Happy New Year to you all. Some entirely predictable developments in Singapore, some of the same old
| |
| January 10 · Issue #114 · View online |
|
|
Happy New Year to you all. Some entirely predictable developments in Singapore, some of the same old carry on regarding the Public Services Card, and the same old carry on from landlords, a published DPC decision on CCTV and online ad fraud, because thereâs always online ad fraud. đź
|
|
|
House-hunters seeking to rent a home are increasingly being asked to provide references to secure a viewing of a rental property, contrary to data protection guidelines. The practice has been criticised by housing charity Threshold, and the Data Protection Commission is examining a number of complaints from renters. Landlords and letting agents are asking prospective tenants to provide payslips, references and personal details when making enquiries to view a property.
|
|
|
This comes up regularly and until the DPC sanctions a few offenders pour encourager les autres it will continue to do so.
|
|
|
Letâs just quickly rearrange a few of the paragraphs from this story.
|
A spokesperson for the Data Protection Commission said organisations using such technology must ensure they meet their data protection obligations under the GDPR.
|
|
|
âThey must also be fair and transparent with individuals and inform them of the reasons for collecting their personal data, what it will be used for and how long they intend to keep it.â
|
|
|
Tesco declined to comment further on how the information will be stored, whether it would be kept alongside other details such as purchasing history, and for how long it would be retained.
|
So here we have, in one short news story, a data controller not complying with its data protection obligations under the GDPR.
|
|
|
A great big store of personal information gathered for public health purposes has proved too attractive for law enforcement in Singapore to resist.
|
Singapore has confirmed its law enforcers will be able to access the countryâs COVID-19 contact tracing data to aid in their criminal investigations. To date, more than 4.2 million residents or 78% of the local population have adopted the TraceTogether contact tracing app and wearable token, which is one of the worldâs highest penetration rates.
|
|
|
Chong, long used to being an outlier when it comes to apprehension over data collection in Singapore, says he has been encouraged by the recent increase in public awareness. But heâs still keeping his expectations low because he thinks the burgeoning resistance isnât enough to put the brakes on it. âUnless people start to band together and question these [Smart Nation] initiatives, I think [the government is] just going to push ahead. There are benefits to these technologies, but there needs to be some sort of debate about the trade-offs.â
|
|
|
|
Oh yes we did
|
Fraud? In the adtech âecosystemâ? Surely not. More on this below in âWhat Weâre Readingâ.
|
|
|
|
The biggest story in tech no oneâs talking about is Uber discovering theyâd been defrauded out of $100M - or 2/3 of their ad spend.
And all bc Sleeping Giants kept bugging them to block their ads on Breitbart. https://t.co/SiS3MndewS
|
|
|
|
|
|
|
|
It wouldnât be a proper new year without the Public Services Card rearing its head and we werenât disappointed.
|
On Wednesday of last week Brian O'Connell reported for the Claire Byrne Show [direct link to MP3] that in order to renew a driving licence online - and avoid the risks associated with an in-person appointment during a pandemic - with the body that issues driving licences you have to get a verified MyGovID account, which means you have to get a Public Services Card, which means you have to attend an in-person appointment with the body which issues the Public Services Cards. |
Both the RSA and DEASP issued statements to RTĂ.
|
|
|
Re @ PSC card and driving license renewals report, this is the mainstay of what both @ and @ told me in response to the issue: https://t.co/nH7vDBUuoc
|
|
|
|
|
|
There isnât much new in what DEASP have to say for themselves, although it is notable that the department is still bullish on the Attorney Generalâs advice which it received on this matter, even after the sudden u-turn of the Minister for Children, Equality, Disability, Integration and Youth late last year on data protection advice from the Attorney General which his department had been relying on to make all sorts of erroneous assertions about âsealingâ the archive of the Mother and Baby Homes Commission of Investigation.
|
The RSA tries a line which DEASP have in the past used and discarded, which can be paraphrased as âweâre allowed do what weâre doing despite a DPC decision that weâre not allowed do what weâre doing because the government has spent a lot of money on this yoke and thereforeâ ⌠the argument, as always, tails off after this because this is not a legal basis for processing personal data.
|
The RSA also asserts that MyGovID will be âa mandatory feature of all online government services from now on.â This may be news to the DPC, and mandatory is perhaps an unfortunate word choice given the contortions the same word forced a previous Minister for Employment Affairs and Social Protection into.
|
|
|
As well as being of great interest since itâs the first decision weâve seen of the many taken or pending by the DPC after investigating the use of CCTV by local authorities across the country, fans of transparency should also note that:
- The DPC didnât publish this decision, and still does not publish any of its decisions in full. The decision in the high-profile Twitter case from late last year was published by the EDPB, not the DPC.
- Kerry County Council refused to release it under FOI
- It was only released after an appeal to the Information Commissioner
This is an unsatisfactory situation for data subjects and doesnât seem to sit well with a data controllerâs accountability and transparency obligations. How can a data controller be fully demonstrating compliance with the GDPR while simultaneously taking steps to conceal the decision of the supervisory authority from the public? Hopefully this will not be the case with the remaining CCTV inquiries. An inquiry into a public body using public finds to surveil members of the public in public spaces is something which should automatically be published.
|
|
|
|
|
|
|
|
|
|
|
-
âAfter decades of dominance, growth, and easy money, adtechâs metastasized into a fattened beast gorging on advertisersâ lack of options. Fraud runs rampant. ROI is shrinking. And the platforms that once provided high quality attribution are so dominant, they no longer need to bother proving themselves. Something truly is rotten in the state of online ads. But, in the words of King Hamlet:Â the hour is almost come when advertisingâs tormenting fraud must render itself up.â If you only read one thing this weekend, make it Rand Fishkinâs scathing and accurate assessment of 'What the #$%* is going on with the digital advertising ecosystem?â
-
âThe lawsuit highlights growing dissatisfaction among consumers, privacy advocates and some regulators about the way complaints against large companies are handled by the data protection authority in the country where the company has its European headquarters, no matter where the complaints originated. This so-called one-stop shop rule in the European Unionâs 2018 General Data Protection Regulation has led to a backlog of cases in a small number of countries such as Ireland.â Catherine Stamp reports for the WSJ on the lawsuit taken by consumer advocacy group Consumentenbond against the Dutch DPA. The groups âwants the Netherlands court system to require the local data protection authority to investigate a privacy complaint filed in 2018 against Google.â
-
âAppleâs stunning response to this undercurrent of metadata collection has been its privacy labels, now live on the App Store. âOn each appâs product page,â Apple explains, âusers can learn about some of the data types an app may collect, and whether that data is linked to them or used to track them.â These labels launched last month and caused a furore between Apple and app developers whose data collecting practices were now heavily exposed. Facebook led this charge, taking out full-page ads to argue against Appleâs move.â Zak Doffman looks at the scrap caused by Appleâs deployment of privacy labels for Forbes.
- This Twitter thread by Miss IG Geek on the nature of harms caused by data protection violations.
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with đ in Dublin, Ireland
|
