WELCOME to Connected Rights, your dimple in the cheek of digital rights news and analysis.

Enjoy this newsletter? Forward it to a friend or get them to sign up. I’m David Meyer, aka @superglaze on Twitter and @davidmeyerwrites on Facebook. Don’t forget to check out the Connected Rights website and download a copy of my book, Control Shift: How Technology Affects You and Your Rights. Boolkhent!

GOOGLE CONTINUES TO BE DISAPPOINTING on the appeasing-Chinese-censors front. CEO Sundar Pichai is now openly discussing Project Dragonfly, claiming that it’s an exploratory internal project (“If Google were to operate in China, what would it look like?”) while also enthusing: “It turns out we’ll be able to serve well over 99% of the queries.”

To misquote Anchorman, 99% of the time it works every time. Seriously though, imagine how much more useful Google would be in China if it were able to return results about pesky subjects such as human rights and sex?

Somewhat dismally, Pichai also claimed that reintroducing Google to China would help fight cancer. “Today people either get fake cancer treatments or they actually get useful information,” he said. As though finding good information on cancer treatment is contingent on having access to Google.

IS THIS THE FIRST GDPR FINE? Austria’s data protection authority has fined an entrepreneur over his use of a CCTV camera that covered too much of a public pavement. It’s only €4,800, but it’s not exactly a blockbuster case. Expect those fines to take a little longer to ferment. Speaking of which…

WELCOME, TWITTER, TO THE GDPR INVESTIGATION party. Google and Facebook have been waiting for you.

The probe comes courtesy of the Irish data protection authority, which is following up on a complaint from UCL privacy researcher Michael Veale. Veale asked Twitter to pony up the data it holds regarding his clicks on links in tweets. It refused, claiming (erroneously, he believes) that the GDPR allows companies to turn down subject access requests if fulfilling them would entail “disproportionate effort”.

Veale suspects that Twitter tracks users who click on links, but he’s not sure of the extent, and would also like to know what Twitter does with that information. So would the Irish DPC, and it will be working with its continental counterparts in the investigation.

WE NOW KNOW HOW MANY EUROPEANS WERE EXPOSED in Facebook’s big data breach: 3 million, according to the Irish DPC. This is important because the figure could help to decide the fine Facebook gets for its handling of the breach under the GDPR. As I’ve said before, though, this fine is unlikely to run to the maximum potential level, as it doesn’t seem to have been a wilful abuse.

FACEBOOK HAS ANNOUNCED ITS PLAN FOR COMBATTING election-related disinformation campaigns on its platform, ahead of the US midterms. The company will ban false information about voter ID requirements – a classic means of suppressing the vote in African American areas that are likely to lean Democrat.

However, Facebook will not ban false information about violence and long queues at polling stations, which are another way of getting people to stay away from the polls. Here, it will only suppress such reports in people’s news feeds.

News Feed product manager Tessa Lyons: “We don’t believe we should remove things from Facebook that are shared by authentic people if they don’t violate those community standards, even if they are false.”

To support my work, why not become a patron of Connected Rights? If you would prefer to make a one-off donation, I also have a PayPal.me page.

DONALD TRUMP’S NEVERENDING CAMPAIGN HAS STARTED RENTING out its database covering around 20 million supporters to other campaigns. As the New York Times puts it: “It is not unusual for candidates to rent supporter data to — or from — other campaigns. The new effort by Mr. Trump’s team, however, appears to be the first time the campaign of a sitting president facing re-election has opted to market its list.”

HERE’S A CASE THAT MAKES CLEAR THE DANGERS of big government surveillance schemes – they’re prime targets for criminals, such as, uh, Tony Da Boss and his rap crew, the FreeBandz Gang.

From Forbes‘s piece on the bonkers story, which also involves “the first publicly known federal government demand for customer information and surveillance footage from Google’s smart home division”:

“Cops alleged Da Boss and his co-conspirators had access to the Holy Grail for any Internet-age scam artist: a surveillance technology that police and debt collectors use to track most of the United States’ 325 million inhabitants via their Social Security numbers, license plates, address histories, names and dates of birth… It’s [also used by] private companies carrying out background checks. Private investigators use it to track cheating spouses. But in the wrong hands it can be used to steal the identity of almost anyone in America. And Da Boss and his crew got access to it.”

AMAZON GOT A PATENT THAT COULD SEE ITS ALEXA virtual assistant listening to users to pick up symptoms of illness, so it can then play them ads for products that might provide a cure. The patent also covers the use of Alexa to detect “emotional abnormalities”.

If you’d like me to speak about digital rights at your event or provide advice for your business, drop me an email at david@dmeyer.eu.

DOES THE GDPR PROTECT EUROPEANS AGAINST the abuse of inferences drawn about them through the use of “big data” analytics? Not according to the University of Oxford’s Sandra Wachter and Brent Mittelstadt – both fellows at the Alan Turing Institute – who say EU law is deficient on this front.

They write: “The GDPR, the draft e-Privacy regulation, the Digital Content Directive, and legal scholars attribute only limited rights over inferences to data subjects. At the same time, new frameworks such as the EU Copyright Directive, as well as provisions in the GDPR, push to facilitate data mining, knowledge discovery and Big Data analytics by limiting data subjects’ rights over their data. The new Trade Secrets Directive also poses a barrier to accountability as models, algorithms and inferences may very well fall within its remit, allowing companies to limit access and rights over them on the basis that they are commercially sensitive.”