Privacy News: October 17

Getting the week off to a good start with a bumper crop of links!

Automated systems and discrimination

Rent Going Up? One Company’s Algorithm Could Be Why.

Heather Vogell, ProPublica, with data analysis by Haru Coryne, ProPublica, and Ryan Little on ProPublica (propublica.org)

Texas-based RealPage’s YieldStar software helps landlords set prices for apartments across the U.S. With rents soaring, critics are concerned that the company’s proprietary algorithm is hurting competition.

Ethical Challenges of Using Artifical Intelligence for Intelligence Analysis

Alexander Blanchard on SSRN (papers.ssrn.com)

Intelligence agencies have identified artificial intelligence (AI) as a key technology for maintaining an edge over adversaries. This article explores the ethical challenges presented by the use of AI for augmented intelligence analysis. It begins with an outline of current and future potential uses of AI augmented intelligence analysis before identifying five sets of ethical risks relating to: intrusion; explainability and accountability; bias; authoritarianism and political security; collaboration and classification. The article offers a series of recommendations targeted at intelligence agencies to address and mitigate these challenges.

AI tools fail to reduce recruitment bias – study

Chris Vallance on BBC News (bbc.com)

Artificially intelligent analysis of job applications or videos is “pseudoscience”, researchers say.

Lessons Learned from Algorithmic Impact Assessments in Practice

Spotify Engineering on Spotify Engineering (engineering.atspotify.com)

Understanding algorithmic impact is critical to building a platform that serves hundreds of millions of listeners and creators every day. Our approach includes a combination of centralized and distributed efforts, which drives adoption of best practices across the entire organization — from researchers and data scientists to the engineer pushing the code.

Privacy after Roe

How the Dobbs abortion ruling reshaped America’s privacy debate, from health to politics and law

Dan Vergano on Grid News (grid.news)

The Supreme Court’s verdict put the spotlight on the country’s patchy privacy protections.

And …

Consumer privacy tension increases with voice and face biometrics cases across the US

Jim Nash on BiometricUpdate.com (biometricupdate.com)

JPMorgan Chase Bank is accused of breaking California privacy law by recording customers’ phone calls without consent using Microsoft software.

Detroit Action Responds to ShotSpotter Expansion, Vows to Continue Fight for Violent Prevention Programs

Detroit Action on Medium (detroitaction.medium.com)

“The Detroit City Council’s decision to expand ShotSpotter with millions of our taxpayer dollars is a slap in the face to thousands of Detroit residents teetering on the precipice of homelessness, economic instability, and joblessness….  We’re calling on the Mayor and Council to offset their rash, harmful decisions by reinvesting in solutions to homelessness, recognizing and addressing root causes of violence, preserving and producing deeply affordable housing, increasing vital city services, and supporting arts and culture. The dedication to help our communities thrive is what will keep us safe, not microphones and surveillance.”

Privacy Lawsuit Exposes Google Employees Cracking Jokes About Chrome’s Incognito Mode

Nathan Wasson on HotHardware (hothardware.com)

Internal Google documents show employees’ alarm at the lack of privacy afforded by Chrome Incognito mode.

Employers using technology to track productivity of remote workers

Matt Galloway on CBC Listen (cbc.ca)

Some employers use technology to track the productivity of their remote workers — but a new law in Ontario will force companies with more than 25 employees to disclose their electronic monitoring policy to staff. We talk to Lauren Reid, president of The Privacy Pro, a Toronto-based consulting firm.

First Court in California Suppresses Evidence from Overbroad Geofence Warrant

Jennifer Lynch on Electronic Frontier Foundation (eff.org)

A California trial court has held a geofence warrant issued to the San Francisco Police Department violated the Fourth Amendment and California’s landmark electronic communications privacy law, CalECPA. The court suppressed evidence stemming from the warrant, becoming the first court in California..…

Lawless Surveillance

Barry Friedman on NYU Law Review (nyulawreview.org)

Policing agencies in the United States are engaging in mass collection of personal data, building a vast architecture of surveillance. This growing network of surveillance is almost entirely unregulated. In virtually every other instance in which personal information is collected by the government, courts require that a sound regulatory scheme be in place before information collection occurs. The Article defines what a minimally acceptable regulatory scheme for mass data collection must include and shows how it can be grounded in the Constitution.

Why is the NYPD hiding its surveillance of BLM?

Albert Fox Cahn and Matt Mahmoudi on New York Daily News

In recent weeks, the NYPD took the extraordinary step of appealing a court order to disclose documents about its surveillance of the historic Black Lives Matter protests of 2020. For Amnesty International and the Surveillance Technology Oversight Project, it was a disappointing delay after two years of fighting to release these documents. But above all, it prompted us to ask: “What is the NYPD hiding?”

Hot Hot Hot – Executive Order – Start your Privacy Engines – Serious Privacy

Buzzsprout (buzzsprout.com)

On this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool discuss the 10-7 series of deliberately machinated and long-awaited political events surrounding the EU-US data transfer mechanism that is intended to replace the Privacy Shield, invalidated under Schrems II back in 2020 – the “thingie.”

Client-side scanning to detect child abuse material harmful

Thomas Claburn on The Register (theregister.com)

Security expert Ross Anderson challenges claim that bypassing encryption is essential to protecting kids.

Equifax surveilled 1,000 remote workers, fired 24 found juggling two jobs

Ashley Belanger on Ars Technica (arstechnica.com)

Equifax used its own worker surveillance product to spy on workers fired.

EU, US central banks see national digital currencies only if privacy balanced by security

Jim Nash on BiometricUpdate.com (biometricupdate.com)

The digital identity and privacy communities got some confirmation about the near future from the world’s top two central bankers.

Court Says “You May NOT Amend Your TOS by Posting New Terms to Your Site”-International Markets v. Thayer

Kieran McCarthy  on Technology & Marketing Law Blog (blog.ericgoldman.org)

Most online terms-of-use agreements claim to give their drafters broad discretion to modify the terms at the host’s discretion. Some terms-of-use agreements purport to allow host websites to modify the terms by sending an email (inevitably, to your spam folder) to notify you of the changes. Others require users to constantly refresh their browsers to know when updates occur. Before 2022, courts usually enforced the former strategy while requiring some evidence of actual or constructive notice to enforce the latter. But this year, courts have begun to require more rigorous evidence of notice and assent to enforce modifications to online agreements.

Without a Data Privacy Law, India Must Consider Hazards of ‘Deanonymisation’ of Non-Personal Data

Aarathi Ganesan on The Wire (thewire.in)

Deanonymisation is performed by combining anonymised datasets to identify information about a particular user in different contexts, which can reveal layered and comprehensive personal information about an individual.

The Internet Is Not Facebook: Why Infrastructure Providers Should Stay Out of Content Policing

Corynne McSherry and Jillian C. York on Electronic Frontier Foundation (eff.org)

Cloudflare’s recent headline-making decision to refuse its services to KiwiFarms—a site notorious for allowing its users to wage harassment campaigns against trans people—is likely to lead to more calls for infrastructure companies to police online speech. Although EFF would shed no tears at the loss of KiwiFarms (which is still online as of this writing), Cloudflare’s decision re-raises fundamental, and still unanswered, questions about the role of such companies in shaping who can, and cannot, speak online.

ICO consultation on the draft employment practices: monitoring at work guidance and draft impact assessment

UK Information Commissioner’s Office  (ico.org.uk)

The Information Commissioner’s Office (ICO) is producing topic-specific guidance on employment practices and data protection. We are releasing our drafts of the different topic areas in stages and adding to the resource over time. A draft of the guidance on monitoring at work is now out for public consultation.

Chris Hipkins accused of cowering after criticising privacy report on police photographing

Katie Scotcher on RNZ (rnz.co.nz)

The police minister is facing criticism over his suggestion the law could be changed to allow officers to keep photographing people for looking out of place or suspicious.

Feds: Ex Louisville Police Officer Used Law Enforcement Tech To Help Hack Sexually Explicit Photos From Women

Danielle Grady on LEO Weekly (leoweekly.com)

A former Louisville Metro Police Department officer used law enforcement technology as part of a scheme that involved hacking the Snapchat accounts of young women and using sexually explicit photos and videos they had taken to extort them, federal prosecutors said in court documents filed on Tuesday.

Privacy Shield 2.0: Data Protection Law May Benefit Businesses

Matt G. Southern on Search Engine Journal (searchenginejournal.com)

Learn what the new European Union (EU) & United States data privacy framework could mean for businesses and marketers.

Privacy activists warn against removing compensation for data protection breaches

Laura Kabelka on EURACTIV (euractiv.com)

The Advocate General of the Court of Justice of the European Union (CJEU) issued a non-binding opinion, which privacy advocates fear could further limit users’ possibilities to enforce their privacy rights under the GDPR.

Meta’s New Quest Pro VR Headset Harvests Personal Data Right Off Your Face

Khari Johnson on WIRED (wired.com)

Cameras inside the Quest Pro that track eye and face movements can make an avatar’s expressions more realistic, but they raise new privacy questions.

Targeted Billboard Ads Are a Privacy Nightmare

Mack DeGeurin on Gizmodo (gizmodo.com)

A new report details ways advertisers are taking lessons learned from mobile ads to create intimately targeted ads in the physical world.

How Data Privacy Has Revolutionized the Post-Pandemic Workplace Trends?

Amtul Rafay on ReadWrite (readwrite.com)

Since the Pandemic, data privacy has become a top concern for organizations. Workers working remotely must ensure company and user data is protected.

Big Tech accused of shady lobbying in EU Parliament

Clothilde Goujard on POLITICO (politico.eu)

Lawmakers file complaints against 8 companies and trade groups over alleged shadow lobbying.

Privacy and Data Security Update – The Consumer Finance Podcast

Kim Phan on JD Supra (jdsupra.com)

Please join Consumer Financial Services Partner Chris Willis and his colleagues Ron Raether and Kim Phan, partners in our Privacy + Cyber Practice…

The New Trans-Atlantic Data Privacy Framework Is Not Enough

Tracy Mitrano on Law, Policy—and IT? (insidehighered.com)

Important issues to act on.

Using sensitive data to prevent discrimination by artificial intelligence: Does the GDPR need a new exception?

Marvin van Bekkum on arXiv.org (arxiv.org)

Organisations can use artificial intelligence to make decisions about people for a variety of reasons, for instance, to select the best candidates from many job applications. But in Europe, an organisation runs into a problem when it wants to assess whether its AI system accidentally discriminates based on ethnicity: the organisation may not know the applicants’ ethnicity. This paper asks whether the GDPR’s rules on special categories of personal data hinder the prevention of AI-driven discrimination.

LEAK: A sneak peak at the EU’s digital agenda for 2023

Luca Bertuzzi on EURACTIV (euractiv.com)

EURACTIV has obtained an undated version of the Commission’s work programme for 2023, which is set to be presented next Tuesday (18 October). Here is what the EU executive has in store for digital policy.

Upcoming California Privacy Rights Act: Key Compliance Tasks for California Employers

F. Paul Pittman on JD Supra (jdsupra.com)

California employers’ reprieve from obligations to employees to disclose data privacy practices and provide access rights to employees appears to be…

Colorado Attorney General Releases Colorado Privacy Act Draft Regulations

Roy Wyman on JD Supra (jdsupra.com)

The Colorado Attorney General’s Office issued its proposed Colorado Privacy Act (CPA) Rules (Draft Rules) on Friday, September 30.

Dubai bids to answer the data privacy riddle

Joydeep Sengupta on Khaleej Times (khaleejtimes.com)

Digital Dubai’s team is on a mission to pave the way for synthetic data, showcasing itself as an innovator among the Arabian Gulf states

Pappas seeks new legislation protecting reproductive privacy rights

Andrew Sylvia aon Manchester Ink Link (manchesterinklink.com)

U.S. Representative Chris Pappas (D-NH-01) supports the “My Body, My Data Act” which would prohibit personal medical data from being used against a woman in criminal proceedings.

Online Advertisers Prepped for Multistate Privacy Compliance Challenges

John Eggerton on Next TV (nexttv.com)

IAB updates blueprint for handling differing consent regimes

Students Are Using AI to Write Their Papers, Because Of Course They Are

Claire Woodcock on vice.com

Essays written by AI language tools like OpenAI’s Playground are often hard to tell apart from text written by humans.

City ‘inadvertently’ shares personal information, breaches privacy in mass email to hundreds of Hamilton voters

Matthew Van Dongen on TheSpec.com (thespec.com)

Breach affected 450 residents registered to vote by mail; city has alerted the provincial privacy commissioner

Is Every Website That Plays Videos Breaking An ’80s Privacy Law?

Thomas Germain on Gizmodo (gizmodo.com)

A Regan-era law regulating VHS rentals is responsible for a wave of lawsuits claiming video-playing website that collects data is liable.

Minnesota takes additional steps to protect ballot privacy

News Staff on Detroit Lakes Tribune (dl-online.com)

At this time, the six Minnesota counties that use the impacted machines have not used the “cast vote record” feature. If a county decides to use the cast vote record feature, a fix is available to prevent ballot identification.

Amazon expands ‘pay with your palm’ technology

Stephanie Condon on ZDNET (zdnet.com)

Amazon’s palm-recognition service is being deployed as a standalone payment option for the first time at the Climate Pledge Arena in Seattle.

iOS 16 Has An Amazing New iPhone Privacy Feature—Here’s How To Use It

Kate O’Flaherty on Forbes (forbes.com)

Apple’s iOS 16 comes with an amazing new privacy feature you might not know about. Here’s how to use it.


Image credit: Originally by Nick Youngson, licensed from Alpha Stock Images under CC BY-SA 3.0 via Picpedia