Biometric registers, vaccination passports, draft adequacy decisions, TikTok complaints. It's been a
| |
| February 21 · Issue #120 · View online |
|
|
Biometric registers, vaccination passports, draft adequacy decisions, TikTok complaints. Itâs been a busy week. đź
|
|
|
Under the plan, America Movil, AT&T Inc and other carriers would be responsible for collecting customersâ data, including fingerprints or eye biometrics, to submit to a registry managed by Mexicoâs telecoms regulator.
|
Many of those countries which do retain biometric data have questionable records on human rights, including China, Saudi Arabia and Pakistan. No Western countries collect biometric data from cellphone users.
|
Kidnap capital Mexico eyes biometric phone registry, sparking privacy fears | Reuters
A plan by Mexican lawmakers to put millions of cell phone usersâ data in a biometric registry, billed as a tool to fight kidnapping and extortion, has sparked a backlash from telecoms companies and rights groups who warn it could lead to stolen data and higher costs.
|
âNo Western countries collect biometric data from cellphone users.â But the Department of Employment Affairs and Social Protection here in Ireland has a database of the biometric data of around two-thirds of the people in the country which was collected without a clear lawful basis.
|
|
|
El Reg has reviewed evidence showing the firm seemed more concerned with knowledge of the flaws being made public than with remediation, similar to last weekâs Footfallcam debacle (where Kaoâs fellow Footfallcam Ltd director, Edward Wong, threatened an infosec bod with a police report unless he deleted Twitter criticism of another productâs poor design). While there were no specific threats made, it appeared removing this criticism was of greater importance to the company than fixing its productâs security shortcomings, which seemingly were still a problem six years later.
|
Nurserycam horror show: 'Secure' daycare video monitoring product beamed DVR admin creds to all users
Company has a habit of reacting badly to vuln disclosures
|
|
Or could they?
|
European consumer organization BEUC has filed a complaint to the European Commission against TikTok, a Chinese short video sharing platform. National consumer organizations in European countries have also alerted their respective authorities, asking them to investigate the company.
|
European consumer groups file complaint on TikTok â POLITICO
European consumer organization BEUC says the company breached consumer rights on a âmassive scale.â
|
|
|
|
|
Itâs interesting to note that despite TikTok having its main establishment for data protection purposes in Ireland the Irish Competition and Consumer Protection Commission is not among the national consumer organisations participating in this complaint. Data protection regulation and enforcement is increasingly overlapping with consumer and competition regulation and enforcement so this is a surprising absence.
|
|
|
The repression sold overseas has a habit of returning home sooner or later âŚ
|
Oracle representatives have marketed the companyâs data analytics for use by police and security industry contractors across China, according to dozens of company documents hosted on its website. In at least two cases, the documents imply that provincial departments used the software in their operations.
|
Exclusive: How Oracle Sells Repression in China
In its bid for TikTok, Oracle was supposed to prevent data from being passed to Chinese police. Instead, itâs been marketing its own software for their surveillance work.
|
|
|
|
|
|
|
Perhaps the Commission has forgotten about the time when the UK hacked the main Belgian telecoms firm (its own communications provider); was that an example of necessity and proportionality? https://t.co/Z3JZq5pQqJ
|
|
|
|
|
|
The Spanish DPA fined Caixabank a total of âŹ6 million. âŹ4 million for unlawfully processing clientsâ personal data ( consent was invalid and legitimate interests were not adequately justified), and âŹ2 million for not providing sufficient information about its processing of personal data. |
|
|
|
|
|
|
|
|
-
âThe Government will need to take a clear position outlining the specific purposes and use cases for which, if any, vaccine passports can be legally and legitimately used. In allowing some uses or actively facilitating vaccine passport apps, governments must address the issues and risks arising from such schemes or the creation of related digital infrastructure, and whether and how these risks could be mitigated.â The Ada Lovelace Institute published a rapid expert deliberation on the place of Covid-19 vaccination passports in society during the week.
-
âTikTok fails to clearly and consistently connect each personal data point with a specific processing operation, with a specific processing purpose, with a specific lawful ground. This is problematic not just from a theoretical perspective, but has very concrete implications for effective and complete protection of data subjects. Notably, because it prevents a proper evaluation of GDPR compliance as well as significantly thwarts the effectiveness of data subject rights.â From âConfusing by design - A data protection law analysis of TikTokâs privacy policyâ [PDF], a report by Jef Ausloos and Valerie Verdoodt which accompanies the BEUC complaint about TikTok .
-
âThe complexity and feature-rich nature of modern browsers often lead to the deployment of seemingly innocuous functionality that can be readily abused by adversaries,â the paper explained. âIn this paper we introduce a novel tracking mechanism that misuses a simple yet ubiquitous browser feature: favicons.â From âBrowser âFaviconsâ Can Be Used as Undeletable âSupercookiesâ to Track You Onlineâ by Matthew Gault for Vice.
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with đ in Dublin, Ireland
|
