The Data Drop News for Tuesday, September 27, 2022

• US border forces are seizing Americans' phone data and storing it for 15 years

• California fines Sephora $1.2 million for data privacy violation

• Apple Pumps Up Ad Staff In Post Privacy-Policy Ad Business Push

• Iranian authorities plan to use facial recognition to enforce new hijab law

• Period and pregnancy tracking apps have bad privacy protections, report finds

• Plus the latest in PrivTech news!

Pro tip: All stories featured in the show plus an archive of thousands are available to discover, bookmark, and share from the free Privacy Newsfeed app.

US border forces are seizing Americans' phone data and storing it for 15 years

If a traveler's phone, tablet or computer ever gets searched at a US airport, American border authorities can add data from their device to a massive database that can be accessed by thousands of government officials.

According to the Washington Post, US Customs and Border Protection leaders have admitted to lawmakers in a briefing that its officials are adding information to a database from as many as 10,000 devices every year. Further, 2,700 CBP officers can access the database without a warrant and without having to record the purpose of their search.

These details were revealed in a letter Senator Ron Wyden wrote to CBP Commissioner Chris Magnus, where the lawmaker also said that CBP keeps any information it takes from people's devices for 15 years.

California fines Sephora $1.2 million for data privacy violation

Marking the first enforcement of the landmark California Consumer Privacy Act, the state attorney general announced a $1.2 million fine against French beauty care retailer Sephora for failing to tell consumers their data was being sold or give them a means to opt out of its collection.

As part of a settlement, Sephora must improve its transparency, clarify its opt-out provisions, and provide reports to the Attorney General’s office on its sales of personal information.

Attorney General Rob Bonta said: “I hope today’s settlement sends a strong message to businesses that are still failing to comply with California’s consumer privacy law. My office is watching, and we will hold you accountable.”

Apple Pumps Up Ad Staff In Post Privacy-Policy Ad Business Push

Having benefitted from ad tracking policies that have eaten into its competitors’ ad businesses, Apple is now in aggressive hiring mode to beef up its platforms' advertising staff.

The ads, for product designers, sales specialists, data engineers and managers to support a project described as “redefining advertising [for a] privacy-centric world,” are mostly for U.S.-based jobs, but also include 27 in Europe and a combined 30 in China, India, Japan and Singapore.

Competitors have blamed Apple’s App Tracking Transparency (ATT) privacy requiring opt-ins from iPhone users, implemented a year and a half ago, for losses in their own advertising businesses resulting from having to overhaul their advertising infrastructures and practices.

Iranian authorities plan to use facial recognition to enforce new hijab law

The Iranian government is planning to use facial recognition technology on public transport to identify women who are not complying with a strict new law on wearing the hijab, as the regime continues its increasingly punitive crackdown on women’s dress.

The secretary of Iran’s Headquarters for Promoting Virtue and Preventing Vice announced in a recent interview that the government was planning to use surveillance technology against women in public places following a new decree signed by the country’s hardline president, Ebrahim Raisi, on restricting women’s clothing.

Period and pregnancy tracking apps have bad privacy protections, report finds

According to a new report from Mozilla, period and pregnancy tracking apps collect data that could theoretically be used to prosecute people getting abortions in places where it’s illegal.

Data from period tracking apps isn’t the biggest thing used to tie people to abortions right now — most often, the digital data used in those cases comes from texts, Google searches, or Facebook messages. But they’re still potential risks.

Jen Caltrider, the Mozilla project lead, said in a statement: “Companies collecting personal and sensitive health information need to be extra diligent when it comes to the privacy and security of the personal information they collect, especially now in our post-Roe vs Wade world in the U.S. Unfortunately, too many are not”

FTC Sues Kochava for Selling Data that Tracks People at Reproductive Health Clinics, Places of Worship, and Other Sensitive Locations

The Federal Trade Commission has filed a lawsuit against data broker Kochava for selling geolocation data from hundreds of millions of mobile devices that can be used to trace the movements of individuals to and from sensitive locations.

Kochava’s data can reveal people’s visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities.

The FTC alleges that by selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence.

Scanning students’ homes during remote testing is unconstitutional, judge says

A new survey from Educause has found that an increasing number of students—who had very little choice but to take tests remotely—were increasingly putting up with potential privacy invasions from their schools.

For example, it’s now considered a common practice that some schools record students throughout remote tests to prevent cheating, while others conduct room scans when the test begins.

Now—in an apparent privacy win for students everywhere—an Ohio judge has ruled that the latter practice of scanning their rooms is not only an invasion of privacy but a violation of the Fourth Amendment’s guaranteed protection against unlawful searches in American homes.

Millions of Capital One Customers Are Eligible for Part of a $190 Million Settlement: Learn How to Claim Your Share

In March 2019 more than 100 million Capital One banking customers had personal information exposed in a huge data breach.

The payback for victims of that hack will soon arrive as Capital One's proposed $190 million settlement is set to receive final approval. Plaintiffs in a class-action lawsuit claim a hacker couldn't have broken into the bank's cloud computing systems, hosted by Amazon, if the company had taken adequate protections.

They say Capital One "knew of the particular security vulnerabilities that permitted the data breach, but still failed" to protect customers, putting millions at risk of fraud and identity theft.

DuckDuckGo, Proton, Mozilla throw weight behind bill targeting Big Tech ‘surveillance’

A group of privacy-focused organizations have signed a letter imploring the US Congress to schedule a vote on a bill that would hamper data collection by tech giants and promote user access to online privacy tools.

In the letter, which addresses the likes of Mitch McConnell and Nancy Pelosi, the alliance argued that the continued suppression of the American Innovation and Choice Online Act allows “dominant firms” to “limit competition and restrict user choice” when accessing privacy-focused technologies and products.

Ravel emerges from stealth with privacy-first data tools based on scalable homomorphic encryption

A startup out of Paris called Ravel Technologies is emerging from stealth with a tool based on homomorphic encryption to keep personally identifiable information private from end to end without needing to touch the data itself.

It’s launching first with a tool to enable “zero-knowledge” advertising services and another for financial services.

DuckDuckGo's privacy-focused email service now open to all

DuckDuckGo has announced that its Email Protection product is now available to everyone.

This free email forwarding service blocks hidden trackers and helps users hide their email addresses. Beta trials of the service found that approximately 85% of testers' emails contained hidden trackers.

Trackers allow companies to collect sensitive information such as your location, what time the email was opened and what device was used. This information is then used for things like targeted ads or shared with a third party.

Data ownership podcast

The Data Drop is a production of the Data Collaboration Community where members access free privacy apps and crowdsource app-for-good projects from a digital hub that supports the Zero-Copy Integration framework. The show is published bi-weekly, alternating between 5 minute privacy news roundups and a panel format that features leading privacy pros in conversation about the recent developments in data privacy, data protection, and data governance that made them sit up and take notice.

Data Collaboration Alliance

The Data Collaboration Alliance is a nonprofit that’s dedicated to establishing CONTROL as the basis for meaningful data ownership and global collaborative intelligence. Our approach of eliminating copies to achieve this goal is similar to how societies already protect the value of currency, identity, and intellectual property - and it works for data, too. Our advisors include the Executive Director of the Mozilla Foundation and the ex-CIO of Dropbox.

In concert with our partners, we're accelerating the establishment of new technologies, standards, and methodologies in data management and application development in order to support a future for technology that's more controlled, collaborative, and efficient.

Key programs:

• Community - our members access free privacy apps and data crowdsourcing

• Partner Success - amplifying products, content, and leaders

• Advocacy - we support 'zero copy' technologies, standards, and methodologies

• Research - we support proofs of concept for web3 interoperability

• Software For Good - our partners support data-centric research teams

• Speakers Bureau - thought leaders available for media and events

Stay up-to-date with our progress by subscribing to our newsletter and podcast and following us on LinkedIn and Twitter.