Month: September 2021

The “Facebook Files,” a series of articles about internal Facebook research reports that were revealed recently to the Wall Street Journal, has provided a window into Facebook’s understanding of many of the flaws on its platform. Notable revelations include that Facebook is aware of Instagram use being harmful to a “sizable percentage” of teenage girls (a finding which led Facebook to delay the introduction of Instagram for Kids), that tweaks to the News Feed algorithm made in 2018 resulted in more engagement but also led to more hate speech and increased anger, and that Mark Zuckerberg’s personally directed efforts to curb vaccination misinformation on the platform were largely a failure. Facebook faces a difficult “Snowden revelation” scenario in responding to the leaks, where it needs to decide whether to release more information about these issues (to show the WSJ’s data is incomplete) or to refuse to (leading to accusations of hypocrisy). (Link, Podcast, Facebook rebuttal)

The Senate Commerce Committee held a hearing about consumer privacy. The main decision points appear to be whether to handle privacy by expanding FTC authority over the field (including by possibly creating a new bureau within the FTC and/or increasing its funding), and/or whether to enact a federal privacy law along the lines of California’s or Colorado’s. (Link, Source)

Amazon released a surveillance robot that is capable of moving autonomously around a house taking pictures and video from a security camera. The robot is designed to look friendly, but privacy advocates have been quick to point out troubling implications for anyone who can afford the $999 sticker price. (Link, Link)

YouTube has updated its internal policies regarding misinformation, specifically becoming more stringent on medical and vaccine misinformation. They will be more proactive on removing content that “falsely alleges that approved vaccines are dangerous and cause chronic health effects, claims that vaccines do not reduce transmission or contraction of disease, or contains misinformation on the substances contained in vaccines.” (Link)

The UK is considering removing or amending Article 22 of the GDPR, which protects people from automated processing by providing a right of human review for automated decisions. This comes after some mixed empirical evidence about the success of human review within the GDPR framework. (Link)

An article highlighted the use of refugees and displaced people to train machine learning datasets, often by labeling videos, transcribing audio, or similar “clickwork.” Major firms, like Microsoft, Facebook, Amazon, and Tesla, rely substantially on this labor. This appears to be an important and concrete instance where machine learning is causing real-world harm. (Link)

ICE recently signed a $3.9 million contract for a “rapid” AI-powered facial recognition tool for use at migrant detention facilities. So far, the agency has released the bare minimum of details on how this will be used, with the contract suggesting only that it will be deployed for “rapid alternatives to detention enrollments through facial confirmation application.” (Link, Link)

(compiled by Student Fellow Andrew Mather)

Upcoming Events

Guarini Colloquium: Regulating Global Digital Corporations – Monday September 27, 2021, 17:20 – 18:20 In this NYU Law School colloquium, participants will read and discuss a recent paper by Elettra Bietti on digital platform regulation. (link)

News Items 

China passed the Personal Information Privacy Law (PIPL) at the end of August 2021. The PIPL covers all businesses, including those doing business outside of China, that interact with, store, share, collect, or otherwise use personal information from people within China. The PIPL regulates the ways in which “personal information handlers” can handle personal data and includes data transfer restrictions. Violation of the PIPL can result in fines, notice on China’s social credit system, or being prohibited from future business in China. It will go into effect on November 1, 2021. (link, link)

The Cyberspace Administration of China passed the The Regulation on Management of Automobile Data Security (Trial), which will impact many sectors, including automakers, software suppliers, distributors, maintenance organizations, and ride hailing platforms. Through this, “important data” such as geographic information, video and images, and personal data, will need to be stored within China. Any data transfers outside of China will need to undergo a security assessment. (link)

China’s Data Security Law went into effect on September 1. The Data Security Law outlines how companies active in China should classify and manage data. (link)

Apple released iOS 15 on September 20. While Apple had previously announced a plan to introduce technology to scan user devices for images of child sex abuse material (CSAM), that plan has been delayed after criticism from privacy, policy, and rights groups, as well as thousands of individuals. (link) Additionally, new privacy controls are available in iOS 15, but will not be available in all countries or may require a subscription fee. (link)

Zoom made a $14.7 billion proposal to acquire Five9. The deal is currently being reviewed by the Committee for the Assessment of Foreign Participation in the United States Telecommunications Service Sector for national security concerns, due to Five9 having operations in Russia. Zoom already has research and development staff located in China. (link)

Facebook is making changes to its news feed, adding “junk code” to HTML features used for accessibility, In addition to impacting technology like screen readers, which blind and visually impaired people may implement to help use a computer, these changed affect ad blockers and prevent automated data collection, impacting Facebook users and researchers using automated data collection. (link)

As voting begins in Russia, Facebook and Google removed a smartphone app that tells users what opposition candidates are likely to defeat candidates backed by Russian authorities. (link)

The Illinois Appellate Court issued an opinion on how the statute of limitations applied to the state’s Biometric Information Privacy Act (BIPA). The court suggested a one year limit on claims about “unlawful profit or disclosure” and a five year limit on claims of “data retention policy disclosure, informed consent, and safeguarding.” (link)

(compiled by Student Fellow Molly de Blanc)

President Biden nominated Alvaro Bedoya for a seat on the Federal Trade Commission.  Bedoya, a professor at Georgetown University Law Center, is a well-known privacy advocate.  He has a research background in privacy lapses on online platforms, the consequences of facial recognition technology, and oversight on electronic and biometric tracking. (link)

Ireland’s Data Protection Commission has opened two inquiries into TikTok on the processing of children’s personal data and the transfer of personal data to China.  The Data Protection Commission, which is considered a leading EU regulator, is allowed to impose fines of up to 4% of global revenue. (link)

Facebook’s Oversight Board affirmed Facebook’s decision to restore a news post about a threat of violence from the Izz al-Din al-Qassam Brigades, the military wing of the Palestinian group Hamas.  Facebook originally removed the content under the Dangerous Individuals and Organizations Community Standard and restored it after the Board selected this case for review. The Board concluded that removing the content did not reduce offline harm and restricted freedom of expression on an issue of public interest. (link)

Facebook has built a system—known as XCheck—in which high-profile users, including politicians and celebrities, are exempted from some or all of its rules.  This is contrary to the platform’s public position, which is that its three billion users may all speak on equal footing.  (link)

The Wall Street Journal acquired internal documents from Facebook showing that the company knew that Instagram was causing profound harm to teen girls’ mental health.  According to internal company studies, the social media platform fosters body-image concerns, eating disorders, among other effects.  The company also downplayed these negative effects and has not made its internal research public.  (link)

China has forbidden under-18-year-olds from playing video games for more than three hours a week.  Gaming companies will be barred form providing services to minors in any form outside of 8:00pm to 9:00pm on Fridays, Saturdays, and Sundays.  (link)

(compiled by Student Fellow Coordinator Justin Lee)