Is this the Wild Wild West of data access?

Written By Seena Williams

No. 54: Bringing you the news that matters in video privacy and security

Technology is becoming increasingly advanced: the more data is required to power it, the more emphasis there is on correct data collection and processing. 

Across both the public and private sectors, we continue to see the mismanagement of data and a lack of transparency. Personal data is becoming even more of a hot commodity: across deep fakes, facial recognition, and more. And yet, data privacy is still considered separate from data security - with many seeing them as two opposite ends of a compliance scale, rather than two key practices that can work better hand-in-hand. 

For example, some countries still remain behind the curve on privacy legislation. Slovenia has become the last country to implement the GDPR in the EU, with their Personal Data Protection Act only now coming into force. 

The UK’s Investigatory Powers Tribunal has sided with Privacy International and Liberty who sued MI5 over their use of mass surveillance. The Tribunal found that there were “serious failings” in how the long information obtained covertly was retained. However, the tribunal did not quash unlawful warrants or order the deletion of unlawfully retained data, citing national security. In France, there has been pushback to the government's fast-tracking legislation to permit AI-assisted video surveillance systems at the 2024 Olympics with new capabilities not before seen in the country. Privacy advocates fear these powers will go beyond the Olympics and be an excuse for the French government to expand government surveillance permanently. 

The ICO recently reprimanded a Scottish council over their use of facial recognition technology in school cafeterias. The regulator argues that GDPR violations have most likely occurred across several schools, highlighting to other school districts the risks of collecting and processing such largescale biometric data on minors.

As always, please send any feedback or topics of interest you would like to be covered. 

Seena, Editor

News

UK Tribunal finds MI5 made "serious failings" in handling personal data 

The UK security agency, MI5, has been criticised by the Investigatory Powers Tribunal for “serious failings” in how it handled large amounts of individuals' personal data. The Tribunal rules in favour of privacy and civil liberty charities, finding that between 2014 and 2019, MI5 held large amounts of data unlawfully due to systems lacking proper retention and deletion safeguards.

The Financial Times: Tribunal finds ‘serious failings’ by UK security agency over privacy safeguards

Reuters: Britain unlawfully issued surveillance warrants for nearly five years - tribunal

 

Fast food chain, Chick-fil-A, sued for violating US Video Privacy Act 

A class-action lawsuit has been filed against the fast-food restaurant, Chick-fil-A, after claims that it violated the Video Privacy Protection Act by sharing viewership data of visitors to their California website with Meta and using this for targeted advertising. The claimants argue they collected personally identifiable information without the consent of the data subjects.

Gizmodo: Chicken Fried Data: Chick-Fil-A Hit With Class-Action Privacy Lawsuit Over Video Data Collection

Bloomberg News: Chick-Fil-A Faces Suit Over Website Data Sharing with Facebook

 

Scottish school canteens' facial recognition use “likely infringed” GDPR says ICO

The ICO has published a letter to North Ayrshire Council in Scotland that its use of facial recognition for students in over 9 schools in cafeterias is likely to have infringed GDPR. The council was found to have potentially breached requirements around fairness and transparency, as well as concerns with the length of retention periods of student biometric data. 

Biometric Update: Scottish schools’ canteen facial recognition ‘likely infringed’ GDPR: ICO

The ICO: Using FRT in schools – letter to North Ayrshire Council

 

French government under fire for AI-powered surveillance camera plans during the Paris Olympics

The French government has received pushback after fast-tracking special legislation that allows the use of AI-assisted video surveillance systems at the 2024 Paris Olympics. The AI would be able to detect (for the first time in France) suspicious behaviour and body language through CCTV and drones, which are sent to the police. Privacy advocates fear these powers will go beyond the Olympics and be an excuse for the French government to expand government surveillance permanently.

The Guardian: France under fire over fast-track plan for AI video surveillance at Paris Olympics

Euronews: Smile, AI is watching you: Paris slammed for new video surveillance ahead of 2024 Olympics

 

TikTok CEO set to testify before US Congress over data privacy concerns

Shou Zi Chew, the CEO of TikTok, will make his first appearance before the US House Energy and Commerce Committee to testify this March. This follows the privacy concerns surrounding the app, including data ownership and data sharing of US citizens with the Chinese government. The app has so far been banned on government devices and school campuses across several states as the privacy debate continues to happen.

The Guardian: TikTok CEO to testify before US Congress next month over data privacy

Forbes: TikTok CEO To Testify Before Congress Amid Growing Concerns Of Privacy, National Security, Child Exploitation

AI Snippet of the Week

Google set to release their own AI Chatbot, Bard, to compete with ChatGPT

As the AI race continues to heat up amid all the discussion around AI-generated text, Google is set to release its own version to rival OpenAI's ChatGPT. The app, named Bard, will be powered by LaMDA which is claimed to generate near “sentient” language and is unable to be deciphered by the human eye.

Sky News: Google launches AI chatbot Bard to rival wildly successful ChatGPT

The Financial Times: Google reveals plans for Bard chatbot as AI tech race heats up

Policy Updates

Slovenia’s Data Protection Act is now in force

Slovenia’s Personal Data Protection Act, adopted in December 2022, is now in force. The law looks to regulate the movement of personal and biometric data in the public and private sector, and “personal data processing for research, archival and statistical purposes”. This new law makes Slovenia the last EU country to adopt GDPR into its national legislation. 

Euractiv: Slovenia last EU country to adopt GDPR

IAPP: Slovenia's Personal Data Protection Act enters into force

To subscribe to our fortnightly newsletter, please click here

Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk

Seena Williams
Previous

What - or who - is balancing the wobbly scale of surveillance data?
Next

What's happening with your data privacy?