The Data Drop News for Friday, May 6, 2022
Updated: May 10
German Amazon workers strike over pay, data protection. Google now takes requests to remove personal info from search results. Meta Can Still Be Sued by Groups Under Data Rules, Says EU Court. Canada's Privacy watchdogs call for laws limiting police use of facial recognition. Plus the latest in PrivTech news!
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
German Amazon workers strike over pay, data protection
The German trade union Verdi launched strikes at seven Amazon locations across the country, with up to 2,500 workers demanding higher wages and better protection of their personal data.
The trade union has been trying for almost 10 years to force Amazon to pay workers according to the going rates for retail and mail-order workers. Amazon has persisted in paying them as logistics services providers. In addition, workers are demanding information about personal data about them that has possibly been recorded by the company.
Google now takes requests to remove personal info from search results
Google has begun entertaining people's requests to remove search results containing their home addresses, phone numbers and email accounts, the latest shift in its stance between personal privacy and access to information.
"Research has told us there's a larger amount of personally identifiable information that users consider as sensitive," Michelle Chang, global policy lead for Google search, said in an exclusive interview. "They are increasingly unwilling to tolerate this content online." Until now, Google would only accept requests to remove webpages that shared contact info alongside some sort of threat or required payment for removal.
It also has stripped links to bank account and credit card numbers and medical records.
Meta Can Still Be Sued by Groups Under Data Rules, Says EU Court
Meta Platforms Inc. can still face lawsuits from consumer groups for possible violations of data protection rules, the European Union’s top court said.
The EU’s tough data protection rules that took effect in May 2018 do not prevent “national legislation which allow a consumer protection association to bring legal proceedings,” the EU Court of Justice ruled. The EU’s General Data Protection Regulation, or GDPR, empowered data watchdogs to issue fines of as much as 4% of a company’s annual sales.
Canada's Privacy watchdogs call for laws limiting police use of facial recognition
Canada’s privacy commissioners are calling for clear laws putting in place limits on police use of facial recognition technology. Federal Privacy Commissioner Daniel Therrien told MPs the new law is needed “urgently.”
The law should explicitly specify for what purposes police can use facial recognition and ban other uses, he said during an appearance at the House of Commons ethics committee. “Authorized purposes should be compelling and proportionate to the very high risks of the technology,” he said. Therrien and his provincial and territorial counterparts said in a joint statement Monday that facial recognition is governed by a patchwork of laws that, for the most part, “do not specifically address different uses or risks posed by the technology.”
Data privacy bill wins final approval in Connecticut House
The House of Representatives in the US state of Connecticut has voted overwhelmingly for final passage of a data privacy bill that will put it among the growing ranks of states trying to fill a void created by congressional inaction.
The measure was cleared by the Senate on a unanimous vote which was a seemingly easy approval that came after nearly 2 years of intense negotiations with local and national business interests and consumer protection advocates. Senate Bill 6 will let consumers see which companies are collecting their data and opt out of the selling or sharing of that information. Consumers under 16 years old would have to opt in to data collection. “The data you can purchase is shocking,” said Rep. Michael D’Agostino, the co-chair of the General Law Committee and lead sponsor in the House.
The bill is a recognition of the ubiquity of data collection. Our phones and smart watches silently record our movements. Our purchases and internet and TV habits are logged.
Maltese Academic appointed Lead Expert by Council of Europe
The Council of Europe has appointed Professor Joe Cannataci as its Lead Expert to guide work on the interpretation of Convention 108 – the Council of Europe’s international treaty that deals with privacy and data protection. Cannataci chaired the first meeting of the group of experts on Tuesday 3 May 2022. This new responsibility for Professor Cannataci follows that of being the UN’s first-ever Special rapporteur on the Right to Privacy from which he stepped down in August 2021 after having served the maximum of two successive three year-terms in the post.
Austrian DPA rejects “risk based approach” for data transfers to third countries
After the groundbreaking decisions by the Austrian and French DPA that the use of Google Analytics is illegal, the Austrian DPA has now issued a second decision, going even further: It declared the use of Google’s IP anonymization a useless protection measure for data transfers between the EU and the United States.
The DSB further rejected the notion of a “risk-based approach” that had been argued by Google. Some authorities in Europe have at the same time closed the cases: The Spanish and Luxemburgish DPAs have both closed complaints procedures without commenting on the unlawful use of Google Analytics, as the relevant website stopped using Google Analytics.
Polish DPA rules about the right to access the personal data contained in trackers
The Polish DPA has reprimanded a website operator for infringing GDPR and ordered the operator to erase the data subject’s IP address and artificially attributed cookie ID. It criticized the website for the mechanism used to collect the visitors' consent and determined that visitor data was disclosed to the third parties before the data subject was informed about the cookies' installation.
Secret surveillance court orders drop more than 50 percent since 2019
The number of secret search and eavesdropping orders approved by the U.S. Foreign Intelligence Surveillance Court dropped by more than half in the last two years, according to data released by government officials who attributed the drop to the pandemic keeping even spies and terrorism suspects at home.
The figures released by the Office of the Director of National Intelligence (ODNI) show the FISA court, named after the law that created it to handle sensitive national security cases, approved 907 probable cause applications in 2019, which plummeted to 524 the following year and 430 in 2021. Those orders covered an estimated 1,059 targets in 2019 — a figure that sank down to 376 last year.
EU must act to end spyware abuse after prominent Catalans targeted with Pegasus
New research by the Citizen Lab has revealed how scores of Catalan politicians, journalists and their families were targeted with NSO Group’s Pegasus spyware between 2015 and 2020. Technical experts from Amnesty International’s Security Lab have independently verified evidence of the attacks.
“The Spanish government needs to come clean over whether or not it is a customer of NSO Group. It must also conduct a thorough, independent investigation into the use of Pegasus spyware against the Catalans identified in this investigation,” said Likhita Banerji, Amnesty International’s Technology and Human Rights Researcher.
Israeli tech firm says it can delete your digital footprint
Three young Israelis formerly serving in military cyber units have figured out how to locate your digital footprint — and give you the tools to delete it. The company Mine, co-founded by Gal Ringel, Gal Golan and Kobi Nissan, says it uses artificial intelligence to show users where their information is being stored — like whether an online shoe store kept your data after a sneaker purchase three years ago.
Ringel said Mine’s technology has already been used by one million people worldwide, with over 10 million “right to be forgotten” requests sent to companies using the firm’s platform.
Data privacy platform Kahoona closes $4.5m. in financing
Data generation platform Kahoona has raised $4.5 million in Series Seed financing led by Global Founders Capital (GFC). Investors that participated in the financing include Amazon, NBC Universal, and Verizon. According to its websiteKahoona creates an “accurate, scalable, and privacy-oriented personalization platform dedicated to sustaining an ecosystem undergoing a transitional crisis,”. The company’s goal is to secure revenue for digital businesses and protect the privacy of their users, as well as assist brands to generate privacy-preserving user data.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships or the Node Zero community, please visit datacollaboration.org.