Finnish business fined for tracking employees

In Finland one of the first fines handed out to a water supply management company which used location data in the vehicles used by employees which is considered systematic monitoring. A DPIA should be conducted.

Taken from DLA Piper blog
Followed from a complaint made by an individual. Kymen Vesi processed location data of its employees by locating their vehicles. This location data was used to monitor the employees’ working hours.
The Data Protection Ombudsman stressed in its decision that a data controller must carry out a DPIA when the processing likely results in high risk to the rights and freedoms of data subjects. Kymen Vesi should have carried out a DPIA since the processing of location data concerned data subjects in a vulnerable position (employees) and the data was used for systematic monitoring. In reference to the criteria list set in WP29 guidelines on DPIA and determining whether processing is likely to result in high risk, the processing conducted by Kymen Vesi satisfied three of the criteria (processing of location data, data subjects in vulnerable position and systematic monitoring of data subjects) when usually a DPIA is already required when two of the criteria are satisfied.

Read the rest of the blogpost from DLA Piper blog.

Covid-19, a rehearsal for the real horror? and privacy concerns

The use of tracking technologies to collect data on the spread of covid-19 has triggered a lot of discussions concerning the privacy invasions of such practices, one which I got involved in was the installation as a default a tracking App on both Apple and Android devices, which needed to be switched on by the user in order for the tracking to work.

My take on this as a privacy guy, is that nothing privacy invasive should be installed as a default. The general fear is that what is installed as a default can be enabled as a default, take a look at China.

Thinking about it, we are truly lucky in that covid-19 is not an Ebola. We are getting the chance to rehearse in preparation for the real thing which will happen one day, and I’m hoping not in my lifetime. I think of Stephen King’s book The Stand, and what we see happening with deaths in old peoples homes, whereby they have been forgotten (almost) mirrors the horrors in this book. The horrors reflect the ‘Black Plague/Death‘ people dying in their homes, there is no hope. Fatality was 80%.

Together with a right to privacy are the associated dilemmas. It is clear to us all, although we may not think consciously about it that we want privacy for ourself, but not for others. A basic dilemma which makes privacy per se difficult on a basic human values level. This is reflected in the argument on privacy and the use of a tracking App. We don’t want any government authority -something we feel is the faceless George Orwell figure- tracking our movements. Yet we don’t want to die, and we don’t want our loved ones to die.

In fact the GDPR takes cares of these dilemmas by inserting clauses which enables government authorities in the name of public safety to take measures, also the use of extraordinary circumstances come into effect. In fact even if these Apps are not installed as a default today, they could arguably be pushed out at any time without our consent in the name of public safety. Privacy International has quite a lot on this subject by different countries.

Did you know that many of the international laws on wiretapping date back to a series of seminars hosted by the FBI in the United States in 1993 at its research facility in Quantico, Virginia, called the International Law Enforcement Telecommunications Seminar (ILETS) together with representatives from Canada, Hong Kong, Australia and the EU. The product of these meetings was the adoption of an international standard called the International Requirements for Interception that possessed similar characteristics to CALEA from the United States. In 1995 the Council of the European Union approved a secret resolution adopting the ILETS. Following its adoption and without revealing the role of the FBI in developing the standard, many countries have adopted laws to this.

Virtual Shadows, 2009

The question is, do we trust our governments to do what is right in the name of public safety, i.e. not abuse their power during times of crises, and pandemics? To be honest, we don’t have much choice, as much as we kick and scream, what it boils down to is that if a pandemic breaks out which can kill 80% of the population, these type of questions will not be asked. What about afterwards, in the wake of such a disaster? I guess we will be just grateful to be alive, even the politicians and faceless bureaucrats.

This is why the use of privacy by design in application development are of paramount importance, and I think this should be the focus of discussions hereon. ENISA published a useful paper in 2015 which can be used as a great inspiration. It would be great to see some evolutions on this paper on moving forward. There are some technologies out there, pathing the way into new territories, and it could take some time before we get absolute privacy on the use of any digital technology.

IMHO Privacy by Design embedded in all technology is where our energy should be placed. Words come cheap, action for long term change is often missed in the heat of the argument. The point is missed given the context, and human behaviour which results in getting nowhere; or somewhere, where we don’t want to be.

Draft rules on use of personal information in China

Really interesting post on rules concerning the use of personal information in China.

If you make it to the end of the article 😉 I am very much of the same opinion as the author, in that okay to have rules but what about enforcement. Also is the actual intentions of the Chinese authorities? Are they really after protecting the human rights of the Chinese citizen, or is this another ploy to enforce registration of identity, hence make anonymous access to online resources impossible. This restricts freedom of speech… as if it is not already enough given existing controls…

You are being tracked!

Unless you opt out. At least that’s what some researchers are claiming. It seems that certain mobile phones, namely those hosting windows7 OS and the iPhone. Apparently the windows smartphone does this even after you’ve switched off this functionally.

This has gone to the law courts in the US now

Now you maybe thinking that well it is common knowledge that our phones can be tracked? And sure this is correct. However what is important here are 2 things 1) consent, the phone holder needs to consent to this, and 2) the data is actually in this example being collected and stored in a database. This means that not only are you being tracked without your knowledge, but this data can later be mined. Powerful personal data. And this is happening for your children who have mobile phones too…..

Love / Hate and location tracking

I was watching TV last night, I think it was ‘bones’. There was a dating service whereby via your mobile phone you could pick up if anyone else registered to that dating service within a 100 metres (or something similar) and a message would pop-up “Love / Hate” and a picture of the person.

Question I have is does this type of dating service really exist? A service that links your mobile phone tracking services to your profile on the dating service, and in correlation with other registered members/phones in the immediate vicinity. Would love to hear from you! Thanks.

Celebrities Big Brother ‘white trash’ brings in RFID for entertainment

The Celebrity Big Brother program has moved on to another dimension in their surveillance with the use of RFID on participants, just for our entertainment. It is pretty sad that we are a nation that feel entertained by such ‘white trash’. Have we nothing better to do with our time than to take part or watch these programs that encourage surveillance to a level of acceptance in a society where surveillance and location tracking is increasing on endemic scales.

I wonder how many of us come home each evening, and switch on the TV before even taking off our shoes, or changing our clothes to something more casual? I wonder how many of our brains are turning to vegetables as we sit in front of our TV to be enterained by this ‘white trash’? I wonder how many of us eat our dinner in front of the TV?

Thank goodness for blogging and social networking, for that our children are not lured by the ‘television generation’ that I guess that I am a part of. There is much negative to be said with children going online, but at least they need to think, act and make decisions whilst sat in front of their computer. Not like those of us that vegetate in front of the TV.

If you can think of any intelligent reason for the benefits of TV vegetation and this type of ‘white trash’ please share. I am always open to adapting my opinions if the arguments are compelling enough.

The mobile phone as an ultimate personal marketing machine

It seems that advertisers have been getting pretty excited about the potential of the mobile phone. This is no surprise when you consider that cellular carriers possess terabytes of demographic data on their users and they even know where the caller is. Your mobile phone gives all of this away. Advertisers today have the potential to mould campaigns that can be aimed at specific age, gender, income and lifestyle segments and locations. This is bringing advertisers around the world close to their long dreamed of vision: the mobile phone as an ultimate, targeted, personal marketing machine.

The new Google phone is right on, dubbed the G1, has been touted as a working man’s smartphone — a cheap, Web-friendly wireless device that can make life easier for millions of consumers. The G1, as it turns out, also stands to make life a whole lot easier for Google — by making it a snap to track your movements on the mobile Web and send you ads as it does on the desktop. The device, sold exclusively by T-Mobile, gives Google access to your e-mail, instant messages, contact lists, Web-search history and geographic location. By keeping tabs on your mobile life, Google (GOOG) can quickly figure out what sort of ads to send your way, and when

“It’s like a walking surveillance device,” says Jeffrey Chester, executive director of the Center for Digital Democracy, a consumer watchdog group.

Mobile advertising is still relatively new — G1 users, for now, get ads only through search results, for instance — but it’s clearly a hot spot. The market is expected to reach $2.2 billion by 2012, from about $800 million now, according to JupiterResearch. Ultimately, it could surpass the traditional Web, now a $20 billion ad market. Read more…

Thank you Jack for sending this my way 🙂

Is Google tracking me?

This is a good question. Google have just realised a new service called Latitude. Latitude lets smartphone and laptop users share their location with friends and allows those friends to share their locations in return. Although not pinpoint accurate, Latitude can display your general location based on information from GPS satellites and cell towers. Latitude works on both mobile devices and personal computers.

From a privacy perspective, it is an opt-in service (i.e. you have to ask to get it, it is not provided automatically without asking your permission first) which is good. It also gives a choice of levels of visibility. However the privacy concerns are similar to that as with the increasing practice of tracking mobile phones today. Apart from the obvious risks to privacy, e.g. everyone getting to know where everyone is, that is if you care, and Google holding more information than what they have promised, finally providing yet another vector for surveillance by government authorities. There is the concern for the privacy and safety of children. 

It risks in fact becoming quite a fashionable thing to do amongst young people, and in just 5 years we may even forget how life was without this service. Children today will be sharing their location information with their friends, and if they are unable to determine the difference between online friends and real friends the risk of physical sexual exploitation is higher than what it is today.

Children are easily befriended online. If they agree to share their location information with someone that has befriended them, and has in fact intentions to groom them. The online grooming process (this is described in the book “Virtual Shadows”) is speeded up significantly. It will give the predator the child’s movement data to help them to build up a profile of the victim.  Latitude will in effect become yet another tool in the existing toolkit used by online predators to groom any individual child ready for sexual abuse.

Following is a clip from google explaining the privacy features of the service.