The Data Drop News for Friday, February 11, 2022
Updated: Mar 11
Meta threatens to pull Instagram and Facebook in Europe over privacy laws. IRS ends use of facial recognition after widespread privacy concerns. Google and OpenMined differential privacy tool for Python developers processing data. Massachusetts lawmakers advance state-level data privacy law. FBI warns of LockBit 2.0 ransomware. EU digital sovereignty project Gaia-X hands out ID tech contracts. Plus, the latest in privacy-enhancing technology.
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Meta threatens to pull Instagram and Facebook in Europe over privacy laws
In a new regulatory filing this month, Meta renewed previous threats that it would be forced to pull Facebook and Instagram from the EU if an agreement on data transfers and warehousing isn’t reached.
Meta said in its 10-K filing that “If a new transatlantic data transfer framework is not adopted… we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe”
The United States and the European Union have been in negotiations to create a new transatlantic data transfer pact since 2020 over fears that EU citizens’ data isn’t safe once transferred to the United States.
IRS ends use of facial recognition after widespread privacy concerns
The Internal Revenue Service has announced that it has stopped plans to use third-party facial recognition services to verify taxpayers’ identities, ending their contract with ID.me
This follows weeks of criticism after the agency said that by the summer of 2022, ID.me would be the only way for taxpayers to log in to irs.gov., which would have required all users to upload a selfie to access their account.
IRS Commissioner Chuck Rettig said that “The IRS takes taxpayer privacy and security seriously,” adding that “Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.”
Google and OpenMined differential privacy tool for Python developers processing data
Google debuted a new product developed with OpenMined that allows any Python developer to process data with differential privacy.
The two have been working on the project for a year, and Google said the freely available privacy infrastructure will help "the global developer community build and launch new applications for differential privacy, which can provide useful insights and services without revealing any information about individuals."
Miguel Guevara, Product Manager for Google's Privacy and Data Protection Office, added that they reached out to OpenMined last year to surface the idea of building the Python product, with the goal of making it the most usable end-to-end differential privacy solution freely available. They immediately jumped onboard.
Massachusetts lawmakers advance state-level data privacy law
State lawmakers in Massachusetts have advanced The Massachusetts Information Privacy and Security Act, which contains "core internet privacy rights, protections, and standards” for the state.
If the bill passes, Massachusetts would join California, Colorado, and Virginia that have passed state-level data privacy laws in the absence of one at the federal level.
Lawmakers say the bill would allow for Massachusetts residents to opt-out of the sale of personal information, and limit how companies can use or disclose information like biometric data, location data, or racial data. It will also give residents the right to access, delete, correct, or transport personal information that a company collected about them.
FBI warns of LockBit 2.0 ransomware
The FBI has published a new warning about LockBit 2.0., recommending that companies enable multi-factor authentication and use strong, unique passwords for all accounts to avoid ransomware attacks.
LockBit 2.0 targets Windows PCs and Linux servers via bugs in VMWare's type 1 hypervisor and has hit tech services giant Accenture and France's Ministry of Justice, among others.
According to the FBI, LockBit's operators use any method available to compromise a network, which includes buying access to an already compromised network from "access brokers", exploiting unpatched software bugs, and even paying for insider access.
EU digital sovereignty project Gaia-X hands out ID tech contracts
The Gaia-X project, which aims to strengthen the digital sovereignty of European users, has awarded work to Vereign and DAASI International. This makes it one step closer to realizing Self Sovereign Identity technology.
DAASI International and a Vereign will be working on the code in GitLab for a personal credential manager, organizational credential manager, and a trust services API. The first products are expected in the next six months and anyone who's interested can get involved during the development phase.
Europe’s user consent system incompatible with EU privacy rules
Belgium’s data watchdog has requested advertisers to delete collected user preference data after it found that the industry standard for managing the data in Europe violates several GDPR provisions.
The Belgian data protection authority issued the decision based on a series of complaints filed in 2019 against the Interactive Advertising Bureau Europe, the trade association for digital advertising.
The complaints were related to the bureau's Transparency & Consent Framework (TCF), which advertisers use to capture user preferences.
Hielke Hijmans, the chairman of the authority’s litigation chamber, said “The processing of personal data under the current version of the TCF is incompatible with the GDPR, due to an inherent breach of the principle of fairness and lawfulness”
The latest in privacy-enhancing technology
IBM’s new ML toolkit to help companies comply with GDPR
Researchers at IBM have developed a new toolkit to reduce the amount of personal data required to train machine learning models and preserve high levels of accuracy.
The toolkit uses a method that "reduces the amount of personal data needed to perform predictions by removing or generalizing some of the input features of the runtime data" which produces a generalization that has little to no impact on its accuracy.
You can access the toolkit here!
Lyve Labs Israel to help start-ups with data security
the Tel Aviv-based innovation center Lyve Labs Israel has launched Lyve Cloud for Startups, a new program to aid start-ups in dealing with data storage and security.
The program hopes to provide a wide selection of tools and resources for tech start-ups, such as free storage, data security, 24-7 support and brand exposure, and the benefits of joining a tech community.
Privacy-focused applications platform Aleo raises $200M
Zero-knowledge applications platform Aleo has raised $200 million in its Series B investment round, pushing the company forward and supporting its goals to develop products and services that encourage and assist developers in building applications on top of its decentralized network.
Aleo is creating a foundation that ensures that Web3 is scalable, safe and secure. The project would protect user and application identity without giving up on performance that’s required to support users.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships, free learning, or the Node Zero community, please visit datacollaboration.org.