Weekly Newsletter: 2 August – 6 August 2021
GDPR EU Representative

August 9, 2021

Schrems has Facebook data processing in sights for next coup

[#IrishDataProtectionAuthority #Facebook #EUCourtofJustice #SchremsII]

“Max Schrems, the privacy activist who brought down the EU-US Privacy Shield data transfer agreement, spoke to EURACTIV Germany about his new case against Facebook, which he hopes could turn the tech giant’s entire data processing model upside down.

Following the Austrian Supreme Court’s referral in July of Schrems’ case to Luxembourg, the EU Court of Justice will now decide whether Facebook’s processing of personal data is compatible with European law. If the EU Court were to rule in his favour, this would mean that “a large part of the data processing carried out by Facebook in Europe was illegal,” said Schrems, adding that “each individual user could then claim damages from Facebook.” […]

Facebook is also facing a probe from the Irish data protection authority that might lead to the stoppage of data transfers with the United States, which would cause a very significant disruption to the way the social network currently operates.”

To read more: Click here

Zoom settles class action privacy lawsuit for $85m 

[#Google #Facebook #Linkedin #Privacy #Zoom #PersonalData] 

“Zoom Video Communications has agreed to pay $85 million and bolster its security practices in a class action lawsuit filed Saturday afternoon. The lawsuit alleges that Zoom invaded the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn, as well as failing to prevent hackers from disrupting Zoom meetings, also known as “zoombombing.” […]

Should the settlement be approved, Zoom subscribers included in the class action would be eligible for 15% refunds on their subscriptions or $25, whichever is larger, while others could received up to $15. The preliminary settlement also includes a provision that the firm will provide its staff with specialised training in data handling and privacy. The settlement is still subject to approval by US District Judge Lucy Koh in San Jose, California.”

To read more: Click here


Amazon will pay you $10 in credit for your palm print biometrics 

[#Amazon #Biometric #SensitiveData #DataPrivacy] 
“How much is your palm print worth? If you ask Amazon, it’s about $10 in promotional credit if you enroll your palm prints in its checkout-free stores and link it to your Amazon account.

[…] What’s Amazon doing with this data exactly? Your palm print on its own might not do much — though Amazon says it uses an unspecified “subset” of anonymous palm data to improve the technology. But by linking it to your Amazon account, Amazon can use the data it collects, like shopping history, to target ads, offers and recommendations to you over time. Amazon also says it stores palm data indefinitely, unless you choose to delete the data once there are no outstanding transactions left, or if you don’t use the feature for two years.

While the idea of contactlessly scanning your palm print to pay for goods during a pandemic might seem like a novel idea, it’s one to be met with caution and skepticism given Amazon’s past efforts in developing biometric technology. Amazon’s controversial facial recognition technology, which it historically sold to police and law enforcement, was the subject of lawsuits that allege the company violated state laws that bar the use of personal biometric data without permission.”

To read more : Click here

Food Delivery Services Face GDPR Fines Over AI Algorithms

[#ArtificialIntelligence #Italy #Foodinho #Deliveroo #GDPR] 
“Italy’s privacy regulator has slammed two of the country’s biggest online food delivery firms – Deliveroo and Foodinho – with multimillion euro fines for using algorithms that discriminated against some “gig economy” workers. […]

The regulator said that workers could be penalized based on how artificial intelligence – aka machine learning – algorithms were being used to assess their work. But those algorithms remained secret, and workers had no way to appeal any such assessment. In addition, the regulator said, the firms could not prove that their algorithms were not being discriminatory.

As a result, Italy’s data protection authority, known as the Garante, on Monday announced a 2.9 million euro ($3 million) fine against Deliveroo for violating the EU’s General Data Protection Regulation. […] “Both cases have important lessons for technology businesses in particular and show some of the conflicts between AI and GDPR,” says attorney Jonathan Armstrong, a partner at London-based law firm Cordery.”

To read more: Click here

Facebook defends move to block independent ad transparency research

[#Facebook #Freedomofexpression #FTC #Transparency] 

“Facebook Inc. strongly defended its decision to disable the accounts of independent ad transparency researchers, in a move that has been criticized by the U.S. Federal Trade Commission. Facebook said it disabled the accounts, apps, pages, and platform access for NYU’s Ad Observatory Project and participating researchers because their work violated its rules. […]

“While the Ad Observatory project may be well-intentioned, the ongoing and continued violations of protections against scraping cannot be ignored and should be remediated.” […]

Facebook’s explanations seem to have not convinced the U.S. Federal Trade Commission, which criticized the company for making “misleading claims” to explain why it had disabled the accounts of researchers.”

To read more: Click here