The Data Drop News for Friday, August 20, 2021

How Apple plans to root out images of child sexual abuse. President Biden signs Executive Order with important data privacy implications. Smile, you're on camera. Ohio lawmakers considering data privacy & cybersecurity. Half the world's privacy legislation lacks 'affirmative consent' mandates. UK should be concerned by Chinese gene data harvesting. Zero-click hacks threaten mobile devices. Meet the Data Snails. Dutch data protection authority fines TikTok. Plus, this week's latest privacy-enhancing technology!

Pro tip: get The Data Drop on your phone by subscribing to our podcast.

How Apple plans to root out images of child sexual abuse

Apple has announced plans to use pixel tracking technology to scan iCloud uploads for photos of child sexual abuse in the United States. The move has its roots in the National Centre for Missing & Exploited Children a charity established through an act of Congress in 1983.

The organization came up with the idea of generating a long, unique string of letters and numbers known as a hash for each image in its database of child sexual abuse material and then sharing those hashes so companies could scan for images on their services and report findings back to the organization.

President Biden signs Executive Order with important data privacy implications

There's no federal data privacy policy in sight for the United States but the Executive Order on Promoting Competition in the American Economy signed last month by President Biden aims to increase business competition, slow monopolies, and improve consumer data protection.

Data privacy is highlighted in the Executive Order which urges the Federal Trade Commission to establish rules regulating “unfair data collection and surveillance practices" in regards to competition and consumer autonomy. The Order also announces increased scrutiny with respect to the accumulation of data during corporate mergers.

Smile, you're on camera

Did you know that Macy's, Lowe's, and other major US retailers are using facial recognition technology to track customers at their brick-and-mortar retail locations?

If not, you're part of the majority! According to a new study by consumer opinion researchers Piplsay, most Americans are unaware that facial recognition technology is being used in stores and only 42% support the invasive tech being used in this manner.

Ohio lawmakers considering data privacy & cybersecurity

The Ohio House of Representatives recently introduced a bill that would give Ohioans data privacy rights. It would require businesses with $25 million or more in gross revenue in the state or businesses that control or process large amounts of data to follow specific data standards.

It would not, however, include a private right of action meaning complaints of alleged violations would need to be filed with the state Attorney General’s office.

Half the world's privacy legislation lacks 'affirmative consent' mandates

Two-thirds of the World's countries have enacted legislation to protect consumer data privacy but at least half of this legislation lacks some form of affirmative consent to digital advertising. This is according to a recent study by the Interactive Advertising Bureau’s Legal Affairs Council.

Affirmative consent involves having to "opt in" to advertising rather than opt out and is one of the key components of Europe's GDPR legislation.

UK should be concerned by Chinese gene data harvesting

A senior British lawmaker is raising concerns over the harvesting of genetic data from millions of UK women through pre-natal tests made by a Chinese company. And while that may sound like dystopian fiction, a Reuters review of scientific papers and company statements found that manufacturer BGI Group developed the tests in collaboration with the Chinese military and is using them to collect genetic data for research on the traits of foreign populations.

Zero-click hacks threaten mobile devices

Experts have identified a new threat to privacy and data security on smartphones. They are called zero-click hacks and they can be carried out without any voluntary action from the victim. That means that unlike the typical cyber-attack that tricks someone into clicking a suspect URL or downloading an attachment a zero-click hack takes advantage of flaws in your device to grant malicious access with no action on your part. Click through to our episode post to learn more.

Meet the Data Snails

A recent Data Compliance Survey from Pathwire indicates that 62.4% of businesses are not yet “completely compliant” with the GDPR, the California Consumer Privacy Act, Virginia’s Consumer Data Protection Act other data protection regulations.

Dubbed the "Data Snails" for their slow trek to compliance the positions of these organizations are certainly concerning. For example in North America 50% of firms simply don’t know which laws apply to them.

The full results are fascinating (and alarming) and well worth a read!

Dutch data protection authority fines TikTok

Data protection officials in the Netherlands have fined TikTok roughly $888,000 for failing to offer a privacy statement in the Dutch language.

PET News

The latest in privacy-enhancing technology

Jay Graber to lead Twitter bluesky efforts

Twitter is working on a decentralized social media working group called bluesky, and they’ve recently announced crypto developer Jay Graber will helm the initiative. The goal is to create a decentralized social media protocol that a number of social networks will operate on.

HubSpot taps DataGrail to help users navigate privacy laws

HubSpot and data privacy management company DataGrail are working on an integration that will create an automated way to fulfill data subject requests, or DSRs, and streamline the production of records of processing activities, or ROPAs, and other data processing reports. This will help enterprises efficiently comply with the GDPR, CCPA, and other privacy laws, saving them time, money, and resources.

Are biometrics the answer to long airport lines?

Star Alliance, the world’s largest airline group, is working with facial recognition technology to allow Frequent Flyer customers to board flights without having to show their ID or boarding pass. The organization touts a threefold strategy for protecting customers’ biometric data, and says that all data use will comply with GDPR standards.

Jolocom launches new GDPR-compliant SmartWallet 2.0

Privtech company Jolocom has announced its SmartWallet 2.0 solution, a GDPR-compliant version of its popular app for storing digital assets and identification. The app uses distributed ledger blockchain to store data and allow users to control who can see their documents. This means that nobody – not even the makers of the app – can access the data without permission.

Nym gets $6M to sell privacy as a service

Switzerland-based privacy startup Nym Technologies has raised $6 million in what is loosely pegged as a Series A round. The funding will be used to continue commercial development of network infrastructure that combines Mixnets with Crypto-inspired mechanism in support of a decentralized infrastructure. In other words they’re creating a new way to ensure anonymity online and protect data privacy.

The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships, the Information Ownership Network, or the Data Collaboration University, please visit datacollaboration.org.