WELCOME to Connected Rights, your breach in the hull of digital rights news and analysis.
MARK ZUCKERBERG’S APPEARANCE BEFORE EUROPEAN PARLIAMENT LEADERS yesterday was an absolute farce. With the world’s attention trained on them, the MEPs spent an hour grandstanding, landing all the predicted blows but at excessive length – the meeting was only supposed to last an hour or so. With eleventybillion specific questions stacked up and hardly any time to answer them, Zuck was free to pick and choose. “Are there any other themes we want to get through,” he mused to himself at one point, like someone contemplating which wine to have with dessert.
Who is to blame? When Zuckerberg fled at the end leaving many specific questions unanswered, furious MEPs said Facebook had insisted on the stacked-questions format. However, some pointed out that this was the standard format for European Parliament hearings, and if MEPs wanted him to actually answer their questions, they should have insisted on another setup. GDPR architect Jan Philipp Albrecht told Politico that Zuckerberg would not have agreed to a format in which he had to answer every question directly after it was posed to him.
Anyhow, Zuckerberg grudgingly promised to give more specific answers in the coming days. Which is just as well, as his offering yesterday evening was almost entirely a rehash of his congressional appearances. He started Facebook in his dorm room. AI will solve everything. He even spouted his well-rehearsed line about the question not being whether or not there should be regulation, but rather what the regulation should look like – clearly dreaming he was back in laissez-faire Washington rather than Brussels, the home of regulation-whatever-it-looks-like.
There were no winners here. While Zuck wore a trace of a smirk as he pointed out that the meeting had run over time and he really should go, his smoothness only served to infuriate. While the MEPs got to showboat and raise some serious issues – Facebook’s monopoly (the EPP’s Manfred Weber and ALDE’s Guy Verhofstadt); users’ inability to opt out of targeted advertising (the Greens’ Philippe Lamberts); the collection of non-users’ data (Albrecht and the ECR’s Syed Kamall) – there won’t be any new legislation ahead of next year’s parliamentary elections. And, given the disastrous format of the session, the media glare exposed how disorganised the European Parliament can be at times.
Well done, no-one.
US PHONE COMPANIES’ CAVALIER DISTRIBUTION OF LOCATION DATA is in the spotlight after a company called Securus was found to be offering tracking services based on that information, which it apparently acquired through a company called LocationSmart, which works directly with the carriers.
As Slate points out, this is awfully reminiscent of Facebook’s Cambridge Analytica scandal, yet the Securus/LocationSmart scandal seems to be getting little attention or regulatory response, and the operators are showing no indication of tightening up their distribution of everyone’s location data. Why is this? The publication theorises that the Cambridge Analytica scandal caused such a storm because of its possible connection with Trump’s election.
“What the LocationSmart scandal lacks is not import, nor the potential for serious harm, but a link to some divisive political issue or societal outrage sufficient enough to generate visceral anger from people who aren’t privacy wonks,” writes Will Oremus, all too plausibly.
YOU KNOW THOSE APPS THAT LET PARENTS MONITOR their children’s phone activities? Completely unpredictably, one such app – TeenSafe – has been found storing its users information insecurely, giving miscreants an easy way to hack into kids’ Apple accounts.
GOOGLE IS UNDER FIRE IN THE UK for the fact that its search autocomplete function has been exposing the identities of rape victims, who are supposed to remain anonymous under British law. A Times investigation exposed the problem – search for the name of the attacker, and the victim’s name may also pop up.
Of course, these autocomplete suggestions are based on things other users have already searched for, and in this case it seems to be the result of people searching for information based on what’s been illegally posted on social media. Google says it’s removed the examples that have been flagged up. However, as security expert Alan Woodward told The Times, this is what happens when you rely on discretion-free algorithms: “Convenience can sometimes be the enemy of security and privacy. This is a case of unintended consequences.”
THE BRITISH GOVERNMENT IS PLANNING ANOTHER OF ITS THINK-OF-THE-CHILDREN LAWS, this time about regulating social media to protect people from cyberbullying and exploitation. “I don’t want the trolls to win,” said digital minister Matt Hancock, adding that he wanted legislation to tackle “both legal and illegal harms”. Surely if it’s already illegal (which online harassment is in the UK) then it doesn’t require new legislation, and if it’s legal, then new legislation will make it no longer so? I’m confused. But at least the government is doing something, or at least promising to do something, about something.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at email@example.com.
SWEDEN HAS A FAMOUSLY OPEN SOCIETY, creating an interesting tension with the GDPR. As detailed in one of my latest pieces for the International Association of Privacy Professionals, some companies there are able to get a “publisher’s licence” that effectively exempts them from being covered by the data protection regulation, making it impossible for people whose information is stored by these firms to have it amended or deleted.
The Swedish data protection authority is naturally not happy about the situation, but says its hands are tied, even when it comes to the much-complained-about Truecaller reverse-lookup app, which is based in Sweden.
I ALSO WROTE ABOUT ONE OF THE REASONS why certain EU member states don’t have their GDPR implementation acts ready for Friday: elections. When polling time comes, legislation gets put on hold and, let’s face it, few parties campaign on a data protection platform. Of course, that’s not much of an excuse – member states have after all had two years to get their ducks in a row.