Skip to content

Privacy News: December 7

A person holding a sign saying No Killer Robots

SF says no to killer robots (for now), the EU  says  no to Meta's  business model, questions   about state  privacy legislation ... and  more!

San Francisco: In a surprise turnaround, robot lethal force is banned — for now

Will Jarrett on Mission Local (

In an unexpected about-face, the Board of Supervisors today voted to temporarily ban the police department from using robots with lethal force.   Last week, The Board had voted 8-3 to approve robot lethal forcelast week, but at the "second hearing" today the vote went the other way: 8-3 to send the issue back to the Rules committee for further review.  Thanks and congratulations to everybody who got involved!


noyb win: Personalized Ads on Facebook, Instagram and WhatsApp declared illegal

on (

The European Data Protection Board has decided that three Meta Apps (Facebook, Instagram and WhatsApp) did not have a legal basis to process user data since May 2018.


Face surveillance

A Forensic Without the Science: Face Recognition in U.S. Criminal Investigations

Georgetown Law Center on Privacy & Technology (

A report released by the Center on Privacy & Technology evaluates the reliability of face recognition as it is used by police in the United States.

State Privacy Legislation

Five Big Questions (and Zero Predictions) for the U.S. State Privacy Landscape in 2023

Keir Lamont on Future of Privacy Forum (

Lamont’s questions

  1. Will any state raise the bar for privacy protections?
  2. Is there an ‘ADPPA Effect’?
  3. Are we in the Age of the Age-Appropriate Design Code?
  4. Will lawmakers prioritize protections for health and location data?
  5. How effective will the new laws be?

FPF Releases Comparative Analysis of California and U.K. Age-Appropriate Design Codes

Chloe Altieri on Future of Privacy Forum (

The Future of Privacy Forum (FPF) today released a new policy brief comparing the California Age-Appropriate Design Code Act (AADC), a first-of-its-kind privacy-by-design law in the United States, and the United Kingdom’s Age-Appropriate Design Code. While there are distinctions between the two codes, the California AADC, which is set to become enforceable on July 1, 2024, was modeled after the UK’s version and represents a significant change in the regulation of the technology industry and how children will experience online products and services.

And ...

Perspective | The voices left out of Elon Musk’s free-speech agenda

Shira Ovide on The Washington Post (

Elon Musk has said little about what Twitter should do to give people a voice when their own governments do not want people to have it. Look at China and Iran.

ICE data dump reveals PII of 6,000+ asylum seekers

Jessica Lyons Hardcastle on The Register (

Your tax dollars at work

Twitter’s iOS app is riddled with privacy settings glitches

Amanda Silberling on TechCrunch (

Features affecting protected tweets, mentions and sensitive content are not working correctly for many Twitter iOS users.

Tech & Society Salon: The Home Surveillance State

on Eventbrite (

Join our talk as we discuss which devices are monitoring you and your activities in and around your residence, and how police use your data.

Are we taking patient privacy as seriously as we ought to be?

Andrea Fox on Healthcare IT News (

At the 2022 HIMSS Healthcare Cybersecurity Forum in Boston, keynote speaker Anita Allen described the delicate and complex balance between the imperative of data sharing and the need to protect privacy.

US intelligence chief: Parents ‘should be’ concerned for kids’ privacy on TikTok

Olafimihan Oshin on The Hill (

Director of National Intelligence Avril Haines is warning parents about risks to their children’s data privacy on the social media platform TikTok, which is owned by the Chinese company ByteD…

Will we be able to protect our privacy in the metaverse?

Kurt Robson on Verdict (

The metaverse is one of the hottest topics in big tech right now, but is our privacy in the metaverse going to be protected?

Geofencing Warrants Are a Threat to Privacy

Bonnie Kristian on (

A precedent set in the January 6 prosecutions could be dangerous to the public.

Tinder subject of new Illinois class action privacy lawsuit

John Clark on (

ROCKFORD, Ill. (WTVO) — Users of Tinder in Illinois may be eligible for a claim in a class action lawsuit. According to the Cook County Record, a lawsuit filed in October on behalf of plaintiffs Br…

International Coalition of Rights Groups Call on Internet Infrastructure Providers to Avoid Content Policing

Paige Collings on Electronic Frontier Foundation (

San Francisco—Internet infrastructure services—the heart of a secure and resilient internet where free speech and expression flows—should continue to focus their energy on making the web an essential resource for users and, with rare exceptions, avoid content policing. Such intervention often...

Invasion of Privacy Lawsuits Will Be On The Rise In California Where Employers Use Monitoring/Tracking Technology

Dan Forman on JD Supra (

California is one of the only states that provides its employees and citizens with an express constitutional right of privacy.

TikTok CEO offers reassurances over data privacy

Sarah E. Needleman, Alexander Saeedy on MarketWatch (

TikTok Chief Executive Shou Chew said the video-sharing platform is taking greater steps to keep user data secure and that it needs to invest more in...

Australian Parliament Passes Privacy Penalty Bill

Alessandro Mascellino on Infosecurity Magazine (

The higher penalties and extended powers will become effective after the bill receives royal assent

What Do the Multimillion-Dollar Google Settlement, Meta Fine Mean for Data Privacy?

Carrie Pallardy on InformationWeek (

Google agreed to pay a significant amount in a settlement for violating consumer privacy laws. Could this settlement and Meta’s latest fine be the beginning of a new future for data privacy?

The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache

on International Association of Privacy Professionals (

IAPP Editorial Director Jedidiah Bracy speaks with EU AI Act Co-rapporteur and Romanian MEP Dragoș Tudorache about the state of play of the proposed legislation

Consumers in three recent biometric data privacy cases seek class action status

Jim Nash on (

Three proposed U.S. class actions involving alleged biometric privacy violations are churning between Chicago and New Orleans.

Privacy Rights in a Remote Work World: Can My Employer Monitor My Activity?

Bonnie Henry on The National Law Review (

The rise in remote work has brought with it a rise in employee monitoring.  Between 2019 and 2021, the percentage of employees working primarily from home tripled.

The biggest security risks of using fitness trackers and apps to monitor your health

Cheryl Winokur Munk on CNBC (

Fitness trackers and apps from Google’s Fitbit to Apple Watch and Strava help stay on top of health and wellness, but secure personal data before sporting them.

How to stop Facebook Messenger spam from reaching you

Dave Johnson on Insider (

You can reject most or all spam messages in Facebook Messenger automatically by adjusting your privacy settings.

Brave starts showing “privacy-preserving” ads in search results

Sergiu Gatlan on BleepingComputer (

Brave Software announced that, as part of a global beta program, it is now displaying “privacy-preserving ads” in-between results shown by its web search engine to select users.

India Requires Internet Services to Collect and Store Vast Amount of Customer Data, Building a Path to Mass Surveillance

Karen Gullo on Electronic Frontier Foundation (

Privacy and online free expression are once again under threat in India, thanks to vaguely worded cybersecurity directions—promulgated by India’s Computer Emergency Response Team (CERT-In) earlier this year—that impose draconian mass surveillance obligations on internet services, threatening...

LOST THE WAR?: Google Beats a CIPA Case—But the Ruling Likely Paves the Way for Another Generation of California Privacy Claims

Puja J. Amin on The National Law Review (

Happy Sunday my fellow CIPA followers! I am currently en route to Florida (the Czar is currently snoozing in flight next to me. I have video evidence for anyone who wants it). And traveling cross coun

Zcash Doesn’t Need Your Trust

Daniel Kuhn on CoinDesk (

For years, the Electric Coin Company has been breaking new ground with zero-knowledge proofs. This year itradically improved privacy on itsZcash protocol, even as the right to use it is under attack. That’s why CEO Zooko Wilcox is one of CoinDesk’s Most Influential 2022.

Experts say Chula Vista’s new privacy policy falls short

Amita Sharma on KPBS Public Media (

Chula Vista officials claim the policy bans the sale of data picked up by police surveillance tools. Yet, most personal information could still lawfully be sold, according to experts in how surveillance data is used and regulated.

Apple faces critics over its privacy policies

Jules BONNARD on Tech Xplore (

Apple presents itself as a white knight on the subject of privacy, but critics say its own advertising ambitions are built on anti-competitive practices.

UPS and FedEx gun purchase tracking policies draw privacy concerns

Alexandra Weaver on (

Reports of new UPS and FedEx policies surrounding the purchase of firearm products and parts in addition to the firearms themselves have a group of attorneys general worried.

We Asked Privacy Experts About Amazon and Ring’s Controversial Relationship With Law Enforcement

Taylor Galla on Yahoo Life (

Is Ring a great tool for protecting your home, or another tool to be used by the surveillance state? We talked to cybersecurity experts to find out.

Asia Pacific privacy conference covers biometric data collection, voice ID case | Biometric Update

Joel R. McConvey on (

The forum saw representatives from seventeen APPA member nations gather to meet and discuss privacy regulation, enforcement and best practices.

Hamburg DPA issues optimistic stance on Executive Order for EU-U.S. Data Privacy Framework

on Hogan Lovells Engage 5.7.7 (

The Data Protection Authority (“DPA”) of the German state Hamburg is one of the first European DPA to publish an optimistic assessment on the U.S. Executive Order on “Enhancing Safeg...