View profile

Not Welcome In Canada | The Cat Herder, Volume 4, Issue 5

Solving problems caused by the use of technology with more technology, Clearview disagrees, licences
February 7 · Issue #118 · View online
The Cat Herder
Solving problems caused by the use of technology with more technology, Clearview disagrees, licences expire and how we lost control of our faces.

Attempting to use more technology to get around the obligations created by an organisation’s use of technology is a terrible idea and will not end well.
Mathias Vermeulen
But who's going to assess the privacy policy of the AI that will write the privacy policies 🤓?
No, this doesn’t work and is (patently) nonsense. But it is a reminder that your apps and devices are listening to you and, in cases like these, making wild and incorrect assumptions about you which are being recorded somewhere.
Spotify patents tech to recommend songs based on users' speech, emotion - Axios
Under the new bill, all government agencies – including law enforcement – would be able to access the data from the TraceTogether app only for contact tracing or for investigating seven types of criminal offences. The bill also requires lawmakers to return to parliament should they wish to expand the number of scenarios in which data can be accessed … That disclosure had sparked an outcry from the public, who had previously been told the data would be used only for contact-tracing purposes. Critics said the police’s use of the data was an invasion of privacy and a breach of trust in the government.
While this is a welcome move in the right direction and shows that people power can still work it’s also a reminder that big pots of personal data such as those created by systems deployed to try and reduce the spread of Covid-19 are like catnip to law enforcement and other government agencies.
Coronavirus: Singapore limits police use of TraceTogether contact-tracing data to seven types of criminal offences | South China Morning Post
Data protection by design and default is a thing. It’s a shame none of these companies appear to be aware of it.
John Spain Associates, the planning consultancy, didn’t respond to a query about whether a data-protection impact assessment would be carried out for the building.
SQRE Living hasn’t responded to queries sent on 25 January, around different uses of this information, residents’ consent, and whether it had done a DPIA yet.
Neither Cork Street Shared Living, BM Durkan, Westridge Real Estate nor Ronan Group responded to queries about data-processing practices at their proposed co-living developments.
Developer Plans to Use Thermal-Imaging Cameras in | Dublin Inquirer
The Public Services Card / MyGovID system is possibly due to run into another problem at the end of this month. Fifty thousand drivers’ licences are due to expire. The centres at which these can be renewed are closed due to Covid restrictions. Licences can be renewed online but only with a verified MyGovID. In order to get a verified MyGovID a person needs to have a Public Services Card. The only way one can get a Public Services Card is by attending an in-person appointment at a centre run by the Department of Employment Affairs and Social Protection.
Backlog As Thousands Of Driving Licences To Expire
It should be noted here that a coherent explanation of why a Public Services Card is required to renew a driver’s licence has never been forthcoming, and also that the DPC found this use of the PSC / MyGovID system by public bodies other than the Department of Employment Affairs and Social Protection to be unlawful in August of 2019.
The privacy authorities recommended that Clearview stop offering its facial recognition services to Canadian clients; stop collecting images of individuals in Canada; and delete all previously collected images and biometric facial arrays of individuals in Canada.
Shortly after the investigation began, Clearview agreed to stop providing its services in the Canadian market. It stopped offering trial accounts to Canadian organizations and discontinued services to its only remaining Canadian subscriber, the RCMP in July 2020.
However, Clearview disagreed with the findings of the investigation and did not demonstrate a willingness to follow the other recommendations. Should Clearview maintain its refusal, the four authorities will pursue other actions available under their respective Acts to bring Clearview into compliance with Canadian laws.
“Clearview AI is not welcome in Canada and the company that developed it should delete Canadians’ faces from its database, the country’s privacy commissioner said.”
The DPC wrote to the Mother and Baby Homes Commission of Investigation asking it “to provide the justification and legal basis for the deletion of the records.” The records referred to are the audio recordings of witnesses testimonies to the Commission of Investigation’s Confindential Committee. While it’s nice to see the DPC taking an interest in this, something more active than writing letters may be required since the Commission of Investigation is due to melt away into nothing at the end of February.
The Belgian DPA fined the company Family Service €50,000 for invalid consent and failing to meet its transparency obligations.
  • “Deborah Raji, a fellow at nonprofit Mozilla, and Genevieve Fried, who advises members of the US Congress on algorithmic accountability, examined over 130 facial-recognition data sets compiled over 43 years. They found that researchers, driven by the exploding data requirements of deep learning, gradually abandoned asking for people’s consent. This has led more and more of people’s personal photos to be incorporated into systems of surveillance without their knowledge … “It’s so much more dangerous,” [Raji] says. “The data requirement forces you to collect incredibly sensitive information about, at minimum, tens of thousands of people. It forces you to violate their privacy. That in itself is a basis of harm. And then we’re hoarding all this information that you can’t control to build something that likely will function in ways you can’t even predict. That’s really the nature of where we’re at.” From ‘This is how we lost control of our faces’ by Karen Hao for MIT Technology Review.
  • The Dutch parliament has voted to more than double the headcount of the Data Protection Authority. Whereas in Ireland the government has deliberately underfunded the Data Protection Commission despite being fully aware of the importance of the DPC’s role at a European and global level. "The good news from all this drama is that after the debate about the GGD data breach, a large majority in Parliament filed a motion to increase the AP’s budget to grow as requested from 184 to 470 FTE. Like I said earlier: “The Achilles’ heel of the GDPR is the budget that the Member States are willing to allocate to their DPAs.”” Jeroen Terstegge in ‘Notes from the IAPP Europe, 5 Feb. 2021’.
  • The underfunding of the DPC doubtless contributed in no small part to the draft resolution of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs which calls on the European Commission to start infringement proceedings against Ireland for not properly enforcing the GDPR. [direct link to PDF]

Endnotes & Credits
Find us on the web at and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland