We
knew this was flawed. Will they make it worse?
Eric Goldman writes:
41 California privacy lawyers, professionals, and professors are urging the California legislature to make major changes to the California Consumer Privacy Act (CCPA), which the legislature hastily passed in 2018. The letter highlights six significant problems with the CCPA, including:
The CCPA affects many businesses who never had a chance to explain the law’s problems to the legislature;
The CCPA imposes excessive costs on small businesses;
The CCPA requires businesses to waste money complying with multiple privacy laws;
The CCPA degrades consumer privacy in several ways;
The CCPA’s definitions are riddled with problems; and
The CCPA reaches beyond California’s borders.
The text of the letter is on Eric’s site, linked
below. A PDF
copy of the letter is also available.
Read more on Technology
& Marketing Law Blog.
(Related) Another “privacy law gone bad.”
https://thehill.com/opinion/technology/425946-student-privacy-and-the-law-of-unintended-consequences
In 2014, the Louisiana legislature passed
a law to protect student privacy. It required parents to approve
nearly any collection and sharing of student data. In other words,
no student information — no accomplishments or addresses, no
batting averages or GPAs — was to be shared without a parent’s
express permission.
… Facing the possibility of heavy fines or
ending up in prison for even a well-intentioned mistake, teachers
and administrators in a number of schools told us they were so afraid
that they stopped collecting or sharing data for almost any reason.
They stopped printing school yearbooks. They stopped announcing
football players’ names at games. They stopped hanging student
artwork in the hallways. Some even stopped referring students to
state scholarship funds.
How
much does take to get management’s attention?
The Washington Post reports:
U.S. regulators have met to discuss imposing a record-setting fine against Facebook for violating a legally binding agreement with the government to protect the privacy of its users’ personal data, according to three people familiar with the deliberations but not authorized to speak on the record.
The fine under consideration at the Federal Trade Commission, a privacy and security watchdog that began probing Facebook last year, would mark the first major punishment levied against Facebook in the United States since reports emerged in March that Cambridge Analytica, a political consultancy, accessed personal information on about 87 million Facebook users without their knowledge.
The penalty is expected to be much larger than the $22.5 million fine the agency imposed on Google in 2012.
Read more on the Union
Leader.
In
order to retrieve all data related to a user you have to know every
place that data is stored. Automation would work, if the software
looked every place data might
be stored.
Privacy
campaigner Schrems slaps Amazon, Apple, Netflix, others with GDPR
data access complaints
European privacy
campaigner Max
Schrems has filed a fresh batch of strategic complaints at tech
giants, including Amazon,
Apple, Netflix, Spotify and YouTube.
The complaints, filed via his nonprofit privacy
and digital rights organization, noyb,
relate to how the services respond to data access requests, per
regional data protection rules.
Article 15 of Europe’s General Data Protection
Regulation (GDPR)
provides for a right of access by the data subject to information
held on them.
The complaints contend tech firms are structurally
violating this right — having built
automated systems to respond to data access requests
which, after being tested by noyb, failed
to provide the user with all the relevant information to which they
are legally entitled.
(Related)
Apple,
Netflix and YouTube among Streamers Flouting EU Privacy Law, Say New
Complaints
… If all the companies are found to have been
violating the EU General Data Protection Regulation, by not revealing
to users all the information they’re obliged to, they face fines to
a total theoretical maximum of €18.8 billion ($21.4
billion.)
Another
interesting interpretation.
Good question. Stéphanie Martinier and Mathilde
Pepin of Proskauer write:
The French Supreme Court sanctions a company for having produced complete employee pay slips in a litigation.
It is not news that the rules of evidence and data privacy laws may be conflicting. A recent decision of the French Supreme Court[1] illustrates this tension and highlights the need for litigators to take into account data privacy principles before producing evidence containing personal information. In this case, a company had organized mandatory staff representatives’ elections. The company had started a court action against three election candidates aiming at opposing their candidature due to certain requirements related to their job classifications not being met. Among the evidence produced by the company were the complete pay slips of the three employees. All of the trade unions that were participants in the election process were also parties to the litigation and as such, they all received copies of the evidence produced by the company.
The employees started an emergency proceeding to have the pay slips immediately removed from the court file, claiming that it was an invasion of privacy. The employees based their claim, among other things, on Article 8 of the European Convention on Human Rights. The company argued that it needed to provide the pay slips to evidence its claim.
The French Supreme Court disagreed and ruled in favor of the employees, recognizing an invasion to the employees’ privacy.
Read more on Privacy
Law Blog.
How
can anyone compete with Amazon? Could anyone with less money do
this? Would they even try?
In India,
Amazon and Walmart face off against the country’s richest man
As Amazon and Walmart-owned Flipkart scramble for
ways to work around the impending new strict
ecommerce policy in India, the two companies today stumbled upon
a new challenge: India’s richest man.
Mukesh Ambani, who runs Reliance
Industries, the country’s largest industrial house, announced
today that his company will roll out a new online shopping platform
for 1.2 million retailers and store owners in Gujarat, the nation’s
westernmost state.
Perspective.
The opposite of universal access?
Zimbabwe
shuts down internet amid violent response to gas protests
Zimbabwe was under an internet blackout on Friday
as authorities extended a communications ban to cover emails after
days of deadly protests over price increases that pushed
the cost of a gallon of gas to almost $13.
(Related)
Here Come
the Internet Blackouts
On the first day of the new year, the Democratic
Republic of Congo cut
internet connections and SMS services nationwide—for the second day
in a row. The reason? To avoid the “chaos” that might result
from its presidential election results. Not even a week later, on
Jan. 7, Gabon’s government did
the same after an attempted coup. On Tuesday, Zimbabwe
cut off social media and internet access. The government restored
much of the internet Wednesday but kept a WhatsApp ban in place. And
it’s unlikely that these will be the last “internet blackouts”
we hear about over the coming months
… In fact, we’ll likely see a rise in
internet blackouts in 2019, for two reasons: countries deliberately
“turning off” the internet within their borders, and hackers
disrupting segments of the internet with distributed
denial-of-service attacks. Above all, both will force policymakers
everywhere to reckon with the fact that the internet itself is
increasingly becoming centralized—and therefore increasingly
vulnerable to manipulation, making everyone less safe.
Perspective.
… “The first thing we found,” Mitchell
tells me in an interview, “is that many, many jobs, the majority of
jobs are going to be affected by machine learning.” He pauses,
goes on: “The next thing we found was that very few of those jobs
will be completely automated. Instead, the predominant thing that you
see is that most jobs will be affected because the bundle of tasks
that make up that job—some of those tasks that are amenable to
machine learning, semi-automation or automation.”
… If
this describes your job, or a task in your job, then an algorithm can
probably be taught to do it.
1. Learning a function that
maps well-defined inputs to well-defined outputs
2. Large (digital) data
sets exist or can be created containing input-output pairs
3. The task provides clear
feedback with clearly definable goals and metrics
4. No long chains of logic
or reasoning that depend on diverse background knowledge or common
sense
5.
No need for detailed explanation of how the decision was made
6.
A tolerance for error and no need for provably correct or optimal
solutions
7. The phenomenon or
function being learned should not change rapidly over time
8.
No specialized dexterity, physical skills, or mobility required