Once again, it's been over a week since the last update so this is a loooong list. Where to start? With federal privacy legislation, of course, followed by post-Roe privacy, automated decision systems, news from "across the pond" ... and much much more, with almost 50 links all together.
Federal privacy legislation
Kristin L. Bryan, Jeffrey L. Turner, Beth L. Goldstein, and Kyle R. Fath on National Law Review (natlawreview.com)
At the Washington Post Across the Aisle livestream last Thursday – right before the House went on recess until after the election – American Data Privacy and Protection Act (ADPPA) co-sponsor Rep. Frank Pallone pointed to the upcoming "lame duck" session after the election as an opportunity to pass privacy legislation and expressed optimism. Of course, he's got to say that, so it's hard to know what to read into it. I'll have a longer update on ADPPA in the next few days; for now, here's the video, my live-tweeting thread, and an "unrolled" version of the thread.
Zack Whittaker on TechCrunch (techcrunch.com)
The new Facial Recognition Act would require police across the United States to first obtain a warrant before using facial recognition technologies. The bill (introduced by Reps. Ted Lieu (D-CA), Sheila Jackson Lee (D-TX), Yvette Clarke (D-NY) and Jimmy Gomez (D-CA) also puts other limits on what law enforcement can use facial recognition for, such as immigration enforcement or peaceful protests, or using a facial recognition match as the sole basis for establishing probable cause for someone’s arrest.
The announcement on Rep. Lieu's site has details as well as quotes from the sponsors and privacy advocates organizations including supporting the bill including Center for Democracy and Technology, Project on Government Oversight, Access Now, and several Commissioners on the Massachusetts Facial Recognition Commission. Even though the bill falls short of the moratorium or ban that most privacy advocates (including me) argue is needed, warrant requirements and limits on usage an be valuable steps forward.
Brian Fung,Clare Duffy on CNN (cnn.com)
California is attempting to stymie abortion prosecutions in other states by making it illegal for Silicon Valley giants and other businesses based in the Golden State to hand over the personal information of abortion-seekers to out-of-state authorities.
Kavitha George, Alaska Public Media - Anchorage on Alaska Public Media (alaskapublic.org)
As Alaskans prepare to vote in November on whether to hold a constitutional convention, the privacy clause is a major focus.
Laurie Clarke on The Guardian (theguardian.com)
The American professor of law talks about her new book on the fight for data privacy, the personal dossiers brokers build on us and how, post-Roe v Wade, women’s data in the US may be weaponised.
Automated Decision Systems
Chloe Xiang on Vice Motherboard (vice.com)
In one stark example of how sensitive images can end up powering these AI tools, a user found a medical image in the LAION dataset, which was used to train Stable Diffusion and Google’s Imagen.
Melissa Heikkilä on MIT Technology Review (technologyreview.com)
The new bill, called the AI Liability Directive, will add teeth to the EU’s AI Act and allow consumers to sue companies for damages—if they can prove that a company’s AI harmed them. Katyanna Quach's Europe considers rules for easier AI compensation claims has more.
AI Data Laundering: How Academic and Nonprofit Researchers Shield Tech Companies from Accountability
Andy Baio on Waxy.org (waxy.org)
Tech companies working with AI are outsourcing data collection and training to academic/nonprofit research groups, shielding them from potential accountability and legal liability.
Maria Badillo on Future of Privacy Forum (fpf.org)
On September 7, a trial judge declared the implementation of the Fugitive Facial Recognition System (SRFP, for its name in Spanish) by the Government of the City of Buenos Aires unconstitutional. The decision set an important precedent for risks associated with privacy and intimacy in public spaces.
Michelle Donelan, Secretary of State for Digital, Culture, Media and Sport, on the UK Conservative Party's web site (conservatives.com)
Key point from a privacy perspective
We inherited GDPR from the EU, and its bureaucratic nature is still limiting the potential of our businesses.... That is why today Conference, I am announcing that we will be replacing GDPR with our own business and consumer-friendly, British data protection system.... No longer will our businesses be shackled by unnecessary red tape.
Olivia Solon on bloomberg.com
Palantir Technologies had a secret plan to deepen its relationship with the UK’s National Health Service without public scrutiny. The US data-analytics company aimed to buy up smaller rivals that already had an existing relationship with the NHS, according to emails and strategy documents seen by Bloomberg. This approach would hopefully allow Palantir to avoid further scrutiny in working with one of the largest depositories of health data.
Jon Baines on Information Rights and Wrongs (informationrightsandwrongs.com)
In recent weeks the future of data protection law in the UK has been not just hard to predict, but also hard to keep up with.
Vincent Manancourt on POLITICO (politico.eu)
The order is designed to address European concerns over surveillance practices in the US.
Fight for the Future (fightforthefuture.org)
Hundreds of authors are speaking out on behalf of libraries, demanding that publishers and trade associations put the digital rights of librarians, readers, and authors ahead of shareholder profits.
Jody Serrano on Gizmodo (gizmodo.com)
Google’s public search liaison explained in a Q&A how the company attempted to balance users’ desire for privacy against providing information to the public.
The U.S. Federal Trade Commission (FTC) has asked Amazon.com Inc and iRobot Corp for more information on the e-commerce giant’s $1.7-billion buyout of the Roomba vacuum maker.
Tunisia: Dangerous New Presidential Decree Legitimises Invasion Of Privacy, Criminalisation Of Dissidents
Scoop News (scoop.co.nz)
Geneva – Tunisian President Kais Saied’s issuance of a new decree allowing security services to violate Tunisians’ digital privacy is reprehensible and opens the door wide to restricting media work and criminalising practices related to freedom of ...
Eileen Yu on ZDNET (zdnet.com)
Australian operator says it is investigating “unauthorised access” of personal data belonging to its current and former customers, including dates of birth, phone numbers, and passport numbers.
on Retourner à l’accueil CNIL.FR (cnil.fr)
Online age verification: a complex issue with significant privacy risks Verifying the age of an Internet user is hampered by the difficulty for the various technical stakeholders on the Internet to really know who is the person behind the computer or smartphone. This need to identify Internet users…
Alex Scroxton, on ComputerWeekly.com (computerweekly.com)
A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalisms
Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over their data
Josh Taylor on The Guardian (theguardian.com)
In its submission to Privacy Act review telco said giving people right to erase personal data would involve ‘significant’ hurdles and costs
Jacob Ridley on PC Gamer (pcgamer.com)
The company believes AI generated images may lead to a legal challenge of some sort.
Claire Norburn on The Drum (thedrum.com)
Digital advertising needs to be safer, but giving up on an ad-supported web entirely would be a mistake writes Google’s Claire Norburn.
Chiara Castro on TechRadar pro (techradar.com)
Big tech companies already make a ton of money off your data
Blake E. Reid on SSRN (papers.ssrn.com)
As debates over the regulation of “Big Tech” Internet platforms—social media, search, and more—have swirled, scholars, advocates, and policymakers have increasingly focused their attention on the law of common carriage. Common carriage law increasingly is invoked as a talisman to justify the imposition of non-discrimination rules on platforms targeted at both economic discrimination and content moderation. This Article challenges common carriage law’s coherence as a field and its utility for assessing contemporary Internet policy.
Nicholas LePan on Visual Capitalist (visualcapitalist.com)
We visualize the length of service agreements from popular apps, by counting the words and calculating how long it would take to read them.
Opinion on The Daily Beast (thedailybeast.com)
Congress needs to put some meaningful guardrails on law enforcement’s ability to buy our data from private entities.
Indonesia Data Protection Law Includes Potential Prison Time, Asset Seizure, Right to Compensation for Data Breaches
Scott Ikeda on CPO Magazine (cpomagazine.com)
An Indonesia data protection law that has been in development since 2016 includes some of the harshest penalties yet seen in national data privacy regulations, along with a right to compensation for data breaches.
Tech firm touts new way to generate first-party data for agencies, publishers without privacy-compliance issues
Michael Bürgi on Digiday (digiday.com)
FullThrottle’s Audience Flume product has been in market for more than a year, but is just being formally rolled out. The company is still awaiting a formal patent.
Paul Karp on The Guardian (theguardian.com)
Mark Dreyfus indicates potential reforms to laws regarding data breaches including higher penalties, mandatory precautions and customer notifications
PTI on Economic Times (economictimes.indiatimes.com)
A five-judge constitution bench headed by Justice K M Joseph asked the parties to complete pleadings in the matter by December 15.
on Brave Browser (brave.com)
Recent versions of Brave on iOS include many new privacy features, ensuring that Brave iOS users have the strongest available protections of any iOS browser.
BARBARA ORTUTAY on Associated Press (apnews.com)
With roosters crowing in the background as he speaks from the crowded refugee camp in Bangladesh that’s been his home since 2017, Maung Sawyeddollah, 21, describes what happened when violent hate speech and disinformation targeting the Rohingya minority in Myanmar began to spread on Facebook.
Liisa M. Thomas on The National Law Review (natlawreview.com)
The California governor recently signed into law the California Age-Appropriate Design Code Act, which will go into effect July 1, 2024. The law applies to “businesses” (as defined by
Ivan Mehta on TechCrunch (techcrunch.com)
Apple removed The OG App, an ad-free Instagram client, from its App Store. Meanwhile, Meta says the app breaks its rules.
Omar L. Gallaga on WIRED (wired.com)
Want to speak up against Big Tech, unjust data collection, and surveillance? Here’s how to be an activist in your community and beyond.
Patrick Coffee on The Wall Street Journal (wsj.com)
More marketers are taking notice of California’s data privacy laws after the state said last month that cosmetics retailer Sephora had agreed to pay $1.2 million in penalties for alleged violations related to its targeted advertising practices.
Jessica Davis on SC Media (scmagazine.com)
A GAO audit of the Medicaid telehealth program found that more oversight is needed of how providers are communicating the privacy and security risks to patients.
Jim Bronskill on The Globe and Mail (theglobeandmail.com)
In an open letter to Public Safety Minister Marco Mendicino, the groups call for substantive amendments to ensure the legislation delivers effective cybersecurity protections while respecting democratic principles
Carolina Alonso on JD Supra (jdsupra.com)
What’s Trending? (Privacy a la Mode) - Notable fashion brands have been engaging in a “trial period” of new technologies as privacy laws and privacy enforcement are trending – for example, exploring integrating branding into digital assets in video games, virtual reality (VR) and augmented reality (AR) technology, metaverses, and non-fungible tokens (NFTs). Fashion naturally pushes the envelope, taking on risks in the interest of not being left behind and losing relevancy and notoriety. This brings about several legal issues, such as those arising from trademark infringement by NFT creators, as well as marketing collaborations as influencers are becoming an essential component of a brand’s commercial success.
Tunisia: Dangerous New Presidential Decree Legitimises Invasion Of Privacy, Criminalisation Of Dissidents
on Scoop News (scoop.co.nz)
Geneva – Tunisian President Kais Saied’s issuance of a new decree allowing security services to violate Tunisians’ digital privacy is reprehensible and opens the door wide to restricting media work and criminalising practices related to freedom of opinion, expression, and publication, Euro-Med Monitor said in a statement.