View profile

No credit history, no identity | The Cat Herder, Volume 3, Issue 43

Reasonably brief this week because there's a lot of other stuff going on. But if you make it to the e
November 8 · Issue #107 · View online
The Cat Herder
Reasonably brief this week because there’s a lot of other stuff going on. But if you make it to the end there is a story concerning voting in the United States.

EM_NATION_TYPE_UYGUR" is a face attribute analytic that is widely deployed across Chinese police security camera networks to automatically determine whether a person is Uyghur (or not). The goal is to allow PRC police to covertly track Uyghurs as they move throughout a city/town.
Dahua Racist Uyghur Tracking Revealed
Verifying identities is hard and this … this mightn’t be the best way to do it.
The Department for Health and Social Care, which is running the test system across the UK, says it uses a credit reference agency, TransUnion, to verify people’s identities to “reduce fraud and prevent multiple testing kits being ordered, diverting capacity from where it is needed most”.
TransUnion told Money Box in “some cases we may not be able to verify the individual’s identity - which can happen for a number of reasons”. It refused to explain what those reasons are.
'I was refused a home Covid test after credit check' - BBC News
Holly Cairns TD
The Taoiseach confirmed that personal data access requests will be given, not just in relation to the Mother and Baby Homes commission, but also for the Ryan report and McAleese archives.

#RepealTheSeal #Stand4Truth
Now that a political commitment has been given we wait and see how that will work in reality with government departments and state agencies which have been resolutely opposed for many years to properly meeting their obligations as data controllers.
This is a very important confirmation from the Taoiseach but the struggle to bring many arms of the State into alignment with their fundamental rights obligations is far from over.
My complaint to the DPC this time last year that the PSC Travel Pass was being used as a tool of mass surveillance on PSC Travel Pass users, was accepted by the DPC as a valid complaint late yesterday.
Things really aren’t going the way of the Department of Employment Affairs and Social Protection as far as the misguided Public Services Card project is concerned but if past (and current) behaviour is any indicator of future behaviour this will not change anything and this department will continue to defend the indefensible increasing irrationally, consuming both the regulator’s time and taxpayers’ money.
“The Department is committed to protecting the rights and privacy of all individuals and we comply fully with data breach reporting requirements. Regarding data breaches identified in the Registration Office in relation to applicants’ passports, a total of four data breaches were reported to the Data Protection Commission by the Department’s Data Protection Officer,” the spokesman said.
The Department previously said it was aware of a “very small number” of lost passport incidents, in the “low single digits.”
But Valeria Aquino, an immigration officer with the Immigrant Council of Ireland, had told the Irish Independent that she was aware of “maybe 30 cases so far.”

Department reports itself to data watchdog over lost passports -
Maybe it might. Who knows.
Maybe it might. Who knows.
While reading this story about adtech do take a moment to marvel at the amount of adtech littered unironically around the Politico website.
Jim Killock, executive director of Open Right Group, and Michael Veale, a professor at University College London, submitted the appeal after the United Kingdom’s Information Commissioner’s Office told them the agency had concluded its investigation into their complaint, although would be pursuing its own independent probe into how companies collected people’s data to serve them ads across the worldwide web.
Privacy campaigners file legal challenge against UK’s handling of online ads – POLITICO
Ah no, we definitely saw this coming.
Ah no, we definitely saw this coming.
The Data Protection Commission (DPC) has handed down a €65,000 fine to Cork University Maternity Hospital (CUMH) after the personal data of 78 of its patients was discovered disposed of in a public recycling facility elsewhere in the county.
Cork hospital fined €65k after patients' personal data found in public recycling facility
The Irish Data Protection Commission (DPC) today had the decision to impose an administrative fine on Tusla Child and Family Agency confirmed in the Dublin Circuit Court. The application to confirm the decision to impose an administrative fine of €75,000 was made pursuant to Section 143 of the Data Protection Act 2018. This was the first fine issued under the GDPR in Ireland following a statutory inquiry and is the first application under Section 143.
  • “These companies are shapeshifters par excellence. They employ thousands of lobbyists and lawyers on terms too generous for any taxpayer-funded regulator to compete with. They oppose regulation unless they are able to co-draft it themselves, or unless its prospect is so fanciful (e.g. Zuckerberg’s call in March 2019 for ‘smart global regulation’ of the internet) that it can be safely advocated without risk it will ever happen. When a lawmaker actually manages to pass regulation, all attempts at enforcement are contested in the courts, further depleting the resources and morale of authorities already routinely vilified for being timid and lugubrious in the exercise of their powers.” From ‘The GDPR was the most lobbied law in EU history. DSA: Hold my beer’ by the quasi-anonymous ofthewedge.
  • “In responding to the investigation, the Irish Prison Service argued, unsuccessfully, that the system was in fact subject to the Law Enforcement Directive, rather than the GDPR. The Law Enforcement Directive is a separate piece of EU legislation which runs parallel to the GDPR and which governs the processing of personal data for law enforcement purposes.The DPC rejected this argument, as the processing at issue related to the employment relationship (and so was within the remit of the GDPR) rather than the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties by competent authorities (which is the remit of the Law Enforcement Directive).” Andrew Desmond in Irish Legal News has some commentary on the DPC finding that the Irish Prison Service’s biometric security system was being operated without a lawful basis.
  • “However, it also seems clear that by far the largest reduction was achieved through the representations and challenges made by BA and Marriott, in particular their successful challenges to the ICO’s use of its draft internal procedure and the turnover bandings. Whilst the ICO did not acknowledge it to be the case, we might also speculate that it also took into account the substantially lower scale of fines imposed by other supervisory authorities and, whilst there was undoubtedly a large element of negligence by both organisations, there was no wilful intent nor any benefit gained by either organisation.” In ‘Lessons from the ICO’s decisions to reduce the BA and Marriott GDPR fines’ Anne Todd analyses what appear to be the successful arguments and approaches used by BA and Marriott to drastically reduce the size of the fines handed out to them.
  • Finally, the election bit! Sidney Fussell writes in Wired that there has been ‘One Clear Message From Voters This Election? More Privacy.’ “Strengthening privacy is one of the few reliably bipartisan endeavors in modern politics, but the two measures scrambled traditional alliances on privacy: The ACLU opposed the California proposition, while police chiefs supported the Michigan measure. If those politics are any indication, privacy in the post-2020 landscape will be odd, iterative, surprisingly bipartisan, and very complicated”

Endnotes & Credits
Find us on the web at and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland