May 172022
 May 17, 2022  Posted by  Laws, Non-U.S., Online, Youth & Schools

Lisa Peets, Marty Hansen, Shona O’Donovan, and Tomos Griffiths of Covington and Burling write:

On May 10, 2022, Prince Charles announced in the Queen’s Speech that the UK Government’s proposed Online Safety Bill (the “OSB”) will proceed through Parliament. The OSB is currently at committee stage in the House of Commons. Since it was first announced in December 2020, the OSB has been the subject of intense debate and scrutiny on the balance it seeks to strike between online safety and protecting children on the one hand, and freedom of expression and privacy on the other.

Read more at InsidePrivacy.

May 162022
 May 16, 2022  Posted by  Business, Featured News, Online

Natasha Lomas reports:

New data about the real-time-bidding (RTB) system’s use of web users’ info for tracking and ad targeting, released today by the Irish Council for Civil Liberties (ICCL), suggests Google and other key players in the high velocity, surveillance-based ad auction system are processing and passing people’s data billions of times per day.

“RTB is the biggest data breach ever recorded,” argues the ICCL. “It tracks and shares what people view online and their real-world location 294 billion times in the U.S. and 197 billion times in Europe every day.”

Read more at TechCrunch.

May 152022
 May 15, 2022  Posted by  Business, Govt, Laws, Online, Surveillance, U.S.

By Matthew Guariglia:

Geofence and reverse keyword warrants are some of the most dangerous, civil-liberties-infringing and reviled tools in law enforcement agencies’ digital toolbox. It turns out that these warrants are so invasive of user privacy that big tech companies like Google, Microsoft, and Yahoo are willing to support banning them. The three tech giants have issued a public statement through a trade organization,“Reform Government Surveillance,” that they will support a bill before the New York State legislature. The Reverse Location Search Prohibition Act, A. 84/ S. 296, would prohibit government use of geofence warrants and reverse warrants, a bill that EFF also supports. Their support is welcome, especially since we’ve been calling on companies like Google, which have a lot of resources and a lot of lawyers, to do more to resist these kinds of government requests.

Under the Fourth Amendment, if police can demonstrate probable cause that searching a particular person or place will reveal evidence of a crime, they can obtain a warrant from a court authorizing a limited search for this evidence. In cases involving digital evidence stored with a tech company, this typically involves sending the warrant to the company and demanding they  turn over the suspect’s digital data.

Geofence and reverse keyword warrants completely circumvent the limits set by the Fourth Amendment. If police are investigating a crime–anything from vandalism to arson–they instead submit requests that do not identify a single suspect or particular user account. Instead, with geofence warrants, they draw a box on a map, and compel the company to identify every digital device within that drawn boundary during a given time period. Similarly, with a “keyword” warrant, police compel the company to hand over the identities of anyone who may have searched for a specific term, such as a victim’s name or a particular address where a crime has occurred.

These reverse warrants have serious implications for civil liberties. Their increasingly common use means that anyone whose commute takes them goes by the scene of a crime might suddenly become vulnerable to suspicion, surveillance, and harassment by police. It means that an idle Google search for an address that corresponds to the scene of a robbery could make you a suspect. It also means that with one document, companies would be compelled to turn over identifying information on every phone that appeared in the vicinity of a protest, as happened in Kenosha, Wisconsin during a protest against police violence. And, as EFF has argued in amicus briefs, it violates the Fourth Amendment because it results in an overbroad fishing-expedition against unspecified targets, the majority of whom have no connection to any crime.

In the statement released by the companies, they write that, “This bill, if passed into law, would be the first of its kind to address the increasing use of law enforcement requests that, instead of relying on individual suspicion, request data pertaining to individuals who may have been in a specific vicinity or used a certain search term.” This is an undoubtedly positive step for companies that have a checkered history of being cavalier with users’ data and enabling large-scale government surveillance. But they can do even more than support legislation in one state. Companies can still resist complying with geofence warrants across the country, be much more transparent about the geofence warrants it receives, provide all affected users with notice, and give users meaningful choice and control over their private data.

This article originally appeared at EFF.

h/t, FourthAmendment.com

May 142022
 May 14, 2022  Posted by  Featured News, Laws, Non-U.S.

Hunton Andrews Kurth writes:

On May 10, 2022, as part of the Queen’s Speech, the UK government announced its intention to introduce a Data Reform Bill (the “Bill”). The UK government’s background and briefing notes to the Queen’s Speech state that the purpose of the Bill is to “take advantage of the benefits of Brexit to create a world class data rights regime…that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK.”

The Bill will seek to modernize the UK Information Commissioner’s Office (“ICO”), providing it with the power to take “stronger action” against businesses that breach data rules, while also requiring the ICO to be accountable to Parliament and the public. The background and briefing notes further state that the Bill will focus on a flexible, “outcomes-focused” approach rather than “box-ticking,” and will simplify the rules relating to the use of personal data for research purposes, to promote the UK as a science and technology “superpower.”

Read more at Privacy & Information Security Law Blog