Major Car Brands Claim The Right To Collect Data On Your Sex Life (Issue 23, 2023)
UK is trying to break encrypted messaging and OpenAI potentially faces another massive fine
We’re delivering you the hottest internet news that affects all of us. Scroll down to read our full reporting below and if you love what we’re doing, please consider contributing $5 per month so that we can continue providing you with this vital, unique reporting.
Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.
In this edition:
Mozilla Automobile Study Uncovers Extensive Data Collection on Drivers
OpenAI Accused of Shady Collection Practices and GDPR Violations
Compensation for Marriott Data Breach Victims Delayed
Concerns Raised About Pakistan’s Personal Data Protection Bill
EU’s Digital Services Act Requires Explanations for Ad Targeting
Fitbit in Trouble for Forcing User Consent
Australia Unconvinced About Online Age Verification
UK Claims Compromising Encrypted Messaging is Necessary
Mozilla Automobile Study Uncovers Extensive Data Collection on Drivers
The non-profit Mozilla Foundation has concluded a study of 25 car brands, testing the amount and type of data vehicles collected about occupants. The study found that “84% of car companies review, share or sell data collected from car owners” and that some manufacturers collected data about sexual activity or, in the cases of Nissan and Kia, included the right to collect information about your “sex life” directly in their privacy policy agreements.
The Mozilla study also found that 56% of the reviewed car brands allowed sharing of your data with government or law enforcement based on an “informal request” like an email or verbal communication and 68% of the car brands had suffered a data leak, hack or breach within the last 3 years that threatened drivers’ privacy.
The only manufacturers to include the right to delete your data were Renault and Dacia (owned by the same parent company) who are headquartered in Europe and under the authority of the General Data Protection Regulation or GDPR.
OpenAI Accused of Shady Collection Practices and GDPR Violations
Polish security and privacy researcher Lukasz Olejnik has filed a 17-page complaint with his country’s data regulators, alleging that OpenAI has engaged in “untrustworthy, dishonest, and perhaps unconscientious” activities that violate the EU’s General Data Protection Regulation (GDPR).
The basis for the complaint stems from OpenAI’s failure to show how the artificial intelligence company handled sensitive data. Initially, Olejnik asked OpenAI’s chatbot to create a biography about himself and noticed that it contained errors. This prompted him to ask the OpenAI team for clarification on how they handled personal information and their response was to provide “some information”, but - allegedly - not all of it.
According to the complaint: “Notably, OpenAI did not include the processing of personal data in connection with model training in the information on categories of personal data or categories of data recipients.”
If OpenAI is found to have violated GDPR they face a fine the greater of either 4% annual turnover or €20 million.
Compensation for Marriott Data Breach Victims Delayed
In one of the largest data breaches ever, guests of Marriott hotels who had their personal data hacked in a years-long compromise responded with a class-action lawsuit against the hospitality giant in 2022. The case was tried in U.S. District Court and the trial judge ruled in favor of the nearly 500 million guests who had credit card details, passport numbers, and birthdates stolen.
However, on August 18th, judges from the 4th U.S. Circuit Court of Appeals determined that the trial case did not answer a crucial question: Did the Marriott guests who were members of certified classes actually waive their right to sue as a class when they signed up for a hotel rewards program?
This determination affected several of the “classes” or groups used to categorize affected guests and de-certified them, removing their ability to participate in the class-action lawsuit.
Counsel for the plaintiffs have stated that Marriott’s decision to file an appeal focused on this issue is a calculated move to waste the time and resources of themselves and the court system as they feel this issue will be easily resolved.
Concerns Raised About Pakistan’s Personal Data Protection Bill
A new personal data protection bill, published in May by Pakistan’s Ministry of Information Technology and Telecommunication was approved by the Federal Cabinet in July and now heads to the Parliament for final approval.
Critics of this bill have claimed the lack of public consultation and Parliamentary debate have led to serious shortcomings including not meeting international human rights standards.
Vague language that allows exceptions to personal data protection for undefined criteria like “national security” and “public interest” create loopholes that could be abused by the governement, according to an article published by Privacy International.
EU’s Digital Services Act Requires Explanations for Ad Targeting
Passed in 2022 by the European Parliament, the Digital Services Act has gone into effect and for now is requiring large platforms to abide by a new set of rules aimed at protecting consumers.
The act requires increased transparency into how content and products are algorithmically recommended to users, mitigation against the spread of disinformation and a way for users to flag “illegal” content. Also included are protections for users when their posts are removed or demoted.
For now these new rules only apply to platforms with more than 45 million users in the EU but will eventually encompass many more. Users under the age of 18 on Tiktok and Snapchat will also no longer receive personalized advertisements inside the respective apps.
Fitbit in Trouble for Forcing User Consent
Owned by Google, the popular wellness company Fitbit has run into trouble for allegedly: “illegally exporting user data in breach of the bloc’s data protection rules”. The main issue stems from the fact that Fitbit users cannot opt out of data exports without severely impacting their experience with the product.
The not-for-profit entity noyb (None of Your Business) is responsible for bringing complaints to data protection authorities in the Netherlands, Austria and Italy on behalf of Fitbit users.
Due to parent-company Google being headquartered in Dublin, if these accusations trigger an investigation from Ireland’s DPC (Data Protection Commission) and find Fitbit at fault the fines will likely amount to more than €10 billion.
Australia Unconvinced About Online Age Verification
At the end of August the Australian federal government released a roadmap for online age verification regarding access to pornographic materials. This document showed the government had decided against forcing websites to implement age verification technology due to the fact that “…each type of age verification or age assurance technology comes with its own privacy, security, effectiveness or implementation issues”.
Rather, the roadmap has tasked eSafety commissioner Julie Inman Grant to work with industry players and develop a code to better educate parents about using filtering software and other methods that limit children’s access to innapproriate sites or material.
The Australian governement also intends to monitor the U.K.’s approach to online age verification as a “key like-minded partner” and issued a stern warning, stating that “While the government awaits the outcome of this process, the digital industry is on notice that we will not hesitate to take further action should it fail to keep children safe.”
UK Claims Bypassing Encryption In Messaging Apps is Necessary
A claim that encrypted messaging endangers children is the latest defense put forth by British technology minister Michelle Donelan regarding the passage of the Online Safety Bill, which is expected to go into force in mid-2024.
A requirement to scan devices for child sex abuse content would potentially break end-to-end encryption, however, some members of government have claimed that the technology to scan devices does not exist or is technically infeasible and will not be enforceable.
Lawyers Matthew Ryder and Aidan Wills of Matrix Chambers stated that:
"The provisions in the Online Safety Bill that would enable state-backed surveillance of private communications contain some of the broadest and (most) powerful surveillance powers ever proposed in any Western democracy,"
Going further with their written opinion, the two lawyers also said:
"No communications in the UK – whether between members of parliament, between whistleblowers and journalists, or between a victim and a victims support charity – would be secure or private."
That concludes this edition of Your Worldwide INTERNET REPORT!
Remember to SUBSCRIBE and spread the word about this unique news service.
This issue of Your Worldwide INTERNET REPORT was written by Matt Millen of WillenRimer; Edited by Suzie Dawson and Sean O’Brien; Graphics by K4t4rt; with production support by Beth Bracken.
Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by Panquake.com. We Don’t Hope, We Build!
© Talk Liberation Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com