Privacy News Roundup: February 22
As usual, there's a lot going on!
As always, a lot going on!
Forget Milk and Eggs: Supermarkets Are Having a Fire Sale on Data About You
Jon Keegan on The Markup (themarkup.org)
When you use supermarket discount cards, you are sharing much more than what is in your cart—and grocery chains like Kroger are reaping huge profits selling this data to brands and advertisers
EU parliamentary committee says ‘no’ to EU-US data privacy framework
Jon Gold on Computerworld (computerworld.com)
Progress on ratifying the Trans-Atlantic Data Policy Framework hit a snag, as a parliamentary committee rejected a draft decision to adopt the pact, saying it did not comply with the EU’s GDPR privacy regulations. It's not really that surprising – there was a lot of skepticism when the deal was first announced – but hope springs eternal.
State privacy legislation
Congress’ push for a privacy law is alive and well — in statehouses
Alfred Ng on POLITICO (politico.com)
Ng looks at EPIC's push for state legisation modeled after the American Data Privacy and Protection Act (ADPPA). Massachusetts and Illinois have already introduced bills based on ADPPA; meanwhile, other states are continuing to introduce TechNet-backed bills similar to Virginia's (based on the Bad Washington Privacy Act).
California lawmaker seeks to end to ‘reverse warrants’ that could pinpoint abortion seekers
Tonya Riley on CyberScoop (cyberscoop.com)
Lawmakers say the overly broad digital surveillance tool poses a major threat to reproductive health privacy.
ALSO: EFF Backs California Bill to Protect People Seeking Abortion and Gender-Affirming Care from Dragnet Digital Surveillance, Hayley Tsukayama on Electronic Frontier Foundation (eff.org)
Opinion: This bill would hurt children while trying to help them
Shoshana Weissmann on Deseret News (deseret.com)
Utah lawmakers are considering SB152, which would require children and adults to provide proof of age to internet sites in order to gain access
Illinois Supreme Court Determines BIPA Claims Accrue Individually With Each Violation
Kristin L. Bryan, Kyle R. Fath, Christina Lamoureux, and David J. Oberly on The National Law Review (natlawreview.com)
The Illinois Supreme Court today confirmed that each separate violation of the Illinois Biometric Information Privacy Act (BIPA) constitutes a distinct and separately actionable violation of the statute. The decision exponentially increases liability exposure and the scope of damages that may be collected for alleged violations of BIPA.
- White Castle faces up to $17B fine over worker fingerprints, Tobias Mann on The Register (theregister.com)
- Illinois Supreme Court Holds Five-Year Limitations Period Applies To All BIPA Claims, Mark Wallin on The National Law Review (natlawreview.com)
- Ill. Justices Say BIPA Claims Accrue With Each Scan, Law360 - (law360.com)
- Illinois Supreme Court issues opinion over ongoing White Castle biometric privacy case, Aislinn Murphy on Fox Business (foxbusiness.com)
- Biometric Privacy Class Actions Take Aim at Virtual “Try-On” Retailers, Robert D. Boley on The National Law Review (natlawreview.com)
AI and Automated Decision Systems
German Constitutional Court strikes down predictive algorithms for policing
Molly Killeen on EURACTIV (euractiv.com)
The German Federal Constitutional Court has declared the use of Palantir surveillance software by police in the states of Hesse and Hamburg unconstitutional.
- Germany Raises Red Flags About Palantir’s Big Data Dragnet, Morgan Meaker on WIRED (wired.com)
- German Court Rules Police Use of Crime-Fighting Software is Unlawful, Reuters on Voice of America (VOA News) (voanews.com)
- Bundesverfassungsgericht - Entscheidungen - Regelungen in Hessen und Hamburg zur automatisierten Datenanalyse für die vorbeugende Bekämpfung von Straftaten s... on BVerfG (bundesverfassungsgericht.de)
Privacy Regulators Step Up Oversight of AI Use in Europe
Catherine Stupp on The Wall Street Journal (wsj.com)
The growth of AI business applications, plus coming EU rules on the technology, are pushing privacy regulators to open dedicated units and hire staff.
Can ‘we the people’ keep AI in check?
Connie Loizos on TechCrunch (techcrunch.com)
Technologist and researcher Aviv Ovadya isn’t sure that generative AI can be governed, but he thinks the most plausible means of keeping it in check might just be entrusting those who will be impacted by AI to collectively decide on the ways to curb it.
Meta will also sell blue badge on Instagram and Facebook
Manish Singh on TechCrunch (techcrunch.com)
Remember how hard people fought against Facebook's "real names" policy back in 2014? Now, Meta CEO Mark Zuckerberg has launched Meta Verified, a subscription service that will allow Facebook and Instagram users to pay for the privilege of sending them your government-issued ID and getting a blue badge. It's a great example of the phenomon Chris Gilliard and David Golumbia describe in Luxury Surveillance: "People pay a premium for tracking technologies that get imposed unwillingly on others."
Google Launches Way for Android Apps to Track You Without Tracking You
Thomas Germain on Gizmodo (gizmodo.com)
Privacy Sandbox, the set of changes that will kill third-party cookies forever, is now coming to Android. Paradoxically, Google says the goal is to track everything you do online in a way that’s better for your privacy.
ALSO: Android launches yet another way to spy on users with “Privacy Sandbox” beta, Ron Amadeo on Ars Technica (arstechnica.com)
Twitter’s Two-Factor Authentication Change ‘Doesn’t Make Sense’
Lily Hay Newman on WIRED (wired.com)
The company will soon require users to pay for a Twitter Blue subscription to get sign-in codes via SMS. Security experts are baffled.
ALSO: How to keep your Twitter secure without giving Elon Musk any money, Zack Whittaker on TechCrunch (techcrunch.com)
FTC’s new Office of Technology will help mop up tech ‘oozing with snake oil’
Devin Coldewey on TechCrunch (techcrunch.com)
The FTC is embracing change with the establishment of an Office of Technology that will help it regulate the fast-moving world of tech.
ALSO: A Century of Technological Evolution at the Federal Trade Commission, the Premerger Notification Office Staff on Federal Trade Commission (ftc.gov)
Gonzalez v. Google Live Analysis – Institute for Rebooting Social Media
A detailed discussion of the Supreme Court hearing on a key Section 230 case.
ALSO: Quick Debrief on the Gonzalez v. Google Oral Arguments, Eric Goldman on Technology & Marketing Law Blog (blog.ericgoldman.org)
New research suggests that privacy in the metaverse might be impossible
Louis Rosenberg, Unanimous A.I. on VentureBeat (venturebeat.com)
Protecting privacy in the metaverse is critical, and it’s shocking how little data is needed to uniquely identify a user in the metaverse.
FTC Launches New Office of Technology to Bolster Agency’s Work
the Premerger Notification Office Staff on Federal Trade Commission (ftc.gov)
The Federal Trade Commission today launched a new
This Tool Could Protect Artists From A.I.-Generated Art That Steals Their Style
Kashmir Hill on NYTimes (nytimes.com)
Artists want to be able to post their work online without the fear “of feeding this monster” that could replace them.
Air Canada Launches Digital Identification; First Airline to Test Facial Recognition Technology for Identification Verification in Canada
on Air Canada (media.aircanada.com)
In a pilot project currently underway, Air Canada's digital identification is now available for customers departing from Vancouver International Airport and for eligible customers entering the Air Canada Café at Toronto Pearson International Airport.
Brussels sets out to fix the GDPR
Clothilde Goujard on POLITICO (politico.eu)
New law to solve enforcement flaws of the GDPR could open a Pandora’s box of lobbying and regulators’ infighting.
Domestic violence hotline calls will soon be invisible on your family phone plan
Ashley Belanger on Ars Technica (arstechnica.com)
Domestic violence hotline launches biggest effort yet with wireless industry.
New Mobile Phone Service Shows We Can Have Both Privacy and Nice Things
Daniel Kahn Gillmor, Jay Stanley on American Civil Liberties Union (aclu.org)
Despite the desires of companies to monetize our data, we must insist that privacy be built into the technologies we depend on.
Artificial intelligence chatbot banned by Italian privacy authority
Giorgia Carneri on GamingTechLaw (gamingtechlaw.com)
The Italian data privacy authority ordered the prohibited a chatbot powered by an artificial intelligence system
Privacy-by-design can be a source of value and opportunity, not cost
Divsha Bhat on Gulf Business (gulfbusiness.com)
Privacy can become a selling point and a source of value, especially when it is implemented by design and not reactively.
Privacy and Cybersecurity Issues in Electric Vehicles
Hannah Ji-Otto on JD Supra (jdsupra.com)
This is the second article in a series of alerts that addresses what businesses, organizations and governmental entities should be considering as they...
Opinion: Chula Vista’s use of automated license plate surveillance threatens everyone’s privacy
Norell Martinez, Nancy Relaford, Margaret Baker on San Diego Union-Tribune (sandiegouniontribune.com)
Use of surveillance technology disproportionately impacts immigrants.
Americans Flunked This Test on Online Privacy
Natasha Singer and Jason Karaian on NYTimes (nytimes.com)
Many consumers want control over their personal details. But few understand how online tracking works, says a new report from the University of Pennsylvania.
ChatGPT is a data privacy nightmare. If you’ve ever posted online, you ought to be concerned
Uri Gal on The Conversation (theconversation.com)
ChatGPT is fuelled by our intimate online histories. It’s trained on 300 billion words, yet users have no way of knowing which of their data it contains.
Ex-Twitter privacy chief takes job at social media app BeReal
Sara Merken on Reuters (reuters.com)
Damien Kieran, who resigned as Twitter Inc’s chief privacy officer in November after Elon Musk took over the social media giant, has joined photo sharing app-maker BeReal as its top lawyer.
A New Draft Privacy Model Blooms From the NAIC Privacy Working Group
Ann Young Black on JD Supra (jdsupra.com)
On February 1, the NAIC’s Privacy Working Group’s new privacy model germinated. After months of development, the exposure draft, titled “Insurance Consumer Privacy Protection Model Law #674” (Proposed Model), has finally reached daylight.
On the Grid: Data and Privacy Protection Act
Mayukh Sircar on The National Law Review (natlawreview.com)
In a presentation by Ward and Smith attorney Angela Doughty, In-House Counsel Seminar attendees received an overview on a variety of topics relevant to privacy and data security, including curren
Web Tracking Creates a Web of Data Privacy Risks
Anahita Anvari on JD Supra (jdsupra.com)
Regulatory enforcement and large litigation relating to the use of third party trackers on companies’ websites and applications have been on the rise....
Evolving enforcement priorities in times of debate - Overview of regulatory strategies of European Data Protection Authorities for 2023 and beyond
Sebastião Barros Vale on Future of Privacy Forum (fpf.org)
At a time where the effectiveness of the EU General Data Protection Regulation (GDPR) enforcement model is being challenged by the European Parliament, Data Protection Authorities (DPAs), civil society, and policymakers, the European Data Protection Board (EDPB) has launched several initiatives to reform the way DPAs are working together.
Why Colorado draft AI insurance rules are a “major leap forward” for AI governance
Sharon Goldman on VentureBeat (venturebeat.com)
Colorado’s draft rules for life insurance companies using AI for coverage decisions are game-changing, says Debevoise & Plimpton’s Avi Gesser.
Opinion | Why I’m Resigning as an FTC Commissioner
Christine Wilson on The Wall Street Journal (wsj.com)
Lina Khan’s disregard for the rule of law and due process make it impossible for me to continue serving.
The Economist Michigan information privacy $9.5M class action settlement
Top Class Actions on Top Class Actions (topclassactions.com)
The Economist agreed to pay $9.5 million to resolve claims it shared Michigan subscriber information with third parties without consent.
Mycroft’s privacy-first, crowdfunded smart speaker will ship, but not to backers
Scharon Harding on Ars Technica (arstechnica.com)
Echo alternative’s privacy focus is worth emulating, despite Mycroft’s failure.
No porn, no Instagram for kids: France doubles down on age verification
Laura Kayali on POLITICO (politico.eu)
French MPs want to expand age verification requirements to mainstream social platforms.
GAO Calls for Improved Data Privacy Protections
Dark Reading Staff on Dark Reading (darkreading.com)
US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government’s control.
Australians able to opt out of targeted ads and erase their data under proposed privacy reforms
Paul Karp on The Guardian (theguardian.com)
Individual rights could be modelled on the EU’s general data protection regulation or GDPR
Julia Angwin Joins the Brown Institute as an Entrepreneur in Residence
Mark Hansen on Brown Institute (brown.columbia.edu)
Almost 60% of GAO’s Privacy Recommendations Since 2010 Are Unresolved
Edward Graham on Nextgov (nextgov.com)
A watchdog report found that federal agencies have only implemented approximately 41% of recommendations related to the protection and security of sensitive data as of December 2022.
IAB Europe Reacts To Belgian Data Authority’s Validation Of Its Action Plan
on IAB Europe (iabeurope.eu)
The Interenet Advertising Bureau attempts to spin the latest ruling against them.
Australian privacy reform moves forward with new government report
on International Association of Privacy Professionals (iapp.org)
The Australian Attorney-General’s Department released its highly anticipated review of the Privacy Act, a significant step in the reform of its privacy law.
U.S. Technical Advisory Group Helps ISO/PC 317 Complete New Global Standard for Consumer Protection: Privacy by Design
Mary Beth Minto on OASIS Open (oasis-open.org)
New York, NY, and Boston, MA – 16 February 2023 — The U.S. Technical Advisory Group (TAG) for Consumer Privacy by Design successfully concluded its mission with the publication of a new global standard approved by the International Organization for Standardization (ISO). Administered by the American…
How to protect your privacy from streaming TV services
Jared Newman on TechHive (techhive.com)
Four steps to disable smart TV snooping, streaming ad targeting, and data sharing.
(guest author) on European Digital Rights (EDRi) (edri.org)
The new tracking system, misleadingly dubbed ‘TrustPid’, would be baked into the internet’s network infrastructure – potentially with little recourse or defence for users.
Government’s privacy review has some strong recommendations – now we really need action
Bruce Baer Arnold on The Conversation (theconversation.com)
There are many good proposals in Dreyfus’s reform paper. But they risk being lost once again among the voices of those whose interests are served by maintaining the status quo.
Your Tax Data Shouldn’t Be Up for Grabs
Colin Lecher on The Markup (themarkup.org)
Especially when there’s a better way
Privacy Litigation Update: California courts will soon hear motions to dismiss in litigation that alleges chat functionality violates wiretapping statutes
Dustin Taylor on JD Supra (jdsupra.com)
Keypoint: Slurry of litigation filed by privacy-plaintiffs has survived its first motion to dismiss challenge in a California court but faces tougher...
Senators pressure CFIUS to wrap up TikTok probe with strict restrictions, potentially even separating it from its Chinese parent company
Lauren Feiner on CNBC (cnbc.com)
The letter is a signal of heightened pressure on the panel as TikTok has so far been able to continue its operations in the U.S.
How virtual reality telemetry is the next threat to privacy
Thomas Claburn on The Register (theregister.com)
Boffins find they can identify VR players just from head and hand movements
Leiden University stops using smart cameras over privacy concerns
on NL Times (nltimes.nl)
Leiden University will definitely stop using smart cameras on campus after negative advice from the University Council. The cameras raised privacy concerns last year, and risks of violating the privacy of students and employees are too significant to keep using the devices, the University Council sa…
Stop collecting airline passenger details in a database: privacy watchdog
robin on DutchNews.nl (dutchnews.nl)
The government must immediately stop processing all airline passengers’ details into a massive database, privacy watchdog Autoriteit Persoonsgegevens (AP) said on Tuesday. ’Travel details of all air passengers are being collected and updated in a database over a period of years and this is not allow…