View profile

Sleep Event Data | The Cat Herder, Volume 4, Issue 10

March 21 · Issue #123 · View online
The Cat Herder
Google finally stops dithering and labels up, the Green Pass is coming, templates bite Túsla once again.

Robin Berjon
Chrome: the only browser that tracks you more than any site you might visit.
Google has been steadily adding app privacy labels to its iOS apps over the course of the last several weeks in accordance with Apple’s App Store rules, but not before a three-month-long delay that caused most of its apps to go without being updated, lending credence to theories that the company had halted iOS app updates as a consequence of Apple’s enforcement.
Google Reveals What Personal Data Chrome and Its Apps Collect On You
In other Google news the latest version of the Nest Hub home surveillance device surveils you while you sleep. Right down to your breathing patterns.
Google says that movement data captured by the Soli sensor is represented by spectrograms, which display the intensity of movement throughout the night. It is not individually identifiable, and the captured audio and raw data is processed locally on the device itself. Google does send what it refers to as “sleep event data,” which includes the time you went to bed, time you woke up, coughing, and restfulness to the cloud. You can view this data on the Hub itself, either by tapping the screen or using a voice command to ask how you slept, or in the Google Fit app on a smartphone.
It always raises a red flag or two when somebody claims their thing is"fully GDPR compliant". Particularly so when the thing in question doesn’t even exist yet.
Besides proof of vaccination, the certificate will also include negative test results and medical statements of those who have recovered from COVID-19 in the last 180 days. This is the first time that the EU will attempt to introduce a cross-border instrument containing this kind of sensitive data.
“The certificate will be fully GDPR compliant,” the vice-president said. “It will respect our privacy rules and our security requirements.”
Green Pass should be ready between May 17 and June 1, says Commission VP Schinas | Euronews
It’s Túsla again. The organisation which once held a press event to proudly announce it would be retaining personal data “in perpetuity” has apparently not learned anything at all about copying and pasting and the use of templates from the Maurice McCabe scandal which did for a Minister for Justice and not one but two Garda Commissioners.
The reference to alcohol misuse had been left on a form that was used as a template by social workers. “When a copy was made of this template, it was not properly redacted and, as such, a reference to parental alcohol use was on this copied template,” the review said.
Tusla incorrectly added reference to ‘alcohol misuse’ into mother’s file
Just as an aside, in a recently published Data Protection Impact Assessment Túsla is claiming one of the lawful bases on which it processes personal data is … the GDPR ¯\_(ツ)_/¯
Or could they?
Or could they?
Ulysses can provide our clients with the ability to remotely geolocate vehicles in nearly every country except for North Korea and Cuba on a near real time basis,“ the document, written by contractor The Ulysses Group, reads. "Currently, we can access over 15 billion vehicle locations around the world every month,” the document adds.
Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military
Needless to say this seems like a terrible idea and so naturally Facebook is drawn to it like a moth to a candle.
“I’m excited to announce that going forward, we have identified youth work as a priority for Instagram and have added it to our H1 priority list,” Vishal Shah, Instagram’s vice president of product, wrote on an employee message board on Thursday. “We will be building a new youth pillar within the Community Product Group to focus on two things: (a) accelerating our integrity and privacy work to ensure the safest possible experience for teens and (b) building a version of Instagram that allows people under the age of 13 to safely use Instagram for the first time.”
Facebook Is Building An Instagram For Kids Under The Age Of 13
The CNIL opened an investigation into Clubhouse. Since Clubhouse doesn’t have an establishment in Europe the one stop shop doesn’t apply.
The Irish Times reported breathlessly on a multi-sided letters-based disagreement which featured Ulrich Kerber and Helen Dixon among others. “[A]n unprecedented war of words”, said the Irish Times, possibly unaware that this particular bunfight has been reported on since at least November 2019.
It’s perfectly fine to be critical of the DPC’s shortcomings without joining someone else’s spin campaign and its possible outcome of undermining the independence of the regulator.
The Spanish DPA fined Air Europa €600,000 for breaches of Article 32 and 33 of the GDPR.
The AEPD also fined Vodafone a cool €8.15 million in total for multiple breaches of the GDPR. Vodafone is, naturally, appealing some or all of these.
  • “Deploying facial recognition to identify strangers had generally been seen as taboo, a dangerous technological superpower that the world wasn’t ready for. It could help a creep ID you at a bar or let a stranger eavesdrop on a sensitive conversation and know the identities of those talking. It could galvanize countless name-and-shame campaigns, allow the police to identify protesters and generally eliminate the comfort that comes from being anonymous as you move through the world” From ‘Your Face Is Not Your Own’ by Kashmir Hill for the New York Times.
  • “I hadn’t been SIM swapped, where hackers trick or bribe telecom employees to port a target’s phone number to their own SIM card. Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him. This overlooked attack vector shows not only how unregulated commercial SMS tools are but also how there are gaping holes in our telecommunications infrastructure, with a hacker sometimes just having to pinky swear they have the consent of the target.” Joseph Cox looks at the unregulated world of commercial SMS providers in ‘A Hacker Got All My Texts For $16’ for VICE.
  • “Housing law advocates say that Marco Antonio Fernandez is one of thousands of people who are mistakenly flagged by tenant screening software that culls criminal records data from many sources and that is made by CoreLogic, RentGrow, RealPage, AppFolio and a handful of other companies. This industry has accelerated over the last two decades as the rental market has increased and the digitization and real estate analytics market has boomed. Nearly all landlords now use some sort of tenant screening software as a way to find who they consider to be the highest-quality tenants.” From ‘Tenant screening software faces national reckoning’ by Cyrus Farivar for NBC News.

Endnotes & Credits
Find us on the web at and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland