Privacy and technology

Aug 17

Peter Fleischer (Google) | EU | [Google's answers to the] Questionnaire addressed to Search Engines by the Article 29 Working Party regarding the implementation of the CJEU judgement on the "right to be forgotten" [Google Docs] -

From the letter:

"Thank you for inviting Google representatives to the meeting organized on July 24 by the Article 29 Working Party with three US-based search engines to discuss the challenges of implementing the European Court of Justice’s recent decision in the ‘Costeja’ case. Please find below the responses to the questionnaire that you sent to us. In the interest of transparency, we will follow your lead and make our responses public."


Aug 16

House of Lords - European Union Committee | UK | EU Data Protection law - a 'right to be forgotten'? [PDF and HTML linked from this page] -

From the news release:

"The Court’s interpretation of Article 12 of the 1995 Data Protection Directive, which was drafted three years before Google was founded, has resulted in the ruling that the search engine’s European sites must process more than 70,000 data removal requests that it has received since its web form went live on 30th May, 17 days after the judgment. After having heard evidence from data protection experts, the Information Commissioner’s Office, the Minister for Justice and Civil Liberties, Simon Hughes, and Google itself, the Committee recommends that the UK Government must continue to fight to ensure that the updated Regulation no longer includes any provision on the lines of the Commission’s ‘right to be forgotten’ or the European Parliament’s ‘right to erasure’."

See also: News release.


Aug 15

Alex Preston (The Guardian) | UK | The death of privacy -

From the article:

"Google knows what you’re looking for. Facebook knows what you like. Sharing is the norm, and secrecy is out. But what is the psychological and cultural fallout from the end of privacy?"

Aug 14

FTC | US | What's the deal? An FTC study on mobile shopping apps [PDF] -

From ‘Privacy policy recommendations’:

"Consumers should be able to evaluate and compare the data practices of different services in order to make informed decisions about the apps they install. The number of readily available privacy policies addressing the collection, use, and sharing of data is a step in the right direction. However, many disclosures used vague language, reserving broad rights to collect, use, and share consumer information, rather than describe how the apps actually handle consumers’ data. Such disclosures preserve broad rights but fail to achieve what should be the central purpose of any privacy policy — making clear how data is collected, used, and shared.48 Further, they suggest that these app developers may not be evaluating whether they have a business need for the data they are collecting."


Aug 13

PwC | Insurance 2020 - The digital prize - Taking customer connection to a new level [PDF] -

From ‘Wave two - New and enhanced products’:

"Tracking sensors have already paved the way for the development of ‘pay as you go’ motor cover, which matches the premium to how much the car is used. This is now giving way to a more risk- sensitive ‘pay how you drive’ model, which allows insurers to judge how well the policyholder drives and reflect this in their pricing. Examples include Discovery Insure in South Africa. Drivers rated as good or excellent by the company’s Vitalitydrive programme can receive monthly cash rewards of up to 50% of their fuel expenditure. The benefits for Discovery include higher retention and lower claims costs. Even more important for the company are the benefits for society. The service is encouraging safer driving and reducing the incidence of serious accidents among policyholders in a country with one of the highest motor vehicle fatality rates in the world (33 per 100,000 inhabitants per year, more than twice the rate in China and the US). The next level of ‘information advantage’ is going to come from extracting risk and customer profiling data from the purchasing, GPS, social media and other digital trails people leave. A lot of this information is unstructured and new analytical techniques are emerging to get the insights from it. […] What underlies these developments is an important shift from the insurer being a reactive claims’ payer to a proactive risk manager. By helping customers to understand and mitigate their risks more effectively, the true value and differential of insurers’ risk management expertise would become more tangible and they would be in a better position to increase their prices and returns."

See also: News release in Dutch.


Aug 12

Daniel Solove (Concurring Opinions) | US | Privacy and data security harms -

From the blog post:

"I recently wrote a series of posts on LinkedIn exploring privacy and data security harms. I thought I’d share them here, so I am re-posting all four of these posts together in one rather long post."

Aug 11

Nighat Dad (Privacy International) | PK | Identity theft persists in Pakistan's biometric era -

From the blog post:

"To open a bank account in Pakistan, to get a new driver license or passport or to activate a SIM card, you need to present a computerized national identity card. These cards are about more than just proving identity; they are essential to getting on with your day-to-day life. So what happens when you lose your identity to fraud? Pakistan is one of the few nations that has registered almost the entire population’s biometric details and provided citizens with a computerized national identity card. But even with that system in place, fraud is still rampant. I took a closer look at the fraud industry to understand just how identity fraud persists in the new biometric era."

Aug 10

Dimitri Tokmetzis (BoF) | NL | How your innocent smartphone passes on almost your entire life to the secret service -

From the article:

"Ton Siedsma is nervous. He made the decision weeks ago, but keeps postponing it. It’s the 11th of November, a cold autumn evening. At ten past eight (20:10:48 to be exact), while passing Elst station on the way home, he activates the app. It will track all of his phone’s metadata over the coming week. […] After exactly a week, on Monday, 18 November, he concludes the experiment, saying afterwards that he felt liberated when doing so. There’s an easy explanation for his nervousness: what he’ll be doing, where he’ll be and who he has contact with will be seen by tens of thousands of people. Today, by you and me, and all the other readers of this article."

See also: Dutch-language original version of the article at De Correspondent.

Aug 09

Human Rights Watch and the American Civil Liberties Union | US | With liberty to monitor all - How large-scale US surveillance is harming journalism, law and American democracy [PDF] -

From the Summary:

"Specifically, this report documents the effects of large-scale electronic surveillance on the practice of journalism and law, professions that enjoy special legal protections because they are integral to the safeguarding of rights and transparency in a democracy. To document these effects, we interviewed 92 people, including 46 journalists and 42 lawyers, about their concerns and the ways in which their behavior has changed in light of revelations of largescale surveillance. We also spoke to current and former senior government officials who have knowledge of the surveillance programs to understand their perspective, seek additional information, and take their concerns into account in our analysis. Whether reporting valuable information to the public, representing another’s legal interests, or voluntarily associating with others in order to advocate for changes in policy, it is often crucial to keep certain information private from the government. In the face of a massively powerful surveillance apparatus maintained by the US government, however, that privacy is becoming increasingly scarce and difficult to ensure. As a result, journalists and their sources, as well as lawyers and their clients, are changing their behavior in ways that undermine basic rights and corrode democratic processes."


Aug 08

SPA Future Thinking | UK | Review of the impact of ICO civil monetary penalties [PDF] -

From ‘2. Key findings’:

"The research findings indicate that CMPs are effective at improving data protection compliance. […] The research confirmed that this positive impact was extended to ‘peer’ organisations, where CMPs had a wider impact as a useful deterrent and an incentive to ‘get it right first time’. A substantial proportion of this sample said that they had reviewed or changed their data protection practices and policies as a result of hearing about CMPs being issued to other organisations."

See also: Related presentation in PDF.


Aug 07

Kostas Rossoglou and Jeffrey Chester (Trans Atlantic Consumer Dialogue) | [Open letter to the U.S. Federal Trade Commission and the Irish Data Protection Commissioner] [PDF linked from this page] -

From the letter:

"We are writing to express deep alarm about the announcement on June 12, 2014, that Facebook is planning to collect the web browsing activities of Internet users for targeted advertising. Facebook already installs cookies and pixel tags on users’ computers to track browsing activity on and Facebook apps. If Facebook is permitted to expand its data collection practices, those cookies and pixel tags will also track users’ browsing activity on any website that includes a few lines of Facebook code."

See also: Full text in PDF.


Aug 06

Information Commissioner's Office | UK | Big data and data protection [PDF] -

From the Introduction:

"This paper is intended to give an overview of the issues as we see them and contribute to the debate on big data and privacy. This is an area in which the capabilities of the technology and the range of potential applications are evolving rapidly and there is ongoing discussion of the implications of big data. Our aim is to ensure that the different privacy risks of big data are considered along with the benefits of big data - to organisations, to individuals and to society as a whole. It is our belief that the emerging benefits of big data will be sustained by upholding key data protection principles and safeguards. The benefits cannot simply be traded with privacy rights."


Aug 05

Danielle Kehl with Kevin Bankston, Robyn Greene & Robert Morgus (New America's Open Technology Institute) | Surveillance costs - the NSA's impact on the economy, internet freedom & cybersecurity [PDF linked from this page] -

From the Executive Summary:

"It has been over a year since The Guardian reported the first story on the National Security Agency’s surveillance programs based on the leaks from former NSA contractor Edward Snowden, yet the national conversation remains largely mired in a simplistic debate over the tradeoffs between national security and individual privacy. It is time to start weighing the overall costs and benefits more broadly."

See also: Full text in PDF.


Aug 04

Andy Greenberg (Wired Threat Level) | The app I used to break into my neighbor's home -

From the blog post:

"My neighbor lives on the second floor of a Brooklyn walk-up, so when I came to his front door he tossed me a pair of keys rather than walk down the stairs to let me in. I opened the door, climbed the stairs, and handed his keys back to him. We chatted about our weekends. I drank a glass of water. Then I let him know that I would be back soon to gain unauthorized access to his home. Less than an hour later, I owned a key to his front door."


Aug 03

Khaled El Emam and Luk Arbuckle (Future of Privacy Forum) | De-Identification - A Critical Debate -

The introduction to this blog post:

Ann Cavoukian and Dan Castro recently published a report titled Big Data and Innovation, Setting the Record Straight: De-Identification Does Work. Arvind Narayanan and Edward Felten wrote a critique of this report, which they highlighted on Freedom to Tinker. Today Khaled El Emam and Luk Arbuckle respond on the FPF blog with this guest post.