Jul 312020
 July 31, 2020  Posted by  Business, Featured News, U.S., Youth & Schools

Bill Fitzgerald had a concerning thread on Twitter yesterday about some research on College Board and the sharing of student data. I will not reproduce his whole thread here, but he points us to the team’s report on Consumer Reports, authored by Thomas Germain. The bullet points alone are enough to make you realize that College Board is posing a risk to student privacy and that they have not honored pledges they made — well, maybe they honored the letter of their pledge but not the spirit?

  • The College Board is tracking students and sending information about their activity to advertising platforms at companies such as Facebook and Google.
  • Our researchers found ads on other websites that appeared to use tracking from the College Board website.
  • These practices seem to contradict the College Board’s explicit promises to consumers. The company may be sharing students’ information without consent.

As Bill noted on Twitter yesterday:

One of the biggest myths people collecting and exploiting data try to push: unique identifiers (or hashed values, or anonymized data) protect privacy, by default.

This myth sounds good, but it’s a lie.

A computer doesn’t care if my name is “Bill” or “0xcg35vG” as long as I’m called that consistently.

Unique IDs are confusing to humans, but are great for machines.

And on the CB site – like most sites – humans are tethered to multiple unique IDs set by multiple third parties.

Read the Consumer Reports article here.

Jul 312020
 July 31, 2020  Posted by  Surveillance

More reasons to wear a mask — it negatively impacts facial recognition accuracy. From EPIC.org:

study conducted by the National Institute of Standards and Technology showed that face masks undermine the accuracy of facial recognition algorithms. The NIST study tested digitally applied masks of various shapes on 89 commercial algorithms. The result were error rates between 5% and 50%. The algorithms tested were all created pre-Covid-19. NIST plans to test facial algorithms developed with face masks in mind later this summer. A previous NIST study released at the end of last year found that false positives are up to 100 times more likely for Asian and African American faces when compared to White faces. EPIC has previously launched a Ban Face Surveillance campaign and called for a facial recognition moratorium across the globe, as well as suspension across the federal government and in U.S. schools.

Jul 312020
 July 31, 2020  Posted by  Laws, Non-U.S., Workplace

Joseph J. Lazzarotti and Mary T. Costigan of JacksonLewis write:

Businesses are now prohibited from transferring employee personal data from the European Economic Area (EEA) to the U.S. under the EU-U.S. Privacy Shield program. The Court of Justice of the European Union (CJEU) declared the EU-U.S. Privacy Shield invalid in Data Protection Commissioner v. Facebook Ireland and Schrems (C-311/18) (Schrems II), effective immediately. Businesses that relied on the EU-U.S. Privacy Shield as an adequate transfer mechanism can no longer perform routine activities such as sending employee data from the EEA to U.S. headquarters for HR administration, accessing a global HR database from the U.S., remotely accessing EEA user accounts from the U.S. for IT services, providing EEA data to third party vendors for processing in the U.S., or relying on certain cloud-based services.

Read more on Workplace Privacy, Data Management & Security Report.

Related, from Covington & Burling:

Tune in to the first episode of Covington’s Inside Privacy Audiocast, where Dan Cooper moderates a discussion with Kristof Van Quathem, who was part of Covington’s case team, on the implications of the judgment. Our speakers offer valuable insights on how companies should pave the way forward in a post-Schrems II environment.

Jul 312020
 July 31, 2020  Posted by  Breaches, Govt, Healthcare, Non-U.S.

Anna White reports:

There was no justification for MP Hamish Walker and political operative Michelle Boag to leak confidential Covid-19 patient details, the inquiry into the privacy breach found today. The report also warned of concern at the “routine dissemination” of personal details by the Ministry of Health.

Names, addresses, ages and hotel names of people who tested positive for Covid-19 were leaked to some media outlets in early July by Mr Walker, a National MP who had been sent the details by Ms Boag, former National Party president and then-acting chief executive of Auckland Rescue Helicopter Trust.

Read more on 1News.