Tag • #privacy

Sc chevron_right

Dan Solove on Privacy Regulation

news.movim.eu / Schneier · Yesterday - 03:28 · 2 minutes

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract:

In this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions. The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well. I argue that privacy consent should confer less legitimacy and power and that it be backstopped by a set of duties on organizations that process personal data based on consent.

Full abstract:

Consent plays a profound role in nearly all privacy laws. As Professor Heidi Hurd aptly said, consent works “moral magic”—it transforms things that would be illegal and immoral into lawful and legitimate activities. As to privacy, consent authorizes and legitimizes a wide range of data collection and processing.

There are generally two approaches to consent in privacy law. In the United States, the notice-and-choice approach predominates; organizations post a notice of their privacy practices and people are deemed to consent if they continue to do business with the organization or fail to opt out. In the European Union, the General Data Protection Regulation (GDPR) uses the express consent approach, where people must voluntarily and affirmatively consent.

Both approaches fail. The evidence of actual consent is non-existent under the notice-and-choice approach. Individuals are often pressured or manipulated, undermining the validity of their consent. The express consent approach also suffers from these problems people are ill-equipped to decide about their privacy, and even experts cannot fully understand what algorithms will do with personal data. Express consent also is highly impractical; it inundates individuals with consent requests from thousands of organizations. Express consent cannot scale.

In this Article, I contend that most of the time, privacy consent is fictitious. Privacy law should take a new approach to consent that I call “murky consent.” Traditionally, consent has been binary—an on/off switch—but murky consent exists in the shadowy middle ground between full consent and no consent. Murky consent embraces the fact that consent in privacy is largely a set of fictions and is at best highly dubious.

Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy. To return to Hurd’s analogy, murky consent is consent without magic. Rather than provide extensive legitimacy and power, murky consent should authorize only a very restricted and weak license to use data. Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid. Murky consent should rest on shaky ground. Because the law pretends people are consenting, the law’s goal should be to ensure that what people are consenting to is good. Doing so promotes the integrity of the fictions of consent. I propose four duties to achieve this end: (1) duty to obtain consent appropriately; (2) duty to avoid thwarting reasonable expectations; (3) duty of loyalty; and (4) duty to avoid unreasonable risk. The law can’t make the tale of privacy consent less fictional, but with these duties, the law can ensure the story ends well.

chevron_right

Billions of public Discord messages may be sold through a scraping service

news.movim.eu / ArsTechnica · Wednesday, 17 April - 19:42 · 1 minute

Enlarge (credit: Getty Images)

It's easy to get the impression that Discord chat messages are ephemeral, especially across different public servers, where lines fly upward at a near-unreadable pace. But someone claims to be catching and compiling that data and is offering packages that can track more than 600 million users across more than 14,000 servers.

Joseph Cox at 404 Media confirmed that Spy Pet, a service that sells access to a database of purportedly 3 billion Discord messages, offers data "credits" to customers who pay in Bitcoin, Ethereum, or other cryptocurrency. Searching individual users will reveal the servers that Spy Pet can track them across, a raw and exportable table of their messages, and connected accounts, such as GitHub. Ominously, Spy Pet lists more than 86,000 other servers in which it has "no bots," but "we know it exists."

An example of Spy Pet's service from its website. Shown are a user's nicknames, connected accounts, banner image, server memberships, and messages across those servers tracked by Spy Pet. [credit: Spy Pet ]

As Cox notes, Discord doesn't make messages inside server channels, like blog posts or unlocked social media feeds, easy to publicly access and search. But many Discord users many not expect their messages, server memberships, bans, or other data to be grabbed by a bot, compiled, and sold to anybody wishing to pin them all on a particular user. 404 Media confirmed the service's function with multiple user examples. Private messages are not mentioned by Spy Pet and are presumably still secure.

Read 3 remaining paragraphs | Comments

chevron_right

Leisure centres scrap biometric systems to keep tabs on staff amid UK data watchdog clampdown

news.movim.eu / TheGuardian · Tuesday, 16 April - 05:00

Firms such as Serco and Virgin Active pull facial recognition and fingerprint scan systems used to monitor staff attendance

Dozens of companies including national leisure centre chains are reviewing or pulling facial recognition technology and fingerprint scanning used to monitor staff attendance after a clampdown by the UK’s data watchdog.

In February, the Information Commissioner’s Office (ICO) ordered a Serco subsidiary to stop using biometrics to monitor the attendance of staff at leisure centres it operates and also issued more stringent guidance on the use of facial recognition and fingerprint scanning.

Sl chevron_right

Contact publication

pubsub.blastersklan.com / slashdot · Thursday, 11 April - 15:08 edit

DuckDuckGo, the privacy-focused web search and browser company, announced on today the launch of its first subscription service, Privacy Pro. The service, priced at $9.99 per month or $99.99 per year, includes a browser-based tool that automatically scans data broker websites for users' personal information and requests its removal. The service also includes DuckDuckGo's first VPN and an identity-theft-restoration service. Available initially only in the U.S.

Read more of this story at Slashdot.

DuckDuckGo Launches Privacy Pro: A 3-in-1 Service That Includes a VPN

chevron_right

Would ID cards be such a bad idea if they made things work a bit better? | Martha Gill

news.movim.eu / TheGuardian · Saturday, 6 April - 18:00

Libertarian politicians like Jacob Rees-Mogg are out of touch with a public comfortable with sharing its personal data

‘Britain has never been a ‘papers, please’ society,” said Jacob Rees-Mogg, speaking on his GB News radio show last week. “I’ve always loved the quotation from the historian AJP Taylor, who wrote that ‘until August 1914, a sensible, law-abiding Englishman could pass through life and hardly notice the existence of the state beyond the post office and the policeman’. But the world has changed… is it time to sacrifice freedom for administrative efficiency, and bow down to po-faced officialdom?”

What prompted this rallying cry for freedom? A subject that has ebbed in and out of public discourse for decades: whether or not every Brit should be required to carry an identity card. It ebbed in again last week when former Labour home secretary David Blunkett challenged Keir Starmer to set up a national ID scheme to tackle the small boats crisis, which in turn prompted the usual lines of debate.

chevron_right

Google to destroy billions of private browsing records to settle lawsuit

news.movim.eu / TheGuardian · Monday, 1 April - 20:54

Suit claimed tech giant tracked activity of people who thought they were privately using its Chrome browser’s incognito mode

Google agreed to destroy billions of records to settle a lawsuit claiming it secretly tracked the internet use of people who thought they were browsing privately in its Chrome browser’s incognito mode.

Users alleged that Google’s analytics, cookies and apps let the Alphabet unit improperly track people who set Google’s Chrome browser to “incognito” mode and other browsers to “private” browsing mode.

chevron_right

Facebook let Netflix see user DMs, quit streaming to keep Netflix happy: Lawsuit

news.movim.eu / ArsTechnica · Thursday, 28 March - 20:40 · 1 minute

A promotional image for Sorry for Your Loss, with Elizabeth Olsen

Enlarge / A promotional image for Sorry for Your Loss , which was a Facebook Watch original scripted series. (credit: Facebook )

Last April, Meta revealed that it would no longer support original shows, like Jada Pinkett Smith's Red Table Talk talk show, on Facebook Watch. Meta's streaming business that was once viewed as competition for the likes of YouTube and Netflix is effectively dead now; Facebook doesn't produce original series, and Facebook Watch is no longer available as a video-streaming app.

The streaming business' demise has seemed related to cost cuts at Meta that have also included layoffs. However, recently unsealed court documents in an antitrust suit against Meta [ PDF ] claim that Meta has squashed its streaming dreams in order to appease one of its biggest ad customers: Netflix.

Facebook allegedly gave Netflix creepy privileges

As spotted via Gizmodo , a letter was filed on April 14 in relation to a class-action antitrust suit that was filed by Meta customers, accusing Meta of anti-competitive practices that harm social media competition and consumers. The letter, made public Saturday, asks a court to have Reed Hastings, Netflix's founder and former CEO, respond to a subpoena for documents that plaintiffs claim are relevant to the case. The original complaint filed in December 2020 [ PDF ] doesn’t mention Netflix beyond stating that Facebook “secretly signed Whitelist and Data sharing agreements” with Netflix, along with “dozens” of other third-party app developers. The case is still ongoing.

Read 18 remaining paragraphs | Comments

Sl chevron_right

Contact publication

pubsub.blastersklan.com / slashdot · Tuesday, 26 March - 18:13 edit

Portugal's data regulator has ordered Sam Altman's iris-scanning project Worldcoin to stop collecting biometric data for 90 days, it said on Tuesday, in the latest regulatory blow to a venture that has raised privacy concerns in multiple countries. From a report: Worldcoin encourages people to have their faces scanned by its "orb" devices, in exchange for a digital ID and free cryptocurrency. More than 4.5 million people in 120 countries have signed up, according to Worldcoin's website. Portugal's data regulator, the CNPD, said there was a high risk to citizens' data protection rights, which justified urgent intervention to prevent serious harm. More than 300,000 people in Portugal have provided Worldcoin with their biometric data, the CNPD said.