"Don’t judge a book by its cover – how a technology is named doesn’t tell you how it is used. This is the case with Data Clean Rooms (“DCRs”), which are not rooms, do not clean data, and have complicated implications for user privacy, despite their squeaky-clean name.

Data Clean Rooms are cloud data processing services that let companies exchange and analyze data, restrained by rules that limit data use. They are typically used when two companies want to exchange limited information about their customers. For example, a newspaper and a grocery store might use a DCR to evaluate the efficacy of an advertisement by identifying grocery sales made to newspaper subscribers. However, a close examination of DCRs yields an evergreen lesson: even if privacy enhancing technologies alone can’t protect privacy and even if they address some privacy risks, they can contribute to others.

In some cases, DCRs can add privacy protections to the handling of consumer data. In others, disclosure of consumer data via DCRs presents the same privacy risks as disclosure through other means like tracking pixels. DCRs, like other technologies that claim to protect privacy, can also be used to obfuscate privacy harms."

https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/11/data-clean-rooms-separating-fact-fiction

#USA #FTC #DataCleanRooms #DCRs #Privacy #DataProtection

"Officials inside the Secret Service clashed over whether they needed a warrant to use location data harvested from ordinary apps installed on smartphones, with some arguing that citizens have agreed to be tracked with such data by accepting app terms of service, despite those apps often not saying their data may end up with the authorities, according to hundreds of pages of internal Secret Service emails obtained by 404 Media.

The emails provide deeper insight into the agency’s use of Locate X, a powerful surveillance capability that allows law enforcement officials to follow a phone, and person’s, precise movements over time at the click of a mouse. In 2023, a government oversight body found that the Secret Service, Customs and Border Protection, and Immigration and Customs Enforcement all used their access to such location data illegally. The Secret Service told 404 Media in an email last week it is no longer using the tool."

https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/

#USA #LocationData #Geolocation #Surveillance #Privacy #DataProtection #Intelligence #LocateX

"On Monday Amazon confirmed a breach of employee data which was published on a crime-focused forum, according to a statement from Amazon to 404 Media.

The data includes the employees’ name, work contact information, and what location they work at, and has more than 2.8 million lines of data, according to the post on Breach Forums. The post says the source of the data was MOVEit, which is suite of cloud data management tools.

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about [a] security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” an Amazon spokesperson told 404 Media in an email."

https://www.404media.co/amazon-confirms-breach-of-employee-data/

#Amazon #DataBreach #DataProtection #Privacy #Hacking #CyberSecurity

"The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit “emergency” data requests.

The FBI’s public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone’s life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an “uptick” around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” reads the FBI’s advisory."

https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/

#USA #CyberSecurity #FBI #Hacking #Privacy #DataProtection #DataBreaches

Weekly Update 📰

▶️ We published a new article: "The New German #Security Package: #Digital #Surveillance and #DataProtection". More in our #blog: https://www.vioffice.de/blog/sicherheitspaket-digitale-ueberwachung/ 🇬🇧🇩🇪

▶️ ViOffice Cloud for free! Use our full ViOffice #Cloud with up to 3GB storage including all functions (storage, chat, videocall, groupware, taskboard, polls and more) for free. Register at: https://cloud01.vioffice.de/apps/registration/ 🚀

From last month - 23andMe settles data breach lawsuit for $30 million
By Jonathan Stempel
https://www.reuters.com/technology/cybersecurity/23andme-settles-data-breach-lawsuit-30-million-2024-09-13/
#biotech #dataprotection #privacy #classaction #settlement

Changes in the UK Data Protection and Digital Information Bill will exacerbate the existing power imbalances that migrants, refugees and asylum seekers have over their data.

This will lead to significant harms and an expansion of the #DigitalHostileEnvironment.

Read our briefing for more ⬇️

#dataprotection #DPDIBill #privacy #migrants #GDPR #ukpolitics

https://www.openrightsgroup.org/publications/briefing-how-the-dpdi-bill-harms-migrants-data-rights/

‘The Dutch Data Protection Authority (AP) is imposing a fine of €10 million on Uber. The fine is in response to the company's failure to disclose the full details of its retention periods for data concerning European drivers, or to name the non-European countries in which it shares this data. The DPA also found that Uber had obstructed its drivers’ efforts to exercise their right to privacy.’ https://autoriteitpersoonsgegevens.nl/en/current/uber-fined-eu10-million-for-infringement-of-privacy-regulations #uber #law #tech #gdpr #privacy #surveillance #dataprotection

If the government has its way, we'll be vulnerable to our data being used against us and less able to do anything about it.

Here's what's wrong with the #DataGrabBill ⬇️

🦾 Take action: https://action.openrightsgroup.org/hands-off-our-data

#HandsOffOurData #DataGrab #GDPR #DPDI #DPDIBill #dataprotection #privacy #ukpolitics

The outgoing Biometrics Commissioner has warned that regulation is falling behind advances in biometric surveillance.

The #DataGrabBill will gut the controls on the use of facial recognition and Automatic Number Plate Recognition, allowing for intrusive surveillance.

#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition #surveillance

https://www.bbc.co.uk/news/technology-64583997

'As part of its bonfire of regulations' the #DataGrabBill will scrap the Biometrics and Surveillance Camera Commissioner in the UK.

The Bill moves the Commissioner's duties to the Information Commissioner's Office and removes the Surveillance Camera Code governing police and local authorities.

#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition

https://techmonitor.ai/policy/privacy-and-data-protection/police-cctv-code-of-conduct

Facial recognition is expanding in the UK with little oversight, despite privacy risks and biased algorithms.

The #DataGrabBill will only widen the regulatory gap over the use and rampant collection of biometric data for surveillance.

#HandsOffOurData #DataGrabBill #GDPR #DPDIBill #dataprotection #privacy #ukpolitics #facialrecognition

https://www.openrightsgroup.org/blog/uk-facial-recognition-no-consent-no-oversight/