COVID-19
Ottawa In Talks With Provinces, Territories Over ‘Proof Of Vaccination’ Passport for International Travel
Intergovernmental Affairs Minister Dominic LeBlanc says Ottawa is in talks with the provinces and territories about creating some type of “passport” containing proof of vaccination against COVID-19. LeBlanc says while health information falls under provincial jurisdiction, Ottawa’s goal is to provide Canadians with a document to verify vaccinations against the coronavirus if they want to travel outside Canada. LeBlanc says the government may provide Canadians who want to travel soon an interim document to verify vaccinations. Canada Is Launching a “Vaccine Passport” Next Month
OPC Therrien Urges Proper Safeguards for Vaccine Passports
Privacy Commissioner of Canada Daniel Therrien told the House of Commons Standing Committee on Access to Information, Privacy and Ethics Canada’s COVID-19 vaccine passport application needs sufficient purpose limitations and user safeguards. Therrien said there are “issues about protection of that information” that require a detailed review process “that we have not yet done.” Therrien spoke confidently about arriving at a “privacy-sensitive and protected” solution.
Access, Privacy, Enforcement: Lawyers Say Canada’s Plan for Digital Vaccine Passports Raises Thorny Issues
The prospect of digital vaccine passports being required for Canadians embarking on post-pandemic travel has some raising concerns over privacy, accessibility, and enforcement. Immigration lawyer Alex Stojicevic says the most obvious concern is that those who don’t have access to the proper tech will face barriers to travel. He also has concerns around who will be reviewing people’s proof of vaccine. He says people should not be required to hand their phones over to Canada Border Services Agency: Stojicevic says there are a number of other thorny logistical issues — including the fact that each province within Canada is approaching immunization in a different way, and sharing different data. Privacy concerns are also being raised by the Canadian Civil Liberties Association. According to Executive Director Michael Bryant: “We need to make sure that that data, held internationally, is kept secure and private and isn’t used for other purposes and other agencies, other than its intended purpose of international travel. It’s one thing to require people to waive their privacy rights at the border. It’s quite another thing to ask people or require people to waive their privacy rights once they are in Canada, travelling between provinces or entering public facilities or using public services.”
Nova Scotia Privacy Commissioner Calls for Strong Vaccine Passport Privacy Protections
Nova Scotia Information and Privacy Commissioner Tricia Ralph called for future vaccine passports to have proper privacy protections in place. Ralph called for a privacy impact assessment to take place in a letter to the provincial government.
Biometrics / Identity
EU Privacy Watchdogs Call for Ban on Facial Recognition in Public Spaces
The European Data Protection Board and European Data Protection Supervisor teamed up to call for a ban on the use of facial recognition in public spaces, going against draft European Union rules which would allow the technology to be used for public security reasons. “A general ban on the use of facial recognition in publicly accessible areas is the necessary starting point if we want to preserve our freedoms and create a human-centric legal framework for AI,” EDPB Chair Andrea Jelinek and EDPS head Wojciech Wiewiorowski said.
Denham Issues Opinion on UK’s Public Facial Recognition Deployments
U.K. Information Commissioner Elizabeth Denham offered a Commissioner’s Opinion regarding the use of facial recognition by private and public entities in public spaces. Denham explained “data protection and people’s privacy must be at the heart of any decisions to deploy (live facial recognition)” and the opinion aims to set “a high bar to justify the use of LFR and its algorithms.” The opinion, according to Denham, is based off law and “six ICO investigations into the use, testing or planned deployment of LFR systems.”
Civil Liberties Group Urges Liberal Party to Stop Using Facial Recognition Technology
The CCLA is calling on the governing Liberals to “cease and desist” using facial recognition technology to verify the identity of people voting in candidate nominations, saying it “takes unfair advantage of its exemption from Canadian privacy laws.” Further, it “sends the wrong message to municipal, provincial and federal election officials that this technology is ready for prime time,” reads the letter signed by executive director Michael Bryant and privacy, technology and surveillance program director Brenda McPhail.
Unemployment Applicants Say Facial Recognition Service Caused Benefit Denials
Some U.S. unemployment recipients say incorrect identity verification by ID.me’s facial recognition technology led to denial of unemployment benefits. The service uses applicants’ biometric information with official documents to confirm identity, but some said the technology failed to correctly identify them, putting applications on hold.
Regulators Launch Campaign Against Spy Cameras, Hidden-Camera Videos
The Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Public Security Bureau and the State Administration for Market Regulation announced a three-month campaign against spy cameras and hidden-camera videos. The regulators say online platforms and camera developers that do not address privacy violations will be “severely punished” in accordance with laws and regulations. The campaign follows passage of China’s Data Security Law, slated to take effect 1 Sept.
Health Privacy
Niagara Health Patients First in Ontario to Access Diagnostic Scans Under One Digital ID
Patients at Niagara Health are among the first in the province who can access their diagnostic records such as an x-ray, CT scan, MRI, or ultrasound through Ontario trusted account, a unique patient digital identity service on the Niagara Health Navigator mobile app. Similar to the ease of online banking, patients can view and manage their diagnostic records from the convenience of their mobile device and can choose to securely share access with family members, family doctors, specialists and other care providers. This is powered by PocketHealth, a service that receives digital diagnostic records from the hospital, organizes them in a secure account and stores them for patients to access at a small fee. For more information on the Ontario trusted account, visit https://mytrustedaccount.ca
UK Health Department, NHS Publish Draft Health Data Strategy
The U.K. Department of Health and Social Care and the National Health Service released a draft data strategy that will provide patients more control of their health and records. The strategy proposes ease of access to data for patients and medical professionals while also simplifying data sharing practices. The NHS noted its plan comes with a commitment “to using data lawfully, with respect, and holding it securely with the right safeguards in place.” Additionally, the NHS committed to publishing a transparency report on data use by 2022.
Mobile / Location
CNIL Releases Draft Recommendation on Retention of Traceability Data
France’s data protection authority (CNIL) launched a public debate over its draft recommendation relating to terms of retention and use of data logs. One of the purposes of data logs, particularly in multi-user systems, is to ensure traceability of access and actions on the information systems within an organization facilitating security policy compliance. When it comes to retention periods for data logs, the CNIL recommends a period not exceeding six months to one year is sufficient except for cases when a legal obligation or particularly significant risk would require another retention period.
Commission D’access a L’Information Du Quebec Issues Guidance on Employee Geolocation Tracking
Commission d’access a la information du Quebec has issued guidance on employee geolocation tracking [see here in French and English trans here].
Online privacy / Surveillance
Study Reviews Pandemic-Era Employee Monitoring Trends
Software designer Surfshark released its Employee Surveillance Report highlighting trends in employee surveillance from March 2020 to March 2021. Surfshark scraped searches for “bossware” surveillance tools across the world and found the use of and interest in employee monitoring was most prevalent in Sweden, the U.S. and Norway. The study also found one in five businesses are deploying surveillance technology while 62% of companies do so to collect productivity data. The report goes on to compare various monitoring tools and discuss potential employee privacy tactics.
Dutch Organizations File Claim Against Tiktok Over Children’s Privacy
In a claim against TikTok, Dutch consumer protection organization Consumentenbond and the Take Back Your Privacy Foundation say the company should pay $1.5 billion euros for illegally collecting and selling children’s data for targeted advertising. The organizations also said TikTok should delete children’s data it has maintained. “TikTok’s way of working is pure exploitation and the company is earning hundreds of millions a year from children,” Consumentenbond Director Sandra Molenaar said.
Law Enforcement
RCMP Body Camera Pilot Project Wraps Up in Iqaluit
A pilot project in which Iqaluit RCMP officers wore body cameras while working has wrapped up but concerns about accountability and trust remain. Last fall, the Iqaluit RCMP launched a trial run increasing the number of Iqaluit officers wearing cameras, until all 53 were equipped in February. According to Legal Aid, officers wore the cameras at work, but they would be turned on only after the initial interaction, or in some cases, the arrest. Also, the camera only points in one direction, so it doesn’t capture everything. “There’s no guarantee that even if there is an image that is damning of police that police will release it,” said a professor.
LAPD Provided with Free Surveillance Cameras for Promotion
Ring gave Los Angeles Police Department officers free devices or discount codes to market its surveillance cameras. According to emails obtained by the Los Angeles Times, the company encouraged officers to “spread the word” about its doorbell’s ability to “reduce crime in neighborhoods.” ACLU of Southern California Senior Staff Attorney Mohammad Tajsar said the relationship highlights “a lack of clarity as to where the public sector ends and private surveillance capitalism begins.” A Ring spokesperson said the marketing campaign ended “years ago.”
Data Sciences
EDPB, EDPS Issue Opinion on Proposed AI Rules
The European Data Protection Board and European Data Protection Supervisor released a joint opinion on the European Commission’s proposed artificial intelligence regulation. Notably, the opinion proposed a ban on AI-powered biometric recognition technologies and potentially discriminatory AI systems in public spaces. In a joint statement, EDPB Chair Andrea Jelinek and EDPS Wojciech Wiewiórowski said the ban is a “necessary starting point” for a “human-centric legal framework for AI,” also noting the biometric deployments in combination with AI “means the end of anonymity in those places.”
Study Looks at Advances, Long-Term Impact of AI
A new report from Pew Research Center and Elon University’s Imagining the Internet Center found 68% of responding developers, business and policy leaders, researchers and activists do not believe ethical principles focused on public good will be employed in most AI designs by 2030. The report includes written explanations from professionals, including Google’s Chief Internet Evangelist Vint Cerf, who said, “There will be a good-faith effort, but I am skeptical that the good intentions will necessarily result in the desired outcomes.”
NIST Seeks to Quantify User Trust In AI
The National Institute of Standards and Technology is looking to quantify user trust in artificial intelligence. The NIST is accepting public comments until July 30, saying it wants to identify areas of mistrust in AI and promote informed decisions in its use. A user trust score will be used to measure items such as the age, gender, cultural beliefs and AI experience of an individual using an AI system, while a trustworthiness score will explore technical concepts.
Security / Breaches
Humber River Restores Computers After Malware Attack
Humber River Hospital is continuing to work through the shutdown of its computer systems in response to an extensive malware attack last week. The hospital had deactivated all of its computers as a safety precaution against the attack, which was a form of ransomware. Because the organization caught the malware early, it believes that it avoided the loss of data and has not received demands for a ransom.
Kroll Releases ‘2021 Data Breach Outlook’
Digital service provider Kroll published its “2021 Data Breach Outlook,” which reviewed the effects of data breaches on its clients in 2020. The report shows a 140% increase in data breach notifications compared to 2019, with the most affected industries being health care, education and financial services. Kroll said the rise in incidents is linked to a combination of remote work, the evolution of ransomware, impacts to supply chain attacks, and heightened awareness to privacy rights and regulations. SEE ALSO: Cybersecurity Firm Reports 116% Increase in Ransomware Attacks | A survey released by Cybereason found 80% of organizations that paid demands in ransomware attacks experienced a second breach, 46% believing it to be caused by the same threat actors.
CISA Highlights How Solarwinds Attack Could’ve Been Prevented
The U.S. Cybersecurity and Infrastructure Security Agency highlighted how established security recommendations could have stopped last year’s SolarWinds cyberattack, Reuters reports. In a letter to U.S. Sen. Ron Wyden, D-Ore., the CISA said had victims configured their firewalls to block outbound connections from the servers running SolarWinds, it “would have neutralized the malware,” adding those who did so avoided the attack.
Danish DPA Offers Ransomware Guidance
Denmark’s data protection authority, Datatilsynet, posted guidance on best practices to combat ransomware attacks. In a video, Datatilsynet IT Security Specialist Allan Frank offered advice on mitigation tactics as well as proper system backups. Additionally, the DPA issued a checklist of actions organizations can take to reduce the threat of ransomware, including employee awareness, system patching, filtered emails and more.
