News

CDPI Privacy Newsletter

Categories : CDPI Privacy Newsletter

Settlement of BIPA suit puts brakes on Clearview AI across the US

May 17, 2022
Clearview AI, known for scraping billions of facial recognition images without consent and running afoul of privacy regulators in numerous countries, has met its match in the American Civil Liberties Union (ACLU). Clearview’s agreement to settle the ACLU’s 2020 lawsuit which stated the company violated Illinois’ BIPA biometrics law means the company can’t continue to sell its software to most US companies, and sets a precedent that state privacy laws can have impact beyond state lines.
CDPI Privacy Newsletter

Mexico’s Supreme Court grants sweeping rights to access citizen & company bank data

May 17, 2022
Four of five Supreme Court justices voted to allow access to citizen bank documents, removing the need for  warrants. The decision is based on argument that individual rights to bank privacy is secondary to the government’s need to combat tax fraud and monitor for money laundering. Needless to say, that opens the data of millions of Mexican citizens to scrutiny without consent or specified cause. It is, however, in keeping with the aim of Mexico’s president who wants to crack down on Big Tech abuses.
CDPI Privacy Newsletter

IT’S THE LAW (05/17/2022)

May 17, 2022
The EU Council has approved the Data Governance Act (DGA). The new law will promote the availability and reuse of data that is subject to the rights of others that can benefit the public sector. This includes trade secrets and intellectual property data as well as personal data, areas not covered by the 2019 Open Data Directive. The EU plans to set up a single access point with an electronic register of public-sector data as part of a framework to foster data intermediation services and provide a secure environment through... Read More >
CDPI Privacy Newsletter

Sad, but true! Online trackers can help themselves to your form data before you even have a consent option

May 17, 2022
No need to wait to see if you’ll consent or not, many companies, including Meta, TikTok and this Top Ten list of offenders, are pleased to snag email addresses and personal identifiers while you’re filling out forms. This KU Leuven and Radboud University study of the top 100K websites found 1,844 websites visited from the EU, and 2,950 visited from the US had email addresses exfiltrated.
CDPI Privacy Newsletter

Global survey reports cybersecurity spend up 51% in a year, but CISOs & CEOs fear companies unprepared to face growing risks

May 17, 2022
Thoughtlab’s benchmark study of 1,200 diverse large organizations in 16 countries found that while more than $125.2 billion annually has been spent to shore up this area, the rapidly evolving threat landscape has many companies at significant risk. Weak links are: complexity of supply chain (44%), rapid digital innovation (41%), and inadequate budget plus lack of executive support (28% each).
CDPI Privacy Newsletter

With a wink and a nod, Meta looks to evade Clearview-type biometric penalty – plus, it’s quietly removing some Facebook location data services

May 17, 2022
Perhaps Illinois and Texas didn’t notice that Meta’s Instagram, Messenger, Messenger Kids, Portal and Facebook have been using facial recognition algorithms – which the company claims didn’t identify anyone anyway. Well, in case either could be a problem, Meta has temporarily shut off some avatars and filters for subscribers in both states. Certainly better than facing consequences like Clearview (see Story #1). The company is also changing Location Services in Facebook, including Nearby Friends, weather alerts, and Location History as of May 31st. This will mean Meta will stop collecting information used for these, even if you previously granted permission. 
CDPI Privacy Newsletter

Children’s Privacy: EU legislation intended to lead fight against child sexual abuse – instead terrifies privacy advocates

May 17, 2022
The EU this week proposed legislation to mandate tech companies aggressively screen for and remove child sexual abuse material (CSAM). However, while that should be welcome news to child privacy advocates, the breadth and scope of what’s proposed had a chilling effect. Concerns are that it would impose extreme obligations on chat and other communication services, including WhatsApp, Signal and Facebook Messenger to broadly scan user messages looking for CSAM or solicitation of children via AI systems. But, privacy advocates feel the general nature of such detection orders that would be issued by individual EU nations, could leave the door open to more generalized surveillance.
CDPI Privacy Newsletter

Netherlands ACM investigating Match Group claim against Google Play

May 10, 2022
The investigation by Netherlands’ Authority for Consumers and Markets (ACM) was triggered by a complaint by Match Group (which owns Tinder and other dating apps). Match claims Google’s Android Play Store uses a dominant position to preclude use of other payment systems. Google, in a statement, says Match is eligible to use other (more expensive) options outside Google Play’s standard policies.
CDPI Privacy Newsletter

Data broker SafeGraph cashes in by revealing who visits abortion clinics

May 10, 2022
For just $160, Vice’s Motherboard team bought a SafeGraph list of a weeks’ worth of data on location and length of stay for groups of people who visited Planned Parenthood and other abortion clinics (and where they went afterward). To say this is sensitive information, given what looks like pending reversal of Roe v. Wade, is an understatement. What is safe to say is the people whose data was collected never consented to have information accrued by SafeGraph via software development kit code (SDK) data of ordinary-use apps (for weather... Read More >
CDPI Privacy Newsletter

IT’S THE LAW (05/10/2022)

May 10, 2022
The privacy implications and risks to individuals, should the US Supreme Court overturn Roe v. Wade abortion rights protection (as a document leaked this week indicates), could be huge according to legal experts – particularly since there’s no national privacy law. Not only would it put women looking to get abortions and clinicians performing abortions on the wrong side of the law, but it opens up a rat’s nest of opportunity for legal as well as backdoor data sharing and tracking of information on people and services. It would also... Read More >
CDPI Privacy Newsletter