Privacy News: July 18

New UK legislation, privacy after Roe, Consumer Reports on US legislation ... and more!

Privacy News: July 18

UK government introduces Data Protection and Digital Information Bill

Matt Warman, Minister for Media, Data and Digital Infrastructure on questions-statements.parliament.uk

Now that the United Kingdom has brexited from the European Union, what will happen to their data protection regime?  If you were guessing "they'll gut it", you're on the right track.  The government's new Data Protection and Digital Information bill was formally introduced today.  Last month's Brace yourselves: new UK data laws are coming, by Mariano delli Santi on Open Rights Group's blog, covers some of the many problematic aspects of the bill.

ALSO: Establishing a pro-innovation approach to regulating AI, from the Department for Digital, Culture, Media & Sport, also released today, outlines an industry-friendly AI regulation approach, although doesn't propose any specific regulation.  UK sets out proposals for new AI rulebook to unleash innovation and boost public trust in the technology has more.

Judges opened a Utahn’s therapy records to her abuser’s lawyer. They should have let her defend her privacy, new ruling says.

Jordan Miller on The Salt Lake Tribune (sltrib.com)

An appalling story from Utah ...

A Utah woman accused a family friend of sexually abusing her as a child in Utah County, then saw him convicted of a second-degree felony in 2019.

Checking on his appeal a year later, her attorneys say, she was stunned to see that the Utah Court of Appeals — without a request from anyone, or any notice to her — had opened her sealed counseling records to his defense attorney.

The appellate court rejected her request to intervene in the appeal.  Now, in a big victory for survivors, the state Supreme Court has reversed that ruling.

The Department of Defense Should Disclose When it Purchases User Data

Matthew Guariglia on Electronic Frontier Foundation (eff.org)

The Jacobs-Davidson Amendment to the National Defense Authorization Act (NDAA), the yearly funding bill for national security and the military, would require the Department of Defense to disclose information about location data and internet metadata when it purchases them.  As EFF points out, this is how U.S. military contractors ended up buying the location data of people who used a prayer app specifically for Muslim users.

Privacy After Roe

The House Energy & Commerce Committee has hearing on Roe Reversal: The Impacts of Taking Away the Constitutional Right to an Abortion Tuesday (July 19) at 7:30 am Pacific (10:30 am Eastern).  Witnesses include Renee Bracey Sherman of WeTestify, law professor Leah Litman, Paulina Guerrero of All-Options, and Nisha Verma of Physicians for Reproductive Health.

Editorial: Google must make good on abortion privacy pledge to women, Mercury News and East Bay Times Editorial Boards on The Mercury News (mercurynews.com)

‘A uniquely dangerous tool’: How Google’s data can help states track abortions, Alfred Ng on POLITICO (politico.com)

Federal privacy legislation

Yesterday's post A “fresh wrench”, two hearings, and a busy week: Federal Privacy Legislation Update, July 17 went into a lot of detail on some of the key points of the American Data Protection and Privacy Act (ADPPA).  But a lot's happened since then!

Consumer Reports (CR) recommendations for strengthening the American Data Privacy and Protection Act

Justin Brookman, Consumer Reports Advocacy (advocacy.consumerreports.org)

In widely-awaited comments, the influential non-profit highlights changes they want to see.  They focus on several areas:

  • removing loopholes for advertising, especially the section saying people can't even opt out of data sharing for first-party advertising (§ 204(b)(2), for those of you playing along at home).
  • strengthening the non-retaliation language if people don't want to share their data.  EFF had objected that the discussion draft language here wasn't strong enough.  CR notes that it was further weakened in the amended version advanced by the subcommittee.
  • de-identified data, which Senator Wyden has flagged as a loophole that "make trivially easy to re-identify supposedly anonymous data and put women's privacy at risk."  CR again notes changes the subcommittee made that significantly weaken protections.
  • enforcement, focusing on FTC funding
  • pre-emption of state laws, which they – like most privacy and civil rights organizations – oppose

Ad Groups Urge Overhaul Of Proposed Privacy Bill

Wendy Davis on MediaPost (mediapost.com).  

“The bill should be amended so that responsible advertising -- the lifeblood of the American economy -- is subject to an opt out."  The current version of the bill is mostly opt-out for targeted advertising, although it's opt-in for sharing "sensitive data" and aggregated browsing history (and as discussed above, § 204(b)(2) says that people don't even have the option to opt-out of first-party advertising)

ID.me pushes for US-wide privacy legislation | IT PRO

Praharsha Anand on IT Pro (itpro.co.uk).

The surveillance-industrial complex continues to push for industry-friendly regulation.  Facial recognition company ID.me hasn't yet endorsed any specific legislation, but this could be a signal that they're getting ready to line up behind the , which in its current form would put relatively few restrictions on their activities.  The IRS dropped its plans to use ID.me's facial recognition earlier this year after a broad outcry from civil liberties groups, but they're still widely used by other government agencies.

TAKE ACTION: Demand all government agencies stop using ID.me with this easy web form from Fight for the Future.

And ...

FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads, the Premerger Notification Office Staff on Federal Trade Commission (ftc.gov)

A Privacy Panic Flares Up in India After Police Pull Payment Data from Razorpay, Varsha Bansal on WIRED (wired.com)

Wearable devices present significant security and privacy risks, Joseph Morton on Mugglehead Magazine (mugglehead.com)

Alberta names Diane McLeod as new privacy commissioner, Katrina Eñano on Canadian Lawyer (canadianlawyermag.com)

Facial Recognition Search Engine Pulls Up “Potentially Explicit” Photos of Kids, Mara Hvistendahl on The Intercept (theintercept.com)

EU Privacy Regulators Are Scrutinizing Data Flows to Russia, Catherine Stupp on The Wall Street Journal (wsj.com)

Israel’s Facebook Bill: An attack on Palestinian free speech, Nadim Nashif on The New Arab (english.alaraby.co.uk)

Propagation of societal gender inequality by internetsearch algorithms, Madalina Vlasceanua and David M. Amodio on pnas.org

Data Protection Commission urged to act over alleged illegal retention of data, Mary Carolan on The Irish Times (irishtimes.com)

Could there be Trouble in Paradise for Match Group, Inc.?, Danielle M. DeFilippis on The National Law Review (natlawreview.com)

Six Questions to Ask Before Accepting a Surveillance Technology, Jay Stanley on American Civil Liberties Union (aclu.org)

2015 National Book Festival $450K receipt privacy class action settlement, Top Class Actions (topclassactions.com)

Governing the Datafication of Black Lives, Mutale Nkonde on cigionline.org

Google hit with $971k sanction for litigation misconduct in privacy suit, Mike Scarcella on Reuters (reuters.com)


Image credit: Daquella manera on Flickr via Wikipedia Commons.  licensed under the Creative Commons Attribution 2.0 license.