WELCOME to Connected Rights, your clause in the contract of digital rights news and analysis.

Enjoy this newsletter? Forward it to a friend or get them to sign up. I’m David Meyer, aka @superglaze on Twitter and @davidmeyerwrites on Facebook. Don’t forget to check out the Connected Rights website and download a copy of my book, Control Shift: How Technology Affects You and Your Rights. Tatawaw!

THE RUSSIAN GOVERNMENT ISN’T DONE CLAMPING DOWN on online freedom – not by a long shot. Having already instituted a draconian data retention law, banned VPNs, demanded that encrypted messaging services hand over keys, and prosecuted loads of people for liking and sharing “extremist” things, the government now wants every messaging app user to be identified.

Every time someone registers for such a service, the messaging provider will need to contact their mobile operator, which will have to verify the registration data within all of 20 minutes. What’s more, the mobile operator will then need to make a record of the messaging apps that each customer is using.

Presumably thanks to the aforementioned data retention law, the databases needed for this app-recording are apparently already in place. What’s not so clear is how all this will work with foreign SIM cards. Perhaps those are about to become hotter property in Russia. Anyhow, all this is supposed to kick in half a year from now.

Incidentally, Freedom House released its latest World Internet Freedom Index report last week and, for the sixth consecutive year, Russia had fallen down the rankings. It now sits in 53rd place, out of 65 countries.

To support my work, why not become a patron of Connected Rights? If you would prefer to make a one-off donation, I also have a PayPal.me page.

TIM BERNERS-LEE HAS UNVEILED HIS LATEST ATTEMPT to fix his creation: a “Contract for the Web” that, so far, consists of a series of brief principles – more detail will be added before the contract is fully unveiled next year (the 30th anniversary of the web, and apparently the milestone where 50% of the world’s population will have gotten connected).

The principles are largely to do with Internet access – making it cheaper, and not shutting it down at times of elections and protests – but they also include these: “Respect consumers’ privacy and personal data so people are in control of their lives online”; and “Develop technologies that support the best in humanity and challenge the worst so the web really is a public good that puts people first.”

Google and Facebook have signed up. Amazon has not.

FACEBOOK IS UNDER GDPR-RELATED INVESTIGATION AGAIN, this time over its tracking of users as they surf the web. The matter was referred to the Irish Data Protection Commission by the UK’s Information Commissioner’s Office, as revealed in the ICO’s report on the use of data analytics in political campaigns.

Information commissioner Elizabeth Denham may have been constrained in how much she could fine Facebook over the Cambridge Analytics fiasco, due to the fact that those violations took place in the pre-GDPR era, but she clearly doesn’t think the company’s data-protection-abusing ways are all in the past.

In related news, Denham has also fined Leave.eu spiv Arron Banks and his insurance company £135,000. Banksy, it turns out, used the Leave.eu database to illegally send out marketing materials for his company. Lucrative for some, that Brexit thingy…

THE ICO HAS PUBLISHED GUIDANCE FOR BUSINESSES that want to know about the GDPR and encryption and passwords in their services. Here it is. Key line: “If you are storing personal data, or transmitting it over the internet, we recommend that you use encryption and have a suitable policy in place, taking account of the residual risks involved.”

HEY LOOK, THERE’S ANOTHER PRIVACY BILL OVER IN the U.S. – this time it’s an offering from Ron Wyden, and it’s called the Consumer Data Protection Act. It would only apply to companies with revenue in excess of $50 million and the personal data of over a million people, but the penalties for violations would be harsh, including potential jail time of up to 20 years for CEOs.

Also, in the style of the GDPR, fines of up to 4% of annual revenue. Oh, and a national Do Not Track website where Americans can register their unwillingness to be tracked.

Wyden: “Today’s economy is a giant vacuum for your personal information. Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database. But individual Americans know far too little about how their data is collected, how it’s used and how it’s shared.”

US CONSUMER AND PUBLIC HEALTH ADVOCACY GROUPS have asked the Federal Trade Commission to investigate children’s apps that “routinely lure young children to make purchases and watch ads”.

Vox describes one such app: “In the children’s gaming app Doctor Kids, a popular purchase in the Google and Amazon app stores, kids get to play doctor in a children’s hospital. They clean patients’ teeth as a dentist, straighten crooked bones inside an X-ray scan, and play optometrist by helping kids with blurry vision find the right prescription glasses, all against a backdrop of brightly colored characters and a twinkling soundtrack.

“Until suddenly, the game is interrupted. A bubble pops up with a new mini game idea, and when a child clicks on the bubble, they are invited to purchase it for $1.99, or unlock all new games for $3.99. There’s a red X button to cancel the pop-up, but if the child clicks on it, the character on the screen shakes its head, looks sad, and even begins to cry.”

Delightful.

If you’d like me to speak about digital rights at your event or provide advice for your business, drop me an email at david@dmeyer.eu.

THE SWEDISH ISP BAHNHOF WAS MIGHTILY DISPLEASED when told to block users from visiting the open-access scientific paper site Sci-Hub. The blockage came at the request of academic publishing giant Elsevier, which has, shall we say, a less open attitude toward the dissemination of publicly funded research.

So, while Bahnhof has grudgingly gone ahead and blocked Sci-Hub’s various domains, it added a twist to the affair by also blocking Elsevier.com. Bahnhof users trying to access the publisher’s site are taken to a very old-school webpage with a dial-up modem sound in the background, and a handy explainer about why Elsevier is an “oligopoly… which pinions users, deprives scientists of the right to their own papers and demands large sums of money for simple services.”