1/ I note the issues around the conservative party conference app .. BUT OMG! I took a peek at the Conservative Campaigner app - "the official mobile app for supporters of The Conservative Party” and OH BOY …
If you are thinking of using the
#FaceApp
consider Section 5 of the ToS & that you grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable licence to use your content (and which may be of your friends or colleagues)
Exclusive: Google is planning to move its British users' accounts out of the control of European Union privacy regulators, placing them under U.S. jurisdiction instead, sources said.
Dear
@ICOnews
The UK Prime Minister
@BorisJohnson
is to hold a PPMQ at 5pm today via Facebook. People are asked to provide a name, occupation & post code but no privacy notice is provide about how that data will be used or about their rights etc. What say you
@ICOnews
?
🎙️ Get ready for another
#PeoplesPMQs
at 5pm today.
💬 Put your questions to the PM by commenting on our Facebook page.
➡️
ℹ️ Don’t forget to include your name, occupation and town.
🙇♂️ here’s the
@NHSEngland
Test and Trace privacy notice. “This privacy notice explains what personal identifiable information is collected by this service” PII 🤦♂️🙇♂️🙇♂️🤷🏼♂️🤷🏼♂️
Product lead for Singapore's TraceTogether app.
"If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No"
and the same ‘developer’ is behind the NRA’s official app. Oh boy.
Yep, the UK
@Conservatives
official campaign app is developed by a US based political campaigning app platform UCampaign
OK need to go make Son’s supper - back soon. and Oh boy
“I was one of the doctors who met Boris Johnson today. This was a highly staged press event in a newly refurbished hospital ward at Whipps Cross hospital where the prime minister met a few select members of staff & patients. This event completely brushed over the harsh realities”
Meta has announced that European users can now opt out of algorithmic feeds on Instagram and Facebook, in order to comply with the EU’s Digital Services Act
the company is not extending the same choice to users in the US or anywhere else outside Europe
2/ the app was developed by Social Political Media, the same entity behind the anti-abortion apps LoveBoth & MY8 used in the Irish referendum on abortion, .. but Social Political Media also developed the …. Vote Leave app, the Trump-Pence 2016 app, the French Renaissance app
“The personal identifiable information collected by the NHS Test and Trace on people with coronavirus or who have symptoms will be kept for 20 years.” < PII again 🤦♂️ But oh my kept for TWENTY YEARS!! Show the legal basis for that please
@Conservatives
7/ proceeding takes you to
The approach to cookies alone is not compliant with the ePrivacy rules or the GDPR. And look at those trackers …. maybe th
@ICOnews
should look at this app?
18/ serious questions should be asked of the relationship between the Conservatives and uCampaign - of which the latter developed apps on its platform for the Trump-Pence campaign, Vote Leave, the NRA and anti-abortion apps LoveBoth & My8 in the recent Irish abortion referendum
10/ have the Conservatives conducted any assessment?
So many questions. So many permissions.
I’m beginning to wonder if
@MattHancock
advised them on how to develop the app - I mean just look at
#HanCocksApp
@Conservatives
4/ The app. The ‘developer’ is Thomas Peters, the CEO of UCampaign (the Trump, NRA apps) and now RumbleUp a ‘powerful P2P texting’ campaign platform.
Embedded in the Conservative Campaigner ’the the official mobile app for supporters of The Conservative Party’ are four trackers
A user in a low level hacking forum has published the personal data of 533 million Facebook users from 106 countries. The Data includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, & in some cases email addresses
9/ so what data exactly is being processed by the embedded trackers and for what purposes? What is the legal basis under the GDPR?
Does the uCampaign as the developer of the app have access to that data or otherwise harvest it? Is the data held on uCampaign servers in the US?
@Conservatives
@ICOnews
8/ No mention of the app or any app in the privacy policy. No mention of Campaign - and WHAT data is uCampaign receiving as a result of the use of this app developed by them?
NO Mention of tracking in the privacy policy - either with reference to the site or embedded in app
Could you
@ICOnews
please treat the above tweet as a formal complaint against
@10DowningStreet
@BorisJohnson
for failing to meet the requirements of Articles 12 and 13 of the GDPR. Thank you.
@MattHancock
14/ The registration email appears to come from Conservative Campaigner but in fact comes from support
@ucampaign
.co So, data is processed and held by uCampaign in the US. This raises more questions.
This is deeply troubling. The Times reports that ‘Betting companies have been given access to an educational database [of the Learning Records Service] containing names, ages and addresses of 28 million children and students’
The
@Conservatives
Party Conference app (Android) has TWELVE embedded trackers and FOURTY SIX permissions.
Let’s take a 👀 shall we
@iconews
? Cos someone should ….
“The personal identifiable information collected on the contacts of people with coronavirus, including those who are showing symptoms, will be kept for 5 years.” <PII again! 🤦♂️ But why is this data kept for FIVE years? What’s the legal basis? Where’s the assessment
It's really got me thinking about the 'poverty of privacy'. For people struggling to put food on the table .. the loyalty card is quite appealing, especially when the Tesco 'Clubcard' is now also a mobile app offering convenience. But at what cost to people's privacy? 👇👇
1/ I took quick look at the Facebook Portal
As usual, the devil is in the ambiguities of what Facebook says & of course what it doesn’t say. After all, this is a company that has mastered
#DeceptiveByDesign
approach, to privacy (think
#WhatsApp
)
@ICOnews
And based on previous complaints to your office wherein you are reluctant to pursue a complaint unless the complainant is the data subject - here you go, I’ve raised the matter with the parties concerned. Consider me a data subject.
@MattHancock
12/ Unlike on the Google Play store, after installing the app, individuals are advised the app is ‘powered by uCampaign’ - clicking the link takes you to the uCampaign home page. The Privacy policy is ambiguous in many ways
The app has SDKs (trackers) embedded from GoogleAdMob; Google Analytics; LeanPlum (advertising). Demdex (Adobe Analytics); Appdynamics (full stack observability); Adjust (measurement) ... there's also fingerprinting taking place by Adobe and Adjust. So yeah, a poverty of privacy.
Oh my goodness. They really do think users are just passive ...
Y'all really should ZOOM in on Zoom's privacy policy and practices.
#AdTechSurveillance
#DataVampires
Because I raise concerns & questions over
#CovidSurveillance
(whether about apps or mobile data) it doesn’t mean I am against measures, it means I care that they have a clear legal basis, are proportionate & necessary & respect the essence of fundamental human rights
An 18-year-old student who predicted this year’s A-level results crisis in an award-winning dystopian story about an algorithm deciding school grades according to social class, has had her own results downgraded.
1/ Well. The UK Secretary of State for Digital, Oliver Dowden proposes to "overhaul EU data rules and replace them with a new 'light touch' British framework"
Gotta do some privacy negotiating first. Cookies and similar technologies like hidden Facebook Pixels.
Lets take peek
1/ The 28 January is Data Protection Day.
You'll hear a lot about this being 'Data Privacy Week' but I wanted to take time to reflect on the history and significance of 'Data Protection Day'.
#DataProtectionDay
Who'd a thought. Golly gosh. Apple "privacy is a fundamental human right" .. but ....
"Apple Is Tracking You Even When Its Own Privacy Settings Say It’s Not, New Research Says"
This.
Last week I had a procedure under general anaesthetic at an NHS hospital. Very difficult times for all staff. They were utterly brilliant despite the pressures that Covid is bringing. I can't praise them enough.
Don't be a dick like Lozza.
Tell me again, that privacy concerns in contact tracing are overrated.
👇 South Korea.
It also shows why we should think beyond privacy to broader human rights such as protection against discrimination
Wow—important thread. South Korea saw new cases of COVID-19 this weekend which trace back to Seoul’s gay district, Itaewon. Now the LGTBQ community in the country fears discrimination, and this thread details homophobic behavior that’s already taking place.
@annewoj23
@GSK
Under the GDPR, health related and genetic data are special categories of personal data that attract quite strict rules .. such as requiring explicit consent (or another strict condition 🤔). Might I ask what condition under Article 9 of the GDPR that 23andMe is relying on here?
“We understand that the Taliban is now likely to have access to various biometric databases and equipment in Afghanistan ... This technology is likely to include access to a database with fingerprints and iris scans, and include facial recognition technology"
The horror that national digital ID can facilitate.
Here are also some reflections from
@zararah
in 2016 'DANGEROUS DATA: THE ROLE OF DATA COLLECTION IN GENOCIDES'
I hope those rushing to propose NID will reflect on the dark side of data
Facebook may have your phone number, even if you never shared it. Now it has a secret tool to let you delete it.
The privacy of others matters. Think when an app asks to upload your contact details.
I've never given Facebook my mobile number but it has it
I guess I'll be diving into more papers like this: "This Article examines the matrix of vulnerabilities that low-income people face as a result of the collection and aggregation of big data and the application of predictive analytics .."
This is just unacceptable. Folks in the US should say NO. LOUDLY.
Staring 26 April,
@TMobile
will start a new program that gives customers' web-browsing and device-usage data to advertisers unless customers opt out of the data sharing”
Dear
@DHSCgovuk
on what legal basis (a) did you obtain my email address registered with my local GP and (b) have you sent me this unsolicited direct marketing message?
Because your privacy notice doesn’t address it.
Dear
@ICOnews
I assume you are investigating this?
so sick and tired of these dark patterns in consent management platform tools.
'Reject All' does not reject all. You have to click on legitimate interests and 'object all'.
That this is on the website of a consumer advice centre is just 🙇♀️🙇♀️🙇♀️🙇♀️
It took 10 months. I did a lot of testing & provided a lot of evidence of policy & process & even set up a false account + analysis of GDPR. But now I have formal confirmation that PayPal has changed its SAR identity requirements/process as a result of my complaint to the CNPD
Biometric & CCTV surveillance commissioner warns UK is an “omni-surveillance” society with police forces in the “extraordinary” position of holding more than 3m custody photographs of innocent people more than a decade after being told to destroy them
Leaked Facebook documents. very interesing stuff.
On developing a 'Profile Accuracy llQuiz’
“Our initial feedback is that this flow suggests that we are trying to trick users into providing data about their friends, but legal and PR have signed off on this."
I am overjoyed. Today I received confirmation that my father now officially exists on the register of births in Ireland. Born 1920. Died 30 years ago.
I can’t express what this means to me.
And to the folks at you were marvellous throughout 🙏🙏
Imagine buying an android TV getting home then discovering the privacy policy.
I always think privacy transparency should be part of the sales process / have a sticker on the box at the very least
“A second massive
@LinkedIn
breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data .. ”
Wow. This. The consequences of cashless mobile payment when your phone battery dies. In this case - no proof of purchase of travel ticket = £476 fine & a criminal conviction. Just wow.
@PrivacyMatters
At launch in September last year, it was reviewed by Mark Wallace (Exec. Editor ConservativeHome and former Campaign Director of Tax Payers Alliance) who then saw no shame in the connection, and didn’t rate it much. So interesting!
Time for some thinking time with the office assistant. Then later prepare challenges to my son’s A Level grading; then FOIs to OFQUAL and the ICO; then a formal complaint to the ICO. I’m gonna fight this unfair A Level grading process. I’m in this fight for fairness.
I’ve emailed some enquires to the data protection office and copied the feedback team as per the privacy notice. The feedback email address is ‘closed and no longer monitored’. Oh dear.
I await a response - hopefully - from the data protection office
The
@BBCBreakfast
covered the FaceApp (ageing app). All fun stuff. A pity they didn’t take the opportunity to consider the embedded trackers like Facebook Analytics & Google Ads, or even the significant collection of device & behavioural data via the app
Swedish multinational retail company H&M has been hit with a €35 million GDPR fine for excessive recording of details of the private lives of employees in Germany.
🤦♂️ Paying people cash for their data isn’t ‘data dignity’ and not will it lead to a better digital society. In fact it may well just exacerbate existing problems and inequalities & affect the poor the most
Microsoft researchers suggest ‘data dignity’—tech companies like Facebook paying people to use their data—will create a better digital society, but experts disagree
Just because personal data is in the public domain doesn't mean that data protection law doesn't apply. Or that because someone posts personal data on twitter that it stops being personal data.
Yes. These things have been uttered.
for a range of commercial purposes & that you acknowledge that some of the Services are supported by advertising revenue & may display advertisements & promos, & you agree that
This thread. Two people I admire. I feel the same. Google making promises not to use
#FitBit
data for advertising. Nope. I don’t believe it. It’s a bit like putting Dracula in charge of the bloodbank & expecting him not to dip in ...
The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online <and why I give fake data.