PRIVACY BEAT: ‘Race to Top’ effort works to finalize investing principles; begins crafting key checklist for ethical data businesses

Privacy Beat

Your weekly privacy news update.

1. ‘Race to Top’ effort works to finalize investing principles; begins crafting key checklist for ethical data businesses

An effort to turn investment dollars toward new ventures that focus on ethical uses of data and identity — and that put a priority on user privacy — took a step forward this week during a meeting in Seattle. It was the third of four meetings in the “Race to the Top” initiative.

A core group of venture-capital investors, aided by Omidyar Network, has been working to develop a set of investing principles. The  principles, in a preliminary draft form, are expected to be presented in nearer final form for comment at a Nov. 22 working roundtable in New York City involving venture-capital firms, investors and some entrepreneurs and researchers.  Other meetings have been held at the MIT Media Lab in May, at Mozilla Inc. in Mountain View, Calif. on Sept. 13, and at a Vulcan Ventures-affiliated meeting center in Seattle on Oct. 24. 

“A great day in Seattle, working with VCs and partners like @mydataorg, @ConsumerReport and @infotrust_itega who are creating a better data economy,” Omidyar investment partner Magdi M. Amin, tweeted after the Seattle gathering.   The Information Trust Exchange Governing Association, which authors “Privacy Beat,” is assisting the effort.  In Seattle, participants focused in a half-day session on understanding the mutual needs of investors and entrepreneurs and created an initial “checklist” of questions that could become part of a model term-sheet process. 

“Race to the Top” is seen by participants as an interim name for the effort, designed to invoke the idea of turning away from a “race to the bottom” — the opaque, sale, sharing and use of consumer data without the user’s permission. The intention is to (a) give venture investors a set of data best practices they can provide to entrepreneurs looking for funding and then (b) create a set of management tools for measuring promises and practices of funded companies as they progress. 


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

2. Consumer Reports tells Senate committee to reject the idea of “data ownership” in Internet privacy proposals

Consumer Reports is joining the debate over federal privacy legislation, urging the Senate Banking Committee to reject the idea of making legal a market for “ownership” of consumer data — or pay-for-privacy schemes. It calls instead for controls over data sale and sharing. 

What would advance consumer rights is a strong federal privacy law that requires data minimization, transparency, control over the sale and sharing of data, and the right to take a company to court over violating these rights, the McInnis letter said. The advice came in a four-page letter signed Oct. 24 by Consumer Reports Policy Counsel Katie McInnis to the Senate committee delivered into teh record of a hearing.

The letter cites several arguments against the creation of a market for the trading or ownership of consumer data (See extended QUOTE OF THE WEEK, below).  It calls data ownership a “false solution” and a “dangerous precedent” and opposes the trading away of privacy through the creation of monetary value for consumer data. 


3. “De-identified” user data containing unique device ID likely not complaint with CCPA, expert attorney believes 

Among many legal overviews of the California Consumer Privacy Act, as amended, is a thorough consideration of “de-identified information” by John Tomaszewski, of the law firm of Seyfarth Shaw. LLP.  Tomaszewski, is the Houston-based co-lead of the firm’s privacy and security team.

In any analysis posted last week, Tomaszewski writes that under the CCPA, as amended by AB 874, it is now more difficult to achieve “deidentified information” than merely removing a name or ID number. Tomaszewski writes that persistent cookies which have UDID or other unique identifiers will likely not be considered de-identified — because the CCPA specifies identification of a device as part of the definition of Personal Information.

“Not only must Deidentified Information be information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer,” writes Tomaszewski. He says a business must also implement:

  • Technical safeguards that prohibit reidentification of the consumer to whom the information may pertain.

  • Business processes that specifically prohibit reidentification of the information.

  • Business processes to prevent inadvertent release of Deidentified Information.


Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

4. DC privacy lobby EPIC calls for global moratorium on facial-recognition systems; Rotenberg delivers petition

A petition seeking a global ban on facial-recognition technology when it is enabling individual surveillance was delivered in a speech this week by Marc Rotenberg, president of the Washington, D.C.-based Electronic Privacy Information Center (EPIC). 

The petition, authored by an EPIC-established coalition called “The Public Voice”, says facial-recognition tech is now deployed for human identification, behavioral assessment, and predictive analysis, deployed in entire urban areas and capturing the identities of thousands or hundreds of thousands of people at any one time.  Rotenberg spoke at a global convention of data protection and privacy commissioners in Tirana, Albania.

“While the technology can sometimes benefit the public, it also allows processes that minimize human decision-making,” the petition says, adding: “We note with alarm recent reports about bias, coercion, and fraud in the collection of facial images and the use of facial recognition techniques. Images are collected and used with forced consent or without consent at all.”

The petition calls for a suspension of further mass-surveillance deployment, research to “assess bias, privacy and data protection, risk and cyber vulnerability, as well as the ethical, legal and social implications” of the technology. Countries should adopt laws, technical standards and ethical guidelines, it says.

5. Swedish school fined under GDPR for using facial-recognition tech to check on test-taking students

A Swedish secondary school that used facial recognition technology to track attendance of test-taking students was fined the equivalent of $20,000 for violating the General Data Protection Regulation (GDPR).  The DPA ruled that biometrics is sensitive personal data, according to Jane Hamrin’s reporting in — and it was not enough that students’ parents had given their consent to the exercise.  

The key problem was that the school didn’t conduct a risk assessment of the facial-recognition trial, the report said.  As well, said one privacy lawyer, the consent of the students was flawed because they are in a dependent position as pupils at the school.  “Digital development should not be hampered by this ruling,” said the lawyer, Peter Birgersson, a partner at Deloitte, “it should create a dialogue about how it is done best.” 


6. Google’s top news exec touts transparency, collaboration and publisher revenue sharing in speech and interview

Google’s top executive for news, Richard Gingras, is invoking themes of transparency and collaboration in speeches to a news industry that has lost billions of advertising dollars to the search giant.  

“Key to everything we’ve touched on today is a single word: collaboration,” he told members of the Society of Inter-American Press (SIP-IAPA) in an Oct. 7 keynote speech to its convention in Miami, adding Google was “[p]artnering to confront challenges like misinformation, evolving business models, and making use of new technology to further quality journalism.” He said Google provides advertising marketplace tools to publishers which gives them “the vast majority of the revenue” sending $14.5 billion last year to publishers worldwide. He said that involves nine thousand visits each second to worldwide publishers. 

  • In an interview with Ana Lomtadze of the Global Editors Network posted Sept. 19, Gingras said Google practices transparency in three ways:  (1) Making public general policies and principles guiding algorithms and its “Rater Guidelines“, (2) Explaining “methodologies as thoroughly as practicable within the bounds of security and risks of manipulation”, and; (3) “We show our work everyday.”







 . . .  [W]e must recommend that the Committee reject the false solution of data ownership and the dangerous precedent it establishes. Furthermore, privacy is an inalienable human right that cannot be traded away, even if a monetary value of a consumer’s data could be assessed . . .  it is hard to conceive of a workable model in which consumers could claim property rights over their information since data is often co-created, useful only when combined with other data, and, unlike physical goods, can be held by many at once and easily disseminated . . . in formalizing the market for the sale of personal information, legislation advancing data ownership would coerce consumers to sign away their right to privacy . . . [or] enable the collection and use of data to create psychological profiles of voters for illicit political purposes; that enables businesses to create alternative, non-evidence based and potentially discriminatory, credit scores based on consumers’ digital footprint.

– Excerpt from an Oct. 24, 2019 letter from Consumer Reports Policy Counsel
Kate Macinnis to the Senate Banking Committee considering Internet privacy legislation


Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp