Privacy News Roundup: February 22

As always, a lot going on!

Forget Milk and Eggs: Supermarkets Are Having a Fire Sale on Data About You

Jon Keegan on The Markup (themarkup.org)

When you use supermarket discount cards, you are sharing much more than what is in your cart—and grocery chains like Kroger are reaping huge profits selling this data to brands and advertisers

EU parliamentary committee says ‘no’ to EU-US data privacy framework

Jon Gold on Computerworld (computerworld.com)

Progress on ratifying the Trans-Atlantic Data Policy Framework hit a snag, as a parliamentary committee rejected a draft decision to adopt the pact, saying it did not comply with the EU’s GDPR privacy regulations.   It’s not really that surprising – there was a lot of skepticism when the deal was first announced – but hope springs eternal.

State privacy legislation

Congress’ push for a privacy law is alive and well — in statehouses

Alfred Ng on POLITICO (politico.com)

Ng looks at EPIC’s push for state legisation modeled after the American Data Privacy and Protection Act (ADPPA).  Massachusetts and Illinois have already introduced bills based on ADPPA;  meanwhile, other states are continuing to introduce TechNet-backed bills similar to Virginia’s (based on the Bad Washington Privacy Act).

California lawmaker seeks to end to ‘reverse warrants’ that could pinpoint abortion seekers

Tonya Riley on CyberScoop (cyberscoop.com)

Lawmakers say the overly broad digital surveillance tool poses a major threat to reproductive health privacy.

ALSO:  EFF Backs California Bill to Protect People Seeking Abortion and Gender-Affirming Care from Dragnet Digital Surveillance, Hayley Tsukayama on Electronic Frontier Foundation (eff.org)

Opinion: This bill would hurt children while trying to help them

Shoshana Weissmann on Deseret News (deseret.com)

Utah lawmakers are considering SB152, which would require children and adults to provide proof of age to internet sites in order to gain access

Illinois Supreme Court Determines BIPA Claims Accrue Individually With Each Violation

Kristin L. Bryan, Kyle R. Fath, Christina Lamoureux, and David J. Oberly on The National Law Review (natlawreview.com)

The Illinois Supreme Court today confirmed that each separate violation of the Illinois Biometric Information Privacy Act (BIPA) constitutes a distinct and separately actionable violation of the statute. The decision exponentially increases liability exposure and the scope of damages that may be collected for alleged violations of BIPA.

ALSO

AI and Automated Decision Systems

German Constitutional Court strikes down predictive algorithms for policing

Molly Killeen on EURACTIV (euractiv.com)

The German Federal Constitutional Court has declared the use of Palantir surveillance software by police in the states of Hesse and Hamburg unconstitutional.

ALSO:

Privacy Regulators Step Up Oversight of AI Use in Europe

Catherine Stupp on The Wall Street Journal (wsj.com)

The growth of AI business applications, plus coming EU rules on the technology, are pushing privacy regulators to open dedicated units and hire staff.

Can ‘we the people’ keep AI in check?

Connie Loizos on TechCrunch (techcrunch.com)

Technologist and researcher Aviv Ovadya isn’t sure that generative AI can be governed, but he thinks the most plausible means of keeping it in check might just be entrusting those who will be impacted by AI to collectively decide on the ways to curb it.

Commerical surveillance

Meta will also sell blue badge on Instagram and Facebook

Manish Singh on TechCrunch (techcrunch.com)

Remember how hard people fought against Facebook’s “real names” policy back in 2014? Now, Meta CEO Mark Zuckerberg has launched Meta Verified, a subscription service that will allow Facebook and Instagram users to pay for the privilege of sending them your government-issued ID and getting a blue badge. It’s a great example of the phenomon Chris Gilliard and David Golumbia describe in Luxury Surveillance: “People pay a premium for tracking technologies that get imposed unwillingly on others.”

Google Launches Way for Android Apps to Track You Without Tracking You

Thomas Germain on Gizmodo (gizmodo.com)

Privacy Sandbox, the set of changes that will kill third-party cookies forever, is now coming to Android. Paradoxically, Google says the goal is to track everything you do online in a way that’s better for your privacy.

ALSO: Android launches yet another way to spy on users with “Privacy Sandbox” beta, Ron Amadeo on Ars Technica (arstechnica.com)

Twitter’s Two-Factor Authentication Change ‘Doesn’t Make Sense’

Lily Hay Newman on WIRED (wired.com)

The company will soon require users to pay for a Twitter Blue subscription to get sign-in codes via SMS. Security experts are baffled.

ALSO: How to keep your Twitter secure without giving Elon Musk any money, Zack Whittaker on TechCrunch (techcrunch.com)

And …

FTC’s new Office of Technology will help mop up tech ‘oozing with snake oil’

Devin Coldewey on TechCrunch (techcrunch.com)

The FTC is embracing change with the establishment of an Office of Technology that will help it regulate the fast-moving world of tech.

ALSO: A Century of Technological Evolution at the Federal Trade Commission, the Premerger Notification Office Staff on Federal Trade Commission (ftc.gov)

Gonzalez v. Google Live Analysis – Institute for Rebooting Social Media

on rebootingsocialmedia.org

A detailed discussion of the Supreme Court hearing on a key Section 230 case.

ALSO: Quick Debrief on the Gonzalez v. Google Oral Arguments, Eric Goldman on Technology & Marketing Law Blog (blog.ericgoldman.org)

New research suggests that privacy in the metaverse might be impossible

Louis Rosenberg, Unanimous A.I. on VentureBeat (venturebeat.com)

Protecting privacy in the metaverse is critical, and it’s shocking how little data is needed to uniquely identify a user in the metaverse.

FTC Launches New Office of Technology to Bolster Agency’s Work

the Premerger Notification Office Staff on Federal Trade Commission (ftc.gov)

The Federal Trade Commission today launched a new

This Tool Could Protect Artists From A.I.-Generated Art That Steals Their Style

Kashmir Hill on NYTimes (nytimes.com)

Artists want to be able to post their work online without the fear “of feeding this monster” that could replace them.

Air Canada Launches Digital Identification; First Airline to Test Facial Recognition Technology for Identification Verification in Canada

on Air Canada (media.aircanada.com)

In a pilot project currently underway, Air Canada’s digital identification is now available for customers departing from Vancouver International Airport and for eligible customers entering the Air Canada Café at Toronto Pearson International Airport.

Brussels sets out to fix the GDPR

Clothilde Goujard on POLITICO (politico.eu)

New law to solve enforcement flaws of the GDPR could open a Pandora’s box of lobbying and regulators’ infighting.

Domestic violence hotline calls will soon be invisible on your family phone plan

Ashley Belanger on Ars Technica (arstechnica.com)

Domestic violence hotline launches biggest effort yet with wireless industry.

New Mobile Phone Service Shows We Can Have Both Privacy and Nice Things

Daniel Kahn Gillmor, Jay Stanley on American Civil Liberties Union (aclu.org)

Despite the desires of companies to monetize our data, we must insist that privacy be built into the technologies we depend on.

Artificial intelligence chatbot banned by Italian privacy authority

Giorgia Carneri on GamingTechLaw (gamingtechlaw.com)

The Italian data privacy authority ordered the prohibited a chatbot powered by an artificial intelligence system

Privacy-by-design can be a source of value and opportunity, not cost

Divsha Bhat on Gulf Business (gulfbusiness.com)

Privacy can become a selling point and a source of value, especially when it is implemented by design and not reactively.

Privacy and Cybersecurity Issues in Electric Vehicles

Hannah Ji-Otto on JD Supra (jdsupra.com)

This is the second article in a series of alerts that addresses what businesses, organizations and governmental entities should be considering as they…

Opinion: Chula Vista’s use of automated license plate surveillance threatens everyone’s privacy

Norell Martinez, Nancy Relaford, Margaret Baker on San Diego Union-Tribune (sandiegouniontribune.com)

Use of surveillance technology disproportionately impacts immigrants.

Americans Flunked This Test on Online Privacy

Natasha Singer and Jason Karaian on NYTimes (nytimes.com)

Many consumers want control over their personal details. But few understand how online tracking works, says a new report from the University of Pennsylvania.

ChatGPT is a data privacy nightmare. If you’ve ever posted online, you ought to be concerned

Uri Gal on The Conversation (theconversation.com)

ChatGPT is fuelled by our intimate online histories. It’s trained on 300 billion words, yet users have no way of knowing which of their data it contains.

Ex-Twitter privacy chief takes job at social media app BeReal

Sara Merken on Reuters (reuters.com)

Damien Kieran, who resigned as Twitter Inc’s chief privacy officer in November after Elon Musk took over the social media giant, has joined photo sharing app-maker BeReal as its top lawyer.

A New Draft Privacy Model Blooms From the NAIC Privacy Working Group

Ann Young Black on JD Supra (jdsupra.com)

On February 1, the NAIC’s Privacy Working Group’s new privacy model germinated. After months of development, the exposure draft, titled “Insurance Consumer Privacy Protection Model Law #674” (Proposed Model), has finally reached daylight.

On the Grid: Data and Privacy Protection Act

Mayukh Sircar on The National Law Review (natlawreview.com)

In a presentation by Ward and Smith attorney Angela Doughty, In-House Counsel Seminar attendees received an overview on a variety of topics relevant to privacy and data security, including curren

Web Tracking Creates a Web of Data Privacy Risks

Anahita Anvari on JD Supra (jdsupra.com)

Regulatory enforcement and large litigation relating to the use of third party trackers on companies’ websites and applications have been on the rise….

Evolving enforcement priorities in times of debate – Overview of regulatory strategies of European Data Protection Authorities for 2023 and beyond

Sebastião Barros Vale on Future of Privacy Forum (fpf.org)

At a time where the effectiveness of the EU General Data Protection Regulation (GDPR) enforcement model is being challenged by the European Parliament, Data Protection Authorities (DPAs), civil society, and policymakers, the European Data Protection Board (EDPB) has launched several initiatives to reform the way DPAs are working together.

Why Colorado draft AI insurance rules are a “major leap forward” for AI governance

Sharon Goldman on VentureBeat (venturebeat.com)

Colorado’s draft rules for life insurance companies using AI for coverage decisions are game-changing, says Debevoise & Plimpton’s Avi Gesser.

Opinion | Why I’m Resigning as an FTC Commissioner

Christine Wilson on The Wall Street Journal (wsj.com)

Lina Khan’s disregard for the rule of law and due process make it impossible for me to continue serving.

The Economist Michigan information privacy $9.5M class action settlement

Top Class Actions on Top Class Actions (topclassactions.com)

The Economist agreed to pay $9.5 million to resolve claims it shared Michigan subscriber information with third parties without consent.

Mycroft’s privacy-first, crowdfunded smart speaker will ship, but not to backers

Scharon Harding on Ars Technica (arstechnica.com)

Echo alternative’s privacy focus is worth emulating, despite Mycroft’s failure.

No porn, no Instagram for kids: France doubles down on age verification

Laura Kayali on POLITICO (politico.eu)

French MPs want to expand age verification requirements to mainstream social platforms.

GAO Calls for Improved Data Privacy Protections

Dark Reading Staff on Dark Reading (darkreading.com)

US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government’s control.

Australians able to opt out of targeted ads and erase their data under proposed privacy reforms

Paul Karp on The Guardian (theguardian.com)

Individual rights could be modelled on the EU’s general data protection regulation or GDPR

Julia Angwin Joins the Brown Institute as an Entrepreneur in Residence

Mark Hansen on Brown Institute (brown.columbia.edu)

Almost 60% of GAO’s Privacy Recommendations Since 2010 Are Unresolved

Edward Graham on Nextgov (nextgov.com)

A watchdog report found that federal agencies have only implemented approximately 41% of recommendations related to the protection and security of sensitive data as of December 2022.

IAB Europe Reacts To Belgian Data Authority’s Validation Of Its Action Plan

on IAB Europe (iabeurope.eu)

The Interenet Advertising Bureau attempts to spin the latest ruling against them.

Australian privacy reform moves forward with new government report

on International Association of Privacy Professionals (iapp.org)

The Australian Attorney-General’s Department released its highly anticipated review of the Privacy Act, a significant step in the reform of its privacy law.

U.S. Technical Advisory Group Helps ISO/PC 317 Complete New Global Standard for Consumer Protection: Privacy by Design

Mary Beth Minto on OASIS Open (oasis-open.org)

New York, NY, and Boston, MA – 16 February 2023 — The U.S. Technical Advisory Group (TAG) for Consumer Privacy by Design successfully concluded its mission with the publication of a new global standard approved by the International Organization for Standardization (ISO). Administered by the American…

How to protect your privacy from streaming TV services

Jared Newman on TechHive (techhive.com)

Four steps to disable smart TV snooping, streaming ad targeting, and data sharing.

TrustPid

(guest author) on European Digital Rights (EDRi) (edri.org)

The new tracking system, misleadingly dubbed ‘TrustPid’, would be baked into the internet’s network infrastructure – potentially with little recourse or defence for users.

Government’s privacy review has some strong recommendations – now we really need action

Bruce Baer Arnold on The Conversation (theconversation.com)

There are many good proposals in Dreyfus’s reform paper. But they risk being lost once again among the voices of those whose interests are served by maintaining the status quo.

Your Tax Data Shouldn’t Be Up for Grabs

Colin Lecher on The Markup (themarkup.org)

Especially when there’s a better way

Privacy Litigation Update: California courts will soon hear motions to dismiss in litigation that alleges chat functionality violates wiretapping statutes

Dustin Taylor on JD Supra (jdsupra.com)

Keypoint: Slurry of litigation filed by privacy-plaintiffs has survived its first motion to dismiss challenge in a California court but faces tougher…

Senators pressure CFIUS to wrap up TikTok probe with strict restrictions, potentially even separating it from its Chinese parent company

Lauren Feiner on CNBC (cnbc.com)

The letter is a signal of heightened pressure on the panel as TikTok has so far been able to continue its operations in the U.S.

How virtual reality telemetry is the next threat to privacy

Thomas Claburn on The Register (theregister.com)

Boffins find they can identify VR players just from head and hand movements

Leiden University stops using smart cameras over privacy concerns

on NL Times (nltimes.nl)

Leiden University will definitely stop using smart cameras on campus after negative advice from the University Council. The cameras raised privacy concerns last year, and risks of violating the privacy of students and employees are too significant to keep using the devices, the University Council sa…

Stop collecting airline passenger details in a database: privacy watchdog

robin on DutchNews.nl (dutchnews.nl)

The government must immediately stop processing all airline passengers’ details into a massive database, privacy watchdog Autoriteit Persoonsgegevens (AP) said on Tuesday. ’Travel details of all air passengers are being collected and updated in a database over a period of years and this is not allow…