Futuendi Gratia

Predicting the future of this initiative is probably as easy as

ONE

Some Amazon users will now earn $2 dollar per month for agreeing to share their traffic data with the retail giant. Under the company’s new invite-only Ad Verification program, Amazon is tracking what ads participants saw, where they saw them, and the time of day they were viewed. This includes Amazon’s own ads and third-party ads on the platform

TWO

Exchanging user data for a financial reward is nothing new

THREE

Both the Facebook and Google programs were shut down in 2019 due to privacy concerns, The Verge and TechCrunch reported.

Business Insider: ‘Amazon Is Offering Users $2 a Month for Letting It Track Phone Data’

​(๑◕ܫ◕๑)

Mandatory But Not Compulsory

Last week it was old friends the Department of Social Protection, this week it’s the Department of Justice having an unfortunate encounter with reality after many, many years of avoiding it.

Here’s something from July of this year —

The landmark 2014 ruling was followed by a bevy of subsequent judgments from the EU’s highest court that reinforced its message to stop blanket data retention. But it didn’t stop Ireland from keeping its mass surveillance of phone and internet data, including who you call and where you are, largely intact.

That’s from an article in Politico called ‘Europe’s state of mass surveillance’.

Here’s something else from July of this year —

I am advised that there is an urgent need to address the immediate impacts of the Court of Justice ruling by way of a number of targeted amendments to the 2011 Act. The current legal frailties within the 2011 Act have now been made definitive following the issue of the Court of Justice. In addition, service providers in the communications sector have expressed to me doubt as to the validity of continued general and indiscriminate retention of data currently held and the need for legal certainty as to what their data retention obligations now are.

That’s the Minister for Justice in the Oireachtas. A sudden “urgent need” to address “legal frailties” in the name of “legal certainty”.

Now here’s something from earlier this week —

One of the issues the Government faces is that, in their rush to force the law through the legislature, they seem to have skipped the step at draft stage that would require it to be assessed by the EU Commission. … At heart, we have a continuation of the same line of administrative failure we have seen from the Department of Justice since the Digital Rights Ireland case made it clear that the EU Directive on data retention was invalid. The Department has allowed critical laws, dealing with some of the most intrusive and sensitive surveillance powers, to float unsupported. This lets uncertainty grow as to whether they can or can’t be relied upon in investigation and prosecution of serious crimes as well as continuing an unlawful mass surveillance system of nearly the whole adult population of the country.

That’s from the latest issue of Simon McGarr’s Gist, ‘Too Urgent To Get Right’.

---

Moving on to the Department of Children and its agencies we find yet more inconvenient reality intruding. Since I’ve been involved in a small way in this clown rodeo for over two years now I will be writing something longer about the whole thing next year, but a brief summary will have to suffice for now.

• In May 2021 the Minister published the Heads of the Birth Information and Tracing Bill.
• The draft Bill went through detailed pre-legislative scrutiny by the Oireachtas Children’s Committee. The Committee produced a report with over eighty recommendations [PDF], the majority of which were ignored by the Minister and his department.
• The Bill made its way through the Oireachtas. Over 300 amendments were submitted as it did so. Again, the majority of these were rejected by the Minister and his department. The Bill was signed into law at the end of June of this year.
• The information access aspects of the Act came into operation at the beginning of October.
• Within weeks it was widely reported that the two agencies most prominently involved, the Adoption Authority and Tusla, were incapable of meeting the statutory deadlines in the Act. An Act which they had worked closely with their parent department in preparing. Since before May of 2021.
• Now, in December of 2022 one of the agencies is writing to people and telling them it might be the autumn of 2023 before they receive their records.

This raises an interesting question about the ability of these agencies to meet the statutory deadlines for providing access to individuals under the GDPR’s right of access, and a further interesting question about what action the regulator might take if the agencies are in breach of their GDPR obligations.

Despite the sporadic strange assertions from the Minister and his department to the contrary, the vast majority of the information which falls within the scope of the Birth Information and Tracing Act also falls within the definition of personal data in the GDPR, which individuals have a right to access, clearly stated in both the EU Charter of Fundamental Rights and the GDPR itself.

It was suggested repeatedly to the Minister and his department that a straightforward solution would be to use the existing GDPR access system rather than create a new, untested and unnecessarily complicated system which would run in parallel. These suggestions were ignored (see above).

​(๑◕ܫ◕๑)

​

What Could Possibly Go Wrong?

Ireland’s Data Protection Commission (DPC), which is (at least for now) Twitter’s lead data protection regulator in the European Union is seeking more details from Twitter about the outsider data access issue. “The DPC has been in contact with Twitter this morning. We are engaging with Twitter on the matter to establish further details,” a spokeswomen told TechCrunch. Earlier today, Bloomberg also reported on concerns over the pond about outsiders accessing Twitter user data — citing tweets by Facebook’s former CISO, Alex Stamos, who posited publicly that a Twitter thread posted yesterday by one of the reporters given access by Musk “should be enough for the FTC to open an investigation of the consent decree”.

Techcrunch: ‘Ireland’s privacy watchdog engaging with Twitter over data access to reporters’

​(๑◕ܫ◕๑)

​

Regulators

Reality may also have finally caught up with Facebook’s cunning switcheroo of its legal basis for processing the personal data of hundreds of millions of people in the EEA. The EDPB plenary mentioned last week went ahead as planned, the binding decisions were made and according to the Wall Street Journal (€) it’s very bad news for Emperor Mark. Natasha Lomas has more: “So, depending on what’s been decided, Meta could finally be forced to ask users if they want to be tracked — a choice the adtech giant currently denies. On Facebook and Instagram it’s either agree to be profiled and targeted — or no service for you.”

So we’ll find out exactly what happens to Facebook’s business model at the start of next month.

—

In another setback for Faceberg, the General Court of the CJEU threw out its attempt to annul the EDPB’s binding decision made last July which led to WhatsApp being fined €225 million.

​(๑◕ܫ◕๑)

​

What We’re Reading

• “As an example, the video shows somebody looking for information about former French Prime Minister Edouard Philippe. The French politician’s Twitter address is typed into a search engine, which returns his private Instagram and Twitter accounts as well as a fake phone number, address and other private information. The software also purports to provide the phone numbers of some of Philippe’s friends and information about how he is connected to them.” From ‘France’s Mr. Privacy turns cybersnooper’ by Elisa Braun for Politico.
• “We are, in a sense, getting the bill we deserve from the politicians we deserve: not a very good one, from not a very good lot. It’s a shining beacon of mediocrity; of people too stupid to understand the nuance of one of the most nuanced-filled areas of our modern lives, over-promoted into positions of power and thinking they know better than researchers who have spent their lives looking at these issues. It is also the Brexit dividend turned disaster writ large. We crow about our world-leading action against big tech, when in reality, we’re just more willing to throw half-baked thoughts into law – rather than working up something that would actually scare them. This ineptness is in sharp contrast to Europe, which has managed to introduce logical, intelligent and robust regulation against big tech in less time than we’ve been dithering about our online safety laws.” From ‘While EU regulators take on Elon Musk, Britain’s online safety bill is a beacon of mediocrity’ by Chris Stokel-Walker for The Guardian.
• “Many marketers privately admit to having very little to no understanding of the security, ethical and business risks of the pixels that run on their websites,” said Krzysztof Franaszek, founder of Adalytics. “This is something the advertising and corporate trade groups may look at remediating through better training programs.” From ‘Amazon, FBI.gov, and 70,000 Other Sites Are Sending Your Data to Elon’s Twitter, New Research Says’ by Thomas Germain for Gizmodo.