|
|
1. Ad-tech/publisher group IAB offers fresh tool to salvage real-time bidding service in face of EU privacy challenges
IAB Europe has released a tool that validates consent management platforms (CMPs) for requirements of IAB Europe’s CMP Compliance Programme — as part of their Transparency and Consent Framework (TCF). Currently, 131 of the 150 CMPs registered with TCF were found to be compliant. (LIST)
Johnny Ryan of Brave was quick to point out on Twitter that, “Lest anyone assume that this resolves GDPR Article 5(1)f problems at the heart of the IAB OpenRTB system, take note that the “validator tool” merely checks for some UX problems.” He also tweeted here and here.
V1 of the ‘Policy Compliance Checks’ includes a series of eight questions related to the user interface for displaying required information about data usage and for obtaining user preferences, which are key features of CMPs. Also included are 10 technical compliance checks related to the CMP API that communicates user data preferences to vendors via the IAB’s Global Vendor List (GVL). (CMP Validator user guide)
RELATED LINKS:
|
|
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
|
2. Five Democratic senators seek detailed info from Amazon about Ring doorbell system’s data practices
Five U.S. Senators, all Democrats, have sent a letter to Amazon Chairman Jeff Bezos asking more than 20 questions seeking detailed information about the privacy implications of the company’s “Ring” doorbell video surveillance service.
“Ring’s emphasis on safety and security has not always extended to the massive amount of data it amasses, retains and shares…,” says the letter from Sens. Ron Wyden, Edward Markey, Chris Van Hollen, Christopher Coons, and Gary Peters. They cited reports that Ring “left Wi-FI network passwords exposed to hackers” and “left customer video feeds vulnerable to eavesdropping and manipulation by malicious actors.”
The five senators’ letter asked for information about the Ring systems use of facial recognition, noting the company has applied for facial recognition patents.
The letter, dated Nov. 20, was cited by the Electronic Privacy Information Center (EPIC), which called Ring a “neighborhood surveillance system posing as a doorbell.” The letter follows an investigation by Senator Markey into Ring’s surveillance practices, EPIC said. EPIC has recently launched a campaign to Ban Face Surveillance worldwide.
|
|
|
|
3. IAPP confab in Brussels waxes optimistic about GDPR progress; issues 10-point “manifesto” for improving web
It’s too early to declare the EU’s General Data Protection Regulations (GDPR) a success or failure, and the judgment should not be made just on the basis of whether fines are levied, European data-protection regulators are saying.
That was a key message heard at the International Association of Privacy Professionals’ (IAPP) annual Data Protection Congress, this year in Brussels, Belgium this week. IAPP’s Angelique Carson has wrapped up the comments of many regulators in this report.
“There’s evidence significant progress is being made,” Ireland’s Data Protection Commissioner Helen Dixon was quoted as saying. European Commission Executive Vice President-Designate Margrethe Vestager agreed. (See The New York Times’ profile of Vestager this week).
IAPP announced it was launching a “Giovanni Buttarelli Memorial Lecture” to honor the late European Data Protection supervisor, who died in August. And it released a shared-vision paper, “Privacy 2030: A Vision for Europe,” which was written after Buttarelli’s death by a friend, Christian D’Cunha. The paper includes a “10-Point Plan for Sustainable Privacy.”
The document includes an afterword consisting of six short essays by thought leaders in the space, including the Electronic Privacy Information Center’s Marc Rotenberg, writer Maria Farrell, the Future of Privacy Forum’s Jules Polonetsky, CIPP/US, Harvard University’s Malavika Jayaram, Panetta & Associati’s Rocco Panetta and “Surveillance Capital” author Shoshana Zuboff.
The “Giovanni Manifesto” includes a “10-Point Plan for Sustainable Privacy.” It also says:
-
There should be “a fairer allocation of the digital dividend” by making internet access faster and geographically and socio-economically dispersed.
-
The EU should address not only digital disenfranchisement and lack of access to digital infrastructure and services — but also digital inequality.
-
Personal data “can and should be used to serve the public interest, the general interests of state and society — rather than those that benefit distinct groups or individuals.”
-
The EU should determine the limits of monitoring and monetizing people.
-
Digital products need the same rigorous scrutiny for their safety as physical products, like medicines, toys or cars.
-
Like for [the] environment, we need a new common understanding of the value — and cost — of deploying digital technology like artificial intelligence (AI).
|
|
|
4. “Surveillance-based” businesses of Google and Facebook incompatible with privacy, Amnesty International says
The non-profit Amnesty International issued a 60-page report calling out Google and Facebook for human-rights abuses saying, “The companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination.”
The report details how it has become unfeasible to use the Internet without accessing Facebook or Google services, with their subsequent data extraction and accumulation. Highlighting how their reach into the personal details of our lives continue to grow through new ventures into ‘Internet of Things’ connected devices tracking our actions in the physical world, Google’s access to health data, Facebook’s planned cryptocurrency, and that “Facebook is even developing technology that would enable tracking the inside of the human brain.” And in new markets around the world.
Closing out the report are recommendations for governments and for Google and Facebook to protect human rights in relation to data and privacy, including a call for technology companies to remediate the abuses they have contributed to through their business practices.
Included in the Annex is a 6-page letter from Facebook in response to the report stating, “While we appreciate the opportunity to engage with Amnesty International on these important issues, we respectfully disagree with your conclusion that our practices are inconsistent with human rights principles.”
RELATED LINKS:
|
|
|
5. U.S. ad industry pushes for federal law to pre-empt ‘fragmentary” California and EU privacy regulations
Faced with complying with the California Consumer Privacy Act, the U.S. advertising industry has renewed lobbying of Congress to adopt a relatively weak federal law more to its liking instead.
The “Privacy for America” coalition includes the American Association of Advertising Agencies, the Association of National Advertisers, the Interactive Advertising Bureau, the Network Advertising Initiative and the American Advertising Federation.
“In the absence of congressional action, policy affecting the entire consumer economy and consumers nationwide is being shaped by Europe and a single state,” the coalition wrote in a Nov. 21 letter to four congressional leaders.
The letter says “a patchwork of conflicting new restrictions on data collection and use” looms if Congress doesn’t act, adding that “a fragmentary regulatory environment is untenable” and will create “significant disruption, costs and uncertainty for American businesses.”
-
It says a model law should forbid use or collection of medical, financial or biometric information without “a person’s explicit permission” — but it says nothing about other types of information.
-
It says third-party data sharing, however, should not be outlawed so long as there are “enforceable contracts” between parties to make secure and lawful use of the data.
-
Rather than creating a new regulatory agency, as some privacy advocates and legislators have urged, the group simply calls for strengthening the regulator hand of the Federal Trade Commission.
RELATED TOPICS:
|
|
|
|
QUOTE OF THE WEEK
Microsoft on privacy elements
“There is a recognized urgent need to curb excessive power in the digital economy. Longer term, the unsustainability of reducing people and the earth to resources for exploitation and
trading is becoming clear. We need now to seize the chance to harness the data and technology available for social and environmental good. In this way, Europe can aspire to sovereignty of values as well as of technology.”
– Quoted from “Privacy 2030: A Vision for Europe,” by Omer Tene, at Page 27, released Nov. 20, 2019.
|
|
|
|
LINKS OF THE WEEK
- Ring” app watched kids trick or treat and bragged about it: Future CCPA violation? | Rachel Kraus, Mashable.com
-
Apple CEO Tim Cook says build privacy into new products, not later | Lisa Eadicicco
-
Some public digital billboards show ads based on a nearby phone | Thomas Germain, Consumer Reports
-
CDT among privacy groups funded by GG and FB | Daniel Stoller, BloombergBusiness
-
Your watch says more about your status than you think | Jacob Gallagher, Wall Street Journal
-
Valuing data is tricky but crucial for the public good | Diane Coyle, Financial Times
-
UK’s info commissioner details definition of “special data” | ICO office website
-
PAPER: Consent as a free pass — what’s next? | Elettra Bietti | Harvard Law School
-
Jason Kint says government says FB “sold” data on 31M users | Jason Kint, Twitter
-
SLIDES: ‘How to Recognize AI snake oil” | Arvind Narayanan, Princeton Univ.
-
FBI sought Interpol statement against end-to-end encryption | Sean Gallagher, ArsTechnica
-
Study of effects of contextual ad targeting | Kobler, Norway
-
TIMELINE: Brave provides summary of its ad-tech complaints | Johnny Ryan, Brave Inc.
-
Intimate data leak alleged by RTB ad auctions in Poland, Ireland, UK | Johnny Ryan, Brave Inc.
-
Foreign malvertising endangers U.S. cybersecurity, Congress told | Daniel Stoller, Bloomberg Law
-
Uber embraces videotaping rides, raising privacy concerns | Kate Conger, NYTimes
-
UK’s Open Rights Group petitions on data-abuse in politics | Open Rights Group website
- Baker McKenzie law firm cloud-data slide deck | Baker McKenzie website
-
Take algorithmic control away from FB and GOOG, technologist says | Garrett Sloane, AdAge
-
How UK media cover artificial intelligence — a debate | Scott Brennan et al., Reuters Institute
-
Google updates its political-ads policy | Scott Spencer, Google Blog
-
Google to start limiting political advertisers’ targeting reach | Shawn Lim, The Drum.com
-
Facebook details new safety measures to give brands control | Garett Sloane, AdAge
-
Facebook integrity exec explains political ad policy | Garett Sloane | AdAge
-
EFF comment: Europe shouldn’t abandon privacy to help police | Katitza Rodriguez & Seth Schoen | EFF.org
-
Tech to compy with data-privacy laws not cheap | George Slefo | AdAge
-
Cloud provider agreements not yet ready for CCPA? | Frank Reedy | Law.com
-
REPORT: Police use of live facial recognition in public places | ICO | UK
-
The thing about facebook and political advertising | Thomas Baekdal | Baekdal.com
-
REGULATION: British ICO principle defining “data minimization” | ICO website
-
REGULATION: What is lawful basis for personal data processing? | ICO website
|
|
|
|
|
