WELCOME to Connected Rights, your fingertip in the dial of digital rights news and analysis.
Enjoy this newsletter? Forward it to a friend or get them to sign up. I’m David Meyer, aka @superglaze on Twitter and @davidmeyerwrites on Facebook. Don’t forget to check out the Connected Rights website and download a copy of my book, Control Shift: How Technology Affects You and Your Rights. Boyei bolamu!
APPLE, AKA SILICON VALLEY’S NEW PRIVACY REGULATOR, is cracking down on apps that secretively record users’ activity, telling them to remove the offending code or face having their apps axed.
“Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” the company told TechCrunch. The publication had previously reported on how apps such as Expedia and Hotels.com recorded every tap and swipe users made.
“We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user’s app activity,” TechCrunch reported. “Even though sensitive data is supposed to be masked, some data — like passport numbers and credit card numbers — was leaking… Apple gave the developer less than a day to remove the code and resubmit their app or the app would be removed from the app store.”
Now, about that privacy-regulating role…
APPLE AND GOOGLE ARE BOTH CARRYING an app, designed by the Saudi interior ministry, that allows Saudi men to track their wives’ and daughters’ whereabouts, as well as those of their employees.
The Absher app notifies male “guardians” when their “charges” enter or leave the country – something they need permission from their husbands or fathers to do. Human rights activists say Apple and Google may not have realised what sort of app their stores are carrying, as it also offers other less awful government services, but they “really should consider the broader context or the purpose of the app, how it’s being used in practice and whether it’s facilitating abuse.”
Fun fact: some women have apparently been able to escape Saudi Arabia by quietly changing the app’s settings on their husbands’ or fathers’ phones, so they can slip away without any notifications.
GOOGLE HAS REPORTEDLY STARTED CENSORING results in Russia, where it has previously been fined for ignoring Roskomnadzor’s blacklist. The US firm has apparently delisted around 70 percent of the sites on that list, and the media regulator reports that it is “fully satisfied with the dialogue [with Google] at this time.
GERMANY’S ANTITRUST AUTHORITY HAS TOLD FACEBOOK to stop forcing people to agree to data-mining outside the core social networking service, in order to be able to use the core service.
The Bundeskartellamt is striking at the very heart of Facebook’s business model. The company wants to be able to use data from WhatsApp and Instagram, and from webpages that use its “like” and “share” buttons, to enhance the profiles it compiles. So it’s appealing, on the questionable basis that actually Facebook doesn’t have dominant market power, and also because antitrust regulators should not be enforcing privacy law. Except the Bundeskartellamt is quite clearly leaning on Germany’s rules around “exploitative business terms” here, which brings the matter into its remit.
Here’s watchdog president Andreas Mundt: “Voluntary consent means that the use of Facebook’s services must not be subject to the users’ consent to their data being collected and combined in this way. If users do not consent, Facebook may not exclude them from its services and must refrain from collecting and merging data from different sources.”
As I noted in a Fortune essay, we’re seeing regulators get creative in response to new challenges, specifically Facebook’s scale and the machinations of the data-centric economy. And rightly so. Ultimately this stuff comes down not only to privacy, but also to competition or the lack thereof.
THAT CHOOSE-YOUR-OWN-ADVENTURE BLACK MIRROR EPISODE, Bandersnatch, was seen by some as a data-mining experiment. Was it? UCL’s Michael Veale submitted a GDPR subject access request to find out, and the company sent back a pretty exhaustive, well-protected list of his choices. Full marks to Netflix for providing this info.
(By the way, a confession: I’ve only ever watched one episode of Black Mirror, a long time ago. I know it has great relevance to my interests, and I’m a massive Charlie Brooker fan, but I suspect it will be too close to the bone to watch comfortably. Perhaps it’s time to give it a whirl.)
WIRED WRITER JAMES TEMPERTON TRIED TO KEEP the existence of his unborn child a secret from the online surveillance machine. Here’s how that worked out:
“Our reasons were simple: first, we wanted our child, when it was good and ready, to establish its own online identity; second, we didn’t want to be stalked around the internet by adverts for breast pumps and baby carriers; finally, and most pertinently, we wanted some semblance of control over something that felt deeply personal. On the first point, we’re doing pretty well. On the second, we failed spectacularly. And on our foolhardy wish for control?… Ultimately, there’s only so much you can do. The internet wants to know everything about you and you can be damned sure it will find a way.”
MUMSNET, THE PARENTING FORUM AND SURPRISINGLY powerful political force, has reported itself to the British data protection authority after a data breach.
Per the Guardian: “A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility that their accounts would be switched. Each user was able to post as the other, see their account details, and read private messages.”
ONE OF THE BIG ARGUMENTS OF THE NETWORK OPERATOR industry in the US, when lobbying for the death of net neutrality rules, was that freedom from the rules would allow them to invest more in their networks – basically, let us charge companies for allowing their services to run unhindered, and we’ll have the cash to upgrade our infrastructure.
Well. The Financial Times had a look at the big operators’ capital expenditure last year, and discovered it had actually fallen, not risen.
There are caveats here: the new rules only came into force a while into 2018; there are still ongoing legal challenges; various states are trying to enforce state-level net neutrality rules; and some operators are holding back investment until 5G becomes a thing. This is hardly a certain environment for investment. However, when it comes to arguing the net-neutrality matter again, as will surely happen if the Democrats take over, it would be difficult for the industry to wheel out its investment-boost claim again.