How to Use Clubhouse Without Giving Up Your Data

The buzzy social-networking app Clubhouse has been scrambling in recent weeks to respond to concerns from privacy and security experts about how the service collects and safeguards user data.

You don’t have to give Clubhouse access to every single contact in your phone to use the app, but doing so is the only way you can invite other users to Clubhouse. If you’ve already shared your contacts, the Clubhouse spokesperson says you can revoke access to the list using the settings app on your iPhone and contact Clubhouse support to delete all previous data.

But that doesn’t stop other users from uploading your phone number along with their contact lists—and that’s become a sore spot for people who don’t even use the app.

Clubhouse had turned on geofencing to limit users to servers in specific regions—excluding mainland China, for example. It also took steps to enable encryption that would limit Agora’s access to raw audio data. But Agora currently still has access to metadata, raw audio data, and the encryption keys.

However, security and privacy experts doesn’t recommend using Clubhouse for sensitive conversations, particularly if you’re concerned about information landing in the hands of the Chinese government.

Source: How to Use Clubhouse Without Giving Up Your Data – Consumer Reports

Russia to restrict processing of public data

Beginning March 1, 2021, Russia will impose restrictions on the processing of personal data publicly available on the internet and offline. The legislative changes are aimed at fighting the uncontrolled dissemination of personal information.

Under current law “On Personal Data” any data operator (the Russian equivalent of the term controller) may process personal data if the data subject made it publicly accessible or instructed another person to do so. There is no need to ground the processing on legitimate interests, the performance of a contract, data subject’s consent or other common lawful bases. When “Amendments to the Federal Law on Personal Data” No.519-ФЗ dated Dec. 30, 2020, goes into effect, this rule and the term publicly accessible data will disappear.

Source: Look but don’t touch — Russia to restrict processing of public data

A patent shows how surveillance drones could ID you from above

An Israeli biometrics startup with a history of defense contracts has applied for a patent on technology that repositions drones to get a better shot of a person on the ground.

The patent application, titled “Adaptive Positioning of Drones for Enhanced Face Recognition,” describes a computer vision system that analyzes the angle of a drone camera in relation to the face of a person on the ground, then instructs the drone on how to improve its vantage point. The system can then send that image through a machine-learning model trained to classify individual faces. The model sends back a classification with a probability score. If the probability score falls below a certain threshold, the whole process starts over again.

A future defined by this type of mass surveillance would “obliterate privacy and anonymity in public as we know it,” said Kade Crockford, head of the Technology for Liberty Program at the ACLU of Massachusetts.

Source: A patent shows how surveillance drones could ID you from above

Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

The German Federal Constitutional Court has ruled the Court of Justice of the European Union needs to clarify if the EU General Data Protection Regulation provides for a materiality threshold for GDPR damage claims.

The Federal Constitutional Court’s decision overturns a judgment of the Goslar Local Court of Sept. 27, 2019, regarding the unlawful sending of an advertising email. The Local Court had held that the plaintiff had not suffered any compensable damage under Article 82 of the GDPR. The damage suffered by the plaintiff had not exceeded the materiality threshold in this matter.

The plaintiff subsequently filed a constitutional complaint with the Federal Constitutional Court, arguing the Local Court should have made a submission to the CJEU for a preliminary ruling under Article 267 of the Treaty of the European Union.

Source: Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

How will adtech tackle Google, Apple privacy changes?

A slew of questions. An abundance of potential answers. And no clear path forward. That’s what the future currently holds for the advertising technology space as far as privacy goes. Between Google’s phasing out of third-party cookies and Apple’s iOS 14 privacy updates, there’s a lot on adtech companies’ plates and necessary adjustments are imminent.

Broadening controls and transparency for users is one piece to the puzzle, but the other is developing the means to ensure those controls and transparency are stood up and maintained. “It comes down to building technically demonstrable accountability systems that can show and demonstrate continuously that these transparency and control signals are being conformed with.”

Full article: How will adtech tackle Google, Apple privacy changes?

Why hot new social app Clubhouse spells nothing but trouble

Clubhouse was founded in April last year and gained modest traction in the early phases of the pandemic after a $12m investment by Andreessen Horowitz, the noisiest venture capital firm in Silicon Valley, at which point it had 1,500 users and was valued at $100m.

But the hoopla tended to obscure some uncomfortable facts about Clubhouse. There’s the contact-uploading requirements mentioned earlier which, as one commentator put it, are not only “telling the app developer that you’re connected to those people, but you’re also telling it that those people are connected to you – which they might or might not have wanted the app to know.

Source: Why hot new social app Clubhouse spells nothing but trouble | Social media | The Guardian

People file lawsuits to test boundaries of California’s privacy law

“It’s kind of like throwing spaghetti at the wall.” That’s how Jessica Lee, partner and co-chair of the privacy, security and data innovation practice group at law firm Loeb and Loeb, described the approach people have taken when filing lawsuits against companies under the California Consumer Privacy Act.

Many of the suits filed since the law went into effect Jan. 1, 2020, allege companies have failed to allow people to opt out from sale of their personal information or failed to disclose that the companies share people’s personal information with third parties, according to lawyers tracking CCPA lawsuits. Meanwhile, a spokesperson for California attorney general Xavier Becerra said the AG’s office has sent dozens of notices to companies demanding that they fix problems leading to noncompliance with the law.

Full article: People file lawsuits to test boundaries of California’s privacy law

Investigation Finds Facebook Did Little to Prevent Apps from Sharing Sensitive User Data

Governor Andrew M. Cuomo on February 18, 2021 accepted a New York State Department of Financial Services report detailing the findings of an investigation into the transmission of sensitive user data by application and website designers to Facebook.

Following a report by the Wall Street Journal, the Governor directed DFS to perform an investigation which found that app developers regularly sent Facebook sensitive data, including medical and personal data, derived from consumers’ usage of third-party websites and applications. The data was then shared with Facebook by app developers as part of Facebook’s free online data analytics services. Though such data-sharing violated Facebook policy, Facebook took few steps to enforce the policy or to block the flow of sensitive data prior to the state’s investigation.

Source: Press Release – February 18, 2021: Governor Cuomo Accepts Report from DFS on Facebook Investigation | Department of Financial Services

Facebook Starts Blocking Sensitive Medical Data Shared by Apps Over Privacy Concerns

Facebook has started blocking sensitive health information that third-party apps had been sharing with the social network in violation of its own rules, said New York officials who investigated the situation.

Data fed into a Facebook analytics tool by app makers included medical diagnoses and whether users were pregnant, according to a report shared by New York financial services department on Thursday.

“Facebook instructed app developers and websites not to share medical, financial, and other sensitive personal consumer data but took no steps to police this rule,” state financial services superintendent Linda Lacewell said in a release.

Source: Facebook Starts Blocking Sensitive Medical Data Shared by Apps Over Privacy Concerns | Technology News

WhatsApp details what will happen to users who don’t agree to privacy changes

WhatsApp said earlier last week that it will allow users to review its planned privacy update at “their own pace” and will display a banner to better explain the changes in its terms. But what happens to its users who do not accept the terms by the May 15 deadline?

If they still don’t accept the terms, “for a short time, these users will be able to receive calls and notifications, but will not be able to read or send messages from the app,” the company added in the note. The “short time” will span a few weeks.

Source: WhatsApp details what will happen to users who don’t agree to privacy changes | TechCrunch