Getting the week off to a good start with a bumper crop of links!
Automated systems and discrimination
Heather Vogell, ProPublica, with data analysis by Haru Coryne, ProPublica, and Ryan Little on ProPublica (propublica.org)
Texas-based RealPage’s YieldStar software helps landlords set prices for apartments across the U.S. With rents soaring, critics are concerned that the company’s proprietary algorithm is hurting competition.
Alexander Blanchard on SSRN (papers.ssrn.com)
Intelligence agencies have identified artificial intelligence (AI) as a key technology for maintaining an edge over adversaries. This article explores the ethical challenges presented by the use of AI for augmented intelligence analysis. It begins with an outline of current and future potential uses of AI augmented intelligence analysis before identifying five sets of ethical risks relating to: intrusion; explainability and accountability; bias; authoritarianism and political security; collaboration and classification. The article offers a series of recommendations targeted at intelligence agencies to address and mitigate these challenges.
Chris Vallance on BBC News (bbc.com)
Artificially intelligent analysis of job applications or videos is “pseudoscience”, researchers say.
Spotify Engineering on Spotify Engineering (engineering.atspotify.com)
Understanding algorithmic impact is critical to building a platform that serves hundreds of millions of listeners and creators every day. Our approach includes a combination of centralized and distributed efforts, which drives adoption of best practices across the entire organization — from researchers and data scientists to the engineer pushing the code.
Privacy after Roe
Dan Vergano on Grid News (grid.news)
The Supreme Court’s verdict put the spotlight on the country’s patchy privacy protections.
Jim Nash on BiometricUpdate.com (biometricupdate.com)
JPMorgan Chase Bank is accused of breaking California privacy law by recording customers’ phone calls without consent using Microsoft software.
Detroit Action Responds to ShotSpotter Expansion, Vows to Continue Fight for Violent Prevention Programs
Detroit Action on Medium (detroitaction.medium.com)
"The Detroit City Council’s decision to expand ShotSpotter with millions of our taxpayer dollars is a slap in the face to thousands of Detroit residents teetering on the precipice of homelessness, economic instability, and joblessness.... We’re calling on the Mayor and Council to offset their rash, harmful decisions by reinvesting in solutions to homelessness, recognizing and addressing root causes of violence, preserving and producing deeply affordable housing, increasing vital city services, and supporting arts and culture. The dedication to help our communities thrive is what will keep us safe, not microphones and surveillance."
Nathan Wasson on HotHardware (hothardware.com)
Internal Google documents show employees’ alarm at the lack of privacy afforded by Chrome Incognito mode.
Matt Galloway on CBC Listen (cbc.ca)
Some employers use technology to track the productivity of their remote workers — but a new law in Ontario will force companies with more than 25 employees to disclose their electronic monitoring policy to staff. We talk to Lauren Reid, president of The Privacy Pro, a Toronto-based consulting firm.
Jennifer Lynch on Electronic Frontier Foundation (eff.org)
A California trial court has held a geofence warrant issued to the San Francisco Police Department violated the Fourth Amendment and California’s landmark electronic communications privacy law, CalECPA. The court suppressed evidence stemming from the warrant, becoming the first court in California..…
Barry Friedman on NYU Law Review (nyulawreview.org)
Policing agencies in the United States are engaging in mass collection of personal data, building a vast architecture of surveillance. This growing network of surveillance is almost entirely unregulated. In virtually every other instance in which personal information is collected by the government, courts require that a sound regulatory scheme be in place before information collection occurs. The Article defines what a minimally acceptable regulatory scheme for mass data collection must include and shows how it can be grounded in the Constitution.
Albert Fox Cahn and Matt Mahmoudi on New York Daily News
In recent weeks, the NYPD took the extraordinary step of appealing a court order to disclose documents about its surveillance of the historic Black Lives Matter protests of 2020. For Amnesty International and the Surveillance Technology Oversight Project, it was a disappointing delay after two years of fighting to release these documents. But above all, it prompted us to ask: “What is the NYPD hiding?”
On this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool discuss the 10-7 series of deliberately machinated and long-awaited political events surrounding the EU-US data transfer mechanism that is intended to replace the Privacy Shield, invalidated under Schrems II back in 2020 - the “thingie.”
Thomas Claburn on The Register (theregister.com)
Security expert Ross Anderson challenges claim that bypassing encryption is essential to protecting kids.
Ashley Belanger on Ars Technica (arstechnica.com)
Equifax used its own worker surveillance product to spy on workers fired.
Jim Nash on BiometricUpdate.com (biometricupdate.com)
The digital identity and privacy communities got some confirmation about the near future from the world’s top two central bankers.
Court Says “You May NOT Amend Your TOS by Posting New Terms to Your Site”-International Markets v. Thayer
Kieran McCarthy on Technology & Marketing Law Blog (blog.ericgoldman.org)
Most online terms-of-use agreements claim to give their drafters broad discretion to modify the terms at the host’s discretion. Some terms-of-use agreements purport to allow host websites to modify the terms by sending an email (inevitably, to your spam folder) to notify you of the changes. Others require users to constantly refresh their browsers to know when updates occur. Before 2022, courts usually enforced the former strategy while requiring some evidence of actual or constructive notice to enforce the latter. But this year, courts have begun to require more rigorous evidence of notice and assent to enforce modifications to online agreements.
Aarathi Ganesan on The Wire (thewire.in)
Deanonymisation is performed by combining anonymised datasets to identify information about a particular user in different contexts, which can reveal layered and comprehensive personal information about an individual.
Corynne McSherry and Jillian C. York on Electronic Frontier Foundation (eff.org)
Cloudflare’s recent headline-making decision to refuse its services to KiwiFarms—a site notorious for allowing its users to wage harassment campaigns against trans people—is likely to lead to more calls for infrastructure companies to police online speech. Although EFF would shed no tears at the loss of KiwiFarms (which is still online as of this writing), Cloudflare’s decision re-raises fundamental, and still unanswered, questions about the role of such companies in shaping who can, and cannot, speak online.
ICO consultation on the draft employment practices: monitoring at work guidance and draft impact assessment
UK Information Commissioner's Office (ico.org.uk)
The Information Commissioner’s Office (ICO) is producing topic-specific guidance on employment practices and data protection. We are releasing our drafts of the different topic areas in stages and adding to the resource over time. A draft of the guidance on monitoring at work is now out for public consultation.
Katie Scotcher on RNZ (rnz.co.nz)
The police minister is facing criticism over his suggestion the law could be changed to allow officers to keep photographing people for looking out of place or suspicious.
Feds: Ex Louisville Police Officer Used Law Enforcement Tech To Help Hack Sexually Explicit Photos From Women
Danielle Grady on LEO Weekly (leoweekly.com)
A former Louisville Metro Police Department officer used law enforcement technology as part of a scheme that involved hacking the Snapchat accounts of young women and using sexually explicit photos and videos they had taken to extort them, federal prosecutors said in court documents filed on Tuesday.
Matt G. Southern on Search Engine Journal (searchenginejournal.com)
Learn what the new European Union (EU) & United States data privacy framework could mean for businesses and marketers.
Laura Kabelka on EURACTIV (euractiv.com)
The Advocate General of the Court of Justice of the European Union (CJEU) issued a non-binding opinion, which privacy advocates fear could further limit users’ possibilities to enforce their privacy rights under the GDPR.
Khari Johnson on WIRED (wired.com)
Cameras inside the Quest Pro that track eye and face movements can make an avatar’s expressions more realistic, but they raise new privacy questions.
Mack DeGeurin on Gizmodo (gizmodo.com)
A new report details ways advertisers are taking lessons learned from mobile ads to create intimately targeted ads in the physical world.
Amtul Rafay on ReadWrite (readwrite.com)
Since the Pandemic, data privacy has become a top concern for organizations. Workers working remotely must ensure company and user data is protected.
Clothilde Goujard on POLITICO (politico.eu)
Lawmakers file complaints against 8 companies and trade groups over alleged shadow lobbying.
Kim Phan on JD Supra (jdsupra.com)
Please join Consumer Financial Services Partner Chris Willis and his colleagues Ron Raether and Kim Phan, partners in our Privacy + Cyber Practice...
Tracy Mitrano on Law, Policy—and IT? (insidehighered.com)
Important issues to act on.
Using sensitive data to prevent discrimination by artificial intelligence: Does the GDPR need a new exception?
Marvin van Bekkum on arXiv.org (arxiv.org)
Organisations can use artificial intelligence to make decisions about people for a variety of reasons, for instance, to select the best candidates from many job applications. But in Europe, an organisation runs into a problem when it wants to assess whether its AI system accidentally discriminates based on ethnicity: the organisation may not know the applicants' ethnicity. This paper asks whether the GDPR's rules on special categories of personal data hinder the prevention of AI-driven discrimination.
Luca Bertuzzi on EURACTIV (euractiv.com)
EURACTIV has obtained an undated version of the Commission’s work programme for 2023, which is set to be presented next Tuesday (18 October). Here is what the EU executive has in store for digital policy.
F. Paul Pittman on JD Supra (jdsupra.com)
California employers’ reprieve from obligations to employees to disclose data privacy practices and provide access rights to employees appears to be...
Roy Wyman on JD Supra (jdsupra.com)
The Colorado Attorney General’s Office issued its proposed Colorado Privacy Act (CPA) Rules (Draft Rules) on Friday, September 30.
Joydeep Sengupta on Khaleej Times (khaleejtimes.com)
Digital Dubai’s team is on a mission to pave the way for synthetic data, showcasing itself as an innovator among the Arabian Gulf states
Andrew Sylvia aon Manchester Ink Link (manchesterinklink.com)
U.S. Representative Chris Pappas (D-NH-01) supports the “My Body, My Data Act” which would prohibit personal medical data from being used against a woman in criminal proceedings.
John Eggerton on Next TV (nexttv.com)
IAB updates blueprint for handling differing consent regimes
Claire Woodcock on vice.com
Essays written by AI language tools like OpenAI’s Playground are often hard to tell apart from text written by humans.
City ‘inadvertently’ shares personal information, breaches privacy in mass email to hundreds of Hamilton voters
Matthew Van Dongen on TheSpec.com (thespec.com)
Breach affected 450 residents registered to vote by mail; city has alerted the provincial privacy commissioner
Thomas Germain on Gizmodo (gizmodo.com)
A Regan-era law regulating VHS rentals is responsible for a wave of lawsuits claiming video-playing website that collects data is liable.
News Staff on Detroit Lakes Tribune (dl-online.com)
At this time, the six Minnesota counties that use the impacted machines have not used the “cast vote record” feature. If a county decides to use the cast vote record feature, a fix is available to prevent ballot identification.
Stephanie Condon on ZDNET (zdnet.com)
Amazon’s palm-recognition service is being deployed as a standalone payment option for the first time at the Climate Pledge Arena in Seattle.
Kate O’Flaherty on Forbes (forbes.com)
Apple’s iOS 16 comes with an amazing new privacy feature you might not know about. Here’s how to use it.