October Roundup

On and on and on the Public Services Card rolls despite almost all the wheels having fallen off, even the mandatory but not compulsory wheels that have been hastily repaired and reapplied to the shambling mess as it drags itself from pothole to ditch to pothole. The potholes and ditches in this case are rules, laws, international best practice, the independent regulator and other trifling things like that. Facebook continues to show the world why amassing personal data and creating ad targeting tools that work with an accuracy never seen before mightn’t be the best of ideas. In the European Parliament advertisers and adtech lobby groups were rebuffed over the ePrivacy Directive which resulted in sulking and ominous warnings of a future without media. Manufacturers continued to connect things to the internet which really have no business being connected to the internet.

1. Public services card: DPC Announces Investigation

In October the most important news about the Public Services Card and the national biometric identity register behind it was that the Data Protection Commissioner’s patience with the increasingly bizarre communications from various arms of government finally expired and a formal investigation of the whole mess began.

The statement added that in the last week, the Data Protection Commissioner’s office had signalled its intention to the department to use its investigation powers under section 10 of the Irish Data Protection Acts “to examine details of the above matters further with a view to establishing whether there is full compliance with the requirements of the Acts”.

Rather than fix the problems with the entire system, the government’s response to this was to throw money at an advertising campaign. This decision will doubtless come back to haunt the ministers, departments and agencies involved.

The Irish Council of Civil Liberties hosted a public meeting about the project which featured local experts and speakers from the UK, where a similar project was scrapped entirely after severe public concerns about its scope and purposes.

A subsequent opinion piece in the Irish Examiner (registration-walled) curiously did not mention that the Data Protection Commissioner is exercising her investigative powers. This piece featured the head of a childrens’ charity opining that he worked “in a world where we have to safeguard people’s privacy when they ask us to, and that’s absolutely as it should be.” Unfortunately, this is a bad and very wrong interpretation of the legal obligations of a data controller. At the same time it is a wonderful real-life demonstration of why better education for people at all levels in any organisations which handle personal data is urgently needed.

I wrote a piece back in August about the need for far better media understanding and coverage of privacy issues. Nothing has changed here. This is still much needed.

Notes for humans

If the government wants to collect, store and use your personal data the government must be trustworthy. The only way you can accurately gauge that is by the actions of the government. Has the behaviour of the last six months around a radical modification of the relationship between individual and state, granting the State even greater powers in an already unbalanced information relationship, been trustworthy?

+ ‘Data watchdog to open investigation into public services card’, Irish Times

+ ‘Government plans €200,000 public services card campaign’, Irish Times

+ ‘‘Massive privacy issues’ in State’s public services card scheme’, Irish Times

+ ‘Ministers in 2004 saw potential of public services card as ‘national ID’’, Irish Times

 

2. “One of the worst lobby campaigns I have ever seen”

The European Parliament agreed a text for the ePrivacy Regulation, which is a companion piece to the General Data Protection Regulation and aims to provide stronger rules and guarantees around electronic communications. Without getting too bogged down in the marshes of European Parliament procedures, this vote was a good result for individual privacy rights and protections. Lobbyists were upset.

Notes for humans

This is not a binary choice between privacy protections and commercial interests. Innovation can happen without the infringements of user privacy advertisers and publishers seem to think is necessary. If you examine the votes of the Irish MEPs you’ll see that all the Fine Gael members voted on the side of the advertising industry and against greater privacy controls for individuals.

+ ‘European Parliament Agrees Text For Key ePrivacy Regulation; Online Advertising Industry Hates It’, Techdirt

+ ‘Respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)’, Votewatch.eu

 

3. Facebook, Oh Facebook

In May I wrote that Facebook had a very bad month. I didn’t think then that Facebook would have a worse month this year but they’ve managed it, and in some style.

Dealing only with the bigger stories here, in October Facebook

Notes for humans

Facebook continues to behave badly across a number of fronts. If I was feeling more charitable I might have said irresponsibly rather than badly, but all of these problems are of Facebook’s own making. These could be fixed by Facebook. They should have been fixed before now.

Remember, there is a life without Facebook.  If you can’t abandon it entirely you can certainly minimise the time you spend on it.

+ ‘WhatsApp? You still don’t get EU privacy laws, that’s WhatsApp’, The Register

+ ‘Data Protection Commissioner’s Statement on the Article 29 Working Party Public Letter to WhatsApp’, Data Protection Commissioner

+ ‘Facebook Is Watching You, Belgian Privacy Agency Warns In Court’, Bloomberg

+ ‘Facebook moving non-promoted posts out of news feed in trial’, Guardian

+ ‘How to Fix Facebook? We Asked 9 Experts’, New York Times

+ ‘Forget Washington. Facebook’s Problems Abroad Are Far More Disturbing.’, New York Times

+ ‘Facebook dealt setback by EU court adviser in privacy dispute’, Reuters

 

4. Won’t Somebody Think Of The Children?

Children’s toymaker Mattel has been forced to cancel plans to produce an AI-powered babysitter, after a raft of complaints that the product would inflict psychological damage on young children.

There’s a thing called a Privacy Impact Assessment. Anyone planning a project which does anything with the personal data of individuals should do one of these before they start that project. If the impact on individuals’ privacy is deemed too great, the project shouldn’t proceed any further.

Notes for humans

This grotesque idea hits a number of whatever the opposite of sweet spots are. Sour spots? Attempting to apply AI to everything and dramatically overselling the capabilities of the device. Putting microphones, cameras and other sensors into devices that patently do not need them. Leveraging a trusted brand into a space far beyond its area of competency to extend sales . And of course sucking up a treasure trove of data that can be analysed and sold on at a later date.

Will this make adults pay attention to the always-on listening devices they’re installing in their homes? You’d hope so.

+ ”Kids should not be guinea pigs’: Mattel pulls AI babysitter’, Guardian

 

5. It Says In The Papers

Two columns in the Financial Times caught my eye this October, both by Rana Foroohar. One is titled ‘Privacy is a competitive advantage’ and one headlined ‘Big Tech makes vast gains at our expense’. In the accompanying video in the second piece the author and the FT’s comments editor identify personal data and the issues around it as the biggest business story of the next five years. Some of us have been saying that for quite a while.

Notes for humans

While this isn’t in any way a scientific approach to taking the temperature of the broad debate about personal data and privacy, it’s pretty significant that the paper read by most senior decision makers is making these noises. Couple this with the revelations about the threats posed to democracy tumbling out of the examination of the role data-rich beasts such as Facebook and Google may have played in last year’s U.S. presidential election and you have a scales finally tipping in favour of greater individual control over personal data, however that may be achieved. Add in the new protections, rights and notifications that the GDPR introduces and privacy is indeed becoming a competitive advantage. Public attitudes towards the tech titans, many of whom have built their empires on predominantly unrestrained and ever-increasing intrusion into the personal information of their users, are changing.

+ ‘Privacy is a competitive advantage’, Financial Times

+ ‘Big tech makes vast gains at our expense’, Financial Times

+ ‘The Verge Tech Survey’, The Verge

 

Honourable Mentions

[Image credit: Igor Ovsyannykov on Unsplash]

Leave a Reply

Your email address will not be published. Required fields are marked *