The Data Drop News for Friday, June 4, 2021
Amazon's about to share your internet connection, unless you opt out. NY proposes corporate tax on consumer data. GDPR turns 3, issues more fines. New data protection laws for Germany. Microsoft & Amazon under investigation in EU. What is canvas doing with student data? Rating apps on privacy protections. Plus, this week's Drop Shots!
Pro tip: get The Data Drop on your phone by subscribing to our podcast.
Amazon's about to share your internet connection, unless you opt out
If you're in the United States and use Alexa, Echo, or other Amazon device, your internet connection is about to become part of an experimental mesh network called Amazon Sidewalk.
Starting June 8, Amazon devices will be automatically enrolled in the experimental service which will share a small slice of your internet bandwidth with your neighbors, and vice versa. The idea is to create a "mesh" of connections to create more reliable coverage.
Of course, this brings some serious privacy concerns as it opens a potential backdoor into your home network. And since Amazon is turning this new feature on by default, many people won't even realize it's happening.
The move also raises concerns around Amazon's steadily growing role in our daily lives.
As independent privacy researcher Ashkan Soltani puts it: “In addition to capturing everyone’s shopping habits and their internet activity ... now they are also effectively becoming a global ISP with a flick of a switch, all without having to lay a single foot of fiber.”
NY proposes corporate tax on consumer data
New York state has proposed a 2% tax on tech companies like Amazon, Google, Facebook, Apple, and others who profit from the use of consumer data.
While New York is not the first US state to propose data privacy legislation recently, this is the first such bill that includes a taxation element for the sale of consumer data.
State Senator Andrew Gounardes says, “Every day, big tech companies capitalize on the unpaid labor of billions of people to create their products and services through targeted advertising and artificial intelligence. It’s only right that New Yorkers are compensated for their free labor.”
Examples of this free labor include filling out search engine requests, sharing social media updates, filling out CAPTCHA requests, and visiting different websites.
GDPR turns 3, issues more fines
The Data Drop would like to wish a belated happy birthday to the World's foremost data privacy law! Europe's GDPR went into effect on May 25th, 2018 and its most recent year has been a busy one: According to a recent report by law firm CMS, there were 287 known GDPR fines between March of 2020 and March of 2021—a 120% increase over the previous year.
The most common violation is the illegal processing of personal data, which accounts for 38% of all fines since the law went into effect. The GDPR remains the gold standard in data protection regulation, but other jurisdictions are rapidly catching up.
New data protection laws for Germany
While the GDPR protects all member states within the European Union, Germany's national data protection was, until recently, regulated by a series of laws that contained contradictions that created legal uncertainties.
Germany has now replaced their patchwork regulations with a single, cohesive data protection and privacy act in line with the GDPR and even copies certain requirements directly.
Conservative German lawmaker Hansjörg Durz called it a “good day for data protection,” adding that the new law had created the “basis of the data economy of the future”.
Microsoft & Amazon under investigation in EU
The European Data Protection Supervisor has launched an investigation into the use of Amazon Web Services and Microsoft Azure cloud services in the EU, as well as a separate investigation into Microsoft Office 365.
These probes relate to a ruling from 2020 which stated that personal data transfer between the US and EU under the old Privacy Shield agreement was no longer lawful.
The European court had problems with how US authorities were able to access the stored data of EU residents and say that they have little legal recourse if their data was collected by US authorities.
Both Amazon and Microsoft have announced new measures in order to align themselves with the new standards but the measures may not be sufficient to ensure full compliance with EU data protection law.
What is canvas doing with student data?
In the US, as more and more universities turn to learning management systems, students find that they have less and less control over their data.
Universities are moving from free, independent, and open-source online learning platforms to corporate offerings like Canvas. In doing so, they're often signing away what little control students have over their own data.
These platforms mine all sorts of data, from users' IP addresses to how long it takes to complete an assignment. They even record deleted words and keystrokes entered into the system.
Students and instructors alike are often forced to adopt these platforms by the university, raising questions about just who is in control of the data being exchanged.
Rating apps on privacy protections
Data Privacy software maker Surfshark has compiled a list of the most popular apps and the amount of personal data they collect.
It's an eye-opening look at just how much personal data the top apps have access to, and includes a list of alternatives with more respect for your personal data privacy.
This week's Drop Shots
Your quickfire news items from the world of data privacy
Joe Biden’s Venmo account discovered in ‘less than 10 minutes’
After reports that President Joe Biden used a secret Venmo account to send money to his grandchildren, BuzzFeed News was able to discover the so-called secret account "after less than 10 minutes of looking for it."
A New App From the Makers of TikTok Has Familiar Privacy Concerns
CapCut, a new video editing app from the makers of TikTok is becoming one of the most downloaded apps on the Apple App Store. In news that should surprise absolutely no one, privacy experts are already raising concerns about the app's potential for leaking personal data to the Chinese government.
2021 Data Privacy Software Market Report Now Available
The 2021 Data Privacy Software Market Report is now available from Reports Globe, offering one of the most comprehensive collections of research and analysis on key aspects of the Data Privacy Software market. Visit our blog for a link to the report.
Indian Data Privacy Deadline Passes
In India, the deadline for complying with the central government’s new data privacy rules has passed and several major tech companies have failed to comply with the new measures. Privacy watchdogs will now be paying close attention to what, if any, repercussions these companies face.
Up To 950,000 Customers Potentially Exposed in Canada Post Breach
A malware attack on one of the suppliers for Canada's national mail carrier has impacted 44 of its largest corporate customers across the country and potentially compromised the data privacy of nearly one million Canadian citizens.
Meet the Cyber Collective
And finally... there's a new voice in data ethics, privacy, and cybersecurity research. Learn more about the newly-launched Cyber Collective, the first and only community-centered data research organization owned and operated by women of color.
The Data Drop News is a production of the Data Collaboration Alliance, a nonprofit working to advance data ownership through pilot projects in sustainability, healthcare, education, and social inclusion. We also offer free training in the Data Collaboration methodology. Listen to the Data Drop on our website or wherever you listen to your favorite podcasts.