WELCOME to Connected Rights, your tip of the iceberg of digital rights news and analysis.

CALIFORNIA HAS PASSED A LAW THAT CAN be best described as “GDPR-lite” – like the EU law, AB 375 forces companies to say what data they hold, why they hold it and where it goes, lets consumers object to their data being sold, and introduces a right to deletion. However, before California’s new law comes into effect at the start of 2020, it may be amended. So it’s no surprise to see Big Tech’s lobbyists gearing up for a fight.

The base of their argument is that the bill was rushed through at extraordinary speed, which is true – it was little more than a week between conception and delivery. That’s because a real-estate tycoon had drummed up a citizen’s initiative that would have been even stricter, and that has now been warded off by the swift passage of AB 375.

On the other hand, the likes of Google and Facebook (which claims to support the new law) have already been forced to rejig their systems for the GDPR, so the effects of this new law in California can’t be as unpredictable and ill-thought-through as the lobbyists are making out. It really just means giving Californians what the Europeans are already having, to an extent.

Anyhow, the law does have imperfections in the way it protects people’s privacy, so perhaps there are amendments to be made by both sides. Let the battle commence.

GOOGLE IS LETTING THIRD-PARTY APP DEVELOPERS LOOK THROUGH people’s Gmail messages, according to a Wall Street Journal report. And we’re not just talking about those developers’ automated systems – human employees can read the messages too.

This applies when people connect third-party apps – for things like setting up travel itineraries or receiving emails about shopping price comparisons – to their accounts. Google apparently thinks this is OK, because it vets the developers who can get such access. But the Journal‘s sources said thousands of people get to read people’s emails in order to train their automated systems to do the same.

So now it’s not just Facebook that’s in the firing line regarding its data-sharing agreements with third parties. Oh, speaking of which, Facebook just revealed that it shares the personal data of users’ friends with 61 companies. The consent of those users’ friends, of course, is nowhere to be seen.

A WALL STREET ANALYST WANTS GOOGLE TO GIVE AWAY “smart speakers” to every household in the U.S., in order to fend off Amazon in the virtual-assistant wars. Apart from the problems around sustainability, there might be privacy concerns here too…

To support my work, why not become a patron of Connected Rights or buy my book, Control Shift?

TOMORROW’S THE DAY WHEN THE EUROPEAN PARLIAMENT either holds up the disastrous Copyright Directive for further perusal, or waves it through to its final stage of negotiations with representatives of member states.

The pushback against the reform has itself met heavy resistance, largely expressed through media concerns that are naturally keen to get new theoretical revenue sources from those linking to their publications. That side claims civil society is spreading disinformation.

Who’s right? Well, Pirate MEP Julia Reda – who is obviously firmly on the side of civil society here – has usefully set out precisely what the directive text would introduce, and why it is dangerous. Opinions may differ, but as long as everyone is looking at what the draft actually says, that’s a good start.

Also worth reading: a Wolters Kluwer piece on Article 13, which would introduce new levels of online surveillance. Key bit: “…platforms will have to examine each piece of content posted by end users. This will amount to general monitoring. Realistically, providers will turn to filters to accomplish this general monitoring. Filters by definition can neither avoid systematically processing the personal data of users nor reliably recognise defences against copyright infringement. They are therefore incapable of allowing for a ‘fair balance’ between the fundamental rights of users and right-holders.”

COPYRIGHT ISN’T THE ONLY IMPORTANT THING that the European Parliament will be voting on tomorrow. It will also be voting on a resolution that urges the European Commission to suspend the Privacy Shield data-sharing agreement with the US, unless the European and American sides can actually make the arrangement pass muster on the fundamental rights front by the start of September.

RUSSIA’S DRACONIAN DATA RETENTION LAW is now in force, with communications providers having to store people’s conversations – the contents; not just records of times and so on – for six months in order to let the intelligence services rootle through them when required.

Obvious civil liberties issues aside, this is going to prove enormously expensive for the country’s internet service providers. And as salt in the wound, those companies only got given details of the government’s requirements mere days before the “Yarovaya law” came into effect.

The likes of Facebook and Google are not subject to the legislation as they’re not on Roskomnadzor’s “register of information disseminators” – for now.

THE PROPRIETORS OF THE ONLINE ANONYMITY GROUP ZWIEBELFREUNDE (Friends of the Onion – that’s a reference to TOR, not the satirical website) were raided by German police in connection with planned far-left protests outside the convention of the far-right AfD party.

Zwiebelfreunde is one of the organisations that offer Tor infrastructure, to protect users’ anonymity. It also apparently handles donations for the privacy-focused, Seattle-based email service Riseup. However, the group’s board members deny having anything to do with Riseup’s email infrastructure, nor the Krawalltouristen blog where protests were apparently being planned.

THE GDPR HAS LED EUROPE’S TOP COURT TO ANONYMISE people involved in requests for preliminary rulings. The Court of Justice of the European Union (CJEU/ECJ) will only use the people’s initials in publications about such cases – except in cases where it decides the circumstances merit naming the individuals concerned.

ARE YOUR SMARTPHONE APPS SECRETLY LISTENING TO YOU? No, apparently. However, while researchers have scotched that particular conspiracy theory, they did find that many apps secretly record what’s going on on the user’s screen, and then send that information to third parties.

If you’d like me to speak about digital rights at your event or provide advice for your business, drop me an email at david@dmeyer.eu.

SOME SAMSUNG PHONES HAVE REPORTEDLY BEEN RANDOMLY sending out users’ pictures to their contacts, courtesy of Samsung’s default texting app. The reports suggest the sending users don’t even see that their phones have distributed pictures to others. That’s quite the bug!

THE AD-BLOCKING WAR BETWEEN FACEBOOK AND ADBLOCK PLUS is going higher-tech, at least on the German company’s side. Adblock Plus is now asking users to submit screenshots of the ads in their Facebook feeds, in order to train a new “AI” system to recognise those ads and block them.

EGYPT’S PARLIAMENT IS PLANNING TO TAX ANYONE WHO ADVERTISES on Facebook and Google, in order to “protect the Egyptian advertising market“.