Concerned about what's happening on Twitter?
Check out the Nexus of Privacy's Dreamwidth community – or follow us on Mastodon!
Katie Wedell on USA TODAY (usatoday.com)
Actually I think the answer is pretty clear: assume that everything you've ever done on Twitter (including your location) is going to be shared and sold broadly. We talked about one of the issues last week in A new Chief Twit - and a big Twitter privacy issue – private messages aren't encrypted, and there's now way to delete them – but that only scratches the surface. As Wedell details, Twitter, already has a history of missteps when it comes to guarding user data. And since this article was published, Twitter's illegal mass layoffs make it even less likely they can protect the data against hackers – and highlight that the new management will just ignore laws they don't like.
- Members of Twitter’s Trust and Safety Council Not Sure Elon Musk Knows They Exist, Samantha Cole on vice.com
on Engadget (engadget.com)
The NYPD is joining Ring’s Neighbors app despite concerns about privacy and profiling. What could possibly go wrong?
The New York-based Surveillance Technology Oversight Project (STOP) is concerned support for Neighbors will lead to more police violence, racial profiling and vigilantes. The technology "isn't keeping people safe" and even puts people in danger, Executive Director Albert Fox Cahn claims. He cites an incident in October where a father and son shot at a woman in response to a Ring doorbell notification. The woman delivered a package sent to the wrong address.
- Security Cameras Make Us Feel Safe, but Are They Worth the Invasion?, Brian X. Chen on NYTimes (nytimes.com)
Paul Ohm on Technology Law (cyber.jotwell.com)
Ohm review's Ari Ezra Waldman's, Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power. I've recommended this book, to dozens of people and Ohm agrees.
Waldman conducted 125 interviews over four years and insinuated himself into product design meetings, industry conferences, and company breakrooms, revealing a rigorous and detailed description of the way privacy is subverted and denied inside these companies.... Waldman’s conclusions are laayered and sophisticated and hard to do justice to in a short review....
There is so much I like (lots!) about this book. It provides deep, rich, and rigorously gathered empirical data about the forces that keep privacy at bay inside technology companies. It synthesizes these observations into compelling explorations of the mechanisms at play. It engages deeply and efficiently with multiple vast literatures, making it a readable and concise recommendation for newcomers to the field
FIND OUT MORE:
- How Big Tech Turns Privacy Laws Into Privacy Theater, on Slate, is a good short introduction to how well-intentioned privacy professionals are shut out of the process – and often don’t even realize their complicity.
- Privacy, Practice, and Performance, in the California Law Review, goes into more detail on how today's privacy law has been "endogenously created by industry practices that legitimize data extraction."
State privacy legislation
California Privacy Protection Agency (cppa.ca.gov)
The California Privacy Protection Agency (CPPA) is working on regulations that will go into effect at the beginning of 2023. These latest modifications were just released, and there's a short time for public comments in response. Comments are due by November 21 – the same day as the FTC comment deadline!
Hunton Andrews Kurth’s Privacy and Cybersecurity on The National Law Review (natlawreview.com)
A summary of the Colorado Attorney General Office's draft rules implementing and enforcing the Colorado Privacy Act. There are "stakeholder meetings" on November 10 and November 15. The comment deadline is February 1, 2023.
Sean Fernandes on JD Supra (jdsupra.com)
An analysis of the new California Age-Appropriate Design Code Act.
Automated Decision Systems
Khari Johnson on WIRED (wired.com)
EPIC Privacy's new report Screened & Scored in DC finds that municipal agencies in Washington deploy dozens of automated decision systems, often without residents’ knowledge. And guess what, these systems don't treat everbody equally.
“More often than not, automated decisionmaking systems have disproportionate impacts on Black communities,” [EPIC AI and human rights expert Ben] Winters says. The project found evidence that automated traffic-enforcement cameras are disproportionately placed in neighborhoods with more Black residents.
Huh. Just like how ShotSpotter is primarily deployed in Black and Latinx neighborhoods. Funny how that works.
Elizabeth M. Renieris on cigionline.org
Due to go live in May 2023, the European Union’s Entry/Exit System could cost half a billion euros in the first few years, but the potential cost to the European Union’s moral authority is much higher.
Challenging algorithmic profiling: The limits of data protection and anti-discrimination in responding to emergent discrimination
Monique Mann and Tobias Matzner in Big Data & Society (journals.sagepub.com)
From the abstract:
We contend that with increased algorithmic complexity, biases will become more sophisticated and difficult to identify, control for, or contest. In order to harness anti-discrimination regulation, it needs to confront emergent forms of discrimination or risk creating new invisibilities, including invisibility from existing safeguards. Finally, we outline suggestions to address emergent forms of discrimination and exclusionary invisibilities via intersectional and post-colonial analysis.
Natasha Lomas on TechCrunch (techcrunch.com)
- TikTok tells European users its staff in China get access to their data, Dan Milmo on The Guardian (theguardian.com)
Schrems: round three (podcast)
Luca Bertuzzi on EURACTIV (euractiv.com)
Last month, an executive order detailed the EU-US Privacy Shield 2.0, a new legal framework for transatlantic data flows made necessary by the Schrems II ruling. Bertuzzi and Max Schrems, the privacy activist who gave the name to the two landmark verdicts, discuss the new arrangement and the potential implications of a Schrems III. They also touched upon what is currently wrong with the GDPR enforcement and what more can be done to fix it in the near future.
Paul Sawers on TechCrunch (techcrunch.com)
Mozilla Ventures is Mozilla’s new $35 million VC fund targeted at early-stage startups working on “responsible” technologies.
Sebastião Barros Vale on Future of Privacy Forum (fpf.org)
GDPR’s protections for individuals against forms of Automated Decision-Making (ADM) and profiling go significantly beyond Article 22 – which provides for the right of individuals not to be subject to decisions based solely on automated processing that produces legal effects or significantly impacts them, and are currently being applied by courts and Data Protection Authorities (DPAs) alike. These range from detailed transparency obligations to applying the fairness principle to avoid situations of discrimination and strict conditions for valid consent in ADM cases.
on Startseite (epicenter.works)
The Austrian parliament's EU voted to reject to the proposal for the controversial child sexual abuse regulation (dubbed “chat control”) unless it is not brought in line with fundamental rights
UK Information Commissioner's Office (ico.org.uk)
Back in 2019, the Cabinet Office published a file on GOV.UK containing the names and unredacted addresses of more than 1,000 people announced in the New Year Honours list. The UK Information Commissioner (ICO) originally announced a £500,000 fine, but has now reduced it to £50,000. The ICO says this reflects their "new approach to working more effectively with public authorities."
Nick Carding on Health Service Journal (hsj.co.uk)
NHS England has ordered the collection of identifiable patient data from hospitals by US data firm Palantir, for a pilot scheme aimed at accelerating recovery of elective waiting lists.
Mason Marks on WIRED (wired.com)
Colorado’s Proposition 122 wants to let people take psilocybin at healing centers. But sensitive data isn’t covered by medical privacy protections.
James North on Corrs Chambers Westgarth (mondaq.com)
Companies must act to ensure that their privacy regimes and data security capabilities are up to date and appropriate.
Arjun Bhatnagar on fastcompany.com
The CEO of Cloaked argues that the only way to successfully build businesses is to acknowledge every person’s ownership over who they are and how others perceive them.
Sarah Sybert on Home (governmentciomedia.com)
The collaborative document aims to keep AI ethical and equitable while standardizing best practices at the federal level.
Wailin Wong on NPR (npr.org)
Your smartphone is pretty bad at keeping secrets – if it keeps track of your location, someone (or some app) almost definitely knows where you are. Today, the murky market for personal location data.For sponsor-free episodes of The Indicator from Planet Money, subscribe to Planet Money+ via Apple Po…
Christopher Brown on Request a Free Demo (news.bloomberglaw.com)
Amazon.com Inc. must produce millions of documents in response to discovery requests in a potential class action over the marketing of its Alexa-enabled devices and their recording of users’ conversations, a federal judge ruled.
Thor Benson on WIRED (wired.com)
Authoritarian societies depend on people ratting each other out for activities that were recently legal—and it’s already happening in the US.
Joyce Chen on The Stanford Daily (stanforddaily.com)
Last fall, Stanford student researchers found a large vulnerability in Fizz’s security. The founders’ response raises questions about the app today, writes Joyce Chen.
Christina Tabacco on Law Street Media (lawstreetmedia.com)
A joint filing by Zoom Video Communications Inc., the plaintiffs prosecuting a class action against it, and several objectors asked Magistrate Judge to issue a tentative ruling as to whether she would accept the settlements reached by the three objectors who disapproved of the original $85 million class settlement.
Phil Pennington on RNZ (rnz.co.nz)
Google says it is supporting efforts between countries to fix a lack of “legal stability” around the flow of people’s data and privacy.
on Morrison Foerster (mofo.com)
As a result of a recent agreement between the United Kingdom and United States, technology and communications service providers should prepare for changes in the landscape of data access requests by UK and U.S. law enforcement agencies.
on JD Supra (jdsupra.com)
As we wrote in July 2020, the European Court of Justice issued a landmark decision that invalidated the Privacy Shield as untenable under the European...
Christopher Burgess on CSO Online (csoonline.com)
A US Government Accountability Office report is calling for a host of changes to improve privacy within various federal agencies and departments. How those changes get implemented will depend largely on the establishment of new privacy leaders.
Read more articles by Alex Kennedy on CBC (cbc.ca)
The bill would amalgamate Newfoundland and Labrador’s four health authorities, but Michael Harvey and opposition parties say they weren’t given the legislation to prepare or ask questions ahead of its second reading on Tuesday.
Danish DPA Follows Suit and Becomes the Latest EU Data Protection Authority to Conclude that the Use of Google Analytics is Unlawful Without Supplementary Measures
In a recent announcement, Datatilsynet, the Danish Data Protection Authority declared that the Google Analytics tool does not comply with the GDPR’s requirements for international transfers. The latest decision by the Danish DPA builds upon the growing sentiment among EU regulators as to the legality of Google Analytics and follows similar rulings by the Austrian, French and Italian data protection authorities.
Dani James on Retail Dive (retaildive.com)
Brands from Walmart to Peloton are now able to access more personal customer data, including biometric identifiers, as they expand their digital capabilities. Where does that leave them legally?
Chiara Castro on TechRadar pro (techradar.com)
The privacy firm is committed to build a user-first internet