Showing posts with label personal data. Show all posts
Showing posts with label personal data. Show all posts

Saturday, July 6, 2024

THE GREAT SCRAPE: THE CLASH BETWEEN SCRAPING AND PRIVACY; SSRN, July 3, 2024

Daniel J. SoloveGeorge Washington University Law School; Woodrow HartzogBoston University School of Law; Stanford Law School Center for Internet and SocietyTHE GREAT SCRAPETHE CLASH BETWEEN SCRAPING AND PRIVACY

"ABSTRACT

Artificial intelligence (AI) systems depend on massive quantities of data, often gathered by “scraping” – the automated extraction of large amounts of data from the internet. A great deal of scraped data is about people. This personal data provides the grist for AI tools such as facial recognition, deep fakes, and generative AI. Although scraping enables web searching, archival, and meaningful scientific research, scraping for AI can also be objectionable or even harmful to individuals and society.


Organizations are scraping at an escalating pace and scale, even though many privacy laws are seemingly incongruous with the practice. In this Article, we contend that scraping must undergo a serious reckoning with privacy law. Scraping violates nearly all of the key principles in privacy laws, including fairness; individual rights and control; transparency; consent; purpose specification and secondary use restrictions; data minimization; onward transfer; and data security. With scraping, data protection laws built around

these requirements are ignored.


Scraping has evaded a reckoning with privacy law largely because scrapers act as if all publicly available data were free for the taking. But the public availability of scraped data shouldn’t give scrapers a free pass. Privacy law regularly protects publicly available data, and privacy principles are implicated even when personal data is accessible to others.


This Article explores the fundamental tension between scraping and privacy law. With the zealous pursuit and astronomical growth of AI, we are in the midst of what we call the “great scrape.” There must now be a great reconciliation."

Friday, November 3, 2023

An Apparent Cyberattack Hushes the British Library; The New York Times, November 3, 2023

 Alex Marshall, The New York Times; An Apparent Cyberattack Hushes the British Library

"Tasmina Islam, a lecturer in cybersecurity education at King’s College London said in an email that the motivation for attacking a library could be financial.a

“Cybercriminals can access a lot of information from a library, including users’ personal data,” she said. Libraries also “store electronic books, research articles and various intellectual properties, all of which cybercriminals can exploit for illegal distribution,” Islam added.

The British Library incident “served as a warning for other libraries and institutions to assess their own security measures thoroughly,” she said."

Thursday, October 26, 2023

How Americans View Data Privacy; Pew Research Center; Pew Research Center, October 18, 2023

COLLEEN MCCLAINMICHELLE FAVERIOMONICA ANDERSON AND EUGENIE PARK, Pew Research Center; How Americans View Data Privacy

"In an era where every click, tap or keystroke leaves a digital trail, Americans remain uneasy and uncertain about their personal data and feel they have little control over how it’s used.

This wariness is even ticking up in some areas like government data collection, according to a new Pew Research Center survey of U.S. adults conducted May 15-21, 2023.

Today, as in the past, most Americans are concerned about how companies and the government use their information. But there have been some changes in recent years:"

Thursday, May 26, 2022

AI Ethics And The Quagmire Of Whether You Have A Legal Right To Know Of AI Inferences About You, Including Those Via AI-Based Self-Driving Cars; Forbes, May 25, 2022

Lance Eliot, Forbes; AI Ethics And The Quagmire Of Whether You Have A Legal Right To Know Of AI Inferences About You, Including Those Via AI-Based Self-Driving Cars

"Speaking of sitting, please sit down for the next eye-opening statement about this. You might be unpleasantly surprised to know that those AI inferences are not readily or customarily a core part of your legal rights per se, at least not as you might have naturally presumed that they were. An ongoing legal and ethical debate is still underway about the nature of AI-based inferences, including some experts that insist AI inferences are emphatically a central aspect of your personal data and other experts strenuously counterargue that AI inferences are assuredly not at all in the realm of so-called personal data (the catchphrase of “personal data” is usually the cornerstone around which data-related legal rights are shaped).

All of this raises a lot of societal challenges. AI is becoming more and more pervasive throughout society. The odds are that AI is making lots and lots of inferences about us all. Are we allowing ourselves to be vulnerable and at the mercy of these AI-based inferences? Should we be clamoring to make sure that AI inferences are within our scope of data-related rights? These questions are being bandied around by experts in the law and likewise by expert ethicists. For my ongoing coverage of AI Ethics and Ethical AI topics, see the link here and the link here, just to name a few."

Friday, February 4, 2022

IRS plan to scan your face prompts anger in Congress, confusion among taxpayers; The Washington Post, January 27, 2022

Drew Harwell, The Washington Post; IRS plan to scan your face prompts anger in Congress, confusion among taxpayers

"The $86 million ID.me contract with the IRS also has alarmed researchers and privacy advocates who say they worry about how Americans’ facial images and personal data will be safeguarded in the years to come. There is no federal law regulating how the data can be used or shared. While the IRS couldn’t say what percentage of taxpayers use the agency’s website, internal data show it is one of the federal government’s most-viewed websites, with more than 1.9 billion visits last year."

Wednesday, March 3, 2021

Balancing Privacy With Data Sharing for the Public Good; The New York Times, February 19, 2021

 , The New York Times; Balancing Privacy With Data Sharing for the Public Good

"Governments and technology companies are increasingly collecting vast amounts of personal data, prompting new laws, myriad investigations and calls for stricter regulation to protect individual privacy.

Yet despite these issues, economics tells us that society needs more data sharing rather than less, because the benefits of publicly available data often outweigh the costs. Public access to sensitive health records sped up the development of lifesaving medical treatments like the messenger-RNA coronavirus vaccinesproduced by Moderna and Pfizer. Better economic data could vastly improve policy responses to the next crisis."


Tuesday, October 15, 2019

Student tracking, secret scores: How college admissions offices rank prospects before they apply; The Washington Post, October 14, 2019

Douglas MacMillan and Nick Anderson, The Washington Post; Student tracking, secret scores: How college admissions offices rank prospects before they apply

"Admissions officers say behavioral tracking helps them serve students in the application process. When a college sees that a qualified student is serious about applying based on the student’s Web behavior, it can dedicate more staffers to follow up...

But Web tracking may unfairly provide an advantage to students with better access to technology, said Bradley Shear, a Maryland lawyer who has pushed for better regulation of students’ online privacy. A low-income student may be a strong academic candidate but receive less attention from recruiters because the student does not own a smartphone or have high-speed Internet access at home, he said.

“I don’t think the algorithm should run the admissions department,” Shear said."

Thursday, September 19, 2019

AI - ethics within data protections legal framework; Lexology, September 4, 2019


"Privacy and ethics: hand in hand

AI relies on huge volumes of data and often that data contains personal data. But processing such large volumes of data could be at odds with the legal framework contained in the General Data Protection Regulation and the Data Protection Act 2018, which is based on ethical principles. As Elizabeth Denham, the Information Commissioner, stated: "Ethics is at the root of privacy and is the future of data protection".

Recent headlines draw out some of the main ethical and data protection challenges raised by AI. Interesting examples include the babysitter vetting app, Predictim, designed to create a risk rating based on a potential babysitter's social media and web presence (without his or her knowledge). China's social credit scoring system is another example of how significant decisions are being made automatically about people without any human input and without transparency, explanation or recourse."

Thursday, January 31, 2019

Facebook has been paying teens $20 a month for access to all of their personal data; Vox, January 30, 2019

Kaitlyn Tiffany, Vox; Facebook has been paying teens $20 a month for access to all of their personal data

"The shocking “research” program has restarted a long-standing feud between Facebook and Apple.

 

"Facebook, now entering a second year of huge data-collection scandals, can’t really afford this particular news story. However, it’s possible the company just weighed the risks of public outrage against the benefits of the data and made a deliberate choice: Knowing which apps people are using, how they’re using them, and for how long is extremely useful information for Facebook."

Thursday, December 20, 2018

Facebook Didn’t Sell Your Data; It Gave It Away In exchange for even more data about you from Amazon, Netflix, Spotify, Microsoft, and others; The Atlantic, December 19, 2018

Alexis C. Madrigal, The Atlantic;

Facebook Didn’t Sell Your Data; It Gave It Away


"By the looks of it, other tech players have been happy to let Facebook get beaten up while their practices went unexamined. And then, in this one story, the radioactivity of Facebook’s data hoard spread basically across the industry. There is a data-industrial complex, and this is what it looked like."

Facebook’s Data Sharing and Privacy Rules: 5 Takeaways From Our Investigation; The New York Times, December 18, 2018

Nicholas Confessore, Michael LaForgia and Gabriel J.X. Dance, The New York Times;

Facebook’s Data Sharing and Privacy Rules: 5 Takeaways From Our Investigation

 

"You are the product: That is the deal many Silicon Valley companies offer to consumers. The users get free search engines, social media accounts and smartphone apps, and the companies use the personal data they collect — your searches, “likes,” phone numbers and friends — to target and sell advertising.

But an investigation by The New York Times, based on hundreds of pages of internal Facebook documents and interviews with about 50 former employees of Facebook and its partners, reveals that the marketplace for that data is even bigger than many consumers suspected. And Facebook, which collects more information on more people than almost any other private corporation in history, is a central player.

Here are five takeaways from our investigation."

Thursday, October 25, 2018

Apple’s Tim Cook blasts Silicon Valley over privacy issues; The Washington Post, October 24, 2018

Tony Romm, The Washington Post; Apple’s Tim Cook blasts Silicon Valley over privacy issues

"Apple chief executive Tim Cook on Wednesday warned the world’s most powerful regulators that the poor privacy practices of some tech companies, the ills of social media and the erosion of trust in his own industry threaten to undermine “technology’s awesome potential” to address challenges such as disease and climate change."

Monday, April 30, 2018

The 7 stages of GDPR grief; VentureBeat, April 29, 2018

Chris Purcell, VentureBeat; The 7 stages of GDPR grief

"All of the systems we’ve built around handling personal data will need to be re-engineered to handle the new General Data Protection Regulation (GDPR) rules that go into effect that day. That’s a lot to accomplish, with very little time left.

While the eve of the GDPR deadline may not start parties like we had back on New Year’s Eve 1999 — when people counted down to “the end of the world” — stakeholders in organizations across the globe will be experiencing a range of emotions as they make their way through the seven stages of GDPR grief at varying speeds.

Like Y2K, May 25 could come and go without repercussion if people work behind the scenes to make their organizations compliant. Unfortunately, most companies are in the earliest stage of grief – denial – believing that GDPR does not apply to them (if they even know what it is). Denial rarely serves companies well. And in the case of GDPR non-compliance, it could cost them fines of up to 20 million euros ($24 million) or four percent of global annual turnover, whichever value is greater.

Luckily, there are sure-tell signs for each grief stage and advice to help individuals and their employers move through each (and fast):..."

Thursday, April 12, 2018

Facebook says it will stop fighting a major California privacy initiative; The Verge, April 12, 2018

Colin Lecher, The Verge; Facebook says it will stop fighting a major California privacy initiative

"Facebook will drop its opposition to a major California privacy initiative, backers of the initiative announced, just after Mark Zuckerberg finished a two-day grilling from congressional lawmakers.

The proposed ballot measure, called the California Consumer Privacy Act, could come to a statewide vote in November. Under the act, businesses would be required to disclose what categories of data they’ve collected on users, if those users request it. Californians would also be able to request that their personal information not be sold."

After Cambridge Analytica, Privacy Experts Get to Say ‘I Told You So’; April 12, 2018

Nellie Bowles, The New York Times; After Cambridge Analytica, Privacy Experts Get to Say ‘I Told You So’

"In their own lives, privacy experts are now fielding a spike in calls from their relatives asking them for advice about protecting their personal data. Engineers are discussing new privacy projects with them. Even teenagers are paying attention to what they have to say.

For many of the developers, this is the right time to push ahead with testing more privacy solutions, including more advanced advertising blockers, peer-to-peer browsers that decentralize the internet, new encryption techniques, and data unions that let users pool their data and sell it themselves. Others want to treat tech giants more as information fiduciaries, which have a legal responsibility to protect user data.

And for the first time, many privacy experts think internet users will be more willing to put up with a little more inconvenience in return for a lot more privacy.

“This is the first blink of awakening of the world to a danger that’s been present for a long time, which is that we are exposed,” Mr. Searls said. “Cambridge Analytica is old, old news to privacy folks. They’re just the tip of the crapberg.”"

Saturday, April 7, 2018

Without data-targeted ads, Facebook would look like a pay service, Sandberg says; NBC, April 5, 2018

Alex Johnson and Erik Ortiz, NBC; Without data-targeted ads, Facebook would look like a pay service, Sandberg says

"The data of users is the lifeblood of Facebook, and if people want to opt out of all of the platform's data-driven advertising, they would have to pay for it, Sheryl Sandberg, the company's chief operating officer, told NBC News in an interview that aired Friday.

In an interview with "Today" co-anchor Savannah Guthrie, Sandberg again acknowledged that the company mishandled the breach that allowed Cambridge Analytica, the data analysis firm that worked with Donald Trump's 2016 presidential campaign, to harvest information from as many as 87 million Facebook users."

Friday, April 6, 2018

Facebook admits it discussed sharing user data for medical research project; The Guardian, April 5, 2018

Amanda Holpuch, The Guardian; Facebook admits it discussed sharing user data for medical research project

[Kip Currier: Timely to see this article, after discussing HIPAA and medical research data in my lecture yesterday on "Legal and Ethical Issues of Research Data Management (RDM)". And after my post here, responding to John Podhoretz's "sorry, you are a fool" New York Post opinion piece.]

"Medical institutions are held to a higher privacy standard than Facebook because of laws such as the federal Health Insurance Portability and Accountability Act, or Hipaa, which makes it illegal for health care providers and insurers to share patient data without their permission.

But it is not clear how the proposed research would have complied with this strict health privacy law.

Two people who heard Facebook’s pitch and one person familiar with it told CNBC that the proposed project would mesh data from health systems (such as diagnoses and prescribed medications) with data from Facebook (such as age, friends and likes). The idea would be to match what is known about a patient’s lifestyle with their medical needs to customize care."

Monday, April 2, 2018

Add Data Privacy to List of Brexit Bumps for EU, UK; Bloomberg, April 2, 2018

Giles Turner, Bloomberg; Add Data Privacy to List of Brexit Bumps for EU, UK

"The smooth transfer of personal data between the European Union and the U.K. — from bank details to your Uber bill — is vital for almost every British business. The U.K. is intent on maintaining that relationship following Brexit. The EU isn’t making any promises."

Saturday, March 31, 2018

Everything you need to know about a new EU data law that could shake up big US tech; CNBC, March 30, 2018

Arjun Kharpal, CNBC; Everything you need to know about a new EU data law that could shake up big US tech

"You may have heard of the General Data Protection Regulation (GDPR). But most likely you haven't because it sounds boring, but it's really important and CNBC has a guide to help you understand it.

It's a piece of European Union (EU) legislation that could have a far-reaching impact on some of the biggest technology firms in the world including Facebook and Google.

So here's your guide to the GDPR."

Promises, promises: Facebook’s history with privacy; Washington Post, March 30, 2018

Ryan Nakashima, Washington Post; Promises, promises: Facebook’s history with privacy

"“We’ve made a bunch of mistakes.” ‘’Everyone needs complete control over who they share with at all times.” ‘’Not one day goes by when I don’t think about what it means for us to be the stewards of this community and their trust.”

Sound familiar? It’s Facebook CEO Mark Zuckerberg addressing a major privacy breach — seven years ago .

Lawmakers in many countries may be focused on Cambridge Analytica’s alleged improper use of Facebook data, but the social network’s privacy problems go back more than a decade. Here are some of the company’s most notable missteps and promises around privacy."