The Data Drop News for Friday, January 28, 2022
Updated: Feb 8, 2022
Does Google Analytics Violate the GDPR? Lawmakers Plan Legislation to ‘Ban Surveillance Advertising’. Judge rejects Facebook's request to dismiss FTC antitrust complaint. RS will require taxpayers to sign up with ID.me to access their online accounts. Europe's top privacy regulator calls for ban on political microtargeting. Startpage Search Engine launches Privacy Protection extension. Plus, the latest in privacy-enhancing technology.
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Does Google Analytics Violate the GDPR?
A decision by Austria’s data protection watchdog upholding a complaint against a website related to its use of Google Analytics does not bode well for use of US cloud services in Europe. The decision raises a big red flag over routine use of tools that require transferring Europeans’ personal data to the US for processing — with the watchdog finding that IP address and identifiers in cookie data are the personal data of site visitors, meaning these transfers fall under the purview of EU data protection law.
Lawmakers Plan Legislation to ‘Ban Surveillance Advertising’
The Banning Surveillance Advertising Act has been introduced by US Congressional representatives Anna G. Eshoo of California, Jan Schakowsky of Illinois, and Sen. Cory Booker of New Jersey. The legislation would target the underlying practice of targeted or personalized ads that facilitates surveillance-based advertising itself.
Judge rejects Facebook's request to dismiss FTC antitrust complaint
A US Federal judge has ruled that antitrust officials can continue their case to break up Meta, Facebook's parent company. The decision deals a blow to the social media giant, which had argued the complaint should be dismissed. The decision allows federal prosecutors to try to prove their allegations that Meta has illegally abused a monopoly in the marketplace for social media — and that its subsidiaries Instagram and WhatsApp should be spun off.
IRS will require taxpayers to sign up with ID.me to access their online accounts
Starting this summer, taxpayers wanting to access their online accounts on IRS.gov will soon be required to take a selfie and verify their identity with ID.me. Existing online accounts with IRS.gov, which require only an email and password to access, will no longer work as of the middle of 2022, the agency says. The IRS says the move is necessary to protect taxpayers from potential identity theft, but privacy advocates say it's invasive and point out that the company behind ID.me has a spotty record in verifying people's identities.
Europe's top privacy regulator calls for ban on political microtargeting
The European Union’s chief privacy and data protection regulator has urged EU policymakers to strengthen proposed ‘transparency’ rules for political ads — calling instead for meaningful limits that would fully ban microtargeting for political purposes. The European Data Protection Supervisor stated: "“Political communication is essential for citizens, political parties and candidates in order to fully participate in democratic life. To preserve our democracy, we also need strong rules to combat disinformation, voter manipulation and interferences with our elections."
Apple patches Safari bug that leaked user data
Apple has pushed iOS 15.3 RC and macOS Monterey 12.2 RC to developers and beta users as part of a plan to fix a Safari flaw that leaked browsing history and some Google data. This follows recent news that cybersecurity researchers from FingerprintJS had found a problem in an Apple API - IndexedDB, used to store data in the browser.
Congressional Drunk Driver Detection Mandate Raises Privacy Questions
In 2021, the US Congress has mandated that starting later this decade, all cars must have a built-in ability to detect drunk drivers and to disable their cars. However, Congress left the Department of Transportation wide latitude to figure out how best to implement such a technology, creating a very real potential that we’ll end up with a system that could be a privacy disaster. The measure was included in the $1.5 trillion infrastructure bill signed by President Biden and says that vehicles must be equipped with “advanced drunk and impaired driving prevention technology."
NSA Can Now Order Other Agencies to Fix Their IT Systems
US President Joe Biden has signed a national security memorandum granting new authorities to the National Security Agency to order updates and fixes to national security systems through binding directives modeled after those employed by the Cybersecurity and Information Security Agency. The new memorandum sets out a schedule for updating policies and plans on zero trust, multifactor authentication and cloud security. The document also sets out requirements for encryption of classified systems, with a focus on transitioning to quantum-resistant encryption standards.
The memo calls for new guidance on minimum security standards for national security systems in the cloud to be developed and published within 90 days of its issuance.
U.S. Chamber of Commerce, others urge Congress to pass privacy legislation
The U.S. Chamber of Commerce, and a long list of other organizations, is urging Congress to pass "comprehensive privacy legislation" that would prevent the development of an unwieldy patchwork of state laws. According to a spokesperson: "A national privacy law that is clear and fair to business and empowering to consumers will foster the digital ecosystem necessary for America to compete"
Employee surveillance is exploding with remote work—and could be the new norm
According to unpublished research from research firm Gartner, 60% of companies with at least 1,000 workers that responded to the survey had adopted these technologies by the end of 2021, compared to only 30% prior to the pandemic. According to Jessica Vitak, a professor of information studies at the University of Maryland, “The biggest concern related to surveillance in the pandemic is that the blurring of work and home boundaries becomes worse”
The latest in privacy-enhancing technology
Startpage Search Engine launches Privacy Protection extension
Privacy-enabling search engine and Data Collaboration Alliance partner Startpage has launched a new browser extension that will reveal privacy scores for visited websites and give users more privacy-related controls to reduce or even eliminate tracking. Data Drop listeners can watch a demo of the tool provided for members of our Node Zero community by visiting data collaboration dot org forward stroke blog.
Virtru raises $60M to bring data protection standard used by the NSA to enterprises
Data protection startup Virtru Corp has closed a $60 million round of funding co-led by existing investor Iconiq Growth and new backer Foundry Capital. The startup's open-source standard was created by co-founder and Chief Technology Officer Will Ackerly while working at the U.S. National Security Agency as a way for its agents to share files by email securely. The standard creates a protective wrapper around whatever content is being shared such as Word documents, PDFs, images, or Excel files. That wrapper encrypts the file, which then communicates with a remote key store hosted by Virtru to maintain access privileges.
Anonybit plans to crack honeypots storing identity data
New startup Anonybit has announced a $3.5 million Series A funding round, has developed what it calls a “breakthrough decentralized biometrics infrastructure” that it claims addresses a market need for improved management of personal data and digital assets across a wide range of vertical industries.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships, free learning, or the Node Zero community, please visit datacollaboration.org.