privacy news

Privacy News: July 1

An extra long list for the holiday weekend!

Jon

Jul 1, 2022 • 5 min read

An extra-long list for the holiday weekend!

HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care

on HHS.gov (hhs.gov)

New Guidance from the Department of Health and Human Services tells health-care providers they do not have to disclose personal information related to abortion and other sexual and reproductive health care – and that they are often prohibited from disclosing it, even to law enforcement. This is very privacy-friendly guidance. Unfortunately, HIPAA only covers health care providers and insurance companies; tech companies who track personal health care information typically are not affected by HIPAA, so this guidance does not apply to them.

Fear, Uncertainty, and Period Trackers

Kendra Albert, Maggie Delano, and Emma Weil on medium.com

My parable that I'm taking away: people on the ground have a pretty good idea of where risk comes from and we theorize without their input/expertise at our peril.
— Kendra Albert (@KendraSerra) June 28, 2022

The risk of information from period tracking apps being used to identify people who get abortions has gotten a lot of attention. This post, by researchers and a lawyer, is an excellent analysis of the risks. The authors conclude

"If you use a period tracker, but your threat model does not include the additional risks of say: helping other people get abortions, we don’t currently have evidence of imminent threats of large-scale preemptive investigation of you based on personal health app data. The biggest threat of criminalization is that a third party (like hospital staff or a relative) reports someone to the police for their pregnancy outcome — not that police find their period data in a database."

Okay, Fine, Let’s Talk About Period Tracking: the detailed explainer, by the same authors, a longer companion piece, goes into even more detail.

SEE ALSO:

Should You Really Delete Your Period Tracking App?, Gennie Gebhart and Daly Barnett, EFF
Period Tracking, Abortions, and Privacy, caroline sinders (from May 2022)
The biggest privacy risks in post-Roe America, Russell Brandom on The Verge
Deleting Your Period Tracker Won’t Protect You, Kashmir Hill, in the New York Times
The post-Roe data privacy nightmare is way bigger than period tracking apps, K. Bell on Engadget (engadget.com)
Payment Data Could Become Evidence of Abortion, Now Illegal in Some States, Ron Lieber and Tara Siegel Bernard, in the New York Times (nytimes.com)
Op-Ed: The end of Roe means we’ll be criminalized for more of our data, Cynthia Conti-Cook and Kate Bertash, LA Times (May 2022)
Who’s Going to Protect Reproductive Rights Online?, Nora Benevidez, Tech Policy Press
In wake of Roe repeal, lawmakers and tech companies must take immediate steps to protect abortion patients from surveillance and censorship, Fight for the Future.
Supreme Court’s decision on abortion sparks health tech’s Cambridge Analytica moment, Mario Aguilar on STAT (statnews.com)
Planned Parenthood suspends marketing trackers on abortion search pages, Tatum Hunter on The Washington Post (washingtonpost.com)
Now that Roe has been overturned, it’s up to the tech industry to protect our data, Max Ufberg on Fast Company (fastcompany.com)
Federal government will help states punish abortion — using our phones, Riana Pfefferkorn on The Hill (thehill.com)
Surveilling the Digital Abortion Diary,” C. Conti-Cook, University of Baltimore Law Review, vol. 50, no. 1, Oct. 2020

Massive Trove of Gun Owners’ Private Information Leaked by California Attorney General

Stephen Gutowsky, The Reload (thereload.com)

Yikes.

The California Department of Justice’s 2022 Firearms Dashboard Portal went live on Monday with publicly-accessible files that include identifying information for those who have concealed carry permits. The leaked information includes the person’s full name, race, home address, date of birth, and date their permit was issued. The data also shows the type of permit issued, indicating if the permit holder is a member of law enforcement or a judge.

Will California Eliminate Anonymous Web Browsing? (Comments on CA AB 2273, The Age-Appropriate Design Code Act)

Eric Goldman on Technology and Marketing Law Blog (blog.ericgoldman.com)

Goldman argues that the wording of this proposed California law would require ebsites and apps to authenticate the age of ALL consumers before they can use the service – which would put an end to anonymous web browsing. In The Register, Thomas Claburn reports that Consumer Reports has also urged legislators to drop the age verification requirement.

IAPP statement on Dobbs ruling and PSR event

on International Association of Privacy Professionals (iapp.org)

The IAPP "stands against discriminatory laws and unequivocally supports civil rights, which include privacy rights for all persons everywhere" but nonetheless is going to hold their convention in Texas which has stripped privacy rights from pregnant people. As Ari Ezra Waldman says on Twitter, it's unacceptable – but not surprising.

+1. Unacceptable @PrivacyPros. Also not surprising. In Industry Unbound, I show how the IAPP is a mouthpiece for discourses of power for the info industry. It doesn’t actually care abt ppl’s privacy, those of women, ppl who can become pregnant, or anyone for that matter. https://t.co/cYUYJj247x
— Ari Ezra Waldman (@ariezrawaldman) June 30, 2022

And ...

‘Supercookies’ Have Privacy Experts Sounding the Alarm, Chris Stokel-Walker on WIRED (wired.com)

Parting thoughts: A Canadian privacy one-on-one with Daniel Therrien, an interview with the former Privacy Commissioner of Canada on International Association of Privacy Professionals (iapp.org)

TechTank Podcast Episode 47: Will Americans finally see bipartisan federal privacy legislation?, Cameron Kerry, Jennifer King, and Nicol Turner Lee on Brookings (brookings.edu)

Australian retailer pauses facial recognition trial over privacy complaint, Byron Kaye on Reuters (reuters.com)

3 Expert Predications on Where International Privacy Regulations Are Heading in 2023 and Beyond, Tim Rollins on JD Supra (jdsupra.com)

10 years after: The EU’s ‘crunch time’ on GDPR enforcement, Luca Bertuzzi on International Association of Privacy Professionals (iapp.org)

UK urgently needs law on use of biometrics, warns review, Natasha Lomas on TechCrunch (techcrunch.com)

Google and Apple may face another FTC probe over ‘harmful’ mobile trackers, Jay Bonggolto, Android Central (androidcentral.com)

The privacy debate could get ‘dangerous’ for the FTC, an interview with former FTC acting chair (and current lobbyist) Maureen Ohlhausen, by Ben Brody on Protocol.

How did a rental startup I’d never heard of leak my home address?, Zack Whittaker on TechCrunch (techcrunch.com)

Police used a reverse keyword Google search to find an accused killer. He says that’s illegal, Jon Schuppe on NBC News (nbcnews.com)

Warrants Can Force Google To Look Through Your Search History–A Tragic Arson Case May Decide If That’s Constitutional, Thomas Brewster on Forbes (forbes.com)

European consumer groups take action against Google for pushing users towards its surveillance system, on www.beuc.eu (beuc.eu)

I saw first-hand how the tech giants seduced the EU – and undermined democracy, Georg Riekeles of the Eurpoean Policy Center on The Guardian (theguardian.com)

Dreyfus pledges sweeping data privacy reforms, Tom Burton on Australian Financial Review (afr.com)

Widely Used IAB TCF Ad Tracking Consent Framework May Not Meet GDPR Standards, Scott Ikeda on CPO Magazine (cpomagazine.com)

This new privacy feature in Firefox strips tracking info from links, Alaina Yee on PCWorld (pcworld.com)

European, U.S. Groups Plan Salvo of Privacy Complaints Against Google, Catherine Stupp on The Wall Street Journal (wsj.com)

Image credit: Daquella manera on Flickr via Wikipedia Commons. licensed under the Creative Commons Attribution 2.0 license.