fbpx

Download free GDPR compliance checklist!

Category Archives for "Technology"

ICO concerned by mass health data-sharing with advertisers

The UK’s data regulator has expressed deep concerns over reports that some of the most popular health websites are sharing sensitive data with advertisers across the world.

The majority of prominent health websites embed tracking cookies in users’ browsers without explicit consent to allow third-party companies to track them while surfing the internet.

This data is then transmitted to a swathe of advertising platforms including Amazon and Facebook, with the majority of data sent to Google’s DoubleClick targeted ad platform. This includes information like medical symptoms, diagnoses, drug names and fertility information.

Source: ICO concerned by mass health data-sharing with advertisers | IT PRO

Consumer Data Privacy Rights: Emerging Tech Blurs Lines

Data privacy is a fundamental right for Americans – but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.

Lawmakers for their part are taking steps to enforce regulatory efforts for data privacy – but still have a long way to go.

Full article: Consumer Data Privacy Rights: Emerging Tech Blurs Lines | Threatpost

Mass surveillance fears as India readies facial recognition system

As India prepares to install a nationwide facial recognition system in an effort to catch criminals and find missing children, human rights and technology experts on Thursday warned of the risks to privacy from increased surveillance.

There is little information on where it will be deployed, what the data will be used for and how data storage will be regulated.

Worldwide, the rise of cloud computing and artificial intelligence technologies have popularised the use of facial recognition for a range of applications from tracking criminals to catching truant students.

Source: Mass surveillance fears as India readies facial recognition system – Reuters

Chinese researchers reveal method to bypass biometric fingerprint scanners in smartphones

Chinese security researchers from X-Lab security at Tencent challenged fingerprint security in a presentation at the GeekPwn 2019 conference in Shanghai, writes Forbes. The team claims it can hack into almost any Android or iOS device in just about 20 minutes by using what appears to be a fairly simple fingerprint hacking method.

Without giving too many details about the actual technical approach to the audience, researchers used a smartphone to take a photo of fingerprints left on a glass and ran the photo through an app they developed. They were then able to gain access into three different phones equipped with different scanning technologies, one each with capacitive, optical, and ultrasonic sensors.

Source: Chinese researchers reveal method to bypass biometric fingerprint scanners in smartphones | Biometric Update

IBM calls for regulation on facial recognition tech instead of bans

IBM wants the US government to regulate facial recognition technology, instead of banning it outright. “Precision regulation” can restrict potentially harmful uses while still allowing for innovation, the company said Tuesday in a white paper posted online.

Facial recognition has faced backlash from privacy advocates and lawmakers, and a handful of cities have banned the municipal use of the technology. In July, Microsoft asked the federal government to regulate facial recognition before it gets more widespread. Still, the technology is on track to become pervasive in airports and shopping centers, and some companies like Amazon are selling it to police departments.

Source: IBM calls for regulation on facial recognition tech instead of bans – CNET

Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

On November 4, 2019, the Spanish Supervisory Authority (“AEPD”), in collaboration with the European Data Protection Supervisor, published guidance on the use of hashing techniques for pseudonymization and anonymization purposes. In particular, the guidance analyses what factors increase the probability of re-identifying hashed messages.

The guidance provides examples of how controllers can make the re-identification of hashed messages more difficult. These examples include encrypting the message (prior to hashing), encrypting the hash value, or adding “salt” or “noise” (i.e., a random number) to the original message.

Source: Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

Legislation Would Force Google and Rivals to Disclose Search Algorithms

Senate lawmakers are teeing up a bill that would require search engines to disclose the algorithms they apply in ranking internet searches amid growing concern over their use of personal data and give consumers an option for unfiltered searches.

Search engines such as Alphabet Inc.’s Google unit use a variety of measures to filter results for individual searches, such as the user’s browsing activity, search history and geographical location.

Source: Legislation Would Force Google and Rivals to Disclose Search Algorithms – WSJ

German Privacy Regulators Flooded with Google Analytics Complaints

The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service on websites in a manner which allegedly is in violation of GDPR.

At issue is whether deploying Google Analytics is possible without acquiring the consent of the end user prior to deploying the Google Analytics cookie on the end user’s device.

Source: German Privacy Regulators Flooded with Google Analytics Complaints

Regulating Facial Recognition Tech – Where Are We Now?

While there are clearly now multiple efforts to curtail the use of facial recognition technology (FRT) in the public realm, the reality is that the genie is already out of the bottle and there is no way to put it back.

The efforts above range from limited bans within the public sector, to reviews of new implementations of the tech, to specific court cases against police use of FRT. In short, it’s a patchwork of efforts, and there are huge gaps between them. Many examples also tend to focus on State-backed projects, rather than in the private sector – which is also experimenting with the tech, often in the public domain.

Meanwhile, the technology and its use is still rapidly spreading around the world, and there remains as yet no fully tested national position on its use in countries such as the US and UK.

Full article: Regulating Facial Recognition Tech – Where Are We Now? – Artificial Lawyer

UK’s DPA: police should think over live facial recognition technology

How far should we, as a society, consent to police forces reducing our privacy in order to keep us safe?

The current combination of laws, codes and practices relating to live facial recognition (LFR) will not drive the ethical and legal approach that’s needed to truly manage the risk that this technology presents.

The absence of a statutory code that speaks to the specific challenges posed by LFR will increase the likelihood of legal failures and undermine public confidence in its use.

Full article: Blog: Live facial recognition technology – police forces need to slow down and justify its use | ICO

>