WELCOME to Connected Rights, your penny in the tip jar of digital rights news and analysis.
FACEBOOK IS GETTING SUED A LOT right now. There’s a bunch of suits over its data protection failings, associated with the Cambridge Analytica scandal. Then there’s a putative class action over its scraping of call and SMS logs from Android phones (Facebook claims this was all done with permission – the number of people surprised at the news suggests that consent was less than informed). Plus, civil rights groups are suing the company because its ad policies allow discriminatory housing practices.
As has become evident recently, digital rights issues are really bleeding through into mainstream consciousness these days. These suits provide yet more evidence for this shift in understanding. And for companies such as Facebook, that’s a problem.
GERMANY’S NEW JUSTICE MINISTER HAS THREATENED FACEBOOK over its data practices, telling it to embrace “privacy by design” principles and tell all of its users when their data has been misused. Interestingly, Katarina Barley also called for algorithmic transparency.
This is something tech giants have fought against in the past, and they will no doubt continue to do so. They don’t want to reveal their secret sauce to anyone. But perhaps Germany will really try to make them explain how their automated decision-making processes work. That would be something to behold – if it happens.
BRITISH COLUMBIA’S INCOMING PRIVACY COMMISSIONER, Michael McEvoy, is heading up the UK Information Commissioner’s investigation into Cambridge Analytica and AggregateIQ Data Services. He was already seconded to the British data protection authority’s probe into the Brexit Leave campaign.
US TECH INDUSTRY LOBBYISTS SAY THE GDPR WILL “have a negative impact on the development and use of artificial intelligence in Europe, putting EU firms at a competitive disadvantage”.
Well, I say tech industry lobbyists, but the Center for Data Innovation, which released a study on this stuff yesterday, and the Information Technology & Innovation Foundation, with which it is affiliated, are not super-open about who funds them.
After refusing to tell me where ITIF’s cash comes from, a spokeswoman for the thinktank told me: “ITIF adheres to a high standard of research integrity with an internal code of ethics grounded in the core values of analytical rigor, policy pragmatism, and independence from external direction or bias.” So that, as they say, is alright then.
Anyhow, opacity aside, do the tech industry lobbyists have a point? They seem to be very bothered that the GDPR will force companies to “manually review significant algorithmic decisions”, that it will stop the repurposing of data, and that it will let people force the deletion of their data in a way that “could damage AI systems”. Also, the right to explain algorithmic decisions could “lead to unfair decisions, as there is inherently a trade-off between accuracy and transparency in algorithmic decisions”.
They may not be wrong on some of this stuff. However, there’s a reason the GDPR is technologically agnostic. If AI is making important decisions about us, and if AI systems hold our personal data, then what’s more important: to let the technology develop unimpeded, or to protect us? I’d go with the latter, and in any case I’m deeply sceptical about the idea that having privacy rights will put the EU at a disadvantage to the US and China – especially as those companies will also have to follow the GDPR when operating in the EU. (Also, China’s dystopian use of algorithms on personal data is hardly a model to follow!)
And then there’s the small matter of this being a pointless discussion, with the GDPR not even having been launched yet. The horse has bolted. The tech industry isn’t going to get anything changed now. So let’s just wait and see who really ends up at a disadvantage.
To support my work, please consider visiting my Patreon page or buying my book, Control Shift: How Technology Affects You and Your Rights. Here are the links to the book’s British, American and German Amazon pages.
THE JOB SITE KNOWN AS INDEED SAYS THERE’S BEEN A 700 PERCENT “SURGE” in data protection officer jobs, what with the GDPR coming into force. Well, er, indeed. That’s what happens when you make the role mandatory for the first time.
Still, there’s useful detail in Indeed’s press release: “Because such professionals are in high demand the average salary is currently £47,483 – nearly double the average UK wage of £27,600.”
THE GDPR ISN’T THE ONLY THING FOR US TECH FIRMS operating in Europe to worry about. According to a Euractiv exclusive, the upcoming overhaul of EU consumer protection rules will bring into scope services that collect users’ data rather than money. As with the GDPR, transgressions may earn fines of up to 4%.
What might this mean in practice? From the leaked proposal: “Consumers should have the same right to pre-contractual information and to cancel the contract within a 14-day right of withdrawal period, regardless of whether they pay for the service with money or whether they provide personal data.”
THE GUARDIAN HAS A CONCERNING PIECE ABOUT SMART CITIES in the Netherlands, and how the municipalities there aren’t so great at informing citizens about how they’re being monitored.
A typical scenario: “Enschede is enthusiastic about the advantages of the smart city. The municipality says it is saving €36m in infrastructure investments by launching a smart traffic app that rewards people for good behaviour like cycling, walking and using public transport… Only those who mine the small print will discover that the app creates ‘personal mobility profiles’, and that the collected personal data belongs to the company Mobidot.”
If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at email@example.com.
THE NEXT GENERATION OF MOBILE TECHNOLOGY, 5G, SHOULD PROTECT people against so-called stingrays or IMSI catchers – devices that identify who’s at a protest, for example, by tricking their phones into connecting to what they think is a genuine base station.
The protections are outlined in proposals that have come quite far and are now up for approval, ahead of next year’s standardisation of 5G. However, while they would make 5G more privacy-protective on one front, it does look like it will be easier to spy on people’s location by connecting to carriers’ networks at a different level – there are more and more players able to make these connections these days.
So 5G will make it harder to see who’s at an event by going to the event and turning on a stingray, but it will make it easier to track specific targets about whom the attacker already knows.