Further Reading, Other Developments, and Coming Events (4 February 2021)

CCPA, Coming Events, Cybersecurity, Data Flows, Data Protection, data security, EU, FCC, FTC, Further Reading, Misinformation, OSTP, Other Developments, privacy, Section 230, Social Media, Technology, Telecommunications 11 Minutes

Further Reading

  • Global Privacy Control wants to succeed where Do Not Track failed” By Russell Brandom — The Verge. A new effort to block tracking people across the internet and selling people’s information has launched, the Global Privacy Control. This initiative is looking to leverage a provision currently effective in the “California Consumer Privacy Act” (CCPA) (AB 375) that is also in the recently enacted “California Privacy Rights Act” (CPRA) (aka Proposition 24) that requires covered entities to honor when people opt out in a global fashion. This browser add on will transmit the message to websites and other entities that the user does not want to have her data sold, which will have to be honored under California law. The piece cites a Tweet from outgoing California Attorney General Xavier Becerra (D) endorsing the notion generally. Of course, much remains to unfold on this front, but it may prove an easy, effective way for people to guard their privacy.
  • A Former Comcast Employee Explains Why Low-Income WiFi Packages Aren’t Helping Students” By Caroline O’Donovan — BuzzFeed News. Comcast’s Internet Essentials seems insufficient for low-income families with multiple children needing to use videoconferencing for school. A group of students in Baltimore tried working with the company to increase the speed of this low cost package, but the company did nothing more than offer to help the students doing the advocacy. There are other stakeholders in the government and other sectors who think Comcast’s efforts are not enough in the midst of a pandemic.
  • Facebook Ad Services Let Anyone Target US Military Personnel” By Lily Hay Newman — WIRED. Researchers have turned up evidence that united states military personnel could be easily targeted with misinformation as part of attempts to radicalize them or run psychological operations on them. Facebook, naturally, denies there is any such capability with its targeted advertising system, and this new type of threat seems outside the scope of what most experts consider as the main threats from social media.
  • Nextdoor Is Quietly Replacing the Small-Town Paper” By Will Oremus — OneZero. There is another social media platform on which misinformation may be flourishing although perhaps at the cost of local media losing revenue. Nextdoor allows neighbors (but only those with snail mail addresses screening out the homeless) to share information, data, rumors, biases, paranoia, etc. And while the platform fences off each community (e.g., members of the Savannah, Georgia cohort cannot get access to the Jacksonville, Florida group), there is no seemingly effective mechanism to fight lies and misinformation. So it sounds much like the neighborhood WhatsApp group I’m on where one gentlemen is forever spamming everyone with anti-vaccine claims and news about how well Sweden was handling COVID-19 by doing nothing, at least until the government in Stockholm disavowed that approach. I find the WhatsApp group a breeding ground for racial and class biases, and a number of Nextdoor users are reporting the same. Moreover the platform is competing with local media for some of the same advertisers, exacerbating the trend of reduced revenue for media since Facebook and Google came to dominate the advertising market.
  • Google switches ad tracking tech ahead of Apple privacy update” By Rae Hodge — c/net. Google is taking a quieter path than Facebook in pushing back against Apple’s forthcoming change to its iOS that will prompt iPhone users to agree to letting apps track them (i.e., App Tracking Transparency (ATT) policy). Google is switching from the use of IDFA to another Apple tool, SKAdNetwork, which is considered not as good as IDFA.
  • Facebook strikes back against Apple privacy change, prompts users to accept tracking to get ‘better ads experience” By Salvador Rodriguez — CNBC. Speaking of Apple’s pending change, Facebook seems to be moving preemptively to start offering iPhone and iPad users a choice on letting the social media giant use their information to show them personalized ads. The Facebook popup will appear before Apple’s popup. We should probably expect an Apple countermove soon.

Other Developments

  • The Biden White House issued a “Memorandum on Restoring Trust in Government Through Scientific Integrity and Evidence-Based Policymaking” that will change how the United States (U.S.) government uses and deploys data and evidence. There are a range of actions for agencies inside the White House and the Administration to neutralize and remove procedures put in place during the Trump Administration that disregarded science.
    • In relevant part, the memorandum says:
      • Scientific findings should never be distorted or influenced by political considerations.  When scientific or technological information is considered in policy decisions, it should be subjected to well-established scientific processes, including peer review where feasible and appropriate, with appropriate protections for privacy.  Improper political interference in the work of Federal scientists or other scientists who support the work of the Federal Government and in the communication of scientific facts undermines the welfare of the Nation, contributes to systemic inequities and injustices, and violates the trust that the public places in government to best serve its collective interests.
  • Facebook Oversight Board issued its first decisions, overturning Facebook in four of the five cases. Facebook has committed itself to being bound by these decisions. The panel also made “nine policy recommendations to the company” in the decisions. The Oversight Board explained:
    • Facebook now has seven days to restore content in line with the Board’s decisions. The company will also examine whether identical content with parallel context associated with the Board’s decisions should remain on its platform. In addition, Facebook must publicly respond to any policy recommendations the Board has made in its decisions within 30 days.
    • The Oversight Board made the following decisions:
      • Overturned Facebook’s decision on case 2020-002-FB-UA to remove a post under its Community Standard on Hate Speech. The post commented on the supposed lack of reaction to the treatment of Uyghur Muslims in China, compared to the violent reaction to cartoons in France. Click here for more information.
      • Upheld Facebook’s decision on case 2020-003-FB-UA to remove a post under its Community Standard on Hate Speech. The post used the Russian word “тазики” (“taziks”) to describe Azerbaijanis, who the user claimed have no history compared to Armenians. Click here for more information.
      • Overturned Facebook’s original decision on case 2020-004-IG-UA to remove a post under its Community Standard on Adult Nudity and Sexual Activity. The post included photos of breast cancer symptoms which, in some cases, showed uncovered female nipples. Click here for more information.
      • Overturned Facebook’s decision on case 2020-005-FB-UA to remove a post under its Community Standard on Dangerous Individuals and Organizations. The post included an alleged quote from Joseph Goebbels, the Reich Minister of Propaganda in Nazi Germany. Click here for more information.
      • Overturned Facebook’s decision on case 2020-006-FB-FBR to remove a post under its Community Standard on Violence and Incitement. The post criticized the lack of a health strategy in France and included claims that a cure for COVID-19 exists. Click here for more information.
  • House Armed Services Committee announced the creation of a new cyber-focused subcommittee that will split off from the existing the Intelligence and Emerging Threats and Capabilities Subcommittee. The former chair of that subcommittee, Representative James Langevin (D-RI), will chair the Cyber, Innovative Technologies, and Information Systems (CITI) Subcommittee with jurisdiction over the following:
    • Cyber Security, Operations, and Forces
    • Information Technology, Systems, and Operations
    • Science and Technology Programs and Policy
    • Defense-Wide Research and Development (except Missile Defense and Space)
    • Artificial Intelligence Policy and Programs
    • Electromagnetic Spectrum Policy
    • Electronic Warfare Policy
    • Computer Software Acquisition Policy
    • Now the House Armed Services Committee will match the Senate Armed Services Committee, which as a Cybersecurity Committee established when the late Senator John McCain (R-AZ) chaired the full committee.
  • The European Union Agency for Cybersecurity (ENISA) published a report “on pseudonymisation for personal data protection, “Data Pseudonymisation: Advanced Techniques and Use Cases,” providing a technical analysis of cybersecurity measures in personal data protection and privacy.” ENISA stated:
    • As there is no one-size-fits-all pseudonymisation technique, a high level of competence is needed to reduce threats and maintain efficiency in processing pseudonymised data across different scenarios. The ENISA report aims to support data controllers and processors in implementing pseudonymisation by providing possible techniques and use cases that could fit different scenarios.
    • The report underlines the need to take steps that include the following:
      • Each case of personal data processing needs to be analysed to determine the most suitable technical option in relation to pseudonymisation;
      • An in-depth look into the context of personal data processing before data pseudonymisation is applied;
      • Continuous analysis of state-of-the-art in the field of data pseudonymisation, as new research and business models break new ground;
      • Developing advanced pseudonymisation scenarios for more complex cases, for example when the risks of personal data processing are deemed to be high;
      • Further discussion on the broader adoption of data pseudonymisation at EU and Member States levels alike.
  • The United States (U.S.) Chamber of Commerce’s Center for Capital Markets Competitiveness (CCMC) released a new report, “Digital Assets: A Framework for Regulation to Maintain the United States’ Status as an Innovation Leader,” “providing recommendations to help guide policymakers in developing a more closely coordinated response to the regulation of digital assets.” In its press release, the CCMC explained the “report has a focus on financial services regulatory systems due to their significant impact on digital assets and related blockchain innovation, and outlines several recommendations for promoting innovation in the digital assets space, including:
    • Implement technology-neutral regulation
    • Implement principles-based regulation
    • Avoid regulation by enforcement
    • Ensure good faith compliance
    • Establish regulatory flexibility
    • Create digital asset categorization
    • Establish a White House Task Force focused on digital assets
  • The Australian Securities and Investments Commission (ASIC) revealed that “an unidentified threat actor accessed an ASIC server containing attachments to Australian credit licence applications submitted to ASIC between 1 July 2020 and 28 December 2020.” ASIC added:
    • The cyber incident occurred due to a vulnerability in a file transfer appliance (FTA) provided by California-based Accellion and used by ASIC to receive attachments to Australian credit licence applications.
    • ASIC has determined that the credit licence application forms held within the server were not accessed. Analysis by ASIC’s independent forensic investigators shows no evidence that attachments were opened or downloaded.
    • However, the filenames of attachments for credit licence applications that were submitted to ASIC between 1 July 2020 and 28 December 2020 may have been viewed by the threat actor. For example, the credit licence applicant’s name or the name of an individual responsible manager, if these were used in the filename of the attachment (e.g. police check, CV) may have been viewed by the threat actor.
  • In a blog posting, the United Kingdom’s (UK) Information Commissioner’s Office (ICO) regarding “the recently agreed UK and EU Trade and Cooperation Agreement (TCA).” Information Commissioner Elizabeth Denham explained her view on data protection in the UK during the period when data transfers to the UK will be treated as if the European Union (EU) has an adequacy decision about UK law:
    • High standards and co-operation 
      • I must begin by welcoming the commitment by both the EU and UK to ensuring a high level of personal data protection, and to working together to promote high international standards.
      • As envisaged by the TCA, I look forward to developing a new regulatory relationship with European data protection authorities, sharing ideas and data protection expertise and co-operating on enforcement actions where appropriate. As evidenced by our work globally, regulatory cooperation remains key to ensuring we can protect the public’s personal data wherever it resides. The ICO will also continue to develop its international strategy.
    • Data flows: short term bridging provisions and adequacy
      • The TCA contains an important safety net, allowing transfers of data from the EU to UK to continue without restriction for four months whilst the EU considers the UK’s application for adequacy. This is the usual mechanism used by the EU to allow for continued data flow with third countries. This is very welcome news and was the best possible outcome for UK organisations given the risks and impacts of no adequacy. This bridge contained within the TCA will provide a legally robust mechanism that can give UK organisations confidence to continue digital trade in the coming months.
      • The EU has committed (in a Declaration alongside the TCA) to consider promptly the UK’s adequacy application. The Government is taking the lead on that process, with the ICO providing independent regulatory advice when appropriate. We’ll publish more details in due course as the outcome of the adequacy process becomes clear.
      • Whilst we wait for an adequacy decision, for the bridge to continue any new UK adequacy regulations, standard contractual clauses or ICO approvals of international transfer mechanisms, must be put before the TCA’s oversight mechanisms.
    • Data flows: keeping us safe
      • Our police and other law enforcement authorities, in the UK and EU, rely on sharing information with each other to prevent, investigate and prosecute crimes, and ultimately to keep us all safe.
      • Part three of the TCA sets out detailed provisions allowing data sharing for law enforcement. It includes arrangements for the transfer of DNA data, fingerprints, vehicle registrations and Passenger Name Record (PNR) data. It also allows for the UK to access data from EUROPOL and EUROJUST. Part three also contains important commitments to key elements of data protection and for the ICO to be consulted about data protection assessments related to PNR data.
      • I welcome the provisions in the TCA which bake-in the importance of high standards of data protection and international data flows for UK citizens and for the UK economy – they keep us safe, they support our economy, they keep us connected. In our ever-innovating, inter-connected world, my role is to make sure that data flows continue, and continue to protect UK citizens, so they can continue to enjoy digital services underpinned by a seamless flow of data.

Coming Events

  • The Federal Communications Commission’s (FCC) acting Chair Jessica Rosenworcel will hold a virtual Roundtable on Emergency Broadband Benefit Program on 12 February “a new a program that would enable eligible households to receive a discount on the cost of broadband service and certain connected devices during the COVID-19 pandemic.” The FCC also noted “[i]n the Consolidated Appropriations Act of 2021, Congress appropriated $3.2 billion” for the program.
  • On 17 February, the Federal Communications Commission (FCC) will hold an open meeting, its first under acting Chair Jessica Rosenworcel, with this tentative agenda:
    • Presentation on the Emergency Broadband Benefit Program. The Commission will hear a presentation on the creation of an Emergency Broadband Benefit Program. Congress charged the FCC with developing a new $3.2 billion program to help Americans who are struggling to pay for internet service during the pandemic.
    • Presentation on COVID-19 Telehealth Program. The Commission will hear a presentation about the next steps for the agency’s COVID-19 Telehealth program. Congress recently provided an additional $249.95 million to support the FCC’s efforts to expand connected care throughout the country and help more patients receive health care safely.
    • Presentation on Improving Broadband Mapping Data. The Commission will hear a presentation on the work the agency is doing to improve its broadband maps. Congress directly appropriated $65 million to help the agency develop better data for improved maps.
    • Addressing 911 Fee Diversion. The Commission will consider a Notice of Proposed Rulemaking that would implement section 902 of the Don’t Break Up the T-Band Act of 2020, which requires the Commission to take action to help address the diversion of 911 fees by states and other jurisdictions for purposes unrelated to 911. (PS Docket Nos. 20-291, 09-14)
    • Implementing the Secure and Trusted Communications Networks Act. The Commission will consider a Third Further Notice of Proposed Rulemaking that proposes to modify FCC rules consistent with changes that were made to the Secure and Trusted Communications Networks Act in the Consolidated Appropriations Act, 2021. (WC Docket No. 18-89)
  • On 27 July 2021, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by michelmondadori from Pixabay

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s