Exciit Privacy Weekly Episode 8
Welcome To Episode Eight
🖖 Greetings and welcome to the Exciit.com Privacy Weekly - Episode #8.
In this episode:
EU Investigating Data Collection By Google
Ring Extensively Working With Law Enforcement
New Digital Privacy Bill Called COPRA Introduced To The US Senate
Chinese Phone Owners Must Scan Their Face
EU Investigating Data Collection By Google
The EU are investigating data collection by Google, according to Reuters. Specifically, they're looking at the how and why of Google's data collection:
How: this could consist of the methods which Google uses to collect data, which obvious and non-obvious data sources are used, how they're combined, etc.
Why: this could consist of the legal basis of collection, what they do with the data, how they make money, how this data is combined with the (other) various parts of the company.
Zooming out: Google has been the target of EU investigations and fines in the past. They have been fined a total of 8 billion Euros thus far.
Links: Reuters
Ring Extensively Working With Law Enforcement
Yet another story about Ring: CPO Magazine report that Ring has partnered with many law enforcement agencies.
Details you need to know:
Ring has partnered with at least 630 agencies and police departments.
Police and law enforcement partners can keep and share video and audio with whoever they want.
Ring owners do not have to share video and audio.
There are certain guidelines in place regarding requesting of video and audio (although unclear how enforceable those guidelines are, or who checks up on them).
Zooming out: As noted in previous episodes (7, 5, 4), Ring is controversial because it potentially infringes on privacy rights of innocent people who are being filmed (in public areas). There are many privacy concerns given how pervasive the surveillance is in residential areas.
Links: CPO Magazine
New Digital Privacy Bill Called COPRA Introduced To The US Senate
According to ThreatPost and CNBC, Democratic Senators have pushed a new bill called COPRA (Consumer Online Privacy Rights Act), which will provide GDPR like privacy rights for the US (and its citizens).
What it will cover:
It will provide data subject rights, such as right for information, erasure and rectification (meaning people can ask companies about their personal data, erase it, etc.).
It would require consent for processing of sensitive personal data.
It would require companies to not collect more personal data than is necessary.
The creation of an FTC bureau for enforcement, with the ability to fine companies.
Lastly, and importantly, CEO's of some companies would have to certify to the FTC that they have adequate internal controls regarding personal data processing. This would likely give the law extra 'bite'.
Zooming out: The US doesn't currently have a strong nationwide privacy law like the EU has with GDPR. There is increasing discussion and demand for the US to change this.
It doesn't look like this bill will have Republican support, which will be needed.
Links: ThreatPost, CNBC
Chinese Phone Owners Must Scan Their Face
According to The Independent, the Chinese government requires its citizens to scan their face before buying a mobile phone or purchasing mobile data services, with the introduction of new regulations.
The photo taken at the point of purhcase will be matched with records that the government has on the individual, this way it won't be possible to buy on behalf of someone else (if the face in the photo does not match), and citizens are not allowed to hand over their account to other people.
Officially, the reason for this control is to prevent online fraud. Although it's likely to be about control of access to the internet, and tracking what people say and do online.
The background: China tracks its citizens extensively, in real life and on the internet. The country is even using a 'social ranking' system to rank good and bad citizens, using its vast data collection system to do the ranking.
Links: The Independent