The Data Drop News for Friday, April 22, 2022
Updated: Aug 15
Scraping Data From LinkedIn Profiles Is Legal, Appeals Court Rules. Top EU Officials Hope Data-Flows Deal Will Be Completed This Year. Apple’s Cook Says Circumventing App Store Would Harm User Privacy. Personal Data Breaches Are Falling – Except in Russia. The U.S. Government’s Google Maps Probe Could Send Ripples Through the Car Industry. Google Gets Data Each Time an Android Phone Sends, Receives a Call. Criminal Identification Bill in India Raises Fears of Shadowing. The Facebook Whistleblower Takes On the Metaverse. Plus the latest in PrivTech news!
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Scraping Data From LinkedIn Profiles Is Legal, Appeals Court Rules
An appeals court Monday ruled that web scraping—or automatically extracting information from websites and storing it for later use—is legal, protecting a tool used by researchers but dealing a blow to Microsoft-owned social networking site LinkedIn, which claimed the practice endangers user privacy.
LinkedIn had told the court an injunction allowing hiQ to resume scraping would threaten users’ privacy and possibly damage the goodwill built up between LinkedIn and its users. Because hiQ risked going out of business if blocked from scraping LinkedIn, denying an injunction would probably inflict more hardship on hiQ than allowing an injunction would inflict on LinkedIn, the court concluded Monday.
A LinkedIn spokesperson indicated that the company intends to keep pursuing the case, remarking the case is “far from over.”
Top EU Officials Hope Data-Flows Deal Will Be Completed This Year
A long-awaited deal between the U.S. and the European Union on how companies can legally transfer Europeans’ data stateside could be completed this year, a top European Commission official said Tuesday.
Washington and Brussels last month announced an “agreement in principle” on how to allow businesses to transfer Europeans’ personal information across the Atlantic while protecting individuals’ privacy. Negotiators continue to hammer out key details on how to limit U.S. surveillance of such data while allowing Europeans to mount legal challenges to spy agencies’ activity.
A final deal will require a combination of executive action by the White House, implementing regulations by federal agencies and a multistep approval process by EU officials and member states, European Commissioner for Justice Didier Reynders said. In 2020, the EU high court invalidated a previous agreement, known as Privacy Shield, for not adequately protecting Europeans’ data in the face of potential digital surveillance.
Apple’s Cook Says Circumventing App Store Would Harm User Privacy
Apple chief executive officer Tim Cook said that proposed app store regulations in the US and European Union (EU) would put iPhone users' privacy at risk. He stated: "If we are forced to let unvetted apps onto iPhones, the unintended consequences will be profound.
Data-hungry companies would be able to avoid our privacy rules and once again track our users against their will." Apple is under global scrutiny over app store policies. The EU is working on legislation that would force the company to allow apps to be installed from outside the Apple App Store, threatening Apple's grip on its platform and potentially limiting its ability to collect a commission from developers.
In the US, 2 bills that would regulate app stores run by Apple and Alphabet's Google have the best chance of becoming law among proposals aimed at reining in big technology companies.
Personal Data Breaches Are Falling – Except in Russia
The number of people affected by personal data breaches fell by 95% over the last year, according to a tally by VPN provider Surfshark, as companies and governments invested in cybersecurity. Personal data breaches are on the increase in Russia, however, as hackers target the country in retaliation for its invasion of Ukraine.
The personal data, including passwords, credit card details and email addresses, of nearly 500m people was breached in the first quarter of 2021, according to Surfshark's analysis. In the latest quarter, the figure was just 18.2 million. In Russia, however, the number of affected people grew by 11% to 3.6 million.
This uptick reflects retaliatory attacks following the invasion of Ukraine, explains Etay Maor, senior director of security strategy at Cato networks. “With different groups, such as Anonymous and ransomware groups, individuals and government entities all taking aim at Russian organizations, it is not surprising to see these numbers go up."
The U.S. Government’s Google Maps Probe Could Send Ripples Through the Car Industry
Google is once again under the spotlight for anti-competitive practices by the U.S. Department Of Justice, this time relating to Google Maps and its forced bundling with other Google services in cars that incorporate the tech giant’s Android Automotive platform, such as those from Volvo and Polestar.
Carmakers are forbidden from replacing Google Maps with a rival navigation service, like Apple Maps or even Waze, which happens to be owned by Google. The Justice Department’s probe was originally lodged in late 2020 but hasn’t received much attention from legislators until recently, Reuters reported Wednesday. And although the software shipped in cars certainly comprises a great deal of the government’s ire, the repercussions will likely reach far beyond the auto industry.
Google Gets Data Each Time an Android Phone Sends, Receives a Call
New research conducted by academics at Ireland's Trinity College shows that Google has been collecting extremely detailed data about the calls you make via the Phone app and the text messages exchanged on your Android phone.
Google used these Android apps to export massive amounts of data to its servers, and it did so without informing users or obtaining consent. This sort of behavior might go against privacy protections that should exist in Android by law in some markets (like the EU’s GDPR policies). It could be seen as spying on users.
Criminal Identification Bill in India Raises Fears of Shadowing
India’s parliament has cleared a contentious bill that grants sweeping powers to police to collect biometric and physical measurements of people who have been convicted, arrested or detained.
The Criminal Procedure Identification Bill (CPI) seeks to update a British-era law to enable police to collect samples of a person’s biometric details, such as fingerprints and iris scans, if they have been arrested, detained or placed under preventive detention on charges that attract a jail term of seven years or more. Opposition political parties have branded the proposed law as draconian and raised concerns about data breaches and violation of privacy.
The Facebook Whistleblower Takes On the Metaverse
Frances Haugen sparked outrage last year when she released thousands of documents that exposed Facebook’s failure to act when confronted with its users’ harmful behavior. Now, the former Facebook product manager says she’s worried about how those values will translate into the so-called metaverse, which the company, rebranded as Meta, hopes to have a central role in building.
"They've made very grandiose promises about how there's safety-by-design in the metaverse," Haugen told me in an interview. "But if they don't commit to transparency and access and other accountability measures, I can imagine just seeing a repeat of all the harms you currently see on Facebook."
Australia Warns Voters to ‘Think Twice’ Before Giving Details to Political Parties Offering to Register Their Postal Vote Ahead of Election
The Australian Electoral Commission has warned voters to ‘think twice’ before giving details to political parties offering to register their postal vote ahead of election. It is warning that Australian political parties reaching out to citizens with postal vote registration forms ahead of election day may be just as interested in their personal data as helping them cast a ballot.
The commission encouraged voters to register with it directly instead of through political parties. Soon after Prime Minister Scott Morrison called the election, many Australians began receiving text messages and letters in the mail encouraging them to apply for postal votes.
It's a method of voting that is expected to explode in popularity this election as constituents seek to avoid crowded polling stations in response to the COVID-19 pandemic.
UK Government Agrees Bulk Surveillance Powers Fail to Protect Journalists and Sources
The government has agreed that the UK’s mass surveillance laws do not provide adequate protection to confidential journalistic material and sources.
It conceded the Investigatory Powers Act 2016, widely known as the Snoopers’ Charter, fails to provide adequate safeguards to protect confidential journalistic material from surveillance by intelligence services. The admission was revealed in a High Court decision last week, giving the campaign group Liberty permission to bring an appeal to challenge the lawfulness of the UK’s “bulk surveillance powers”.
Liberty argues that the UK’s bulk surveillance regime allows intelligence agencies to “scoop up private communications and internet data of swaths of the British population” without adequate legal safeguards.
Record Fine for Dutch Tax Office Over Personal Data List
The Netherlands' data protection watchdog has imposed a record $4 million USD fine on the country's tax office for unlawfully processing and storing personal information in a “black list” used to detect fraud. Data Protection Authority's Chairman Aleid Wolfsen said the government's Taxation Service “violated the rights of the 270,000 people on that list in an unprecedented way.
For over 6 years, people were often wrongly labeled as fraudsters, with dire consequences,” said Wolfsen. It was the latest in a string of rebukes for Dutch tax authorities, including a fine of 2.75 million euros last year for what the Data Protection Authority called discriminatory practices in a long-running scandal centered on efforts to stamp out fraud with child welfare payments.
A Professor Found His Exam Questions Posted Online. He’s Suing the Students Responsible for Copyright Infringement
In January, Chapman University business professor David Berkovitz was scrolling through Course Hero, a website where students share documents from college classes, when he came across a call-out for help on test questions that looked strikingly familiar. They were prompts he had written for a midterm and a final exam for his business law class during the previous school year.
Now, Berkovitz is suing the unknown students from the Orange, Calif., university for copyright infringement. In a lawsuit filed last week in the U.S. District Court for the Central District of California, the professor alleges the students “infringed Berkovitz’s exclusive right to reproduce, make copies, distribute, or create derivative works by publishing the Midterm Exam and Final Exam on the Course Hero website without Berkovitz’s permission.”
Swiss Platform Rakes In $15 Million to Enable Secure Data Clean Rooms
Swiss enterprise SaaS platform Decentriq has raised a $15 million funding. The Series A round was led by Eclipse Ventures, with participation from existing investors Atlantic Labs, btov Partners, and Paladin Capital Group.
The investment will also be used to expand the types of analytical tools available on the platform, such as Python, R and machine learning, as well as privacy-enhancing technologies features like synthetic data and differential privacy.
Avast Acquires Securekey Technologies As It Bulks Up Its Digital Identity Business
Avast, a Prague-based digital security and privacy company, is acquiring the Toronto-based authentication startup, SecureKey Technologies. Avast, which claims it has over 435 million users, intends to use SecureKey as the base for its digital ID business.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships or the Node Zero community, please visit datacollaboration.org.