Getting you up to speed with all the latest in the Catching up.
Gold rush/Brexit woes/Android double clampdown/GDPR cookie consent/Secret Instagram profiling/Scared Sundance.
The next gold rush…
San Fran-based investment firm SparkLabs Global Ventures has published an article about the new “gold rush” for cultivated data (such as ERP data). It highlights the fact that many industries are only just beginning to understand the importance of obtaining actionable customer insights. With Fortune 1000 companies more willing to pay for cultivated data, it is now becoming appropriately valued and even key to a company’s success. The article also points out that with the lack of AI experts on the market, analytics platforms today not only need to give users access to data that is both relevant and actionable but that also empowers them to become their own data scientists. Data that is accessible to everyone is the future and “the time to mine it for insights and prosperity is now”.
Brexit and data flows
With Brexit looming, companies are being advised to prepare for a no-deal scenario. Many DPOs will therefore be looking for alternative ways to legally transfer data once Britain leaves the EU. One of the safeguards companies can use to transfer data in compliance with the GDPR is Standard Contract Clauses (SCCs), as recommended by the UK ICO. SCCs are standard sets of contractual terms and conditions which the sender and the receiver of the personal data both sign up to. They include contractual obligations which help to protect personal data when it leaves the EU and the protection of the GDPR.
However, companies relying on SCCs may have cause for concern with upcoming cases challenging their legality of SCCs in the European Court of Justice. Repeated hearings in the past have shown the extent to which US authorities (i.e. surveillance agencies) engage in the mass processing of European’s data and have questioned whether SCCs provide enough protection. While multinational companies will surely take advantage of (costly and time-consuming) Binding Corporate Rules, SMEs who currently rely on SCCs are being advised to stay up to date with the latest information and see how the Brexit saga rolls out in a few weeks.
Android under fire
Google has been once again been accused of abusing its dominant position on Android by placing its default search engine on it. German ‘ethical’ search engine Ecosia has charged Google with artificially limiting user options with unethical, anti-competitive and damaging monopolistic behaviour. Google announced in early August that it will hold an auction to allow alternative search engines to become the default providers on mobile devices in Europe from 2020. This means that all users who set up a new Android device, or factory reset their existing device, will see a choice screen asking them to choose which search engine they want to use as a default – essentially making Google’s competitors pay at auction for each installation of a non-Google search engine. Following on from its $5 billion fine in 2018 by European Union regulators, this is more smooth work from the tech giant…
Android pay-out for 28 million French users?
Google is also in the limelight in France once again, this time by consumer rights group UFC-Que Choisir, accused of “drowning consumers in endless confidentiality rules”. A first of its kind for both France and Europe, this compensation claim could mean that 28 million Android users in the country are eligible for up to €1000 each. The group’s president, Alain Bazot points out that your phone geolocates you 340 times a day even when you’re not using any of Google’s services, which constitutes a genuine “invasion of privacy”. He also advocates pursuing more class action lawsuits against the major tech companies, calling Google’s €50 million CNIL fine a mere ‘mosquito bite’ out of its $36.3 billion revenue from last year.
GDPR cookie-consent pop-ups: “meaningless and manipulative”
A recent study has flagged up the dubious nature of the GDPR cookie-consent notices that bombard users on a daily basis. In a paper entitled (Un)informed Consent: Studying GDPR Consent Notices in the Field,co-authored by academics at Ruhr-University Bochum, Germany, and the University of Michigan in the US, researchers gathered 1000’s of online cookie notices and looked at the range of cookie consent mechanisms in place. It turns out that many use subversive techniques to obtain consent and that “the vast majority of cookie consent notices are not compliant with European privacy law” – who would have guessed?
Instagram ad partner’s secret user-tracking
Instagram ad partner Hyp3r reportedly collected and stored location and other data secretly on millions of users. Hyp3r is a location-based marketing platform that allows advertisers to target users attending specific events. Listed until recently in the official Facebook Marketing Partners directory, the company was taking advantage of Instagram’s Location pages to collect and save personal account stories and build detailed shadow user-profiles. The fact that Facebook allowed such a blatant violation of the prohibition against automated data collection to carry on for so long remains a mystery.
How to terrify Sundance audiences
On a lighter note (!!!), The Great Hack caused quite a stir at the Sundance festival this year. Labelled as “one of 2019’s best horror films” the film looks into Cambridge Analytica, election rigging and how our data has become weaponised. Here’s an in-depth article by data-privacy crusader Carole Cadwalladr who also features heavily in the film. 1984-style mass data manipulation and global brainwashing – what better way to round off the summer holidays?
See you next time on the Internets!
Credits: Netflix.com 2019