A bumper crop of links, including quite a few updates on state legislation – and international perspectives as well.
Mia Dand on Medium (miad.medium.com)
An excellent list of 18 books written by scholars and technology experts. Dand casts a broad net, including privacy-focused books like Helen Nissenbaum's Privacy in Context and Carissa Véliz' Privacy Is Power as well as classics like Safiya Umoja Noble's Algorithms of Oppression, Ruha Benjamin's Race After Technology, and Sasha Costanza-Chock’s Design Justice.
FIND OUT MORE: The weekly AI and Emerging Tech Ethics newsletter from Dand's Lighthouse3 has the latest developments in AI, as well as a list of job opportunities.
Privacy after Roe
Governor Jay Inslee on governor.wa.gov
Gov. Jay Inslee and Democratic lawmakers have begun rolling out their choice-defending agenda for the 2023 legislative session. Rep. Drew Hansen will sponsor a "sanctuary" bill that protects patients and providers from any criminal or civil actions for lawfully receiving or providing reproductive health care services or gender-affirming services in Washington. The bill will help protect patients from states like Texas or Idaho from being punished for lawfully seeking and receiving legal health care services in Washington state.
Sen. Manka Dhingra and Rep. Vandana Slatter announced a health data bill – which prohibits organizations from selling Washingtonians’ health data, prohibits apps and websites from collecting and sharing Washingtonians’ health data without their consent, and prohibits “geofences” from being used at reproductive and gender affirming health care facilities.
Inslee also affirmed he will be requesting legislation to pursue a constitutional amendment that expressly establishes a fundamental right to an abortion and a fundamental right to choose or refuse contraceptives.
Amy Olivero on International Association of Privacy Professionals (iapp.org)
This article examines current laws, latest enforcement actions, and pending legislation around health-relevant data in the U.S. As well as HIPAA and comprehensive state privacy laws like California's CCPA, Olivero also looks at more narrowly-targeted laws (such as data broker regulation in California, Nevada, and Vermont), state Attorney General actions (including California's action against Glow), and FTC enforcement efforts (including Flo's settlement).
Federal privacy legislation
Hannah-Beth Jackson on CalMatters (calmatters.org)
The former chair of California's Senate Judiciary Committee weighs in on the proposed American Data Privacy and Protection Act (ADPPA), which would preempt California's privacy laws. Unsurprisingly, she thinks that would be bad.
This potential government loophole threatens more than just reproductive rights. People of color, low-income workers, undocumented immigrants and the LGBTQ community could also be impacted if government agencies can simply buy data. Immigration and Customs Enforcement has weaponized data location to conduct raids, unleashing fears about government tracking that have led to a decrease in the use of services ranging from food stamps to health care.
Other government agencies, including the FBI and DEA, have contracted with data brokers to covertly monitor the location and identity of people who assembled during Black Lives Matter protests.
Under the federal proposal, Californians could also lose the right to strengthen our laws. Unlike a long history of federal privacy laws that let states do more, this one would set a ceiling that no state could improve upon. Privacy rights would be frozen in time while technology develops at lightspeed.
FIND OUT MORE: People in other states and cities have opinions on preemption too surveys other reactions to ADPPA's preemption.
State privacy legislation
on Daily Inter Lake (dailyinterlake.com)
Montanans will vote on whether to join Missouri and Michigan in strengthening constitutional privacy protection:
Montana C-48 seeks to amend the state constitution to include electronic data and communications in search and seizure protections. As currently written, the search and seizures section of the constitution states that “the people shall be secure in their persons, papers, homes and effects from unreasonable searches and seizures.” The amendment would simply add “electronic data and communications” to that list — essentially updating the constitution to reflect the reality of modern times.
Brenna Goth on Bloomberg Law (news.bloomberglaw.com)
Draft details of how Colorado intends to implement its new consumer privacy law would add requirements that attorneys say companies should consider well ahead of the July 2023 effective date.
International Association of Privacy Professionals (iapp.org)
The meetings are now October 28-29 and November 4-5 (see the links for Zoom information). The meeting materials have the proposed regulations and an explanation. Consumer Watchdog is concerned that some of the proposed changes could weaken protections; their Privacy Dawn report goes into detail.
Jennifer Ruehr and Sam Castic on International Association of Privacy Professionals (iapp.org)
Here’s a to-do list to help your company address these new privacy requirements for 2023.
Appellate Court Confirms That Monitoring Online Shopping Activity Violates State’s Anti-Wiretapping Law—and the Time to Act Is NOW!
Puja J. Amin on The National Law Review (natlawreview.com)
So we’re launching a new feature on TCPAWorld – CIPA Sunday! CIPA – the California Invasion of Privacy Act – has become shorthand for the MASSIVE wave of wiretapping lawsuits crashing all across the country looking at recording of website interactions. And while CIPA is the most famous of these statutes—authorizing a $2,500.00 per violation statutory penalty—California is hardly alone.
Cobun Zweifel-Keegan on International Association of Privacy Professionals (iapp.org)
The U.S. Federal Trade Commission enforcement action against Drizly demonstrates how the agency plans to give teeth to its new emphasis on data minimization. The FTC reached a settlement with Drizly, an online alcohol marketplace, and its CEO, alleging the company knew about its data security shortcomings and failed to take action to protect personal data from a data breach affecting 2.5 million users. Though the case derives from a security breach, privacy pros should pay close attention to the remedial actions in the proposed consent order.
- FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers, Federal Trade Commission (ftc.gov)
- Data security forecast: Drizly with a 100% chance of far-reaching order provisions, Lesley Fair, FTC Business Blog (ftc.gov)
- FTC brings action against CEO of alcohol delivery company over data breach, Cat Zakrzewski, Washington Post (washingtonpost.com)
- FTC-Drizly Saga Reminds Marketers to Limit Data Collection, Trishla Ostwall, Adweek (adweek.org)
‘Immature biometric technologies could be discriminating against people’ says ICO in warning to organisations
on ICO (ico.org.uk)
The Information Commissioner’s Office is warning organisations to assess the public risks of using emotion analysis technologies, before implementing these systems. Organisations that do not act responsibly, posing risks to vulnerable people, or fail to meet ICO expectations will be investigated.
ALSO: Information commissioner warns firms over ‘emotional analysis’ technologies, Alex Hern on The Guardian (theguardian.com)
Anokhy Desai on International Association of Privacy Professionals (iapp.org)
This article looks at the Global Privacy Control and the comparison between it and the do not track mechanism.
ALSO: GPC under the GDPR, Robin Berjon on berjon.com
Mike Miliard on Healthcare IT News (healthcareitnews.com)
The letter from Sen. Mark Warner to the Facebook founder comes just days after Advocate Aurora Health notified patients of a potential breach involving a pixel-tracking tool. “Of particular concern are the recent allegations that Meta has used Meta Pixel data to inform targeted advertisements on Meta’s platforms."
ALSO: Senator Questions Meta Over Use Of Hospital Data, Wendy Davis on Media Post (mediapost.com)
Ben Brody on Protocol (protocol.com)
When my work inbox got flooded with reminders of my most twee shopping habits, I found out the Block-owned service throws up obstacles to getting out of its marketing business.
Nicolas Kayser-Bril on AlgorithmWatch (algorithmwatch.org)
Fellows will receive €1,200 per month during 6 months and will report on automated decision-making in Europe.
Debra Farber on Buzzsprout (shiftingprivacyleft.buzzsprout.com)
Shifting Privacy Left features lively discussions on the need for organizations to embed privacy by design into engineering, devops and the product development processes BEFORE code or products are ever shipped.
Shannon Vallor on MIT Technology Review (technologyreview.com)
Innovation that truly serves us all is in scarce supply. That’s a problem.
David Thomas on Reuters (reuters.com)
Chicago law firm Loevy & Loevy has accused one of its former lawyers of trying to force it out of a class action lawsuit against facial recognition startup Clearview AI Inc just as a potentially lucrative settlement may be in the works.
By Leslie Veloz on Hintze Law PLLC – Privacy + Security (hintzelaw.com)
Here’s a snapshot of a few privacy developments from the past few weeks.
A Bill of Rights for the Information Age: White House Outlines Principles for Artificial Intelligence Design & Use
Kevin J. White on The National Law Review (natlawreview.com)
It is no secret that legislators and regulatory agencies have taken note of companies' increasing reliance on artificial intelligence (AI).
Veridiana Alimonti on Electronic Frontier Foundation (eff.org)
Spanish Internet Service Providers (ISPs) continue to fall short of robust transparency about their data protection and user privacy practices, with many failing to meet criteria that directly builds on Spanish and EU data protection regulations.While highlighting that internet companies in Spain...
Joe Mullin on Electronic Frontier Foundation (eff.org)
Having a private conversation is a basic human right. Like the rest of our rights, we shouldn’t lose it when we go online. But a new proposal by the European Union could throw our privacy rights out the window. LEARN MORETell the European Parliament: Stop Scanning MeThe European Union’s executive...
Thomas Germain on Gizmodo (gizmodo.com)
“If the city makes this high-stakes bet on casino surveillance, I worry they’ll gamble away the future of our public streets,” said one privacy expert.
Hubert Bekisz on Verfassungsblog (verfassungsblog.de)
Under the General Data Protection Regulation (GDPR), Article 82 is the only instrument to claim compensation resulting from data protection infringements. So far, it has not been interpreted by the Court of Justice of the European Union (CJEU or Court)
India McKinney on Electronic Frontier Foundation (eff.org)
In 2018, Congress gave the Departments of Justice and Homeland Security sweeping new authorities to destroy or commandeer privately-owned drones, as well as intercept the data it sends and receives. EFF objected to The Preventing Emerging Threats Act of 2018 (S. 2836, H.R. 6401) because, among...
The Wire on The Wire (thewire.in)
Given the discrepancies that have come to our attention via our review so far, The Wire will also conduct a thorough review of previous reporting done by the technical team involved in our Meta coverage.
Lauren Feiner on CNBC (cnbc.com)
The complaint underscores the role of individual states in protecting users’ information on the internet in the absence of a federal privacy law.
Sigal Samuel on Vox (vox.com)
How a personal experience with facial recognition tech sparked a broad campaign for algorithmic justice.
UCSB community highlights concerns over privacy, racial profiling and criminalization at Halloween policing town hall
Nisha Malley on The Daily Nexus (dailynexus.com)
Isla Vista Foot Patrol plans to install two to four street cameras throughout Isla Vista and upstaff its patrol during Halloween weekend.
Morgan Jerkins on Mother Jones (motherjones.com)
Trolls and foreign agents love to exploit African-American culture for political gain.
ARE CHAT BOXES THE NEW CIPA GOLDMINE?: Shifting Plaintiff’s Tactics in California Wiretap Cases Are on Recent Display
Eric J. Troutman on The National Law Review (natlawreview.com)
If there is any statute in America that is potentially set to overrun the TCPA for the title of “most dangerous business killer out there–it is probably the California Invasion of Privacy
Brandon Vigliarolo on The Register (theregister.com)
China-owned boredom-killing biz issues precision-engineered denial
Thomas Claburn on The Register (theregister.com)
You can kiss my Californian ass, says ad giant
Kiernan Green on CBC (cbc.ca)
A five-year study by LinkedIn on nearly 20 million of its users raises ethical red flags since some unknowing participants in the social experiment likely had job opportunities curtailed, experts in data privacy and human resources suggest.
Johnny Ryan on Irish Council for Civil Liberties (iccl.ie)
ICCL writes to the Oireachtas (Irish Parliament and Senate) Justice Committee, and MEPs from the European Parliament Justice Committee, about the LIBE mission to Dublin to investigate Ireland’s application of the GDPR.
Edward Segal on Forbes (forbes.com)
The online data and privacy crisis could be back in the spotlight thanks to U.S. Senator Edward Markey (D-Mass), who is leading a group of Senate colleagues in asking the Federal Trade Commission to update the Children’s Online Privacy Protection Act.
Fortune India Exchange on Fortune India (fortuneindia.com)
The data protection bill which was first introduced in the Parliament in 2019, aimed to tighten the scrutiny across social media platforms.
Andrea Vittorio on Bloomberg Law (news.bloomberglaw.com)
States launching digital versions of a driver’s license are championing the credentials as a way to keep personal information more private and secure, though nationwide adoption will depend on coalescing around a common standard for how the identification cards are built and used.
Eralp Yarar on Daily Sabah (dailysabah.com)
The 44th Global Privacy Assembly (GPA) organized by Türkiye’s Personal Data Protection Authority (KVKK) was launched on Tuesday in Istanbul’s...
Markéta Gregorová on POLITICO (politico.eu)
The EU has fallen for the myth that it’s possible to keep us safer by weakening the very thing that protects us.
5 Key Takeaways - How GDPR has Impacted American Companies and the Future of Transatlantic Data Transfers
Amanda Witt on JD Supra (jdsupra.com)
The European Union’s General Data Protection Regulation (“GDPR”) marked a turning point in privacy and data protection practices globally and...