After a considerable false start, the long-awaited new NHS Covid-19 app is now available. Have you downloaded it yet? Even if take-up is as low as some are gloomily predicting, it could still be worthwhile.
Take-up of NHS contact-tracing app could be only 10% – The Guardian
Officials at the test and trace programme, however, believe there will be benefits even if few people adopt it. A recent study by the same data team at Oxford University, looking at the experience of Washington state in the US, found that if 15% used an app that notified them of exposure to an infected person, infections were reduced by 8% and deaths by 6%.
But even the best only got up to 40% take-up.
Everything you need to know about the NHS Covid-19 tracking app – Wired UK
The country with the highest download rate is Singapore, which was the first nation to introduce a contact tracing app. The TraceTogether system has been downloaded 2.4 million times as of September 9. This accounts for around 40 per cent of Singapore’s population. The country has also moved beyond the contact tracing apps by trialling a Bluetooth ’token,’ a wearable device, that people can use for contact tracing purposes.
So far, so good.
The future has always been uncertain, in an abstract you-never-know-what’s-round-the-corner kind of way. But these days, goodness me — the very near future has never been so completely uncertain, unknown, and unsettled. For instance, what will our workplaces be like, after all this?
The office is dead – Marker
“It’s not something I was even thinking about six weeks ago, but it’s definitely something I’ve been talking about now with my investors,” Haynie says. “Overall it’s a win-win.” This is just the tip of the iceberg. From startups and tech giants to more old-school Wall Street firms, businesses are rethinking the role of office space and whether they even need it. If, in the old world, an office was a form of corporate peacocking — a flashy location in some iconic building with a boutique-hotel level of design for clients, employees, customers, and investors— in the new world, it is becoming a very costly line item that could be reduced to the equivalent of a single flagship store.
Your boss is watching you: Work-from-home boom leads to more surveillance – NPR
Her employer has started using software called Time Doctor. It downloads videos of employees’ screens while they work. It also can enable a computer’s webcam to take a picture of the employee every 10 minutes. “If you’re idle for a few minutes, if you go to the bathroom or whatever, a pop-up will come up and it’ll say, ‘You have 60 seconds to start working again or we’re going to pause your time,’ ” the woman said.
Zoom fatigue is something the deaf community knows very well – Quartz
Posts about “Zoom fatigue” mention struggling with non-verbal cues. This frustration is relatable to how hard of hearing individuals have to accurately lipread, view sign language clearly, or get an unobstructed view of faces and body language. Others point out the stress in understanding what is said with choppy audio, time delays, or pixelated video. The deaf community encounters this difficulty in nearly every setting, like they’re piecing together a jigsaw puzzle.
WFH = working from home. An abbreviation I hadn’t heard of until recently. It seems we’re all at it. Well, not all of us.
The great Zoom divide: How working from home is a privilege – New Statesman
Supporting the WFH and self-isolating economy is an army of factory and warehouse workers who are now busier than ever. There is much awareness and respect, rightfully, for medical staff who are at the frontlines of fighting Covid-19 – but what about those on the industrial frontlines? Who is protecting them? How can we keep essential supplies and functions running without exposing these workers to health risks? Is that even possible?
Avoiding Coronavirus may be a luxury some workers can’t afford – New York Times
For many workers, being sick means choosing between staying home and getting paid. One-quarter of workers have no access to paid sick days, according to Labor Department data: two-thirds of the lowest earners but just 6 percent of the highest earners. Just a handful of states and local governments have passed sick leave laws. Only 60 percent of workers in service occupations can take paid time off when they are ill — and they are also more likely than white-collar workers to come in contact with other people’s bodies or food.
Stykka designs a temporary workstation so you’ll stay the f*** home – Design Milk
When Denmark ordered people to stay home, Stykka got creative knowing many people had to share workspaces at home with their families or had to use the dining table. They challenged themselves to use only cardboard, zip ties, and a laser cutter, and in less than 24 hours, they not only had a prototype but they were ready to ship the desks out. Once received, the desk takes less than 10 minutes to assemble.
Don’t mute, get a better headset – Matt Mullenweg
When you’re speaking to a muted room, it’s eerie and unnatural — you feel alone even if you can see other people’s faces. You lose all of those spontaneous reactions that keep a conversation flowing. If you ask someone a question, or they want to jump in, they have to wait to unmute. I also don’t love the “unmute to raise your hand” behavior, as it lends itself to meetings where people are just waiting their turn to speak instead of truly listening.
As population works from home, Walmart reports increased sales for tops but not pants – CBS News
Men’s fashion brand Suitsupply is getting in on both sides of the trend. The company recently posted a photo on Instagram of a model wearing a button-down, tie and blazer on top — and nothing but underwear on the bottom. “Working from home doesn’t mean compromising on style. Keep your look professional—from the waist up at least,” the brand wrote. Scrolling through the Instagram post leads to a picture that says, “Off-camera?” before featuring the same model, this time wearing a sweatshirt.
Zoom announces 90-day feature freeze to fix privacy and security issues – The Verge
Zoom has never shared user numbers before, but Yuan reveals that back in December the company had a maximum of 10 million daily users. “In March this year, we reached more than 200 million daily meeting participants, both free and paid,” says Yuan. That’s a huge increase that has seen people use Zoom for reasons nobody expected before the coronavirus pandemic.
Security and privacy implications of Zoom – Schneier on Security
In general, Zoom’s problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations. […] Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it’s in the spotlight, it’s all coming out.
Automated tool can find 100 Zoom meeting IDs per hour – The Verge
In addition to being able to find around 100 meetings per hour, one instance of zWarDial can successfully determine a legitimate meeting ID 14 percent of the time, Lo told Krebs on Security. And as part of the nearly 2,400 upcoming or recurring Zoom meetings zWarDial found in a single day of scanning, the program extracted a meeting’s Zoom link, date and time, meeting organizer, and meeting topic, according to data Lo shared with Krebs on Security.
Hot on the heels of Robot Day is Data Protection Day, initiated by the Council of Europe in 2007.
Data Protection Day – Council of Europe
The Council of Europe is celebrating this year the 14th edition of Data Protection Day. This initiative aims to raise the individuals awareness about good practices in this field, informing them about their rights and how to exercise them.
Joint statement by Vice-President Jourová and Commissioner Reynders ahead of Data Protection Day – European Commission
Data is becoming increasingly important for our economy and for our daily lives. With the roll-out of 5G and uptake of the Artificial Intelligence and Internet of Things technologies, personal data will be in abundance and with potential uses we probably can’t imagine. While this offers amazing opportunities, some cases show that robust rules are needed to address clear risks for individuals and for our democracies. In Europe we know that strong data protection rules are not a luxury, but a necessity. […]
20 months after the entry into application of the landmark General Data Protection Regulation, we see that the GDPR has acted as a catalyst to put data protection at the centre of many of the on-going policy debates. It is a cornerstone of the European approach underpinning several political priorities of the new Commission promoting a human centric approach to Artificial Intelligence and other digital technologies. European Data Protection rules will therefore be a foundation and inspiration for the success of key initiatives in artificial intelligence, health or mobility to name just a few.
Part of me wants to find out how our leaving the EU on Friday will affect this, but a larger part of me is too fed up with the whole stupid act of national self-harm to bother.
Happy “Data Privacy Day” – Now read The New York Times privacy project about total surveillance – Forbes
The shocking thing about the obvious and growing loss of privacy is how unconcerned everyone is. Technologists started “snooping” around servers, desktops and data bases years ago to understand the status of hardware and software and how they should be managed. Enterprise snooping is still a best practice. But snooping is now central to entire national and global business models, and has emerged with a scary name: surveillance capitalism. No one predicted how pervasive snooping would become. No one predicted just how much profit snooping would generate, and no one predicted how entire populations would essentially shrug their shoulders about how they’re stalked each and every day – to make someone else money!
Surprisingly (not really), Google doesn’t seem to be celebrating the day with a Google Doodle, although there is a prompt to complete a privacy check-up.
I quite like Protect Internet health and privacy with Mozilla’s internet health initiative, on the other hand.
Data detox: Five ways to reset your relationship with your phone – The Firefox Frontier
We use our phones for everything from hailing rides to ordering in, and even to track our literal steps. All that convenience at our fingertips comes at a cost: our personal data and our mental health. It’s hard to be present in the moment when push notifications and texts are enticing us to look down. Meanwhile, the amount of personal data we share, many times without even realizing, can be alarming.
But not all hope is lost! Here are five simple steps you can take to protect your data and sanity.
Are you annoyed as I am when adverts for things I may or may not be interested in creepily follow you around the entire web, from one website to another? Maybe you aren’t, it’s not an issue for a lot of people. But for some it is, and Firefox is here to help.
The latest version of Firefox shows the wild scale of web tracking
It’s a big issue. According to cookie tracker tool Web Cookies, there are an average of 12.5 third-party cookies on every site, with a monstrous 412 cookies found on one shady site. Mozilla’s own estimates say there are roughly 170 third-party trackers following each user around the web every single day.
With Firefox 70, Mozilla continues with the universal blocking of all third-party cookies and web trackers for all users, which it introduced with Firefox 69, but it has also added the ability for users to see exactly which trackers are attempting to track them, as well as how many have been blocked.
This is a step in the right direction. I guess it’s a matter of choice, but people need to be aware of the scale of this issue first.
“We’re making it so that people don’t have the opportunity to create a profile of you online that they can use to serve you ads or political information,” says Celeste Kinswood, senior product marketing manager at Mozilla. “The volume of the tracker epidemic is super high, and people don’t know.”
I thought I had found some interesting news about the government today.
No 10 request for user data from government website sparks alarm
While officials insist the move to share user data from the Gov.uk website is simply intended to improve the service and that no personal details are collected, campaigners raised concern about the urgency of the task, and the personal involvement of Boris Johnson and his chief adviser, Dominic Cummings.
But then something else caught my eye.
Brexit: Scottish judges rule Parliament suspension is unlawful
[T]he Court of Session judges were unanimous in finding that Mr Johnson was motivated by the “improper purpose of stymieing Parliament”, and he had effectively misled the Queen in advising her to suspend Parliament.
Scottish judges decide Boris Johnson misled the Queen
In effect, though not in express terms, the Scottish court has held that Mr Johnson lied to the Queen. Not only was the advice false, but it was known by the prime minister to be false. Mr Johnson acted in bad faith.
‘This is a huge thing’: Labour Brexit chief Keir Starmer reacts to parliament suspension being ruled unlawful after being told of news while live on stage
He told delegates: “It was obvious to everybody that not only was shutting down parliament at this crucial time obviously, the wrong thing to do, we should be sitting each and every day to resolve this crisis.
I wonder if this turn of events has been considered in these already mind-boggling charts.
These Brexit flowcharts show just how messy UK politics is
Overall, these Brexit charts range from professional-looking diagrams by media outlets and commentators, to, in some cases, non-linear cosmoses that move in a mystifying range of directions.
But for most of us, I think, this is all starting to get a little tedious.
Brexit: how the people are using ‘news avoidance’ to escape the post-truth world of politics
The term “news avoidance” suggests that these people are avoiding reality. The underlying principle of public journalism is that readers are also citizens whose actions in the real world are based on the reality they have come to know from the news. While acknowledging that this “reality” is put together by journalists, in line with the Frankfurt School’s concept of the “culture industry”, many academics accept that “not to know” is to retire from reality.
Yet this way of thinking about journalism and its role in society fails to address the recent experience of Harris’ interviewees and millions more. For them, journos and politicos have combined to produce the “unreal”, distant world of the “Westminster Village”, a world that many ordinary people feel disconnected from, the “post-truth” world. Seen from this perspective, avoiding the news may be an attempt to escape the unreality concocted exclusively by residents of that gated community.
We’re used to seeing CCTV cameras absolutely everywhere in this country, but this creepy introduction of facial-recognition technology is something I thought only happens in places like authoritarian China.
‘Deeply concerned’ UK privacy watchdog thrusts probe into King’s Cross face-recognizing snoop cam brouhaha
It emerged earlier this week that hundreds of thousands of Britons passing through the 67-acre area were being secretly spied on by face-recognizing systems. King’s Cross includes Google’s UK HQ, Central Saint Martins college, shops and schools, as well as the bustling eponymous railway station.
“I remain deeply concerned about the growing use of facial recognition technology in public spaces, not only by law enforcement agencies but also increasingly by the private sector,” said Information Commissioner Elizabeth Denham in a statement on Thursday.
“We have launched an investigation following concerns reported in the media regarding the use of live facial recognition in the King’s Cross area of central London, which thousands of people pass through every day.”
So, not only is GDPR’s notion of consent being ignored in our online life, but we are being tracked without our consent outside in the real world, too.
It’s good to see some people are fighting back.
Adversarial fashion designed to trick automated license plate readers
When hacker and fashion designer Kate Rose learned – through a conversation with Dave Maass, a researcher with the Electronic Frontier Foundation – that the plate readers kind of suck at their jobs, she got an idea. Her new line “Adversarial Fashion” is the result. Unveiled at the DefCon cybersecurity conference in Las Vegas last week, the garments spell out the words of the fourth amendment of the US constitution, which protects Americans from “unreasonable searches and seizures.”
That dystopian future creeps nearer every day. And here’s more evidence that “Years and Years” will end up being a fact-based documentary rather than a far-fetched satire.
Robotic contact lens that allows users to zoom in by blinking eyes revealed by scientists
The lens is made from polymers that expand when electric current is applied. It is controlled using five electrodes surrounding the eye which act like muscles. When the polymer becomes more convex the lens effectively zooms in.
Scientists hope one day this could help create a prosthetic eye or a camera that can be controlled using eyes alone.
This is a little alarming.
Anonymised data isn’t nearly anonymous enough – here’s how we fix it
We developed a machine learning model to assess the likelihood of reidentifying the right person. We took datasets and we showed that in the US fifteen characteristics, including age, gender, marital status and others, are sufficient to reidentify 99.98 per cent of Americans in virtually any anonymised data set.
Some more examples.
The simple process of re-identifying patients in public health records
In late 2016, doctors’ identities were decrypted in an open dataset of Australian medical billing records. Now patients’ records have also been re-identified – and we should be talking about it.
‘Anonymous’ browsing data can be easily exposed, researchers reveal
A journalist and a data scientist secured data from three million users easily by creating a fake marketing company, and were able to de-anonymise many users …
“What would you think,” asked Svea Eckert, “if somebody showed up at your door saying: ‘Hey, I have your complete browsing history – every day, every hour, every minute, every click you did on the web for the last month’? How would you think we got it: some shady hacker? No. It was much easier: you can just buy it.”
Flying off to a nice hotel somewhere?
British Airways gets hammered with a record £183m fine for data breach
The incident came to light last September, when British Airways revealed that a sophisticated hack had led to 380,000 customer accounts being compromised, although that initial figure turned out to be an underestimation, with some 500,000 people actually affected, the ICO reckons.
Those folks had the likes of names, addresses, emails, credit card numbers and expiry dates – as well as the security codes on the rear of cards – stolen over a two-week period beginning on August 21, we were told at the time. Although the ICO claims that the thefts began occurring as early as June 2018.
Marriott to face £99 million GDPR fine from ICO over November 2018 data breach
The breach revealed in November 2018 involved the leak of 500 million customer records from the guest reservation database of Marriott’s Starwood Hotels and Resorts division. The attackers – who are unknown but believed to have links with China’s Ministry of State Security – appear to have had access to the system since 2014.
The organisation only became aware of the compromise in September 2018 following an alert from an internal security tool over an attempt to gain access to the reservation system. The company claims that it “quickly engaged” a group of security experts to investigate the apparent attack and “learned during the investigation that there had been unauthorised access to the Starwood network since 2014”.
Facebook’s $5 billion FTC fine is an embarrassing joke
Facebook’s stock went up after news of a record-breaking $5 billion FTC fine for various privacy violations broke today.
That, as The New York Times’ Mike Isaac points out, is the real story here: the United States government spent months coming up with a punishment for Facebook’s long list of privacy-related bad behavior, and the best it could do was so weak that Facebook’s stock price went up. […]
From some other perspectives, that $5 billion fine is a big deal, of course: it’s the biggest fine in FTC history, far bigger than the $22 million fine levied against Google in 2012. And $5 billion is a lot of money, to be sure. It’s just that like everything else that comes into contact with Facebook’s scale, it’s still entirely too small: Facebook had $15 billion in revenue last quarter alone, and $22 billion in profit last year. […]
That’s actually the real problem here: fines and punishments are only effective when they provide negative consequences for bad behavior. But Facebook has done nothing but behave badly from inception, and it has only ever been slapped on the wrist by authority figures and rewarded by the market. After all, Facebook was already under a previous FTC consent decree for privacy violations imposed in 2011, and that didn’t seem to stop any of the company’s recent scandals from happening. As Kara Swisher has written, you have to add another zero to this fine to make it mean anything.
It’s not often a data protection or records management news story gets this much press attention.
MI5 accused of unlawful handling of surveillance data
MI5 has been accused of “extraordinary and persistent illegality” for holding on to data obtained from members of the public. The human rights organisation Liberty has taken the security service to court over the way that it gathers and stores information under the Investigatory Powers Act.
MI5 ‘unlawfully’ handled bulk surveillance data, lawsuit reveals
“The documents show extraordinary and persistent illegality in MI5’s operations, apparently for many years,” said civil liberties organisation Liberty, which is bringing the case. “The existence of what MI5 itself calls ‘ungoverned spaces’ in which it holds and uses large volumes of private data is a serious failure of governance and oversight, especially when mass collection of data of innocent citizens is concerned.”
MI5’s use of personal data was ‘unlawful’, says watchdog
The security service MI5 has handled large amounts of personal data in an “undoubtedly unlawful” way, a watchdog has said. The Investigatory Powers Commissioner said information gathered under warrants was kept too long and not stored safely. Civil rights group Liberty said the breaches involved the “mass collection of data of innocent citizens”. The high court heard MI5 knew about the issues in 2016 but kept them secret.
Liberty’s challenge to UK state surveillance powers reveals shocking failures
The challenge, by rights group Liberty, led last month to an initial finding that MI5 had systematically breached safeguards in the UK’s Investigatory Powers Act (IPA) — breaches the Home Secretary, Sajid Javid, euphemistically couched as “compliance risks” in a carefully worded written statement that was quietly released to parliament.
This was first reported last month…
MI5 slapped on the wrist for ‘serious’ surveillance data breach
Home Secretary Sajid Javid has confessed to Parliament that MI5 bungled the security of “certain technology environments used to store and analyse data,” including that of ordinary Britons spied on by the agency. In a lengthy Parliamentary statement made last week, Javid obliquely admitted that spies had allowed more people to help themselves to its treasure troves of data on British citizens than was legally allowed.
Sajid Javid admits MI5 committed serious safeguard breaches
In a written statement to parliament last week that was not widely noticed, Javid said he was notifying MPs of “compliance risks MI5 identified and reported within certain technology environments used to store and analyse data, including material obtained under the Investigatory Powers Act”.
… but now the story has been picked up by everyone, including the Middle East Eye…
UK’s MI5 spy agency handled surveillance data unlawfully, court hears
An internal agency review warned more than three years ago that storage systems may have become “ungoverned spaces”, which would mean that they were operating in breach of both UK and European law. Despite this, MI5 continued to build new electronic storage systems which did not allow the agency to review its contents and decide what material should be deleted, as the law requires. The problems were withheld from the official watchdog, the Investigatory Powers Commissioner, until earlier this year, the High Court was told.
… and even Russia Today and Sputnik News are getting in on it.
‘Extraordinary & persistent illegality’: UK’s MI5 accused of mishandling bulk surveillance data
MI5 has no control of its storage of vast volumes of people’s calls, messages, web browsing history, as well as other personal data that the agency has managed to obtain on the basis of surveillance warrants, which were often issued under false pretext, the High Court heard on Tuesday in a legal challenge brought by the human rights organization Liberty.
Outcry as High Court finds MI5 engaged in ‘unlawful’ storage, handling of bulk surveillance
Ten internal documents from senior MI5 officials, including an 11 March letter from director Sir Andrew Parker, revealed significant non-compliance issues in how citizens’ data had been kept and used, including a subsequent cover-up of internal failures and that “data might be being held in ungoverned spaces in contravention of our policies”.
Let’s hope some good comes from all this.
Setting precedents for privacy: the UK legal challenges bringing surveillance into the open
These debates highlight the importance of collective efforts to assert respect for privacy and other rights as a core part of public life. We are on the cusp of a positive shift in power towards open public debate and accountability about data and the way it is used against us.
This isn’t quite the brave new world we were hoping these new technologies would enable.
Davos: George Soros calls Xi Jinping a “dangerous opponent” of open societies
Soros said he wanted to “call attention to the mortal danger facing open societies from the instruments of control that machine learning and artificial intelligence can put in the hands of repressive regimes.” Echoing recent concerns raised about China’s use of facial-recognition technology, Soros asked: “How can open societies be protected if these new technologies give authoritarian regimes a built-in advantage? That’s the question that preoccupies me. And it should also preoccupy all those who prefer to live in an open society.”
Tracing his critique of authoritarian governments to his own childhood under Nazi occupation in Hungary, Soros, who is now 88, urged the Trump administration to take a harder stance on China. “My present view is that instead of waging a trade war with practically the whole world, the US should focus on China,” he said.
The complicated truth about China’s social credit system
What’s troubling is when those private systems link up to the government rankings — which is already happening with some pilots, she says. “You’ll have sort of memorandum of understanding like arrangements between the city and, say, Alibaba and Tencent about data exchanges and including that in assessments of citizens,” Ohlberg adds. That’s a lot of data being collected with little protection, and no algorithmic transparency about how it’s analysed to spit out a score or ranking. […]
The criteria that go into a social credit ranking depends on where you are, notes Ohlberg. “It’s according to which place you’re in, because they have their own catalogs,” she says. It can range from not paying fines when you’re deemed fully able to, misbehaving on a train, standing up a taxi, or driving through a red light. One city, Rongcheng, gives all residents 1,000 points to start. Authorities make deductions for bad behaviour like traffic violations, and add points for good behaviour such as donating to charity.
Running a red light is one thing, but what if you’re a journalist investigating corruption and misconduct?
Chinese blacklist an early glimpse of sweeping new social-credit control
What it meant for Mr. Liu is that when he tried to buy a plane ticket, the booking system refused his purchase, saying he was “not qualified.” Other restrictions soon became apparent: He has been barred from buying property, taking out a loan or travelling on the country’s top-tier trains.
“There was no file, no police warrant, no official advance notification. They just cut me off from the things I was once entitled to,” he said. “What’s really scary is there’s nothing you can do about it. You can report to no one. You are stuck in the middle of nowhere.”
In China, facial recognition tech is watching you
Megvii, meanwhile, supports the state’s nationwide surveillance program, which China, with troubling inferences, calls Skynet. Launched in 2005, Skynet aims to create a nationwide panopticon by blanketing the country with CCTV. Thanks to Face++, it now incorporates millions of A.I.-enhanced cameras that have been used to apprehend some 2,000 suspects since 2016, according to a Workers’ Daily report. […]
Jeffrey Ding, an Oxford University researcher focused on Chinese A.I., believes there is more pushback in the West against deploying facial recognition technology for security purposes. “There’s more willingness in China to adopt it,” he says, “or at least to trial it.”
But there’s also less freedom to oppose the onslaught. “The intention of these systems is to weave a tighter net of social control that makes it harder for people to plan action or push the government to reform,” explains Maya Wang, senior China researcher at Human Rights Watch.
The line from Soros about the danger from “the instruments of control that machine learning and artificial intelligence can put in the hands of repressive regimes” chimes with what I’m reading in James Bridle’s new book, New Dark Age.
May we live in interesting times.
Some recent data protection stories that have caught my eye.
French data watchdog dishes out largest GDPR fine yet: Google ordered to hand over €50m
The French agency, CNIL, ruled today that the search giant had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation. […] The CNIL concluded that Google had breached the General Data Protection Regulation in two ways: by failing to meet transparency and information requirements, and failing to obtain a legal basis for processing.
Amazon, Apple and Google face data complaints
General Data Protection Regulation (GDPR) rules say EU customers have the right to access a copy of the personal data companies hold about them. However, privacy group noyb said it found that most of the big streaming companies did not fully comply. It has filed formal complaints, which if upheld could result in large fines.
Google accused of GDPR privacy violations by seven countries
Consumer groups across seven European countries have filed GDPR complaints against Google’s location tracking (via Reuters). The European Consumer Organisation (BEUC), of which each of the groups are a member, claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails. If upheld, the complaints could mean a hefty fine for the search giant.
The NOYB organisation gets mentioned a number of times there.
Max Schrems: The privacy bubble needs to start ‘getting sh*t done’
After years locked in numerous long, drawn-out and often bitter legal battles, Schrems decided to launch a nonprofit aiming to help people bring their own consumer privacy cases to court.
The plan is for NOYB (None Of Your Business) to take advantage of the incoming European Union General Data Protection Regulation, which offers more options for collective redress across the bloc, and harness the momentum Schrems has built up with various high-profile court cases.
Seems to be working. (Via)
I certainly enjoy reading about these voice assistants more than I do using them.
You bought smart speakers over the holidays. Now what are Amazon and Google doing with your data?
Ultimately, the choice to keep a smart speaker around comes down to what you’re getting out of the product. For some people with physical disabilities or intellectual differences, smart speakers can make household tasks easier or provide an engaging presence in daily life. For tech junkies like my friend, the sheer joy of commanding a smart home network might be enough. For Hoffman-Andrews, though, the benefits of a speaker don’t outweigh the costs. He bought a couple of products for testing, but he admits he couldn’t actually bring himself to set them up. Being able to ask a speaker to dim the lights or play a weather forecast just didn’t seem like a good enough tradeoff for giving companies access to his home.
“Is it normal to have cameras and microphones pointed at you and your guests? Currently the answer is mostly no,” he says. “These devices aim to change the answer to yes.”
The Verge breaks down the latest story from the New York Times about Facebook’s data sharing agreements with Microsoft, Amazon Spotify and others.
Facebook gave Spotify and Netflix access to users’ private messages
I find it helpful to read the allegations in the Times’ story chronologically, starting with the integration deals, continuing with the one-off agreements, and ending with instant personalization. Do so and you read a story of a company that, after some early success growing its user base by making broad data-sharing agreements with one set of companies — OEMs — it grew more confident, and proceeded to give away more and more, often with few disclosures to users. By the time “Instant personalization” arrived, it was widely panned, and never met Facebook’s hopes for it. Shortly after it was wound down, Facebook would take action against Cambridge Analytica, and once again began placing meaningful limitations on its API.
Then basically nothing happened for three years!
Whatever is happening, it’s happening … now. It has been only two months since the largest data breach in Facebook’s history. It has been only five days since the last time Facebook announced a significant data leak.
On and on we go. The more we hear about how Facebook treats our data — and us — the more bored and relaxed we seem to be about it all. I can’t see this changing.
From Facebook: Facts About Facebook’s Messaging Partnerships
From Ars Technica: Facebook “partner” arrangements: Are they as bad as they look?
I still think Facebook has transparency and trust issues though…
Have you used Qwant yet?
Qwant – The search engine that respects your privacy
Based and designed in Europe, Qwant is the first search engine which protects its users freedoms and ensures that the digital ecosystem remains healthy. Our keywords: privacy and neutrality.
I must admit I had never heard of this search engine before I read this article from Wired. The French National Assembly and the French Army Ministry have announced that they’ll stop using Google as their default search engines, and use Qwant instead.
France is ditching Google to reclaim its online independence
“We have to set the example,” said Florian Bachelier, one of MPs chairing the Assembly’s cybersecurity and digital sovereignty task-force, which was launched in April 2018 to help protect French companies and state agencies from cyberattacks and from the growing dependency on foreign companies. “Security and digital sovereignty are at stake here, which is anything but an issue only for geeks,” Bachelier added. […]
In France, this all started with the Edward Snowden. In 2013, when the American whistleblower revealed that the NSA was spying on foreign leaders and had important capability to access data stocked on private companies’ clouds, it was a wake up call for French politicians. A senate report that same year fretted that France and the European Union were becoming “digital colonies”, a term that since then has been used by French government officials and analysts to alert about the threat posed by the US and China, on issues of economic, political and technological sovereignty. Recent scandals, including the Cambridge Analytica-Facebook imbroglio, further shook French politicians and public opinion.
A European Duckduckgo, but without the stupid name? Might be something to look further into.
Facebook fined for data breaches in Cambridge Analytica scandal
Facebook is to be fined £500,000, the maximum amount possible, for its part in the Cambridge Analytica scandal, the information commissioner has announced.
But talk about good timing.
In the first quarter of 2018, Facebook took £500,000 in revenue every five and a half minutes. Because of the timing of the breaches, the ICO said it was unable to levy the penalties introduced by the European General Data Protection (GDPR), which caps fines at the higher level of €20m (£17m) or 4% of global turnover – in Facebook’s case, $1.9bn (£1.4bn). The £500,000 cap was set by the Data Protection Act 1998.
Elizabeth Denham, the information commissioner, explains her real goal with this fine is to “effect change and restore trust and confidence in our democratic system.”
“Most of us have some understanding of the behavioural targeting that commercial entities have used for quite some time,” Denham said, “to sell us holidays, to sell us trainers, to be able to target us and follow us around the web.”
“But very few people have an awareness of how they can be micro-targeted, persuaded or nudged in a democratic campaign, in an election or a referendum.
“This is a time when people are sitting up and saying ‘we need a pause here, and we need to be sure we are comfortable with the way personal data is used in our democratic process’.”
I think we’re still some way off that; people just seem not to be bothered.
Facebook’s rise in profits, users shows resilience after scandals
Facebook Inc (FB.O) shares rose on Wednesday after the social network reported a surprisingly strong 63 percent rise in profit and an increase in users, with no sign that business was hurt by a scandal over the mishandling of personal data.
But maybe I shouldn’t be so pessimistic.
The digital privacy wins keep coming
Progress can be difficult to measure; it often comes in drips and drops, or not at all for long stretches of time. But in recent weeks, privacy advocates have seen torrential gains, at a rate perhaps not matched since Edward Snowden revealed how the National Security Agency spied on millions of US citizens in 2013. A confluence of factors—generational, judicial, societal—have created momentum where previously there was none. The trick now is to sustain it.
Rhett Jones from Gizmodo strikes a cautionary note about Apple’s positioning following Facebook’s recent data sharing controversies.
Apple isn’t your friend
In its own deliberate fashion, Apple appears to see a market opportunity in the privacy debate that goes beyond polishing its own image. As headlines blared about Facebook’s latest data-sharing turmoil, the Wall Street Journal reported that Apple has been quietly planning to launch a new advertising network for the past year. It’s said to be a re-imagining of its failed iAd network that was shuttered in 2016.
Generally, more competition is welcome. If Apple is giving Facebook and Google headaches, we say that’s great. But it’s a thorny issue when we’re talking about a few billion-dollar companies exchanging places on the ladder as they strive to be trillion-dollar companies. It’s just not enough for the least bad megacorp to keep the evil ones in check.
GDPR finally comes into force on Friday, and there seems to be no let up in the privacy notice update emails we’re all getting. This raised a smile though.
Most GDPR emails unnecessary and some illegal, say experts
What’s more, Vitale said, if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you to give it that consent.
“In many cases the sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email.”
I wonder if we’ll still receive these emails after 25 May. If we do, are the companies that send them admitting they weren’t compliant initially? I’m sure the ICO won’t be too concerned, but it’ll be interesting to see what happens.
Last-minute frenzy of GDPR emails unleashes ‘torrent’ of spam – and memes
The whole process has inspired the internet to rope in everyone from Julian Assange to Donald Trump to Prince William in an attempt to illustrate their frustration at the electronic onslaught.
The EU’s Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data was signed off on 27 April 2016, two years ago. It becomes enforceable from 25 May 2018. Have we been using these last two years to get ready?
This, from a year ago, sums it up, I think.
Concern that schools are not preparing for new rules on personal data
The General Data Protection Regulations are the ‘biggest change in 25 years’ to how organisations must manage personal data, but only a fifth of schools are aware of the May 2018 deadline.
Employers and schools are all certainly busy now, in these last few weeks, reviewing data asset registers and updating privacy notices. The news that the fines for noncompliance could be as high as £17 million is certainly a motivator, although here’s Elizabeth Denham, the Information Commissioner, suggesting they won’t be levying such large fines lightly.
What is GDPR? Data protection law is changing in 2018. Here’s what you need to know
But Denham says speculation that her office will try to make examples of companies by issuing large business-crippling fines isn’t correct. “We will have the possibility of using larger fines when we are unsuccessful in getting compliance in other ways,” she says. “But we’ve always preferred the carrot to the stick”. […]
“Having larger fines is useful but I think fundamentally what I’m saying is it’s scaremongering to suggest that we’re going to be making early examples of organisations that breach the law or that fining a top whack is going to become the norm.” She adds that her office will be more lenient on companies that have shown awareness of the GDPR and tried to implement it, when compared to those that haven’t made any effort.
As well as some of us acting as data controllers or data processors, we’re all data subjects too. These are new rules designed to protect our data. I’m sure we’ve all been getting emails from companies like Twitter, Instagram and Fitbit and so on, about their revised data and privacy policies.
Here’s a great summary from Danny O’Brien of the Electronic Frontier Foundation, on what to look out for.
Why am I getting all these terms of service update emails?
The EU regulators are certainly paying attention to these email updates. A strongly-worded blog post this week by EU’s head enforcer, European Data Protection Supervisor (EDPS) Giovanni Buttarelli, warned the public and his fellow regulators to be “vigilant about attempts to game the system”, adding that some of these new terms of service emails could be “travest[ies] of the spirit of the new regulation”. […]
As Buttarelli says, such “legal cover” might well be against the spirit of the GDPR, but it’s going to take a while for companies, regulators, and privacy groups to establish what the law’s sometimes ambiguous statements really mean. One particularly knotty problem is whether the language that many of these emails use (“by using our service, you agree to these terms”) will be acceptable under the GDPR. The regulation is explicit that in many areas, you need to give informed, unambiguous consent by “a statement or clear affirmative action.” Even more significantly, if the data being collected by a company isn’t necessary for the service it is offering, under the GDPR the company should give covered users the option to decline that data collection, but still allow them to use the service.