fbpx

Download free GDPR compliance checklist!

Tag Archives for " location data "

Amazon Subjects Its Drivers to Biometric Surveillance

It comes as little surprise that Amazon, the company that brought you Ring doorbell cameras and Rekognition face surveillance, has a tenuous understanding of both privacy and consent. Earlier this week, Motherboard revealed the company’s cruel “take it or leave” demand to its 75,000 delivery drivers: submit to biometric surveillance or lose your job.

Amazon’s “Privacy Policy for Vehicle Camera Technology” states it may collect “face image and biometric information.” The company uses this information, among other things, to verify driver identity, and to provide “real-time in-vehicle alerts” about driver behaviors such as potentially distracted driving.

Source: Dystopia Prime: Amazon Subjects Its Drivers to Biometric Surveillance | Electronic Frontier Foundation

Getting lost in the crowd: The limits of privacy in location data

Anonymizing location data is notoriously challenging. Fundamentally, there is no desirable balance between user privacy and the utility of the resulting data for general purpose use. Indeed, a vast body of research has shown this data is highly reidentifiable.

But what happens when the dataset is much bigger, like that of Vodafone UK? Do trajectories get “lost in the crowd” and become effectively anonymous? Unfortunately, dataset size is no protection against simple reidentification attacks.

But all is not lost. On the one hand, the community researching privacy-enhancing technologies is extremely active with promising results. On the other hand, regulators, evidenced by more principled acts, such as the GDPR, are working together with these researchers to draft guidelines for data protection.

Full article: Getting lost in the crowd: The limits of privacy in location data

Elon Musk Says Tesla Won’t Share Data From Its Cars With China or U.S.

Tesla would never provide the U.S. government with data collected by its vehicles in China or other countries, Elon Musk, the company’s chief executive, told a high-level conference in China Saturday.

Musk’s assurance that Chinese customer data is fully protected followed the Chinese government’s decision to restrict the use of Tesla cars by military personnel or employees of key state-owned companies, as first reported by the Journal on Friday. Beijing had acted out of concern that sensitive data such as images taken by the cars’ cameras could be sent to the U.S., according to people familiar with the matter.

Source: Elon Musk Says Tesla Won’t Share Data From Its Cars With China or U.S. – WSJ

Flaws in Apple Location Tracking System Could Lead to User Identification

Vulnerabilities identified in offline finding (OF) — Apple’s proprietary crowd-sourced location tracking system — could be abused for user identification, researchers said in a report released this month.

Introduced in 2019, the system relies on the Bluetooth Low Energy (BLE) technology for the detection of ‘lost’ devices, and on the Internet connection of so-called ‘finder’ devices to report on their location back to the owner.

With “hundreds of millions” of devices part of Apple’s OF network, this represents the largest crowd-sourced location tracking system in the world, one that is expected to grow even further, as support for non-Apple devices is added to it.

Source: Flaws in Apple Location Tracking System Could Lead to User Identification | SecurityWeek.Com

France seeks to bypass EU top court on data retention

In October, the Court of Justice of the European Union ruled that national data retention rules, including France’s, were not compliant with EU law, but that such schemes could be allowed in the face of serious security risks.

Now the French government has asked the country’s highest administrative court — the Council of State — not to follow the EU ruling. France said that the EU top court should not rule on matters related to security, which remains a national competence.

Source: France seeks to bypass EU top court on data retention – POLITICO

CJEU rules electronic communication location data must only be used in investigations of ’serious crime’

Location data drawn from electronic communications must only be used by law enforcement investigations involving ‘serious crimes’ and to prevent ‘serious threats to public security’, the European Court of Justice (CJEU) has ruled.

In its decision, the court said that, unless it’s for a serious crime or in the interest of public safety, countries are prohibited from obtaining location data under the European Union’s 2002 Privacy and Electronic Communications Directive.

Source: CJEU rules electronic communication location data must only be used in investigations of ’serious crime’ | News | GRC World Forums

Google admits failing to wipe all Android apps with location-selling X-Mode SDK from its Play Store

Google on Friday removed 25 Android apps from the Google Play Store after missing them during a prior purge. The apps contained the X-Mode SDK that the Chocolate Factory previously banned for selling location data.

The SDK gathers location data that X-Mode, a Reston, Virginia-based data broker, then sells to third-parties. In early December, Google and Apple gave mobile app developers seven days and two weeks respectively to jettison the X-Mode SDK, a software library the developers had integrated into their apps in exchange for payment.

Due to an oversight during our enforcement process, 25 apps containing the X-Mode SDK were not removed from Google Play after the developers were given a 7-day warning.

Source: Oops: Google admits failing to wipe all Android apps with location-selling X-Mode SDK from its Play Store • The Register

Minneapolis police tapped Google to identify George Floyd protesters

Police in Minneapolis obtained a search warrant ordering Google to turn over sets of account data on vandals accused of sparking violence in the wake of the police killing of George Floyd last year.

The search warrant compelled Google to provide police with the account data on anyone who was “within the geographical region” of the AutoZone store when the violence began on May 27.

Geofence warrants allow police to cast a digital dragnet over a crime scene and ask tech companies for records on anyone who entered a geographic area at a particular time. But critics say these warrants are unconstitutional as they also gather the account information on innocent passers-by.

Full article: Minneapolis police tapped Google to identify George Floyd protesters | TechCrunch

Facebook Gives FBI Private Messages Of Users Discussing Capitol Hill Riot

Despite attempts to play down the use of Facebook amongst Capitol Hill rioters, the social media giant is furnishing the feds with data on users who took part in the siege, including their private messages, after calls from lawmakers to do so.

In a criminal complaint filed against New York resident Christopher M. Kelly on Wednesday, a search warrant on his Facebook account was revealed. After being tipped off about Facebook posts from an account belonging to Kelly containing images of him at the storming of the U.S. Capitol on January 6, the FBI sought his private messages, as well as his linked IP address, phone number and Gmail address.

Source: Facebook Gives FBI Private Messages Of Users Discussing Capitol Hill Riot

Military Intelligence Agency Says It Monitored U.S. Cellphone Movements Without Warrant

In a new document made public Friday, the Defense Intelligence Agency acknowledged monitoring the location of U.S.-based mobile devices without a warrant through location data drawn from ordinary smartphone apps.

The Defense Intelligence Agency told congressional investigators that the agency has access to “commercially available geolocation metadata aggregated from smartphones” from both the U.S. and abroad. It said it had queried its database to look at the location information of U.S.-based smartphones five times in the last 2½ years as part of authorized investigations.

Such data is typically drawn from smartphone apps such as weather, games and other apps that get user permission to access a phone’s GPS location.

Source: Military Intelligence Agency Says It Monitored U.S. Cellphone Movements Without Warrant – WSJ

1 2 3 5
>