Privacy & New Media

EPIC

March 19, 2020

The Department of Justice has released the 2019 FOIA Litigation and Compliance Report which details the DOJ’s efforts to encourage agency compliance with the FOIA across federal agencies. DOJ updated the Guide to the Freedom of Information Act, with recent court decisions. The DOJ report also summarizes agency guidance, including the application of Exemption 4 after the Supreme Court expanded the definition of “confidential” information. On that issue, EPIC filed an amicus brief in Food Marketing Institute v. Argus Leader Media telling the Supreme Court that access to commercial records is critical for government oversight. EPIC celebrated Sunshine Week with the 2020 EPIC FOIA Gallery, highlighting important EPIC FOIA work from the past year, including EPIC’s case for the release of the Mueller Report, EPIC v. Department of Justice.

The content in this post was found at:

<https://epic.org/2020/03/doj-releases-2019-foia-litigat.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Sept. 24, 2020

In a report, the Department of Homeland Security’s Office of Inspector General found that Customs and Border Protection failed to safeguard pictures of travelers obtained for a facial recognition pilot program, the Biometric Entry-Exit Program. The pictures were exposed in a data breach of a CBP subcontractor, Perceptics, LLC. OIG found that the CBP failed to undertake sufficient information security practices to prevent Perceptics from obtaining the data. At least 17 of the images were ultimately released on the dark web. EPIC leads an ongoing campaign to Ban Face Surveillance. In 2018 EPIC urged CBP to suspend its Biometric Entry-Exit Program. EPIC previously obtained documents on that program through a FOIA lawsuit.

The content in this post was found at:

<https://epic.org/2020/09/cbp-failed-to-protect-sensitiv.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

 

This week, Mauritius signed and ratified the Modernized International Privacy Convention. Mauritius became the sixth state to officially ratify the modernized Convention 108, and the 36th country to become a signatory. The Council of Europe Convention 108+ is the first and only binding international legal instrument for data protection. Updated in 2018, the Modernized Convention includes new provisions on biometric data, algorithmic transparency, enhanced oversight. Non-members of the Council of Europe are able to sign the Convention, and EPIC and consumer groups have long urged the United States to ratify the international Privacy Convention.

EPIC

EPIC
March 13, 2020

Last minute lobbying by big tech companies blocked passage of the Washington Privacy Act. The state privacy law have given consumers the right to access, correct and delete their personal data held by tech firms. EPIC and a broad coalition of privacy groups backed a comprehensive bill that would include, as privacy laws typically do, the right of consumers to bring legal action but that was opposed by industry groups. The Washington legislature did pass a modest bill limiting the government use of facial recognition technology. EPIC has long supported federal baseline legislation and the creation of a data protection agency. EPIC has also called for a moratorium on face surveillance. The EPIC State Policy Project monitors privacy bills nationwide.

The content in this post was found at:

<https://epic.org/2020/03/tech-companies-block-washingto.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

EPIC
March 9, 2020

The Department of Health and Human Services finalized rules that require insurance and healthcare companies to provide patient access to their medical data in a format suitable for cellphones and other electronic devices. However, federal privacy protections under HIPAA no longer apply once patients transfer their data to consumer apps, creating serious risks to medical privacy. The CEO of the American Medical Association warned regulators that “These practices jeopardize patient privacy, commoditize an individual’s most sensitive information, and threaten patient willingness to utilize technology to manage their health.” Tech firms pushed for these changes. Last year, the Wall Street Journal reported that Google’s ‘Project Nightingale’ intends to amass health data on millions of Americans. There will be a six-month period before the rule goes into effect.

The content in this post was found at:

<https://epic.org/2020/03/new-rule-promotes-patient-acce.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Proskauer Lex Blog: Media and Technology Blog
Jeffrey Neuburger
March 8, 2020

In continuing its push to enforce its terms and policies against developers that engage in unauthorized collection or scraping of user data, Facebook brought suit last month against mobile marketing and data analytics firm OneAudience LLC. (Facebook, Inc. v. OneAudience LLC, No. 20-01461 (N.D. Cal. Complaint filed Feb. 27, 2020)). Facebook alleges that OneAudience harvested Facebook users’ profile data and device data in contravention of Facebook’s terms and developer policies. OneAudience purportedly gathered this data by paying app developers to bundle OneAudience’s software development kit (SDK) into their apps and then harvesting data for those users that logged into those apps via Facebook credentials.

Facebook users, including developers and page administrators, are required to assent to Facebook’s terms and various platform policies when a Facebook account is created. According to Facebook’s Complaint, . . .

In its Complaint, Facebook alleged that around September 2019, OneAudience offered to pay app developers to bundle its SDK into their apps. The SDK allegedly allowed OneAudience to collect data about users’ devices and their Facebook (and some other social media) accounts in instances where the user logged into the particular app using their Facebook credentials (e.g., the “Sign in with Facebook” option). The data included user names, email addresses, country, time zone, Facebook ID, and, in limited instances, gender, all of which were allegedly used by OneAudience for targeted marketing services. OneAudience also allegedly collected device data such as call logs, cell tower and other geolocation data, contacts, browser information, email, and information about installed apps.

More

The content in this post was found at:

<https://newmedialaw.proskauer.com/2020/03/08/facebook-brings-suit-against-mobile-marketing-firm-for-siphoning-user-data-without-authorization/>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Today the FCC announced proposed fines against T-Mobile, AT&T, Verizon, and Sprint for selling customers’ location information. FCC Chairman Ajit Pai said: “This FCC will not tolerate phone companies putting Americans’ privacy at risk.” The companies are given an an opportunity to respond to the FCC before the Commission makes a final decision.

[ed: some pundits note that the amounts, when divided amoung the 4 companies, amount to little more than a slap on the wrist. All 4 companies have appealed the proposed ruling/fine and as of Sept, 2020, have not paid fines that are yet to be finalized by the FCC]

The content in this post was found at:

<https://epic.org/2020/02/fcc-proposes-fines-for-wireles.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Hackers have stolen the entire client database of facial recognition company Clearview AI. Clearview AI scraped over three million images from the internet to build its facial recognition database. The company sells facial recognition services to law enforcement agencies.

The content in this post was found at:

<https://epic.org/2020/02/clearview-ai-face-scanning-com.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.