Other Developments, Further Reading, and Coming Events (23 August 2021)

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Other Developments

  • Luxembourg’s National Commission for Data Protection (CNPD) confirmed “that its restricted panel issued a decision on July 15th, 2021 regarding Amazon Europe Core S.à r.l within the European cooperation and consistency mechanism as foreseen by article 60 of the General Data Protection Regulation (GDPR)” in light of Amazon revealing the ruling. In a quarterly United States (U.S.) Securities and Exchange Commission (SEC) filing, Amazon revealed that CNPD fined the company more than $880 million for violating the General Data Protection Regulation, the largest fine to date. The CNPD continued:
    • However, the national law on data protection binds the CNPD to professional secrecy (Article 42) and prevents it from commenting on individual cases.
    • In addition, the full and clear publication of the decisions of the CNPD is considered as a supplementary sanction (Article 52). Therefore, it cannot publish any decision before the deadlines for appeals have expired.
    • An appeal against the decisions of the CNPD can be made before the Administrative Tribunal, which rules on the merits of the case. The time limit for lodging an appeal is three months.
  • Australian Attorney-General Michaelia Cash reappointed Australian Information Commissioner and Privacy Commissioner Angelene Falk for another 3-year term lasting until August 2024. Cash stated:
    • I am pleased to announce that Ms Angelene Falk has been reappointed as Australian Information Commissioner and Privacy Commissioner for a period of three years.
    • Since her appointment in 2018, Ms Falk has effectively led the Office of the Australian Information Commissioner (OAIC). She has worked to increase the Australian public’s trust and confidence in the protection of personal information by promoting the understanding of privacy issues and effectively resolving privacy complaints and investigations.
    • Under Ms Falk’s leadership, the OAIC has launched its first civil penalty proceedings for an interference with privacy, implemented the Consumer Data Right privacy safeguards, increased international regulatory cooperation and provided guidance on a range of privacy issues that have emerged throughout the course of the COVID-19 pandemic.
    • On behalf of the Australian Government, I congratulate Ms Falk on her reappointment and thank her for her tireless work in these important roles.
    • In her statement on being reappointed, Falk remarked:
      • This is a pivotal time for both privacy and freedom of information. Over the next 3 years we will uphold and advance these rights to enable citizens and businesses to safeguard personal information and harness its benefits, for individuals and the economy, while we encourage an open-by-design approach to information access across government.
      • This includes regulating the online environment and high privacy impact technologies, expanding the Consumer Data Right, advising on and implementing proposed reforms to the Privacy Act 1988, and increasing proactive publication of government held information.
      • In tackling the tasks ahead I look forward to continued national and international cooperation with privacy, information access, cybersecurity, online safety, and consumer protection regulators. I thank OAIC staff for their commitment and support as we serve the Australian community in the public interest.”
  • France’s Commission nationale de l’informatique et des libertés (CNIL) published “8 recommendations to enhance the protection of children online.” In its press release, CNIL stated:
    • In 2018, the entry into force of the GDPR significantly changed the legal landscape by introducing, for the first time, specific provisions dedicated to children into European data protection law. In particular, they require age-appropriate information, provide for the reinforcement of their right to be forgotten and an ability to consent, under certain conditions, to the processing of their data (only over the age of 15 or with their parents for children under 15). They also call for particular vigilance with regard to the profiling of children. However, these texts have given rise to certain questions and a need for clarification, in particular to specify their practical implications and their relationship with national law, notably contract and family law.
    • These recommendations follow a very successful public consultation (with over 700 contributions) and a survey conducted in 2020, but also in-depth legal analysis including active international monitoring.
    • The CNIL wanted to understand children’s perspectives and involve them in its reflection. In addition to the survey, which was carried out in 2020 among young people to find out more about their digital practices and their parents’ perceptions of them, the CNIL has launched a series of workshops with children to gather their perceptions of privacy and data protection, and to create interfaces and information methods with them that they understand and which respect their rights.
    • CNIL listed its recommendations:
      • Regulate the capacity of children to act online
      • Recommendation 1
      • Children represent one of the largest user groups of social networks. By creating an account and ticking a box to agree to the terms and conditions, they are in fact entering into a contract. 
      • Encourage children to exercise their rights
      • Recommendation 2
      • There are several legal and practical reasons why children should be allowed to exercise their own digital rights.
      • Support parents with digital education
      • Recommendation 3
      • Parents are key when it comes to the digital education of children. But they need to be given ways to help them protect their rights, while respecting their best interests.
      • Seek parental consent for children under 15
      • Recommendation 4
      • The law does to a certain degree accept a child’s consent to the processing of data, accompanied by parental consent when the child is under 15. 
      • Promote parental controls that respect the child’s privacy and best interests
      • Recommendation 5
      • Parental controls are a tool for protecting children online. However, the CNIL calls for vigilance when it comes to certain very intrusive features.
      • Strengthen the information and rights of children by design
      • Recommendation 6
      • Everyone, even children, must be properly informed about how their data is used. This information should be age-appropriate and accessible.
      • Check the age of the child and parental consent while respecting the child’s privacy
      • Recommendation 7
      • Checking a child’s age and parental permission is a complex but crucial issue: how can we protect children if we cannot identify them or know who has parental authority?
      • Provide specific safeguards to protect the interests of the child
      • Recommendation 8
      • Strengthening the rights of children should also involve specific protection measures by design on the websites, services and apps they are likely to use.
  • The United Kingdom’s Department for Digital, Culture, Media & Sport (DCMS) is calling “for views on amending the incident reporting framework for digital service providers within the Network & Information Systems (NIS) regulations.” DCMS explained:
    • This document sets out the government’s approach to rectify an EU-Exit related deficiency in the Network and Information Systems legislation surrounding incident reporting thresholds for digital service providers.
    • This call for views seeks feedback on the government’s proposal to move incident reporting thresholds from legislation to [the Information Commissioner’s Office] (ICO) guidance.
    • DCMS outlined London’s proposed approach:
      • 4.1 The Government is proposing to lay a statutory instrument to amend the NIS Regulations and Commission Implementing Regulation 151/2018.
      • 4.2 The proposal is to revoke Article 4 from the UK retained version of Commission Implementing Regulation 151/2018 (which sets out the thresholds) and allow the Information Commissioner’s Office, as the Competent Authority for digital service providers, to set the thresholds at a more appropriate level through guidance. The Information Commissioner’s Office has agreed to subject the new thresholds that they will propose to further consultation with relevant digital service providers.
      • 4.3 Having the incident reporting thresholds in guidance is consistent with the approach taken by other NIS competent authorities in the UK, and will allow the Information Commissioner’s Office to develop thresholds that are appropriate and proportionate to the UK.
  • Senators Richard Blumenthal (D-CT), Marsha Blackburn (R-TN), and Amy Klobuchar (D-MN) introduced the “Open App Markets Act,” (S.2710) that they argued “would set fair, clear, and enforceable rules to protect competition and strengthen consumer protections within the app market.”
    • Two companies, Google and Apple, have gatekeeper control of the two dominant mobile operating systems and their app stores that allow them to exclusively dictate the terms of the app market, inhibiting competition and restricting consumer choice. 
    • Mobile devices are central to consumers’ economic, social, and civic lives, and the mobile app market is a significant part of the digital economy. In 2020 alone, U.S. consumers spent nearly $33 billion in mobile app stores, downloading 13.4 billion apps.
    • According to numerous reports, including testimony provided in a Senate Judiciary Antitrust Subcommittee hearing held in April and chaired by Klobuchar, both Apple and Google have appeared to use their powerful gatekeeper control to stifle competition in the app store market. For example, Apple has prevented the creation of third-party app stores on iPhones, required that apps exclusively use their own expensive payment system, and penalized app developers for telling users about discounted offers. These strict terms close off avenues of competition and drive up prices for consumers. Startups also face serious challenges when Big Tech gatekeepers are able to prioritize their own apps to the disadvantage of others, make use of competitors’ confidential business information, and block developers from using features on a consumers’ phone.   
    • The Open App Markets Act would protect developers’ rights to tell consumers about lower prices and offer competitive pricing; protect sideloading of apps; open up competitive avenues for startup apps, third party app stores, and payment services; make it possible for developers to offer new experiences that take advantage of consumer device features; give consumers more control over their devices; prevent app stores from disadvantaging developers; and set safeguards to continue to protect privacy, security, and safety of consumers.
  • Amazon and GoPro unsealed “a jointly filed lawsuit against seven individuals and two entities (the “defendants”) for counterfeiting GoPro’s popular camera accessories, including the floating hand grip, “The Handler,” and the “3-Way” grip, extension arm, and tripod mount.” The companies stated that “[t]he defendants attempted to offer the infringing products in Amazon’s store, violating Amazon’s policies, infringing on GoPro’s trademarks, and breaking the law.” Amazon and GoPro stated:
    • The lawsuit was filed in the United States District Court for the Western District of Washington and alleges that the nine defendants used GoPro’s registered trademarks without authorization to deceive customers about the authenticity and origin of the products and create a false affiliation with GoPro. Amazon closed the defendants’ selling accounts and proactively refunded the impacted customers.
    • Amazon strictly prohibits infringing and counterfeit products in its store, and in 2020, Amazon invested more than $700 million and employed more than 10,000 people to proactively protect its store from fraud, counterfeit, and abuse. Amazon uses industry-leading tools to verify potential sellers’ identities and ensure product listings are authentic, and Amazon’s proprietary systems analyze hundreds of unique data points to verify information provided by potential sellers. In 2020, only 6% of attempted new seller account registrations passed Amazon’s robust verification processes and listed products for sale. In addition, fewer than 0.01% of all products sold on Amazon received a counterfeit complaint from customers
    • In June 2020, Amazon launched its Counterfeit Crimes Unit, a global team dedicated to pursuing counterfeiters and holding them accountable to the fullest extent of the law, including by working through the court system and in partnership with law enforcement.Amazon has filed a series of lawsuits against counterfeiters, including a suit against individuals using social media to promote and facilitate the sale of counterfeits, as well as joint lawsuits with apparel manufacturer HanesBrands, Italian luxury brands Valentino and Ferragamo, cosmetics brand KF Beauty, family travel accessory brand JL Childress, cooler manufacturer YETI, family-owned-and-operated card game company Dutch Blitz, and global board game publisher Asmodee.
  • The European Parliament’s Think Tank issued a briefing titled “European Union data challenge,” and the Think Tank explained:
    • As the discussion on governance of industrial data intensifies, especially after the adoption of the proposal on the Data Governance Act and in the wake of the European Data Act, the question of what is exactly industrial data remains unanswered. The notion of industrial data is not defined in any of the legal documents or legislative proposals, and the reference to it is a fairly recent development. In the past, a more clear-cut term ‘machine-generated data’ was used that potentially allowed for an easier definition and delimitation of this type of data from other data. The 2017 Communication ‘Building a European data economy’ defines with a high degree of precision that machine-generated data are those ‘created without the direct intervention of a human by computer processes, applications or services, or by sensors processing information received from equipment, software or machinery, whether virtual or real’. Therefore, machine-generated data may be created across all industrial sectors, including transport, energy, healthcare, manufacturing, ICT and others, but they go beyond data created in relation to narrowly understood industrial processes.
    • The Think Tank reached these findings:
      • The exponential growth and importance of data generated in industrial settings have attracted the attention of policymakers aiming to create a suitable legal framework for its use. While the term ‘industrial data’ has no clear definition, such data possess certain distinctive characteristics: they are a subset of big data collected in a structured manner and within industrial settings; they are frequently proprietary and contain various types of sensitive data.
      • The General Data Protection Regulation (GDPR) rules remain of great relevance for such data, as personal data is difficult to be filtered out from mixed datasets and anonymisation techniques are not always effective. The current and planned rules relevant for business to business (B2B) sharing of industrial data exhibit many shortcomings. They lack clarity on key issues (e.g. mixed datasets), increase the administrative burden for companies, yet not always provide the data protection that businesses need. They do not provide an additional value proposition for B2B data sharing and hinder it in some cases.
      • While this situation warrants policy intervention, both the instrument and its content should be carefully considered. Instead of a legal instrument, soft law could clarify the existing rules; model terms and conditions could be developed and promoted and data standardisation and interoperability efforts supported.
  • National Institute of Standards and Technology’s (NIST) researchers “found that children are learning best practices, such as memorizing passwords, but are demonstrating a gap between their knowledge of good password practices and their behavior” in a new research paper according to the agency’s press release. NIST explained:
    • The researchers surveyed more than 1,500 kids from ages 8 to 18 who attended schools across the South, Midwest and Eastern regions of the U.S. Teachers administered two versions of the survey, one for third to fifth graders and the other for sixth to 12th graders. Each survey featured the same questions but had different age-appropriate language. 
    • On the plus side, results from the study showed that kids are learning best practices on passwords, such as limiting their writing of passwords on paper, keeping their passwords private, and logging out after online sessions. They’re also not burdened with a lot of passwords as adults are, with kids on average reporting they have two passwords for school and two to four for home.
    • The passwords that kids created often consisted of concepts reflecting the current state of their lives. Passwords referenced sports, video games, names, animals, movies, titles (such as “princess”), numbers and colors. Examples included “yellow,” “doggysafesecure” and “PrincessFrog248.” 
    • Password strength increased from elementary to high school students. Examples of stronger passwords among middle and high school students included “dancingdinosaursavrwhoop164” and “Aiken_bacon@28.”
    • But despite the evidence that kids are learning best practices, they also demonstrated bad password habits. They tended to reuse passwords, a habit that increased in frequency from elementary to high school students, and shared their passwords with their friends. “For adolescents, an important part of building friendships is building trust, which is shown with sharing secrets. Their perspective is that sharing passwords is not risky behavior,” said Choong.
    • The study also shed light onto what kids thought about passwords. The survey asked, “Why do people need passwords?” The answers were different for younger and older kids. Elementary students said safety was the primary reason, while for middle and high school students, privacy became more a more dominant answer.
    • Another notable finding was that younger kids relied on family support for creating and maintaining their passwords at home. This suggests that families play a central role in establishing best practices and that parents affect kids’ behavior with passwords.
  • Senators Brian Schatz (D-HI), Thom Tillis (R-NC), John Cornyn (R-TX), and Richard Blumenthal (D-CT) introduced the “Better Cybercrime Metrics Act” (S.2629) that “will improve data collection on cybercrimes, giving law enforcement and policy makers more tools to understand the size and scope of cybercrime in the United States.” Representatives Abigail Spanberger (D-VA), Blake Moore (R-UT), Andrew Garbarino (R-NY), and Sheila Jackson Lee (D-TX) introduced a companion bill in the House, H.R.4977. Spanberger, Moore, Garbarino, and Jackson Lee asserted “the Better Cybercrime Metrics Act would improve federal cybercrime metrics by:
    • Requiring the Government Accountability Office to report on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data,
    • Requiring that the National Crime Victimization Survey incorporate questions related to cybercrime in its survey instrument,
    • Requiring the U.S. Department of Justice to contract with the National Academy of Sciences to develop a taxonomy for cybercrime that can be used by law enforcement, and
    • Ensuring that the National Incident Based Reporting System – or any successor system – include cybercrime reports from federal, state, and local officials.”
  • The Federal Trade Commission (FTC) “announced that staff have submitted a comment urging the Board of Governors of the Federal Reserve System (the Fed) to clarify and strengthen the implementation of debit card fee and routing reforms to the Electronic Fund Transfer Act (EFTA) made under the Dodd-Frank Wall Street Reform Act of 2010 (Dodd-Frank).” The agency further asserted:
    • According to a 2019 study, Americans use debit cards almost twice as often as credit cards. Merchants, including millions of small businesses, must pay fees to card issuers, usually banks, and card networks like Visa and Mastercard, in order to accept debit cards. But merchants cannot select low-fee networks unless the issuer enables those networks. Typically, merchants work with payment processing companies to ensure that they get paid. When merchants pay high fees to accept payments, this can lead to price hikes for customers.
    • In the Dodd-Frank Act, Congress amended EFTA to promote competition among debit card networks by requiring debit card issuers to enable at least two networks so that merchants have a choice for routing electronic debit transactions. The Fed has rulemaking authority to implement these provisions, and the FTC enforces these rules with respect to card networks.
    • While mobile and electronic payments have been on the rise since 2010, the COVID-19 pandemic has accelerated that growth, with merchants and consumers shifting increasingly to ecommerce and digital marketplaces. As the Fed’s proposed rule recognizes, issuers do not provide sufficient options to merchants for these types of payments. The FTC staff endorsed the proposed rulemaking by the Fed which clarifies that a 2011 regulation applies both to transactions in which a physical debit card is used, and to “card-not-present transactions” that occur without use of a physical card, such as pay-by-phone or other electronic payments.
    • The FTC staff also called for rules that would prohibit debit card networks from exploiting an issuer’s position by paying incentives to that issuer based on how electronic debit transactions are routed by merchants using that issuer’s debit cards. According to the FTC staff comment, the Fed should “adopt revisions that ensure that debit card networks do not create incentives for issuers to evade Regulation II’s clear mandate that there be two unaffiliated networks available for each type of debit transaction, with each network a commercially reasonable alternative for merchants.” This addition would ensure that networks do not overburden merchants or consumers.
    • The Commission vote authorizing the staff comment to the Federal Reserve was 3-2. Commissioners Noah Joshua Phillips and Christine S. Wilson voted no

Further Reading

  • Rumble, a YouTube rival popular with conservatives, will pay creators who ‘challenge the status quo’” By Drew Harwell — The Washington Post. A fast-growing YouTube rival popular with conservative influencers has a new strategy to expand its online audience: Paying hundreds of thousands of dollars to well-known media personalities it says work to “challenge the status quo.” The Toronto-based upstart Rumble said Thursday that it has struck deals with former U.S. congresswoman Tulsi Gabbard, the journalist firebrand Glenn Greenwald and others who had committed to posting their videos first to the site.
  • Google Bans Location Data Firm Funded by Former Saudi Intelligence Head” By Joseph Cox — Vice’s Motherboard. Google has banned SafeGraph, a location data firm whose investors include a former head of Saudi intelligence, Motherboard has learned. The ban means that any apps working with SafeGraph had to remove the offending location gathering code from their apps. SafeGraph markets its data to government entities and a wide range of industries, but it also sells the data on the open market to essentially anyone.
  • What China Expects From Businesses: Total Surrender” By Li Yuan — The New York Times. When Pony Ma, head of the Chinese internet powerhouse Tencent, attended a group meeting with Premier Li Keqiang in 2014, he complained that many local governments had banned ride-sharing apps installed on smartphones. Mr. Li immediately told a few ministers to investigate the matter and report back to him. He then turned to Mr. Ma and said, “Your example vividly demonstrates the need to improve the relationship between the government and the market.”
  • Mark Zuckerberg and Sheryl Sandberg’s Partnership Did Not Survive Trump” By Sheera Frenkel and Cecilia Kang — The New York Times. Sheryl Sandberg knew she’d be asked about the attacks on the Capitol. For the past week, the country had been reeling from the violence in Washington, and with each passing day, reporters were uncovering more of the footprint left behind by the rioters on social media. Speaking to the cameras rolling in her sun-filled Menlo Park, Calif., garden, Ms. Sandberg confronted this question, one she’d prepared for: Could Facebook have acted sooner to help prevent this?
  • Big Tech Thought It Had A Billion Users In The Bag. Now It Might Be Forced To Make Hard Choices To Get Them.” By Pranav Dixit — BuzzFeed News. For more than 30 years, Manjul, who goes by his first name only, has skewered leaders from every Indian government in acerbic political cartoons splashed across the country’s biggest news publications and, in recent years, on social media. But until June, no one had ever threatened the titan of editorial cartooning. So when he saw an email from Twitter’s legal department in his inbox in June, he was surprised.
  • US recruits social media influencers to reach vaccine skeptics and dispel myths” — The Guardian. As a police sergeant in a rural town, Carlos Cornejo isn’t the prototypical social media influencer. But his Spanish-language Facebook page with 650,000 followers was exactly what Colorado leaders were looking for as they recruited residents to try to persuade the most vaccine-hesitant. Cornejo, 32, is one of dozens of influencers, ranging from busy moms and fashion bloggers to African refugee advocates and religious leaders, getting paid by the state to post vaccine information in hopes of stunting a troubling summer surge of Covid-19.
  • Inside the Secret Codes Hackers Use to Outwit Ransomware Cops” By Shannon Vavra — The Daily Beast. They used to be a safe space for hackers to coordinate attacks, but with online forums worried about unwanted attention from law enforcement, many have banned ransomware posts. And—as is usually the case in the whack-a-mole game of hacking—cybercriminals are finding a way around the new restrictions: a coded language to bypass suspicion. By the end of May, multiple hacking forums announced they were banning ransomware hackers and their advertisements following Russian cyberattacks against fuel supplier Colonial Pipeline and meat supplier JBS. Several forum administrators cited the amount of attention the ransomware attacks were getting as a reason to clamp down on those sorts of advertisements. And President Joe Biden warned in May that the U.S. wasn’t ruling out retaliatory cyberattacks against a ransomware gang behind the latest offensive against a massive fuel pipeline in the U.S.
  • Facebook unveils tools to protect Afghan people who fear becoming Taliban targets” By Katie Collins — c/net. As many Afghans hurry to hide their social media profiles out of fear the profiles will make them targets for Taliban violence, Facebook is launching new tools to help them delete their digital footprints. The move comes just days after the Taliban reclaimed Kabul, the Afghan capital, on Sunday, and announced they’d be taking power in the country for the first time in 20 years.
  • On Roblox, Kids Learn It’s Hard to Earn Money Making Games” By Cecilia D’Anastasio — WIRED. Roblox has become a video game titan, in recent years dominating the world of kids’ gaming and earning $454 million in revenue last quarter alone. A new report argues that success is built on exploiting young game developers, many of them children, who are making content for the game. As a platform, Roblox provides gamers the tools to both create and play an almost unfathomable array of “experiences,” from climbing an enormous stairway to running a restaurant to escaping a prison. Tens of millions of these games live on Roblox’s browser—hundreds of times more titles than exist on Steam. Every day, 43 million people play those games, mostly kids. Some of the most popular experiences have received billions of visits and earn their developers millions annually.
  • How The Daily Wire Uses Facebook’s Targeted Advertising to Build Its Brand” By Corin Faife — The Markup. Ben Shapiro, co-founder of The Daily Wire, a conservative media company, has mastered Facebook’s complex algorithms like no one else, posting links to stories from his publication that rank among the top 10 best performing posts on Facebook day after day after day. What’s the key to his success? As a recent NPR analysis shows, The Daily Wire’s sensationalist headlines garner a ton of engagement on a platform that rewards explosive content. But The Daily Wire is also a sophisticated user of Facebook’s advertising targeting tools to pinpoint users likely to be receptive to its outrage-driven brand of conservative content, The Markup has found.
  • NSA Awards Secret $10 Billion Contract to Amazon” By Frank Konkel — Nextgov. The National Security Agency has awarded a secret cloud computing contract worth up to $10 billion to Amazon Web Services, Nextgov has learned. The contract is already being challenged. Tech giant Microsoft filed a bid protest on July 21 with the Government Accountability Office two weeks after being notified by the NSA that it had selected AWS for the contract. The contract’s code name is “WildandStormy,” according to protest filings, and it represents the second multibillion-dollar cloud contract the U.S. intelligence community—made up of 17 agencies, including the NSA—has awarded in the past year.

Coming Events 

  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).
  • 30 September
    • The Federal Communications Commission (FCC) will hold an open meeting. No agenda has been announced as of yet.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Sabrina Mazzeo on Unsplash

Photo by insung yoon on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s