PRIVACY BEAT: Sovrin said to be restructuring as it pursues goal of giving web users more control over their private data and identity

Privacy Beat

Your weekly privacy news update.

VIEW IN YOUR BROWSER

Sovrin said to be restructuring as it pursues goal of giving web users more control over their private data and identity

Key leaders of a non-profit movement to improve how identity is handled on the Internet spent the week scrambling after a pioneering effort hit a snag in fund-raising efforts. But they say a new structure for the effort — The Sovrin Foundation — is in the works and should be announced during April.

Sovrin is a pioneering effort to introduce methods for consumers to take direct control of their privacy and identity on the web. Supporters received an email this week detailing a failed digital token sale. Now that note has been replaced with two website postings about the status and next steps for Utah-based Sovrin. The key point is that operating services for Sovrin’s 60 “stewards” — or affiliates — are said to be unaffected.

“The mission requires a change in how we function as an organization,” says the “next steps” note. A new funding model is sought, it says. The “status” note says the Sovrin developer community remains active.

In discussion with Privacy Beat, Sovrin’s leaders said a five-member “transition team” of its Board of Trustees is working on a new structure, which could be made public as soon as the next Internet Identity Workshop. The team’s co leaders are Sovrin Trustee Joyce Searls, of the Searls Group, in the United States, and Andre Kudra, chief information officer of German’s esatus AG. Other team members are Evernym Inc. Chief Trust Officer Drummond Reed, Brigham Young University technologist Phillip J. Windley and Desert Financial Credit Union Executive Vice President Ron Amstutz and Mawaki Chango of DIGILEXIS Consulting in Africa.

The Sovrin Foundation is a private-sector, international non-profit established to govern what it hopes will be the world’s first self-sovereign identity (SSI) network, based on World Wide Web Consortium (W3C) standards and using distributed-ledger technology. Sovrin governs the network and the open-source code that makes it work, but does not own or control people’s identities. The Sovrin code was developed by a for-profit company, Evernym, and given to the foundation. The Sovrin Community comprises volunteers who develop code, staff committees, and working groups, and promote the Sovrin Mission.

PERSONAL PRIVACY

Considering the impact of antitrust law on privacy | Alexandra Mitretodis & Brock Super, Fasken Martineau DuMoulin LLP
BEYOND LOCAL: Privacy concerns cause sale of home DNA kits to plummet | Guelph Today

Student privacy laws still apply if coronavirus just closed your school | Kate Cox, Ars Technica
Opinion: Maine Privacy Law Should Withstand Legal Challenge | Government Technology

Protecting Personal Data When Working Remotely | Data Protection Commission
PH privacy commission reminds gov’t of COVID-19 patients’ privacy | Backend News

Brave gets best ranking of privacy in Irish browser study | Dan Goodin, Ars Technica

Does your organization need customized privacy compliance solutions? ITEGA can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

COVID-19 AND PRIVACY

As governments weigh using mobile geolocation to ID likely virus carriers, MIT offers privacy tech option

There’s been a surge of stories reporting government industry in surveilling people via their mobile phone to see if they are at risk of infecting others withe the COVID-19 virus — based on where they have been. The issue — can this be done without unlock the Genie of government watching of our every move, once the virus pandemic subsides?

Technologists at MIT and Harvard have come up with a mobile-phone application for sharing personal information with other users in a privacy-preserving way. It’s called “Private Kit: Safe Paths” and there was a write up about it in last weeks’ MIT Technology Review.

Meanwhile, Will Knight writing on Wired.com said Google and Facebook are discussing plans with the White House to share collective cdata on people’s movements during the coronavirus pandemic. His story questions the value and ethics of doing so. He reports the idea came up in a White House meeting with tech companies on Sunday. “These efforts are happening,” Wired quotes Harvard Prof. Carolien Buckee as saying.

France’s Senate approved a measure that would suspend laws regulating the collection and processing of health and location data to “deal with the consequences of the Covid-19 epidemic.”

RELATED LINKS

The Technology 202: Other countries use surveillance to fight coronavirus. Privacy advocates worry the U.S. could follow. | Cat Zakrzewski, Washington Post
A new app would say if you’ve crossed paths with someone who is infected | Will Douglas Heaven, MIT Technology Review | THE KIT
Protecting Civil Liberties During a Public Health Crisis |Matthew Guariglia and Adam Schwartz, Electronic Frontier Foundation
Google, other companies get your data if you use Verily’s coronavirus site | Alfred Ng, CNET
The Value and Ethics of Using Phone Data to Monitor Covid-19 | Wired
In Times Of Pandemic, GDPR Still Applies, EU Warns | Emma Woollacott, Forbes
Senate Democrats raise privacy concerns with Google about coronavirus screening service | Tony Romm, WashingtonPost.com
Coronavirus: They want to use your location data to fight pandemic. That’s a big privacy issue | Cathrin Schaer, ZDNet
Governments will use location data to map spread of coronavirus | Joel Khalili, TechRadar
To Track Virus, Governments Weigh Surveillance Tools That Push Privacy Limits | Kirsten Grind, Robert McMillan and Anna Wilde Mathews, Wall Street Journal
To Track Virus, Governments Weigh Surveillance Tools That Push Privacy Limits | Kirsten Grind, Robert McMillan and Anna Wilde Mathews, Wall Street Journal
Phones Could Track the Spread of Covid-19. Is It a Good Idea? | Will Knight, Wired
Big Tech faces a ‘Big Brother’ trap on coronavirus | Nancy Scola, Politico
Maintaining our privacy during a pandemic: are our privacy laws working? | Jon Belcher, BM Magazine
Israeli Spyware Firm Wants to Track Data to Stop Coronavirus Spreading | Gwen Ackerman and Yaacov Benmeleh, Bloomberg

COVID-19 AND REGULATION

What Does COVID-19 Mean For Data Protection Under GDPR? | Allison Schiff, AdExchanger
COVID-19 – Managing Privacy and Cyber Issues | Michael Scherman, Jade Buchanan, Barry B. Sookman, Christine Ing and Daniel G.C. Glover, McCarthy

COVID-19: Data Privacy Compliance | Justyna Regan, Miller Canfield

Brave Software ramps up fight to get Euro regulators to condemn Google’s use of personal data

The maker of a competitor to Google’s Chrome browser unleashed on Monday its most detailed attack to date on Google’s privacy practices, claiming the world’s largest advertising and search company is in fundamental violation of European law, and urging enforcement against it.

Brave’s Johhny Ryan said he had filed a complaint with Irish data-protection authorities alleging Google is infringing Article 5(1)b of the General Data Protection Regulation (GDPR), by collecting personal data for one purpose and, Ryan asserts, using it for other purposes without permission.

VIEW: “Inside the Black Box” spreadsheet by Brave’s Johnny Ryan:

“Google’s internal data free-for-all enabled it to create a cascading monopoly,” Ryan wrote in an email and website notice, adding: “It is now acutely vulnerable to GDPR Article 5(1)b enforcement.” Ryan said Brave had written to the European Commission, German Bundeskartellamt, UK Competition & Markets Authority, French Autorité de la concurrence, and the Irish Competition and Consumer Protection Commission, to make them aware of his purpose limitation complaint.

RELATED LINKS

Brave browser delivers on promise files GDPR complaint against Google | Michael Kapilkov, CoinTelegraph
Brave files GDPR complaint to end Google’s ‘data free-for-all’ | Robert Stevens, Decrypt
Brave Browser Delivers on Promise, Files GDPR Complaint Against Google | Investing.com
Brave files GDPR complaint to end Google’s ‘data free-for-all’ | Robert Stevens, Decrypt
Brave Browser Ryan to take Google to court for data abuse | Muhaimin Olowoporoku, Cryptopolitan
Brave accuses Google of using ‘hopelessly vague’ privacy policies that breach GDPR | Campbell Kwan, ZDNet

CCPA PUSHBACK

COVID-19 warrants CCPA delay, ad interests say; Quoted Becerra advisor reply: Now is time for privacy vigilance

Heavy hitters in the U.S. advertising industry are asking California Attorney General Xavier Becevveria to “forbear until Jan 2, 2021” by postponing past July 1 his enforcement of the California Consumer Privacy Act (CCPA). Their argument: Dealing with the COVID-19 work-from-home reality is making it hard to innovate compliance with the law.

“Now is not the time to threaten business leaders with premature CCPA enforcement lawsuits,” says the letter penned by Dan Jaffe of the Association of National Advertisers, was signed by 32 groups, including the American Association of Advertising Agencies (4As) and the Interactive Advertising Bureau (IAB).

But Forbes.com quoted an “advisor to Becerra” as saying the AG was committed to begin enforcement either by July 1, or when the office finalizes draft implementing regulations. “We’re all mindful of the new reality created by COVID-19 and the heightened value of protecting consumers’ privacy online that comes with it,” the advisor told Forbes. “We encourage businesses to be particularly mindful of data security in this time of emergency.”

Becerra just published last week a second set of modifications to CCPA rules, based upon two public comment periods so far, and is taking more comments until 5 p.m. on Friday, March 27. Meanwhile, a bevy of privacy-focused lawyers are continuing to analyze the draft regulations (See links, below).

RELATED LINKS:

Advertising industry lobbies say COVID-19 warrants CCPA delay | George Slefo, AdAge
COVID-19 Warrants Delaying Enforcement Of California Privacy Law, Ad Groups Say | Wendy Davis, MediaPost

CPA class action lawsuits are coming, are you ready? | Dan Schneider and Jeff Dennis, Newmeyer & Dillon LLP
What Can Businesses Learn from the First CCPA Class Action Lawsuit? | Jack Pringle, Amy L. Hanna Keene and William B. Gaudet, Adams and Reese LLP
First wave of CCPA class actions raise unsettling questions | Brittany Wunderlich, Fisher & Phillips LLP
AUDIO: Podcast summarizing CCPA compliance tips for business | Goldberg & Segalla law

CCPA ANALYSIS

CCPA Update: California AG’s Modified Proposed Regulations | Andrew M. Willinger, Jonathan (Yoni) Schenker and Peter A. Nelson, Patterson Belknap Webb & Tyler LLP
California Attorney General Publishes Modifications to CCPA Regulations | Thompson Hine
CCPA Regulations Modified | Faegre Drinker
CCPA Whiplash – Second Modification of the Regulations Pulls Back Business-Friendly Revisions | Jessica Lee and Susan Israel, Loeb & Loeb LLP
In response to an access request, does a company have to produce all of the information that it has about an individual? | Bryan Cave Leighton Paisner LLP
California Attorney General Issues Revisions to CCPA Regulations | Vikram Sidhu, Cheryl Yakey and Jared Wilner, Clyde & Co
CCPA Compliance Update: Three Key Revisions to Regulations | Chad F. Watson and Chris L. Bollinger, National Law Review

LAW FIRMS DISSECT CCPA DRAFT RULES

Hogan Lovels bullet point summary of CCPA regulatory updates | Mark Brennan et. Al, Hogan Lovells US LLP
Vorys law firm’s bullet-point summary of CCPA regulatory updates | John Landolfi et. al, orys, Sater, Seymour and Pease LLC
Legal analysis of CCPA regulatory proposals | Jenner & Block
Legal analysis of CCPA regulatory proposals | Ice Miller law firm
Legal analysis of CCPA regulatory proposals | Square Patton & Boggs
Legal analysis of CCPA regulatory proposals | Paul Hastings
Legal analysis of CCPA regulatory proposals | McDermott Will & Emery
Legal analysis of CCPA regulatory proposals | Buckley LLP
Legal analysis of CCPA regulatory proposals | Jones Day

TRUST, PRIVACY AND NEWS

It’s Not Just the Content, It’s the Business Model: Democracy’s Online Speech Challenge | Nathalie Maréchal and Ellery Roberts Biddle, New America
EDITORIAL: Time to curb Section 230 protection given Google, FB | ges to Section 230| Seattle Times Editorial Board
Social Media Giants Should Pay Up for Allowing Misinformation | Samuel Woolley, Wired
Broadband network expansion has to tackle digital privacy protection | Stuart Brotman, The Hill
Best news apps of 2020 | John Corpuz, Tom’s Guide
We need the news. And the news needs us. | Jason Kint, Digital Content Next

WASHINGTON WATCH

Senate, House dispute kills data privacy bill | Cameron Sheppard, Sequim Gazette
Senate and House Dispute Kills Data Privacy Bill | Cameron Sheppard, The Daily Chronicle
NIST Privacy Framework: How to put this GDPR and CCPA guide to work | Karen Martin, TechBeacon

STATEHOUSE WATCH

Vermont Governor Signs Bill Requiring Data Privacy Inventory of Citizens’ PII | Linn Foster Freedman, Robinson+Coe law firm
Washington State Takes the Lead in CCPA Copycat Legislation Race, Trends Emerge | Laura E. Jehl, Mark E. Schreiber and Kari Prochaska, Of Digital Interest
Washington Privacy Act fails again, but state legislature passes facial recognition regulation | Khari Johnson, Venture Beat
Another One Bites the Dust: Washington Privacy Act Fails to Pass (Again) | Hunton Privacy Blog

AD TECH

What industries utilize cookie banners the most, and the least? | David Zetoony, Bryan Cave Leighton Paisner LLP
What percentage of opt-in cookie consent banners ignore visitors’ choices? | David A. Zetoony, Bryan Cave Leighton & Paisner LLP
RESEARCH: Only 2.8% of major websites deploy simple “notice” cookie banner | David A. Zetoony, Bryan Cave Leighton Paisner LLP

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

QUOTE OF THE WEEK

Is it time to end Section 230 immunity for Google, Facebook and other platforms to curb misinformation?

“Congress is now considering several changes to Section 30. It should be updated in a way that provides a more level playing field for the media. For dominant platforms such as Google and Facebook, it is in effect a federal subsidy that they no longer need…Anyone posting on Facebook is the “content provider” and may be held liable for it. Facebook is not liable because Section 230 immunizes “services…Now that a few giant companies provide most content consumed by Americans, that distinction is obsolete. The largest telecommunications companies are also media companies after mergers since 1996…Nor are services like Facebook passive pipelines…While the light touch approach of Section 230 helped the internet blossom, it’s now providing unfair advantage to a few dominant companies. Fix the law so it works better for everyone.”

– Excerpted from a March 17 editorial in The Seattle Times authored by its editorial board.

ABOUT PRIVACY BEAT

Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.

Forward

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.