Author: Tom McBrien

The Israeli government attempted to transfer information to local authorities that would enable them to track the identity of people who have not received a COVID-19 vaccine. These health data transfers from the Health Ministry to local governments were approved by the Knesset last month, but last Tuesday, the High Court of Justice ruled them unconstitutional. The court held that the data transfer laws harmed constitutional right to privacy and issued a temporary injunction barring further data transfers. (link)

Google announced that will roll out Federated Learning of Cohorts as an replacement to 3rd party cookies. The announcement has generated a lot of Github arguments about how the new online activity tracking system may look like, and how it should look like. (link, link, link)

New York is expanding the use of its vaccine passport, the Excelsior Pass. Art venues will be able to use the pass to monitor whether visitors have been vaccinated and get authorization to open at increased capacity. STOP has reached out to the NY government regarding the Excelsior Pass’s privacy policy but has not received a response yet.

Verkada, a security camera startup, has been reported to possess a super admin view of their private customer cameras. The super admin view allows them to watch live footage from any of their tens of thousands of cameras. The news caused a security camera scandal. (link)

(compiled by student fellow Kevin Kuate Fodouop)

Treasury Secretary Janet Yellen dropped a Trump Administration proposal to reform global digital tax rules to include a “safe harbor” provision that would have allowed tech companies to opt out of a global tax regime. Even if a global deal is not reached, there may be a European-wide one.

Israel’s parliament passed new legislation that allows the Israeli Health Ministry to share personal information of those who declined the COVID vaccine with local and national authorities.
Mason Marks: Facebook is considering adding facial recognition to its augmented reality glasses. Also, Mason is moderating a March 17 panel on “Privatizing Public Health” at the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School.

A US Treasury Department watchdog report says that the IRS might violate the Fourth Amendment when it uses cellphone location data without a warrant. Also, S.T.O.P. and the Yale Privacy Lab are hosting a March 6 symposium on how remote proctoring software promotes bias, undermines privacy, and creates barriers to accessibility.

Federal District Judge Lucy Koh, who is presiding over the Google private browsing class action, said she was “deeply disturbed” that Google tracks visitors to the Northern District of California’s court website.

In Italy, Facebook was again fined for failing to comply with an earlier order related to its failure to inform users about the commercial use it makes of their data.

On March 30, TransUnion LLC v. Ramirez will be argued at the Supreme Court. It raises the question of whether F.R.C.P. Rule 23 permits a damages class action even when the majority of the class has suffered no actual injury. While the case is about the Fair Credit Reporting Act, it will likely have broad ramifications going forward.

(compiled by student fellow Jacob Apkon)

The International Network of Civil Liberties Organisations released a report on facial recognition technologies across the world. It uses stories from 13 member organizations to highlight discrimination and the impact on rights.

The UK Supreme Court ruled that Uber drivers must be treated as workers. Uber had argued that they were self-employed contractors instead.

Under legislation proposed by the Australian Competition and Consumer Commission, tech giants would need to pay for news content on their sites.

China is developing its Digital Currency/Electronic Payment system through the People’s Bank of China. It is the digital version of the yuan.

The Swedish Police Authority has used Clearview AI facial recognition to identify individuals, and the way it processed personal data violated the Swedish Criminal Data Act. After an investigation by the Swedish Authority for Privacy Protection, the Police Authority was fined SEK 2,500,000, which is about 300,000 USD.

Twitter’s Birdwatch is a tool that allows users to identify potentially misleading information in tweets and add notes with context. However, the newsletter Factually recently reported that more than 10% of Birdwatch’s notes are generated by the five most active Birdwatchers.

Virginia is likely to become the second state with a comprehensive consumer privacy bill, after both houses of the Virginia General Assembly passed the Consumer Data Protection Act.

The New York City Police Department released the Cryptocurrency Analysis Tools: Impact & Use Policy for public comment. 

(compiled by student fellow Emmett Weiss)

Clubhouse, the audio-based social networking app, has faced a host of privacy issues. Clubhouse is facing regulatory/legal issues in Germany, apparently linked to its collection of contact information and its GDPR compliance. Part of the issue seems to be linked to its creation of shadow profiles for people for who have not joined the app but whose personal information was contained in the contacts uploaded by others.

Clubhouse also briefly went unblocked by the Chinese firewall, facilitating some open dialog before it was eventually shut down by censors.

An in-depth Kate Klonick New Yorker article describes the efforts to form Facebook’s new “Supreme Court,” which will ultimately have responsibility for the company’s content moderation decisions.

A recent Wired article discussed a study where researchers trained an algorithm to read x-rays and correlated it with patient reports of pain from injuries/illnesses. It outperformed radiologists in predicting the level of pain patients actually reported, particularly with Black patients.

Microsoft endorsed an Australian proposal to require gatekeepers like Facebook and Google (along with its own Bing search engine) to share revenues with local news organizations, not long after Google and Facebook threatened to scale back their services in the country if the proposal were to take effect.

(compiled by student fellow Andrew Mather)

Global Privacy Control is a global internet browser opt out that sends a general signal for users wanting as little data collection and sharing as possible. The GPC standard will let users signal that they don’t want services to share their data with third-party data brokers, and will give users a way to protect their data after it’s been collected and ensure personal information doesn’t travel too far.

Planned legislation to establish new business areas in Nevada would allow technology companies to effectively form separate local governments.

The Cyberlaw Clinic filed an amicus brief last week in the Superior Court of New Jersey, Appellate Division, on behalf of Upturn, Inc., a nonprofit organization that advocates for equity and justice in the design, governance, and use of technology. The brief supports the defendant-movant, Corey Pickett, in an appeal seeking source code access to TrueAllele, a DNA analysis software developed by Cybergenetics.

Klobuchar on Thursday introduced the Competition and Antitrust Law Enforcement Reform Act, which would make it harder for big companies to get mergers approved and would give enforcers like the Federal Trade Commission and Justice Department sharper teeth.

Facial recognition technology amplifies racist policing, threatens the right to protest and should be banned globally, Amnesty International said as it urged New York City to pass a ban on its use in mass surveillance by law enforcement.

Exposing.ai, unveiled in January, lets you know whether photos you’ve posted to image-sharing site Flickr have been used to advance this controversial application of artificial intelligence by allowing you to search more than 3.6 million photos in six facial-recognition image datasets.

(compiled by student fellow Jacob Golan)

Senator Edward J. Markey (D-Mass.) investigation into Amazon Ring doorbell reveals egregiously lax privacy policies and civil rights protections. Lawmaker found Ring has no evidentiary standards for law enforcement to request video footage, no compliance mechanisms to ensure footage of children isn’t collected

The hot new COVID tech is wearable and constantly tracks you. Sports leagues, large employers and colleges are turning to devices that could usher in more invasive forms of surveillance.

Stop COVID with NOVID: NOVID is a next-generation mobile application with Pre-Exposure Notifications which allow users to proactively make decisions based on their risk of infection. We are the only mobile solution with:

Amazon launches Amazon Pharmacy, a delivery service for prescription medications. Poses several privacy concerns.

Microsoft announces it will challenge every government request for public sector or enterprise customer data and it will provide monetary compensation to users if it discloses their data in response to a government request in violation of the EU’s General Data Protection Regulation (GDPR)

The United Nations issues a joint Statement on Data Protection and Privacy in the COVID-19 Response

Tim Berners Lee’s startup Inrupt releases Solid privacy platform for enterprises

The Minister of Innovation, Science and Industry, Navdeep Bains, proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11 will create new data privacy obligations and new enforcement mechanisms for these obligations if it becomes law.

(compiled by Student Fellow Jacob Golan)

Arthur Conan Doyle’s estate sued Netflix because Sherlock Holmes is portrayed in Enola Holmes as compassionate, a portrayal of Sherlock Holmes that only took place in the final 10 books which are still under copyright.

The Association for Civil Rights in Israel has filed freedom of information petitions against the Israeli army and Israeli police to find information about their use of facial recognition.

Activists have begun working on a facial recognition system to identify law enforcement members.

EU court released a judgment in a suit brought by Privacy International that sought to define privacy obligations under the privacy directive.

California Proposition 24 is on track to be approved by voters which would expand the state’s privacy laws and allow customers to opt in or out to certain privacy protections.

The LGPD’s (Brazil’s general data protection law) regulatory authority finally has directors and can begin regulating.

Michigan amended their constitution to require a warrant to search electronic devices or communications; Portland ME outlawed facial recognition via referendum; STOP settled a lawsuit with the NYPD that challenged the NYPD’s practice of requiring religious people to remove their head coverings so their mugshots could be fed into a facial recognition database.

Due to widespread civil unrest in Africa a number of countries have restricted use of social media: Lesotho has sought to require those with 100 or more followers to register with a central communications agency; Tanzania restricted the use of social media during its most recent election; Nigeria has also sought to regulate social media after recent national protests.

Massachusetts approved a right to repair law for cars that will give owners access to the data that the cars collect.

The Fourth Circuit affirmed a denial of a preliminary injunction that sought to stop Baltimore’s aerial surveillance program.

(compiled by student fellow Jacob Apkon)

Apple has been hit with an antitrust complaint by the Interactive Advertising Bureau in France over its planned privacy settings which will limit the ability of app developers to track users unless the users give explicit consent. (Link)

A proposed ban on facial recognition by police agencies and companies in Portland, Oregon has been complicated by an individual’s development of a facial recognition system that would identify police officers, a system which would be allowed under the new bill. (NY Times)

Facebook has demanded that NYU Ad Observatory cease its monitoring and collecting data on political advertisements on the platform claiming a breach of its terms of service provisions on bulk data collection without permissions. (WSJ)

Zoom shut down a series events in the United States, including one held by NYU, discussing Zoom’s previous shut down of a San Francisco State University organized talk by Leila Khaled, a Palestinian activist and a member of the Popular Front for the Liberation of Palestine, a US designated terror organization. The events did not have Leila Khaled presenting in their meetings, but discussed the previous event cancellation and statements made by Khaled. (Buzzfeed; AAUP)

(compiled by Student Fellow Maxwell Votey)

The University of Miami has recently come under scrutiny for its alleged use of facial recognition technology to target students participating in protests. The University has denied that it utilizes such technology, although it admitted to the use of video surveillance. (WSJ)

The Trump reelection campaign has been videotaping voters dropping off ballots at drop boxes in Pennsylvania. The state’s Attorney General has released a statement strongly admonishing the campaign for this behavior. (NY Times)

Freedom House, a government-funded NGO, has published a report on the ways in which the COVID-19 pandemic is affecting global internet freedom. (link)

Senators Markey and Hawley recently introduced legislation aimed at updating the Children’s Online Privacy Protection Act (COPPA), which includes provisions that would extend some of the protections to minors older than 13 years old. (Press Release)

A petition to legislate protection for minors online has reached the Indian Supreme Court, which reached out to the Central government for a response. (Hindustan Times)

The Irish Data Protection Commission is investigating Instagram (and parent company Facebook) for issues relating to the protection of information about minors. (Forbes)

China’s top legislative body has released a first draft of a Personal Information Protection Law. (Lexology)

China has also passed a new export control law which would allow it to take retaliatory steps in response to changes in export controls in other countries which would harm Chinese interests or national security. (Bloomberg)

Scholars at Stanford University’s Human-Centered Artificial Intelligence Institute published a working paper proposing a model to regulate and tax Big Tech companies. (Policy Brief)

(compiled by JSD Fellow Stav Zeitouni)

ILI Research Fellow Salome Viljoen wrote a piece for the Phenomenal World blog, critiquing ‘propertarian’ and ‘dignitarian’ approaches to data ownership. 

Google is providing data to law enforcement agencies based on keyword search warrants. Albert Fox Cahn of PRG and the Surveillance Technology Oversight Project ( S.T.O.P.) writes about the ensuing constitutional issues. 

Twitter amended policy which prevented users from posting links to a New York Post story about Hunter Biden. Company leadership explained that the platform was warning users about the “potentially unsafe” link because of a policy on the treatment of articles which are partially sourced in “hacked materials”. Facebook also limited the distribution of the article in its news feed, reportedly as part of their practice to give third-party fact-checkers time to review content. Glenn Greenwald criticizes both companies’ actions on The Intercept.

California’s Attorney General released a third set of proposed modifications to the text of California Consumer Privacy Act (CCPA).At the same time, Proposition 24 (the Consumer Personal Information Law and Agency Initiative) is on the ballot in California. Proposition 24 would expand or amend the CCPA, create the California Privacy Protection Agency, and remove the ability of businesses to fix violations before being penalized for violations.

The Knight First Amendment Institute at Columbia University concluded their Data and Democracy symposium. Session videos are available online.

Watch out for upcoming events at the NYU Law Guarini Institute for Global Legal Studies, including talks from Anupam Chander, Frank Pasquale, Lina Khan, and Daphne Keller.

(Compiled by Student Fellow Margarita Boyarskaya.)