PRIVACY BEAT: With at least $500M on the table, a scramble to propose and debate location tracking for the pandemic — then what?


Privacy Beat

Your weekly privacy news update.



With at least $500M on the table, a scramble to propose and debate location tracking for the pandemic — then what?

The privacy landscape was dominated over the last week by many dozens of stories about an announced Google/Apple joint initiative to embed a form of tracking technology within the operating systems of both iPhones and Android devices. (see Privacy Beat, April 10.)

The news stories and blog reports added new details about how the system might work, and multiple reporters and activists raised privacy concerns. One of the privacy experts, a former Obama administration official, Ashkan Soltaini, noted one reason for all the attention — one of the COVID-19 economic-stimulus bills requires the Centers for Disease Control to suggest within 30 days to Congress at least $500 million worth of “data surveillance and analytics infrastructure modernization.”

One of the deepest-dive analyses and “how-it-works” descriptions of the proposal was published April 17 at by senior writer Andy Greenberg who concluded: “The result is a complicated picture — a unproven system whose imperfections could drive users away from adopting it, or even result in unintended privacy violations.”  But Greenberg continued: “And yet it may also preserve privacy in the most important ways, while also serving as a significant tool to help countries around the world prevent new outbreaks.”




Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Could co-operatives check power of tech platforms over individual data? Panelists and MIT professor see somewhat similar visions

Why does the public have to be content with personal data being under the control of governments or investor-owned corporations?  A new approach is suggested in a panel discussion — the “the platform co-operative.”

“We need platform co-ops now more than ever,” writes talk-show host Laura Flanders in a written introduction to an April 14 audio podcast featuring Stacco Trocoso, Micky Metts and Ela Kagel.

“We need to be the keepers of our own information,” says Kagel, rather than have it controlled by Facebook, Google or other technology platforms.

Since after World War II, progressive economists have been touting the Mondragan co-operatives  in northern Spain — a group of successful companies owned by their workers. In the United States, agricultural co-operatives emerged in the 1930s.  There are thousands of co-operatively owned banks and credit unions in the United States, and a growing world of co-operative food markets, owned by their customers.  Why not a data co-operative?

The idea of a data service largely controlled by the consumers whose data it contains in an idea also advanced by Alexander “Sandy” Pentland, at MIT.  Pentland, talking about data co-operatives, makes an analogy to the power of corporations in the 1800s and early 1900s that went largely unchecked. One response was the creation of labor unions — to assert collective rights. That lead to legislation.

It’s the same today, Pentland told an MIT gathering last year. Digital platforms have a lot of date about users and governments are concerned. A data co-operative that represents a lot of people could influence the platforms’ behavior, Pentland said, making it possible for the public to push back, on how data about them is used.

Another idea for affecting the control of platforms like Googe and Facebook over user data is advanced by emeritus Prof. Soshanna Zuboff of the Harvard Business School.  She sees an opportunity for other companies to collaborate.



Use of ‘differential privacy’ to adjust databases could prejudice minority rights, researchers say in new paper

Researchers at the University of Massachusetts and two other institutes are warning that a commonly used technology for shielding the privacy of individuals in massive databases may inadvertently be prejudicial to minority rights, the school reports.

The researchers, lead by Gerome Miklau at the University of Massachusetts-Amherst, focused their student on data gathered by the U.S. Census.  The technology is called “differential privacy” and it refers to the practice of slightly scrambling data to make it harder to identify an individual it is associated with.  Differential privacy is used by Apple Computer and others.

For example, a database including the ages of individuals might be adjusted so that ages are reported in ranges rather than a specific value.  This is referred to as “noise,” by the researchers. It could be applied to other attributes, such as ethnic origin.

UMass reports that Miklau and colleagues found that introducing such noise “could lead to downstream decisions that would unfairly impact certain groups.”  In one example, a community which has significantly higher Spanish-language representation than its immediate neighborhood communities could fail to qualify for a multiple-language ballot if its representation counts were partcially evened out with the communities around it.

Miklau and three doctoral-candiate researchers at UMass, Colgate University and Duke University presented a paper on the phenomenon at a conference in Barcelona earlier this year.  It is entitled “Fair Decision Making Using privacy-Protected Data.”



Wesleyan computer scientist building “Do Not Sell” browser application in bid to follow CCPA; plans W3C and industry discussions and UX testing

A World Wide Web Consortium (W3C) study group is discussing a plan by Wesleyan University Prof. Sebastian Zimmeck to study and test how  machine-enabled “Do-Not-Sell” instructions should be handled under the California Consumer Privacy Act (CCPA).

Zimmeck’s team has started building a web browser plug in that will create and send a “Do Not Sell My Data” signal automatically in an implementation of the CCPA.

The effort will produce a browser capability that is controversial.  It is seen by privacy advocates as an obvious implementation of the CCPA — the idea that a consumer should be able to use technology to transmit a privacy preference automatically.

But virtually the entire U.S. advertising industry has told California’s attorney general they don’t think requiring the honoring of a “Do-Not-Sell” signal from a browser was intended by the Legislature nor would requiring it, they say, even be constitutional.  Zimmeck acknowledgements the disagreements, but feels that, as a neutral party with no economic skin the game, his work can be a platform for discussion.

“What we will be doing going forward is usability studies of the different approaches that exist,” Zimmeck said in a chat with Privacy Beat. “We’ll take our own implementation and the DAA (Digital Advertising Alliance) and the IAB (Tech Lab) solutions and see how companies react and what users think.”
Zimmeck says he’s optimistic that by prototyping the DNS signaling, and discussing it within the World Wide Web Consortium (W3C) and among industry groups “we can find a solution in the end.”  The first implementations will be for the Chrome and Firefox browsers.






Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


Lead engineer for Singapore’s mobile-phone contract tracing system is hubris and ‘technology triumphalism’

“If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No. Not now and, even with the benefit of AI/ML and — God forbid — blockchain 😂 (throw whatever buzzword you want), not for the foreseeable future.

There are critical factors (like ventilation — see below; update: or singing!) that a purely automated system will not have access to. You cannot “big data” your way out of a “no data” situation. Period. Any attempt to believe otherwise, is an exercise in hubris, and technology triumphalism. There are lives at stake. False positives and false negatives have real-life (and death) consequences. We use TraceTogether to supplement contact tracing — not replace it.”

– Jason Bay, product lead for TraceTogether, writing April 10 at Singapore’s Government Digital Services blog, “Automatic contact tracing is not a coronavirus panacea.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp