As always, a lot going on!
Hiding OUT: A Case for Queer Experiences Informing Data Privacy Laws
Antoine Prince Albert III on Public Knowledge (publicknowledge.org)
In a long, thought-provoking, and very timely piece, this article suggests
The best way for any federal or state legislature to assure all consumers’ privacy is protected online is to stress-test their laws against the harsh and worsening realities of queer experiences. If a law can protect queer interests, it will ensure that all consumers are maximally protected. More fundamentally, a federal standard of informational privacy will be essential to disrupt states’ enforcement against individuals’ rights to decisional privacy.
After discussions of the harsh realities of American queer experience, and how “life-affirming spaces online trivialize the harsh, anti-queer realities of life offline”, Albert ticks off some of the key features legislation needs to protect queer people – and everybody else.
- Protect private media, personal correspondence, informational data, and metadata by default.
- Protect information about people’s communications patterns as well as obvious sensitive data like a romantic video, an emotional voice note, or an online private message thread
- Contain heightened protection of individuals’ account or device log-in credentials, activities over time and across third-party websites or services, as well as information about their television, cable or streaming service subscriptions, preferences, and usage.
- Tightly secure health and genetic information
- Include intentionally inclusive civil rights protections into their consumer privacy laws.
It’s interesting to look at the ADPPA consumer privacy legislation through this lens. While it takes steps to address some of these, it also has significant loopholes – for example, gender identity, sexual orientation, and sex aren’t considered sensitive data; and voice notes and personal correspondence sent to (or created on) employer-issued machines gets less protection.
So I wholeheartedly agree with the author: let’s fashion privacy legislation in Queen Swann’s fabulous image!
SEE ALSO: Design From the Margins, by Afsaneh Rigot, on centering the most marginalized and impacted in design processes. The first example in the technical report discusses how product changes Grindr made to protect queer users in the Middle East and North Africa, who are generally even more at risk than most Western queers, turned out to be extremely popular for all users. Rigot’s focusing on product and technology design, but as Albert highlights, the same approach of designing from the margins applies to legislation design as well.
Federal privacy legislation and regulation
Nadler & Thompson Send Letter Requesting Information on Government Purchase of Americans’ Private Data
U.S. House Judiciary Committee (judiciary.house.gov)
In a followup to the Digital Dragnets hearing and revelations of the scope of DHS purchases of cellphone data we discussed in the July 20 newsletter, House Judiciary Committee Chair Jerry Nadler (D-NY) and Homeland Security Committee Chair Bennie G. Thompson (D-MS) sent a letter to DOJ, DHS, the FBI, CBP, ICE, DEA, and BATF requesting information regarding their agencies’ purchasing of Americans’ data from private companies.
“Rather than focusing on particular suspects, data policing tools are dragnets, sifting through all of our data,” the Chairs wrote, “Recent investigative reports indicate that many law enforcement agencies—including yours—have purchased data or licenses through relationships with data brokers, instead of obtaining it through statutory authorities, court order, or legal process.”
The information is likely to add more momentum to the Fourth Amendment Is Not For Sale Act, which had strong bipartisan support in the hearing.
FIND OUT MORE: Lawmakers Demand FBI, DHS, and Others Reveal Purchases of Private Data, Dell Cameron, Gizmodo (gizmodo.com)
TAKE ACTION: Tell Congress to pass the Fourth Amendment Is Not For Sale Act with EFF’s handy web form
New U.S. Privacy Law May Give Telecoms Free Pass on $200 Million Fines
Joseph Cox on Motherboard (vice.com)
The ADPPA consumer privacy bill shifts privacy regulation of telecoms a from the FCC to the FTC. In the hearing, lobbyist Maureen Ohlhausen (testifying on behalf of the 21st Century “Privacy” Coalition, whose founders include AT&T, Verizon, Comcast, and industry trade associations) described this as “appropriate”. And yeah, you can see why telecoms would support this:
“Congress’s ‘grand’ privacy bargain not only apparently lets the nation’s largest mobile carriers skip hundreds of millions in FCC fines for their egregious, illegal sharing of sensitive data on Americans; it completely strips the expert agency on telecom privacy of any power to protect our rights to our location data. That’s dangerous,” Ryan Singel, open internet fellow at Stanford’s Center for Internet and Society, told Motherboard.
The FCC fined AT&T, T-Mobile, Sprint, Verizon $200 million in in February 2020, after an investigation by Motherboard sold location data that wound up going to hundreds of bounty hunters, and a spearate invesgiation the The New York Times and the office of Sen. Ron Wyden found that the carriers sold location data to a company which allowed law enforcement officials to track the location of phones without a warrant.
FIND OUT MORE: Lobbyists gonna lobby talks about 21st Century “Privacy” Coalition’s other co-founder Jon Leibowitz and his strategy for pushing weak, preemptive federal privacy legislation. To be fair, though, when Leibowitz spoke (right after me!) at the CPPA special board meeting, urging them to support weak federal privacy legislation, he made a point of saying that he wasn’t there on behalf of any client.
Also …
Learn how the FTC plans to regulate “commercial surveillance”, Maneesha Mithal, Gabe Madoff, Jason Gerson, and Angelique Carson on logo (go.terratruehq.com)
Idaho Company Sues FTC, Claiming Agency Threatened Suit Over Its Tracking Data, John D. McKinnon on WSJ (wsj.com)
The FTC’s privacy rulemaking: Risks and opportunities, Omer Tene on International Association of Privacy Professionals (iapp.org)
Privacy after Roe
Mozilla slaps 18 period and pregnancy tracking apps and devices with a ‘Privacy Not Included’ warning label, Jordan Parker Erb on Insider (businessinsider.com)
When law enforcement wants your social media content, do data privacy laws hold up?, Michel Martin and Logan Koepke on NPR (npr.org)
Civil society to Meta: Stop censoring reproductive rights content, Jennifer Brody on Access Now (accessnow.org)
Coalition Urges SC Lawmakers to Stop Reproductive Health Censorship Bill, cmackenzie on Chamber of Progress (progresschamber.org)
What Facebook’s abortion case should tell us about tech companies and user privacy, WBUR on WBUR (wbur.org)
Using HIPAA To Protect Patient Privacy and Fight Abortion Criminalization, Communications on Center for American Progress (americanprogress.org)
How Google found itself under pressure from all sides after Roe’s demise, Jennifer Korn on CNN (edition.cnn.com)
And …
The Rise of the Worker Productivity Score, Jodi Kantor, Arya Sundaram, Aliza Aufrichtig and Rumsey Taylor on The New York Times (nytimes.com)
Improving Researcher Access to Digital Data: A Workshop Report, Caitlin Vogus on Center for Democracy and Technology (cdt.org)
New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection, Hunton Andrews Kurth’s Privacy and Cybersecurity on The National Law Review (natlawreview.com)
Head in the Clouds? A Brief Note on Transfers to the US in a Privacy-Absolutist World, Carey Lening on linkedin.com
Blockchain’s Forever Memory Confounds EU ‘Right to Be Forgotten’, on Morrison Foerster (mofo.com)
GitHub’s new privacy policy sparks backlash over tracking cookies, Ax Sharma on BleepingComputer (bleepingcomputer.com)
Beyond third-party cookies: Community and consumer privacy in the metaverse, Fiona Campbell-Webster, MediaMath on VentureBeat (venturebeat.com)
Privacy Protocol Monero Is Getting a Major Upgrade, Frederick Munawa on CoinDesk (coindesk.com)
What Apple’s Privacy Message is Missing, Alex Woodie on Datanami (datanami.com)
18 books (In English) on privacy and data protection, Luiza Jarovsky on Thread Reader (threadreaderapp.com)
Bitcoin’s Privacy Problem—And What Cypherpunks Are Doing to Solve It, Mat Di Salvo on Decrypt (decrypt.co)
GDPR Compliance: What is Privacy Shield 2.0?, Nicole Cloyd on JD Supra (jdsupra.com)
Potential Privacy Challenges in a Smart Office, Ellie Poverly on IoT For All (iotforall.com)
‘National Digital Identity Program’ to be introduced to Canadians, Anna Ellis on Euro Weekly News (euroweeklynews.com)
Apple’s privacy changes are causing many SMBs to lose money, Will McCurdy on TechRadar pro (techradar.com)
Public Input Sought To Inform Privacy Rules For Biometrics in New Zeland, on Scoop News (scoop.co.nz)