explain why and give reports to Council … but once we leave APD, I don’t think we can expect the same kind of reporting from other law enforcement agencies … and if the only standard is an alleged crime has been committed, that’s a pretty big catch-basin. I cannot support the creation of a database that can be later fished through for potential criminal activity. The Austin Monitor’s work is made possible… cont

Read full article here:
austinmonitor.com/../proposal-to-r..
(warning: ads & trackers)



digiday.com, Thu 07/28:
‘I highly doubt this is the last deadline’: Why Google’s daunting balancing act leaves the cookie’s fate open-ended

Google has confirmed what many have speculated: it will further delay phasing out third-party cookies in its Chrome web browser until the second half of 2024. The economy being rocky could be making people redeploy resources that have been working on Privacy Sandbox

It’s the second such postponement in a little more than 12 months. In January 2020, when Google initially said it would phase out third-party cookies, it said it expected to make a move in 2022. Although, for some, the fact that news of the delay was leaked (Insider first reported it on Wednesday) is indicative of just how unwieldy a task Google has ahead of it. Bannister, whose team has been in direct discussions with the Google Chrome team, speculated that the ongoing economic uncertainty may have played a role in causing the latest delay as multiple companies in the space (not just Google) have been forced to prioritize generating revenues in the near term.

Read full article here:
digiday.com/../i-highly-doubt-this..
(warning: ads & trackers)



Gizmodo, Wed 07/27:
Experts Tell Congress to Blacklist Abusive Spyware Cos Like NSO

Members of Congress—you know, the people who can’t seem to do anything—are taking their considerable talents to the fight against digital threats. On Wednesday, the House Intelligence Committee held a public hearing to address the threat of “commercial cyber surveillance,” otherwise known as the spyware industry. Getting federal contracts is the ultimate prize for any defense contractor, and their investors. New victims of spyware abuses are popping up with increasing regularity. Kanimba subsequently launched a campaign to free her father, but, unbeknownst to her, she quickly came under surveillance via Pegasus—the NSO Group’s powerful spyware that can track nearly every move someone makes on a smartphone and in the physical world via location data. According to Railton, going after spyware firms’ financial backing has been the surest way to curb their bad behavior—and he urged Congress to do something. The decision to shut out NSO—along with another Israeli spyware firm, Candiru—has led to serious financial trouble for both businesses.

Read full article here:
gizmodo.com/../congress-hearing-ns..
(warning: ads & trackers)



CPO Magazine, Wed 07/27:
Ring Doorbell Surveillance Footage Accessed by Law Enforcement Without Warrants or Owner Consent

A probe headed up by Massachusetts Senator Ed Markey has discovered that surveillance footage from Amazon’s Ring devices is being provided to law enforcement agencies without warrants or the consent (or knowledge) of device owners, with at least 11 incidents recorded by the company this year. Some other interesting pieces of information were revealed by the letter. The amount of law enforcement agencies partnered with Ring nationwide has grown to 2,161, up from just 400 in 2019. Separate data released by the company indicates that it received over 3,100 legal demands in 2021, up from 1,900 in 2020. Ring says that about 40% of these requests involve turning over user personal information in addition to the requested surveillance footage. surveillance #respectdata

Click to Tweet

Senator Markey has also previously criticized the language Amazon uses in communications with Ring customers regarding law enforcement agencies, saying that they use “targeted” and “encouraging” wording to nudge users toward voluntarily sharing surveillance footage.

Read full article here:
cpomagazine.com/../ring-doorbell-s..
(warning: ads & trackers)



Reuters, Wed 07/27:
U.S. Senate panel approves update of children's online privacy bill

A U.S. Capitol Police officer stands on the Senate steps as storm clouds pass over the U.S. Capitol in Washington, U.S. July 18, 2022. REUTERS/Jonathan Ernst

WASHINGTON, July 27 (Reuters) - The U.S. Senate Commerce Committee voted Wednesday to approve a measure that would raise the age children are given special online privacy protections to 16 and bar targeted advertising to children by companies like TikTok and Snapchat (SNAP.N) without consent. The bill, which was adopted by voice vote, will now go to the full Senate for consideration.

Read full article here:
reuters.com/../us-senate-panel-app..
(warning: ads & trackers)



biometricupdate.com, Wed 07/27:
Biometric data privacy lawsuits against Amazon, Clearview survive dismissal appeals

Neither Amazon nor Clearview AI made progress this week fending off biometric privacy lawsuits filed in the United States. The argument did not specifically address the connection between plaintiffs and the state or lack thereof, however, the judge ruled in a decision reposted by Law360. The agency found that it had violating several articles of the European Union’s General Data Protection Rule with its facial recognition service. Plaintiffs Steven Vance and Tim Janecyk had asked Judge James Robart to reject that request (in case 2:20-cv-01084), arguing (also for the second time) that Amazon used the biometric data – gathered from Illinois residents — to a not-insignificant extent, according to trade publication Law360.

Read full article here:
biometricupdate.com/../biometric-d..
(warning: ads & trackers)



pacificlegal.org, Wed 07/27:
Monty Python and the quest to uphold an individual’s right to privacy

Pacific Legal Foundation has acquired a lost alternate version of one of the last scenes in the cult classic film, Monty Python and The Holy Grail. The old keeper of the bridge is not just going to let them mosey their way across—he will ask every man five questions—excuse me, three questions—which he must answer correctly lest he be cast into the Gorge of Peril. Who would cross the Bridge of Death must answer me these questions three, ere the other side he see. BEDIVERE: How do you know so much about the U.S. Constitution? When she refused to answer because she found these questions far too invasive, the Census Bureau didn’t threaten to throw her into the Gorge of Peril… but it did threaten to fine her $5,000 per unanswered question. The Census Bureau has very limited authority as to what the census can ask. Unless Congress gives the Census Bureau the explicit authority to levy these fines, the bureau’s threats are unconstitutional.

Read full article here:
pacificlegal.org/../monty-python-a..
(warning: ads & trackers)



The Markup, Wed 07/27:
Who Is Collecting Data from Your Car? – The Markup

A firehose of sensitive data from your vehicle is flowing to a group of companies you’ve probably never heard of By Jon Keegan and Alfred Ng

Today’s cars are akin to smartphones, with apps connected to the internet that collect huge amounts of data, some of which is highly personal. But the products they create and services they provide illustrate how the industry works and the breadth of its reach. Vehicle data hubs ingest vehicle and movement data from multiple sources: from car manufacturers, other connected vehicle data providers, directly from vehicles using aftermarket hardware such as “onboard diagnostics” (OBD) dongles, or from smartphone apps. The data is then consolidated and normalized in one place for analysis and insights. The companies normalize the data and offer it to customers in the form of a dashboard or insights derived from analysis or other data products. Their business proposition is collect all this data, create massive databases, try to standardize this data as much as possible and then literally sell it. When used to produce insights, the data is usually aggregated. They create “usage-based insurance” (UBI) products priced on driver data. *… cont

Read full article here:
themarkup.org/../who-is-collecting..
(warning: ads & trackers)



news.bloomberglaw.com, Wed 07/27:

In the aftermath of the US Supreme Court’s decision to strike down a nearly 50-year federal right to abortion access, social media, texts, and conversations among opponents soon shifted to forming a privacy bulwark by deleting apps tracking menstruation, sexual activity or reproductive health. It will be imperative for non-governmental entities collecting this type of information—such as commercial health tech companies or not-for-profit health organizations—to increase their awareness of relevant laws and re-examine any internal and public policies about their data collection, use, and privacy. Google recently announced a new program to automatically delete location data for users visiting “particularly personal” places such as counseling centers, domestic violence shelters, abortion clinics, and fertility centers. Federal and state lawmakers continue to address privacy gaps for other sensitive personal data. The Health and Human Services Department’s Office for Civil Rights further emphasized that current federal health privacy rules known as HIPPA don’t protect an individual’s health information when its stored on a personal cell phone or tablet. Any company or entity collect… cont

Read full article here:
news.bloomberglaw.com/../pandoras-..
(warning: ads & trackers)



The Guardian (UK), Tue 07/26:
Facial recognition cameras in UK retail chain challenged by privacy group

Shoppers at a grocery store chain across southern England are being surveilled with facial recognition cameras, prompting a legal complaint by civil rights campaigners. According to the complaint made to the Information Commissioner’s Office, the surveillance system "uses novel technology and highly invasive processing of personal data, creating a biometric profile of every visitor to stores where its cameras are installed". Individuals can submit a subject access request to check if this applies to them, the chain said.

Read full article here:
theguardian.com/../facial-recognit..
(warning: ads & trackers)



The Guardian (UK), Mon 07/25:
Bunnings and Kmart halt use of facial recognition technology in stores as privacy watchdog investigates

Kmart and Bunnings have paused the use of facial recognition technology in their stores, amid an investigation from Australia’s privacy regulator. Bunnings managing director Mike Schneider confirmed an AFR report that the company had informed the OAIC that Bunnings had stopped using the technology. A spokesperson for Kmart also confirmed it had also ceased using the technology. Kmart believes the use of the technology for "preventing criminal activity such as refund fraud" is appropriate and subject to strict controls, the spokesperson said.

Read full article here:
theguardian.com/../bunnings-and-km..
(warning: ads & trackers)



The Intercept, Sun 07/24:
Documents Reveal Advanced AI Tools Google Is Selling to Israel

Training materials reviewed by The Intercept confirm that Google is offering advanced artificial intelligence and machine-learning capabilities to the Israeli government through its controversial "Project Nimbus" contract. The project is intended to provide the government, the defense establishment and others with an all-encompassing cloud solution," the ministry said in its announcement. Though some of the documents bear a hybridized symbol of the Google logo and Israeli flag, for the most part they are not unique to Nimbus. The documents obtained by The Intercept detail for the first time the Google Cloud features provided through the Nimbus contract. Related Google does not appear to share Microsoft’s concerns. An AI can comb through collected surveillance feeds in a way a human cannot to find specific people and to identify people, with some error, who look like someone. Credit: Google The employee - who, like other Google workers who spoke to The Intercept, requested anonymity to avoid workplace reprisals - added that they were further alarmed by potential surveillance or other militarized applications of AutoML, another Google AI tool offered through Nimbus. This training … cont

Read full article here:
theintercept.com/../google-israel-..
(warning: ads & trackers)



The Tribune (India), Sat 07/23:
Supreme Court recognises 'right to be forgotten', says it's part of privacy

Tribune News Service Satya Prakash New Delhi, July 22 Recognising "right to be forgotten" as a facet of right to privacy, the Supreme Court has ordered masking of personal details of parties to a case of sexual offence after the woman submitted that it was causing embarrassment and social stigma to her. The petitioner had moved an application contending that display of her name in the public domain was causing immense loss to her due to social stigma and infringement to her privacy.

Read full article here:
tribuneindia.com/../top-court-reco..
(warning: ads & trackers)



EFF, Fri 07/22:
Americans Deserve More Than The Current American Data Privacy Protection Act

EFF is disappointed by the latest draft of the American Data Privacy Protection Act, or the ADPPA (H.R. 8152), a federal comprehensive data privacy bill. EFF opposes rolling back state privacy protections to meet a lower federal standard. But states have been the engine for movement on privacy for years. The Bill Needs Stronger Individual Rights to Fight Back EFF long has argued that data privacy bills must include strong private rights of action, which allow people to sue companies that violate their privacy. Many companies hate private rights of action: they don’t want you to have your day in court. So protection from forced arbitration is central to our approach to data privacy legislation. People also should be able to recover liquidated damages and punitive damages. Individual lawsuits are important, but often require people to first marshal substantial resources; each additional roadblock makes this remedy less accessible. New Major Loopholes We are also concerned about newly accepted amendments to the bill that address data flows between companies such as Clearview AI or ID.me and the government. Specifically, the bill may treat these companies as "service providers"-defi… cont

Read full article here:
eff.org/../americans-deserve-more-..
(It's EFF - safe to visit)



EFF, Fri 07/22:
Police Are Still Abusing Investigative Exemptions to Shield Surveillance Tech, While Others Move Towards Transparency

When it comes to acceptable levels of secrecy around police tools, states have drawn their lines in very different places, resulting in some communities where it is much harder for the public to know what invasive tools are being used. This variance has impacted EFF’s ability to catalog known uses of CSS and other surveillance equipment across the United States in the Atlas of Surveillance. Their work demonstrated how departments across the country provide a range of responses to community members interested in how they’re being surveilled. Because the agencies were already known to have purchased the tech, it was a fair assumption they would have responsive materials. Some students received dozens of records and others nothing at all. Despite a mandated five-day period in which the Sheriff could respond, after five months, no acknowledgment of the request has been provided at all. Another California law requires law enforcement using cell-site simulators (CSS) to locate and track people’s cell phones to post their policies online. But in Virginia, that same information can be withheld entirely from public view. The exact outlines of the exemption vary from state to state, but i… cont

Read full article here:
eff.org/../police-are-still-abusin..
(It's EFF - safe to visit)



Privacy International, Fri 07/22:
Privacy and the Body: Privacy International’s response to the U.S. Supreme Court’s attack on reproductive rights

The relationship between privacy and access to abortion care In 1973, in the state of Texas, it was a criminal offence to "procure or attempt" an abortion except if the purpose was "saving the life of the mother." "The Court finally recognised that the promise of liberty and equality for all, as guaranteed by the U.S constitution, would never be fulfilled for anyone who has the capacity to become pregnant in the absence of fundamental rights which shield the private sphere of reproductive autonomy from government control. This significant question mark is what led to anguished battles over issues relating to contraception, abortion, homosexuality, the "right to die" and other volatile subjects. The hospital cited the fact that to do so would be a punishable criminal offence. The majority in Dobbs argued that reproductive rights, and specifically, the right to access safe and legal abortions, should be carved out of the constitutional protections for fundamental-decision privacy. Indeed, the ruling goes as far as to suggest a new definition of privacy. Abortion as a key component of the right to privacy The decision in Dobbs thus weakens the fundamental rights to liberty and priv… cont

Read full article here:
privacyinternational.org/../privac..
(warning: ads & trackers)



Privacy International, Fri 07/22:
Privacy and Sexual and Reproductive Health in the Post-Roe world

In the wake of the recent news of the US Supreme Court’s decision to overturn the ruling of Roe v Wade in its ruling in Dobbs v Jackson Women's Health Organization, headlines have been dominated by conversations around privacy and fears of how the criminalisation of abortion care and surveillance by law enforcement will play out in a tech driven world. However, the extent to which companies and app developers are upholding privacy requirements and whether users’ data, whether knowingly or unknowingly, is being exploited and shared with third parties, including law enforcement, is of deep concern - especially given the current context as the criminalisation of abortion will further drive people online to covertly manage their reproductive health, including access to abortion care. Against this backdrop, the UN Special Rapporteur on the Right to Privacy published a report on the protection and use of health-related data in 2019. Period-Tracking Apps Period-tracking apps, by default, collate mass amounts of personal and sensitive information from its users.

Read full article here:
privacyinternational.org/../privac..
(warning: ads & trackers)



EFF, Thu 07/21:
Privacy International and the Electronic Frontier Foundation’s Statement on Unauthorized Access to Data

Statement to the second session of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes on Agenda Item 4: (illegal/unlawful/unauthorized ) access Addressing some of the first group of questions, we believe that any future Treaty should ensure that (illegal/unlawful/unauthorized ) access does not criminalize security research, whistleblowers, and other novel and interoperable uses of technology that ultimately benefit all of us.

Read full article here:
eff.org/../privacy-international-a..
(It's EFF - safe to visit)



vox.com, Thu 07/21:
The end of Roe could finally convince Americans to care more about privacy

So do many of her friends and constituents, who messaged her about those apps after the Supreme Court’s decision to overturn Roe v. Wade leaked. Major privacy concerns with period tracking apps emerged earlier this year, as the possibility that abortion could become illegal in certain parts of the country loomed. "It becomes really scary to think about all of the ways this data can be used and the fact that we have no protections against it right now," Jacobs said. Her bill is just one example of how the reversal of Roe and subsequent criminalization of abortion in several states may have put the biggest spotlight on online privacy since Facebook’s Cambridge Analytica scandal. There’s also a world of data brokers and app developers that, in the absence of federal privacy legislation, track us in ways many people don’t understand or expect. "We can’t rely on the goodwill of Big Tech to protect sensitive information that may affect women’s access to abortion and reproductive health care services - or worse, lead to their prosecution," said Sen. Elizabeth Warren (D-MA), who introduced the Health and Location Data Protection Act (of which Wyden is a cosponsor). " We need federal leg… cont

Read full article here:
vox.com/../roe-dobbs-abortion-data..
(warning: ads & trackers)



The Hill, Thu 07/21:
Federal privacy legislation that protects civil rights is critical for all Americans

We should celebrate the fact that Congress is considering legislation that would give all Americans robust privacy protections. We think of civil rights as affecting only a few, but civil rights affect everyone. In addition to privacy, it’s crucial that a data protection law incorporates explicit legal safeguards against direct discrimination and indirect harms (disparate impact) to marginalized communities. The U.S. needs a law that will implement clear and meaningful civil rights safeguards. The proposed law has some shortcomings, which many have been engaged at addressing. ADPPA would modernize civil rights for the digital age: It is significantly stronger than the current frameworks in place and would update existing civil rights protections, further clarifying that digital discrimination is illegal and mandating that companies take meaningful steps to address algorithmic discrimination, not just against marginalized communities, but against children as well. Policymakers must consider what it would mean to lose this important opportunity by failing to come to the table.

Read full article here:
thehill.com/../3568525-federal-pri..
(warning: ads & trackers)



Gizmodo, Wed 07/20:
Zuckerberg and Sandberg Ordered to Testify over Alleged Involvement in Cambridge Analytica Scandal

Meta CEO Mark Zuckerberg and former COO Sheryl Sandberg will have to provide testimony to a federal court to discuss their alleged involvement in the company’s notorious Cambridge Analytica scandal, over half a decade since it first captured the world’s attention. This comes as part of a class action lawsuit filed against Meta, claiming the company violated consumer privacy laws when it shared user data with Cambridge Analytica back in 2015. Plaintiffs in the case previously accused Meta and the law firm representing it of "stonewalling," during the court’s discovery phase.

Read full article here:
gizmodo.com/../zuckerberg-sandberg..
(warning: ads & trackers)



Gizmodo, Wed 07/20:
Google Wants to Test Augmented Reality Glasses in Public—What Could Go Wrong?

Google says it’s preparing to start testing new prototype augmented reality glasses in public next month. The renewed push for public testing comes despite a tidal wave of public backlash against the company’s first consumer smartglasses debacle nearly a decade ago. Google said it will begin testing its prototypes with around a dozen Google staffers and trusted testers with an apparent focus on "ensuring the privacy of the testers and those around them." Google teased a new pair of AR glasses capable of translating language in real-time at its I/O 2022 event but was lacking in details beyond that. Buy for $997 from Amazon Advertisement The general public at the time was deeply skeptical of Google Glass’ privacy implications.

Read full article here:
gizmodo.com/../google-ar-ar-glasse..
(warning: ads & trackers)