Saturday, January 19, 2019

We knew this was flawed. Will they make it worse?
Eric Goldman writes:
41 California privacy lawyers, professionals, and professors are urging the California legislature to make major changes to the California Consumer Privacy Act (CCPA), which the legislature hastily passed in 2018. The letter highlights six significant problems with the CCPA, including:
  • The CCPA affects many businesses who never had a chance to explain the law’s problems to the legislature;
  • The CCPA imposes excessive costs on small businesses;
  • The CCPA requires businesses to waste money complying with multiple privacy laws;
  • The CCPA degrades consumer privacy in several ways;
  • The CCPA’s definitions are riddled with problems; and
  • The CCPA reaches beyond California’s borders.
The text of the letter is on Eric’s site, linked below. A PDF copy of the letter is also available.


(Related) Another “privacy law gone bad.”
Student privacy and the law of unintended consequences
In 2014, the Louisiana legislature passed a law to protect student privacy. It required parents to approve nearly any collection and sharing of student data. In other words, no student information — no accomplishments or addresses, no batting averages or GPAs — was to be shared without a parent’s express permission.
… Facing the possibility of heavy fines or ending up in prison for even a well-intentioned mistake, teachers and administrators in a number of schools told us they were so afraid that they stopped collecting or sharing data for almost any reason. They stopped printing school yearbooks. They stopped announcing football players’ names at games. They stopped hanging student artwork in the hallways. Some even stopped referring students to state scholarship funds.




How much does take to get management’s attention?
The Washington Post reports:
U.S. regulators have met to discuss imposing a record-setting fine against Facebook for violating a legally binding agreement with the government to protect the privacy of its users’ personal data, according to three people familiar with the deliberations but not authorized to speak on the record.
The fine under consideration at the Federal Trade Commission, a privacy and security watchdog that began probing Facebook last year, would mark the first major punishment levied against Facebook in the United States since reports emerged in March that Cambridge Analytica, a political consultancy, accessed personal information on about 87 million Facebook users without their knowledge.
The penalty is expected to be much larger than the $22.5 million fine the agency imposed on Google in 2012.
Read more on the Union Leader.




In order to retrieve all data related to a user you have to know every place that data is stored. Automation would work, if the software looked every place data might be stored.
Privacy campaigner Schrems slaps Amazon, Apple, Netflix, others with GDPR data access complaints
European privacy campaigner Max Schrems has filed a fresh batch of strategic complaints at tech giants, including Amazon, Apple, Netflix, Spotify and YouTube.
The complaints, filed via his nonprofit privacy and digital rights organization, noyb, relate to how the services respond to data access requests, per regional data protection rules.
Article 15 of Europe’s General Data Protection Regulation (GDPR) provides for a right of access by the data subject to information held on them.
The complaints contend tech firms are structurally violating this right — having built automated systems to respond to data access requests which, after being tested by noyb, failed to provide the user with all the relevant information to which they are legally entitled.


(Related)
Apple, Netflix and YouTube among Streamers Flouting EU Privacy Law, Say New Complaints
… If all the companies are found to have been violating the EU General Data Protection Regulation, by not revealing to users all the information they’re obliged to, they face fines to a total theoretical maximum of €18.8 billion ($21.4 billion.)




Another interesting interpretation.
Good question. Stéphanie Martinier and Mathilde Pepin of Proskauer write:
The French Supreme Court sanctions a company for having produced complete employee pay slips in a litigation.
It is not news that the rules of evidence and data privacy laws may be conflicting. A recent decision of the French Supreme Court[1] illustrates this tension and highlights the need for litigators to take into account data privacy principles before producing evidence containing personal information. In this case, a company had organized mandatory staff representatives’ elections. The company had started a court action against three election candidates aiming at opposing their candidature due to certain requirements related to their job classifications not being met. Among the evidence produced by the company were the complete pay slips of the three employees. All of the trade unions that were participants in the election process were also parties to the litigation and as such, they all received copies of the evidence produced by the company.
The employees started an emergency proceeding to have the pay slips immediately removed from the court file, claiming that it was an invasion of privacy. The employees based their claim, among other things, on Article 8 of the European Convention on Human Rights. The company argued that it needed to provide the pay slips to evidence its claim.
The French Supreme Court disagreed and ruled in favor of the employees, recognizing an invasion to the employees’ privacy.
Read more on Privacy Law Blog.




How can anyone compete with Amazon? Could anyone with less money do this? Would they even try?
In India, Amazon and Walmart face off against the country’s richest man
As Amazon and Walmart-owned Flipkart scramble for ways to work around the impending new strict ecommerce policy in India, the two companies today stumbled upon a new challenge: India’s richest man.
Mukesh Ambani, who runs Reliance Industries, the country’s largest industrial house, announced today that his company will roll out a new online shopping platform for 1.2 million retailers and store owners in Gujarat, the nation’s westernmost state.




Perspective. The opposite of universal access?
Zimbabwe shuts down internet amid violent response to gas protests
Zimbabwe was under an internet blackout on Friday as authorities extended a communications ban to cover emails after days of deadly protests over price increases that pushed the cost of a gallon of gas to almost $13.


(Related)
Here Come the Internet Blackouts
On the first day of the new year, the Democratic Republic of Congo cut internet connections and SMS services nationwide—for the second day in a row. The reason? To avoid the “chaos” that might result from its presidential election results. Not even a week later, on Jan. 7, Gabon’s government did the same after an attempted coup. On Tuesday, Zimbabwe cut off social media and internet access. The government restored much of the internet Wednesday but kept a WhatsApp ban in place. And it’s unlikely that these will be the last “internet blackouts” we hear about over the coming months
… In fact, we’ll likely see a rise in internet blackouts in 2019, for two reasons: countries deliberately “turning off” the internet within their borders, and hackers disrupting segments of the internet with distributed denial-of-service attacks. Above all, both will force policymakers everywhere to reckon with the fact that the internet itself is increasingly becoming centralized—and therefore increasingly vulnerable to manipulation, making everyone less safe.




Perspective.
… “The first thing we found,” Mitchell tells me in an interview, “is that many, many jobs, the majority of jobs are going to be affected by machine learning.” He pauses, goes on: “The next thing we found was that very few of those jobs will be completely automated. Instead, the predominant thing that you see is that most jobs will be affected because the bundle of tasks that make up that job—some of those tasks that are amenable to machine learning, semi-automation or automation.”
If this describes your job, or a task in your job, then an algorithm can probably be taught to do it.
1. Learning a function that maps well-defined inputs to well-defined outputs
2. Large (digital) data sets exist or can be created containing input-output pairs
3. The task provides clear feedback with clearly definable goals and metrics
4. No long chains of logic or reasoning that depend on diverse background knowledge or common sense
5. No need for detailed explanation of how the decision was made
6. A tolerance for error and no need for provably correct or optimal solutions
7. The phenomenon or function being learned should not change rapidly over time
8. No specialized dexterity, physical skills, or mobility required


No comments: