Edition #2 | The Privacist's Playbook

Welcome to The Privacist's Playbook!

This is Edition #2 of The Privacist's Playbook.

About Time for Edition #2...

Thank you again for your continual support after the publication of Edition #1.

Your feedback, sharing it with your friends and colleagues, and spreading the word has been much appreciated!

Let's Dive In

News Snippets

Phones as a Privacy Battleground ~ Thorin Klosowski on Protecting Your Privacy

Thorin Klosowski writes for the NYTimes Wirecutter on the nature of app-related privacy when we use a myriad of applications which each have their own nuanced data collection and use practices. Described as the Privacy Battleground, Klosowski urges users to get granular and take inventory of the various internal data collection practices of the apps we use, and take a look at the permissions granted to these platforms by default. Observations are taken in light of the proliferation of the early-smartphone era in 2007-2010 to the current day; with a series of astute recommendations to improve mobile privacy.

Legal & Policy Updates

TikTok Facing Potential £27m Fine in UK Children's Data Protection Breach

After UK ICO investigation of the TikTok platform, TikTok Information Technologies UK Ltd. has been issued with a notice of intent of a potential £27m fine. The notice of intent follows the finding that the platform "processed the data of children under the age of 13 without appropriate parental consent; failed to provide proper information to its users in a concise, transparent and easily understood way; and, processed special category data, without legal grounds to do so" in potential contravention of the UK Data Protection Act. While these findings are provisional, and further concrete findings are yet to be determined; responses from TikTok are to be considered prior to the enforcement of such a fine.

45,000-Wide Class Wins Biometric Data Collection Privacy Class Action

A 45,000-wide Class of Illinois truck drivers recently won their class action at trial, with a USD$228 million judgement. The class action was in relation to biometric privacy breaches in light of the BNSF Railway Co. collecting fingerprints of their drivers without proper consent, disclosure of the purpose of collection, nor publication of data retention (and destruction) policies, in breach of the 2008 740 ILCS 14/Biometric Information Privacy Act (BIPA).

IAPP Releases Tracker to Keep Tabs on U.S State Privacy Legislation

With Privacy Law within the U.S governed at both the Federal and State-level, it can be quite the task to keep track of what Bills and Laws are being proposed, drafted, and enacted on a rolling basis. To aid in this task, The IAPP Westin Research Center have crafted a living map, the US State Legislation Tracker, to easily keep tabs on bills and legislation related to the governance of personal information and privacy.

White House Releases a Fact Sheet on EU-U.S Data Privacy Framework

On October 7th 2022, U.S President Biden signed an Executive Order on the Enhancing Safeguards for United States Signals Intelligence Activities, which details the U.S-facing implementation of the European Union-U.S Data Privacy Framework announced earlier in the year. The proposed framework is complex and a lot to take in; the White House has released a Fact Sheet to get an overview of the nuances of the Executive Order surrounding the steps the U.S will take and assurance mechanisms in place once the EU-U.S DPS is in play.

UK ICO and Ofcom Joint Research Ensures Endurance of the Children's Code Privacy Protections

The Information Commissioner's Office and Office of Communication, Swyddfa Gyfathrebiadau, have marked the anniversary of their collaborative research and implementation of Children's Code, the UK data protection code of practice for privacy-by-design principles for platforms accessed by children. Introduced in September 2021, the Children's code has had a profound domestic (UK) and international effect, prompting many jurisdictions to re-think, and re-frame children's privacy protections. Take a look at the update from the ICO on the past year of the Children's Code, its positive effects, and their vision for the future on the Children's Code.

Industry Matters

Angelene Falk, Australian Information Privacy Commissioner, on Gender-Based Privacy Harms

Angelene Falk, Australian Information Commissioner and Privacy Commissioner at The Office of the Australian Information Commissioner (OAIC), recently contributed a piece to the Global Privacy Assembly's Newsletter titled Protecting Against Gender-Based Privacy Harms on proposed privacy protection mechanisms and considerations to protect individuals against gender-based harms; with a primary focus on privacy-by-design principles and regulatory cooperation to ensure these mechanisms maintain efficacy.

EDPB Statement on Implementation and Use of the Digital Euro

The European Data Protection Board (EDPB) released a Statement on the Design Choices for a Digital Euro from the Privacy and Data Protection Perspective. The Statement considers the necessity of privacy-by-design principles underpinning the currency, the nature of transactional tracing and validation, the reality of its hybrid (digital/online and tangible/offline) nature, specific regulation to tame institutional uncertainties, and the need for public input on the future development of the Digital Euro.

CERT NZ Spreads the Word on Bolstering Privacy Defences for Cyber Smart Week 2022

The past week was Cyber Smart Week here in Aotearoa, New Zealand. The New Zealand Government's Cyber Emergency Response Team (CERT NZ) collated a set of online resources for Cyber Smart Week 2022 to help businesses and individuals take their online defences to the NEXT LEVEL.

One of our favourite tenets of this year's Cyber Smart Week is boosting your privacy defence. CERT posits that one of the easiest things one can do to boost their privacy defence is to switch social media settings to private to protect your personal info.

Your personal information is gold for attackers. Make sure your social media privacy settings are switched over to ‘Private’ or ‘Friends only’ – this way, you can control who sees what information you share and who you’re sharing it with. This not only protects yourself, but also your friends, family and followers from scams. CERT NZ also has a series of guides and resources on protecting your privacy online which are a must-read for anyone wanting to get on top of their privacy.

Also, be sure get in touch via Exo, by Faraday if you want to work with us directly to take your digital privacy even further.

Canadian OPC Releases Tips for Protecting Yourself from Identity Theft and Fraud

As a part of the public awareness push for Cyber Security Month, the Canadian Office of the Privacy Commissioner, Commissaire à la protection de la vie privée du Canada, re-released their guide on protecting and managing your personal information online to protect yourself from Identity theft and Fraud. Underpinned by being careful in public and online, check out their guide here to learn how to protect yourself and reduce risk in the context of personal banking, mail, and phone use.

Digital Privacy Tips

Professor Danielle Citron on The Fight For Privacy

Privacy Law aficionado Professor Danielle Citron recently published their book titled The Fight for Privacy: Protecting Dignity, Identity, and Love in the Digital Age earlier this month to great industry acclaim. Considering the nature of intimate privacy, the privacy which implicates matters which are the most personal, Citron looks into how intimate personal matters are now being transformed into data which is sculpting and influencing the technology we use day-to-day, and proposes how we can re-gain control over the use of this data to "build a better future for the next, ever more digital generation". Grab a copy of The Fight for Privacy now!

Mozilla Introduces New Firefox Relay Feature to Protect Your Privacy and Phone Number

Finding yourself with increased spam texts and robocalls towards your personal phone number? Seems like they are on the rise week-to-week, right? To aid against this barrage, Mozilla has released a new phone number masking feature to its Firefox Relay platform to further protect your identity. This expands the Firefox Relay feature set from their initial email address protection offering to further protections by protecting your phone numbers — allowing you to generate new phone numbers with 50 minutes of talk time and 75 text messages per month.

Bolstering a Segment From the Last Edition: FPF on Identifying Privacy and Security Risks to Machine Learning Systems

In the previous Edition of The Privacist's Playbook, we linked a fantastic guide published by the FPF on learning privacy risk management in their Practical Guide to Managing Risk in Machine Learning Models. As a supplement and precursor to the aforementioned guide, Brenda Leong at the FPF has released a further paper, Warning Signs: Identifying Privacy and Security Risks to Machine Learning Systems which bolsters and supplements their previous whitepaper.

That's a Wrap!

This concludes Edition #2 of The Privacist's Playbook. I hope you enjoyed it.

If you have any feedback on the content, format, style, or anything else — I'd love to hear it. Get in touch on LinkedIn, Twitter, or Email.

- Jacques.