Privacy News: July 1

An extra long list for the holiday weekend!

Privacy News: July 1

An extra-long list for the holiday weekend!

HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care

on HHS.gov (hhs.gov)

New Guidance from the Department of Health and Human Services tells health-care providers they do not have to disclose personal information related to abortion and other sexual and reproductive health care – and that they are often prohibited from disclosing it, even to law enforcement.  This is very privacy-friendly guidance.  Unfortunately, HIPAA only covers health care providers and insurance companies; tech companies who track personal health care information typically are not affected by HIPAA, so this guidance does not apply to them.

SEE ALSO: Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet, also on HHS.gov

Fear, Uncertainty, and Period Trackers

Kendra Albert, Maggie Delano, and Emma Weil on medium.com

The risk of information from period tracking apps being used to identify people who get abortions has gotten a lot of attention.  This post, by researchers and a lawyer, is an excellent analysis of the risks.  The authors conclude

"If you use a period tracker, but your threat model does not include the additional risks of say: helping other people get abortions, we don’t currently have evidence of imminent threats of large-scale preemptive investigation of you based on personal health app data. The biggest threat of criminalization is that a third party (like hospital staff or a relative) reports someone to the police for their pregnancy outcome — not that police find their period data in a database."

Okay, Fine, Let’s Talk About Period Tracking: the detailed explainer, by the same authors, a longer companion piece, goes into even more detail.

SEE ALSO:  

Massive Trove of Gun Owners’ Private Information Leaked by California Attorney General

Stephen Gutowsky, The Reload (thereload.com)

Yikes.

The California Department of Justice’s 2022 Firearms Dashboard Portal went live on Monday with publicly-accessible files that include identifying information for those who have concealed carry permits. The leaked information includes the person’s full name, race, home address, date of birth, and date their permit was issued. The data also shows the type of permit issued, indicating if the permit holder is a member of law enforcement or a judge.



Will California Eliminate Anonymous Web Browsing? (Comments on CA AB 2273, The Age-Appropriate Design Code Act)

Eric Goldman on Technology and Marketing Law Blog (blog.ericgoldman.com)

Goldman argues that the wording of this proposed California law would require ebsites and apps to authenticate the age of ALL consumers before they can use the service – which would put an end to anonymous web browsing.  In The Register, Thomas Claburn reports that Consumer Reports has also urged legislators to drop the age verification requirement.

SEE ALSO: California Age-Appropriate Design Code Aims to Address Growing Concern About Children’s Online Privacy and Safety, on Future of Privacy Forum

IAPP statement on Dobbs ruling and PSR event

on International Association of Privacy Professionals (iapp.org)

The IAPP "stands against discriminatory laws and unequivocally supports civil rights, which include privacy rights for all persons everywhere" but nonetheless is going to hold their convention in Texas which has stripped privacy rights from pregnant people.  As Ari Ezra Waldman says on Twitter, it's unacceptable – but not surprising.

And ...

‘Supercookies’ Have Privacy Experts Sounding the Alarm, Chris Stokel-Walker on WIRED (wired.com)

Parting thoughts: A Canadian privacy one-on-one with Daniel Therrien, an interview with the former Privacy Commissioner of Canada on International Association of Privacy Professionals (iapp.org)

TechTank Podcast Episode 47: Will Americans finally see bipartisan federal privacy legislation?, Cameron Kerry, Jennifer King, and Nicol Turner Lee on Brookings (brookings.edu)

Australian retailer pauses facial recognition trial over privacy complaint, Byron Kaye on Reuters (reuters.com)

3 Expert Predications on Where International Privacy Regulations Are Heading in 2023 and Beyond, Tim Rollins on JD Supra (jdsupra.com)

10 years after: The EU’s ‘crunch time’ on GDPR enforcement, Luca  Bertuzzi on International Association of Privacy Professionals (iapp.org)

UK urgently needs law on use of biometrics, warns review, Natasha Lomas on TechCrunch (techcrunch.com)

Google and Apple may face another FTC probe over ‘harmful’ mobile trackers,  Jay Bonggolto, Android Central (androidcentral.com)

The privacy debate could get ‘dangerous’ for the FTC, an interview with former FTC acting chair (and current lobbyist) Maureen Ohlhausen, by Ben Brody on Protocol.

How did a rental startup I’d never heard of leak my home address?, Zack Whittaker on TechCrunch (techcrunch.com)

Police used a reverse keyword Google search to find an accused killer. He says that’s illegal, Jon Schuppe on NBC News (nbcnews.com)

Warrants Can Force Google To Look Through Your Search History–A Tragic Arson Case May Decide If That’s Constitutional, Thomas Brewster on Forbes (forbes.com)

European consumer groups take action against Google for pushing users towards its surveillance system, on www.beuc.eu (beuc.eu)

I saw first-hand how the tech giants seduced the EU – and undermined democracy, Georg Riekeles of the Eurpoean Policy Center on The Guardian (theguardian.com)

Dreyfus pledges sweeping data privacy reforms, Tom Burton on Australian Financial Review (afr.com)

Widely Used IAB TCF Ad Tracking Consent Framework May Not Meet GDPR Standards, Scott Ikeda on CPO Magazine (cpomagazine.com)

This new privacy feature in Firefox strips tracking info from links, Alaina Yee on PCWorld (pcworld.com)

European, U.S. Groups Plan Salvo of Privacy Complaints Against Google, Catherine Stupp on The Wall Street Journal (wsj.com)


Image credit: Daquella manera on Flickr via Wikipedia Commons.  licensed under the Creative Commons Attribution 2.0 license.