WELCOME to Connected Rights, your flick of the wrist of digital rights news and analysis.

BIG TECH COMPANIES ARE MEETING TODAY TO DISCUSS PRIVACY in the wake of the GDPR and the Cambridge Analytica scandal, according to Axios.

The publication quotes Dean Garfield, head of the Information Technology Industry Council, as saying “they’ve always viewed privacy as a foundational principle” – oi, you, quiet in the back – “but the question of how do you give meaning to it and talk about it in a way that resonated is now something that’s more pressing”. So, the companies live and breathe privacy but don’t know what it means?

Anyhow, the White House is allegedly “in the early stages of determining what a federal approach to online data privacy should look like”, Axios also reports. I’m personally not holding my breath on that one, but let’s see.

THE GDPR EFFECT IS REAL, AND NOT ONLY in terms of prompting debate across the pond. The Guardian reports rises in complaints and data breach notifications across Europe. In Austria, for example, there have been 100 complaints and 59 breach notifications in the month since the GDPR came into effect – beforehand, the same amount would be expected in an eight-month period.

According to the International Association of Privacy Professionals, the UK’s data protection authority received a whopping 1,106 “complaints or concerns” over that month. France’s got 426 complaints, Ireland (the big tech nexus) got 386 – and 547 data breach notifications – and Czechia’s got a respectable 400 complaints or so.

That IAPP piece is also interesting for its breakdown of the budgets and staff numbers of the various countries’ regulators. Ultimately, the success of the GDPR will come down to good enforcement, which is largely a function of sufficient resourcing.

FACEBOOK AND GOOGLE STAND ACCUSED OF USING “DARK PATTERNS” in their privacy settings to steer users towards the most privacy-intrusive options. The accusation comes from a raft of consumer protection groups in Europe and the U.S., who don’t like what they see in the updated privacy settings that the companies introduced in order to comply with the GDPR.

The Norwegian Consumer Council has produced a report called “Deceived By Design”, which sets out all the alleged violations here. The crux of the matter is that, if people are duped into choosing certain settings, and if more pro-privacy settings are made harder to reach, then the companies aren’t really complying with the GDPR.

So the consumer watchdogs of 10 European countries (Greece, Slovenia, Sweden, Denmark, Netherlands, France, Italy, Norway, Ireland and the UK) have written to their national data protection authorities to ask for investigations. Over in the US, EPIC and other consumer groups want the FTC to also look into the companies’ practices.

MEANWHILE, THE DUTCH PRIVACY WATCHDOG HAS RULED that people can’t be filmed on the street by cameras hidden inside ad displays without their permission. The regulator said doing so without permission is a GDPR violation, even if the aim of the filming is just to count people. These systems are often also used for matching ads to the characteristics of passers-by.

How is that permission supposed to be granted? Something to do with QR codes and apps, the regulator suggested.

To support my work, why not become a patron of Connected Rights or buy my book, Control Shift?

THE BRITISH TAX AUTHORITIES HAVE (POSSIBLY ILLEGALLY) AMASSED a collection of 5.1 million people’s “voiceprints” without their consent, activists at Big Brother Watch have revealed following a freedom-of-information request.

People calling HM Revenue and Customs have to say “my voice is my password” in order to access services, adding their voiceprints to the pot. HMRC apparently doesn’t want to say which other government departments it’s shared the voice IDs with, nor give details of how or where they’re stored. There is no way to opt out of the scheme.

JOKE OF THE WEEK COMES COURTESY OF THE EUROPEAN COMMISSION, which says the possibility of the new Copyright Directive stopping people from sharing memes isn’t really an issue, because “authors of memes or any other parodic content will be able to ask blocked or removed content to be re-published. The online platforms will have to do so based on the parody exception in place.”

In other words, people sharing facepalms will be able to continue doing so by going through a laborious appeals process after platforms overblock content in order to comply with the new directive as cheaply as possible. Yay?

(Bonus fact: Not all EU member states have the aforementioned parody exception in place, so not only is this idea impractical – it’s also nonsense.)

THE INTERCEPT HAS IDENTIFIED EIGHT LOCATIONS OF SECRET communications surveillance hubs across the US. The NSA’s chief partner here is AT&T, which gives the spies access to other providers’ traffic as well, thanks to peering arrangements with those operators. And yes, this information came from Snowden.

THE NEW YORK TIMES HAS A DEPRESSING PIECE ON “SMART HOME” TECH and how domestic abusers make use of it to harass, monitor and control their victims. The problem is exacerbated by victims’ and emergency responders’ lack of knowledge about how the technology works, and uncertainty about which legal mechanisms can be used to tackle the problem.

A key quote from the piece: “Usually, one person in a relationship takes charge of putting in the technology, knows how it works and has all the passwords. This gives that person the power to turn the technology against the other person.”

If you’d like me to speak about digital rights at your event or provide advice for your business, drop me an email at david@dmeyer.eu.

IT’S REALLY WORTH READING THIS PIECE BY FACIAL RECOGNITION company CEO Brian Brackeen, who argues forcefully that law enforcement shouldn’t be using facial recognition technology.

Firstly, the software is not yet well trained on black faces, making its correct identification of people of color less likely (Brackeen is himself black). Also, the technology may end up “truly dehumanising entire populations”.

“It’s the case of an amazing technology capable of personalizing experiences, improving interactions and creating positive feelings being used for the purpose of controlling citizens,” says the Kairos CEO. “And that, for me, is absolutely unacceptable.”

A BBC WRITER WAS SHOCKED TO SEE WHAT DATA FACEBOOK was holding on her, when she downloaded it. She writes: “As I perused my life in data, I was still relatively chill about all of it – until I clicked on the ‘contact info’ tab. Up came a huge list of people’s names and phone numbers. They were all contacts I’ve had on my phone – but not all of them are people I am Facebook friends with.

“It turns out that I must have once downloaded the Facebook app on my phone and let it sync with my phone contacts… I know it’s my fault for letting Facebook sync with my phone all those years ago when I first downloaded the app, but it still felt really weird that Mark Zuckerberg and Co. have my gynaecologist’s phone number.”