Privacy News: December 11

Large language models, iCloud encryption, Twitter privacy issues, state privacy legislation, and much much more!

But first, a shameless plug: on Tuesday (December 13) at 9 am Pacific/noon Eastern, please join me and RI Labs for Flocking to Mastodon? Here’s what you need to know!

Are you heading to Mastodon as a Twitter alternative or curious about what it is and how it works? Or want to share your own experiences?

Join RI Labs Leadership Circle Member & Founder of the Nexus of Privacy, Jon Pincus, in a conversation about navigating Mastodon with an RI Lens. As a long-time user of the platform, Jon will share his experiences, practical tips and challenges to help you enter this world with eyes wide open. Bring your questions, ideas & opinions.

Register here!

And now, on to the links.

ChatGPT, Galactica, and the Progress Trap

Abeba Birhane and Deborah Raji on WIRED (wired.com)

Two leading AI Ethics researchers look at the potentially-serious consequences when large language models fall short.

The release of large language models like ChatGPT (a question-answering chatbot) and Galactica (a tool for scientific writing) has revived an old conversation about what these models can do. Their capabilities have been presented as extraordinary, mind-blowing, autonomous; fascinated evangelists have claimed that these models contain “humanity’s scientific knowledge,” are approaching artificial general intelligence (AGI), and even resemble consciousness. However, such hype is not much more than a distraction from the actual harm perpetuated by these systems. People get hurt from the very practical ways such models fall short in deployment, and these failures are the result of their builders’ choices—decisions we must hold them accountable for.

ALSO:

VICTORY! Apple Commits to Encrypting iCloud, Drops Phone-Scanning Plans

Joe Mullin, Electronic Frontier Foundation (eff.org)

Apple will provide full end-to-end encryption on iCloud, including  backups tand photos.  It is indeed a big victory for EFF and the other privacy organizations who have been advocating for this – and for users as well.  EFF writes:

Apple’s on-device encryption is strong, but some especially sensitive iCloud data, such as photos and backups, has continued to be vulnerable to government demands and hackers. Users who opt in to Apple’s new proposed feature, which the company calls Advanced Data Protection for iCloud, will be protected even if there is a data breach in the cloud, a government demand, or a breach from within Apple (such as a rogue employee). Apple said today that the feature will be available to U.S. users by the end of the year, and will roll out to the rest of the world in “early 2023.”

Not only that, Apple annonced that its dropping its plans to install client-side scanning software.  They had originally announced this in August 2021, but put it on hold the next month in response to  widespread criticism from privacy and security researchers and digital rights groups (incliuding protests and a petition from EFF).  Now, it’s official that theToday’s announcement makes it official.

ALSO:

Twitter

Which websites are sharing data about consumers with Elon Musk’s Twitter?

Adalytics (adalytics.com)

Yikes.

When Elon Musk bought Twitter, he also bought a treasure trove of internet traffic data from websites like Reddit, NYTimes.com, Amazon.com, studentaid.gov (Department of Education’s Free Application for Federal Student Aid), and the website of Democratic Congressional Campaign Committee (dccc.org)….

The vast majority of these entities have not enabled Twitter’s Restricted Data Usage (RDU) feature to set legal guardrails around what Twitter can do with that web traffic data.

ALSO:

Ireland’s privacy watchdog engaging with Twitter over data access to reporters

Natasha Lomas on TechCrunch (techcrunch.com)

Elon Musk’s desire to stir conspiratorial shit up by giving select outsiders aligned with his conservative agenda access to Twitter systems could land him in serious doodoo with regulators.

State privacy legislation

CPRA takes effect Jan. 1: Experts warn the ad ecosystem is about to change

Kendra Clark on The Drum (thedrum.com)

For the advertising and publishing ecosystem, California’s new regulatory enforcement will create new challenges for managing consumer data privacy.

The California Privacy Rights Act Brings New Data Requirements for Employers in 2023

Molly Arranz on JD Supra (jdsupra.com)

With the holidays upon us, companies are assessing year-end to-do’s and considering what 2023 will bring.

Universal Opt-Out/Global Privacy Control: Preparing for the New Online World

Katherine Chaves on JD Supra (jdsupra.com)

A growing trend across privacy legislation is requiring company websites to respond to universal opt-out mechanisms, also known as “Global Privacy Control.” If ignored, a business exposes itself to liabilities that can result in legal and financial consequences.

And …

You Should Seriously Change These Venmo Privacy Settings

Shelby Brown on CNET (cnet.com)

Payment apps like Venmo and CashApp are convenient, but you should be aware of the privacy risks.

Some toys this holiday season come with data and privacy concerns, experts warn

Vincent Gabrielle on CT Insider (ctinsider.com)

With the holiday season here, advocates are warning that certain toys have major privacy issues.

India Requires Internet Services to Collect and Store Vast Amount of Customer Data, Building a Path to Mass Surveillance

Karen Gullo on Electronic Frontier Foundation (eff.org)

Privacy and online free expression are once again under threat in India, thanks to vaguely worded cybersecurity directions—promulgated by India’s Computer Emergency Response Team (CERT-In) earlier this year—that impose draconian mass surveillance obligations on internet services, threatening…

Want More Privacy? You Need to Change These Browser Settings Now

Rae Hodge on CNET (cnet.com)

You can give your online privacy a major boost by taking five minutes to adjust a few settings in Chrome, Safari, Firefox, Edge or Brave.

The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache

on International Association of Privacy Professionals (iapp.org)

IAPP Editorial Director Jedidiah Bracy speaks with EU AI Act Co-rapporteur and Romanian MEP Dragoș Tudorache about the state of play of the proposed legislation

The Right to Intimate Privacy

Julia Angwin on The Markup (themarkup.org)

A conversation with Danielle Citron

EU Watchdog Finds Commission Failed to Protect Human Rights From its Surveillance Aid to African Countries

on Privacy International (privacyinternational.org)

The decision by the EU’s oversight body follows a year-long inquiry prompted by complaints outlining how EU bodies and agencies are cooperating with governments around the world to increase their surveillance powers filed b

This Privacy Ruling Against Facebook and Insta Could End Targeted Ads

Thomas Germain on Gizmodo (gizmodo.com)

EU privacy regulators declared that Meta can’t force users to agree to data collection.

Data Clean Rooms: Enabling Analytics, Protecting Privacy

Jessica Davis on InformationWeek (informationweek.com)

Data clean rooms offer a way for organizations to collaborate with and share data in a protected environment that preserves privacy and governance. Here’s why they are on the rise now.

Establishing Trust and Control in the Age of Data Privacy Regulation

Carol Venezia on CIO (cio.com)

Protecting data from theft and improper use is now the concern of the entire C-suite, as it’s crucial organizations are aware of the repercussions of data breaches and failure to comply with regulations.

Google must delete search results about you if they’re fake, EU court rules

Vincent Manancourt on POLITICO (politico.eu)

Claimants have to prove the information about them is ‘manifestly inaccurate.’

Your platform is not an ecosystem

Chris Armstrong on Crooked Timber (crookedtimber.org)

Another day, another exhortation to join an “ecosystem” that’s anything but.

Cyborgs on the Highways

Zephyr Teachout on The American Prospect (prospect.org)

A review of Karen Levy’s Data Driven: Truckers, Technology, and the New Workplace Surveillance, which details the extreme forms of surveillance imposed on long-haul truckers, robbing them of their power.

EPIC to Supreme Court: Internet Companies Should Face Suits for their Harmful Conduct

on EPIC – Electronic Privacy Information Center (epic.org)

EPIC’s amicus brief in the Section 230 case.

A faster way to preserve privacy online

Adam Zewe on Massachusetts Institute of Technology News (news.mit.edu)

MIT researchers developed a method that enables users to search for information in a remote database privately, without revealing the information they are seeking to the server, that is about 30 times faster than other techniques.

Cinder’s content moderation software is custom-built for trust and safety teams

Taylor Hatmaker on TechCrunch (techcrunch.com)

Cinder launches software for companies grappling with some of the internet’s most complex, dangerous challenges.

AI photography is taking over social media. Why are some concerned about privacy?

ABC News on ABC News (abcnews.go.com)

Lensa is transforming selfies into virtual avatars that many have shared online.

Privacy community mourns death of Danilo Doneda, Brazilian data protection ‘trailblazer’

on International Association of Privacy Professionals (iapp.org)

The privacy community is remembering Brazilian data protection scholar Danilo Doneda for his contributions to the field.

The biggest lie tech people tell themselves — and the rest of us

Rose Eveleth on Vox (vox.com)

They see facial recognition, smart diapers, and surveillance devices as inevitable evolutions. They’re not.

UK privacy watchdog reveals more than two dozen data breach incidents

Alexander Martin on The Record by Recorded Future (therecord.media)

The UK’s data protection regulator published the details of more than two dozen data protection incidents in which it reprimanded organizations.

One of four US biometric privacy cases clearly protect a defendant

Jim Nash on BiometricUpdate.com (biometricupdate.com)

Court action in the U.S. state of Illinois continues to chip away at the definition of what constitutes a viable biometric information privacy lawsuit.

Privacy watchdogs to bite into edtech in 2023, analyst predicts

Eric Johansson on Verdict (verdict.co.uk)

The edtech industry ballooned during the pandemic, but analysts now predict the sector will become the next target for privacy regulators.

Dark patterns, online ads will be potential targets for the next Commission, Reynders says

Luca Bertuzzi on EURACTIV (euractiv.com)

The Privacy War Is Coming

Damian Tommasino on Dark Reading (darkreading.com)

Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.

Greek MPs Clash Over New Privacy Communications Bill

Eleni Stamatoukou on Balkan Insight (balkaninsight.com)

Political parties in parliament confront one another over government’s attempt to put a lid on the Predator spyware scandal by passing a new bill on communications privacy.

Shira Ovide on The Washington Post (washingtonpost.com)

What are the rules of the road for the A.I. age, where anything you share online might train a computer system that puts an innocent person in jail?

Apple’s promises of privacy: Are iPhones as secure as the company claims?

Isabel Rubio on Ediciones EL PAÍS S.L. (english.elpais.com)

Researchers have found that, despite its statements to the contrary, the company collects personal information from its app usage data

Around 360K people in Ontario affected by COVAXon privacy breach | Globalnews.ca

Hannah Jackson on Global News (globalnews.ca)

The ministry said in over 95 per cent of cases, only names and/or phone numbers were impacted in the breach.

Will TikTok Make Good on Privacy Promises?

Christopher Burgess on Security Boulevard (securityboulevard.com)

TikTok has a problem. Researchers continue to turn up oddities with respect to the storage of user data/information. The timing, of course, is precarious.

ALSO:

Understanding International Data Transfers and Privacy Protection Under Schrems II

TrustArc Privacy Intelligence on TrustArc Privacy Blog (trustarc.com)

TrustArc’s privacy experts explain how the rules for EU international data transfers changed after the Schrems II decision, including several updates to standard contractual clauses (SCCs).

Executives Personally Sued for Data Privacy Incidents

Nathan Morales on JD Supra (jdsupra.com)

If you manage a company that collects and otherwise processes personal data (which is just about every company, these days), you may need to protect…

Facial recognition system of Tamil Nadu police stirs privacy row

Divya Chandrababu on Hindustan Times (hindustantimes.com)

According to their website, 126 facial recognition systems have been installed across various states.

Telstra privacy breach sees customer details made public

9News Staff on 9News (9news.com.au)

The details of more than 130,000 Telstra customers have been published online due an internal error.

Operation LVMH: How a cybersurveillance firm monitored politicians, union leaders and activists

Elisa Braun on POLITICO (politico.eu)

Explosion of online data provides private security companies unprecedented access to personal information.

EU countries endorse agreement on European digital identity

Luca Bertuzzi on EURACTIV (euractiv.com)

The EU Council formalised its position on the European digital identity at the Telecom Council meeting on Tuesday (6 December).


Image credit: Daquella manera on Flickr via Wikipedia Commons.  licensed under the Creative Commons Attribution 2.0 license.