Advanced Search
Content Type: Examples
The Irish Council for Civil Liberties (ICCL) has filed a lawsuit in Hamburg against three AdTech industry trade bodies including the Interactive Avertising Bureau (IAB). Members of the IAB include big tech companies (Google, Facebook, Amazon, Twitter...), data brokers (Equifax, Experian, Acxiom...) and advertising agencies (Groupm, Publicis, IPG...).
The lawsuit follows the filing in 2018 of complaints with the Irish Data Protection Commission (DPC) and UK Information Commissioner (ICO), which…
Content Type: Examples
Civil society organisations Civil Liberties union for Europe, Open Rights Group and Panoptykon Foundation have filed complaints against Google and Interactive Advertising Bureau (IAB) member companies in Croatia, Cyprus, Greece, Malta, Portugal and Romania.
The complaints address privacy abuses arising from real-time bidding processing, and call on data protection authorities to work together in investigation the real-time bidding industry.
Content Type: Examples
French data protection regulator CNIL fined Google and Amazon €100 million and €35 million respectively for breaches of the French Data Protection Act. The CNIL found that the French websites of Google and Amazon had not sought the prior consent of visitors before advertising cookies were saved on computers, and failed to provide clear information to users as to how they intended to make use of online trackers and how to refuse any use of cookies.
In relation to Google, the CNIL made an…
Content Type: Examples
A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes…
Content Type: Examples
Italy has launched Immuni, one of the first contact tracing apps based on the Apple-Google API. The app is opt-in, and includes an explanation of the privacy and security measures in its setup. The app collects anonymously bluetooth tokens that are automatically randomised, but does not collect GPS or location data and performs all processing on the device.
Source: https://9to5mac.com/2020/06/01/italy-apple-exposure-notification-api-app/
Writer: Michael Potuck
Publication: 9 to 5 Mac
Content Type: Examples
Google has begun publishing "COVID-19 Community Mobility Reports", which analyse the location data it collects from smartphones to create maps of aggregated changes in the movement of populations around the world. Google claims the data is "anonymised" via differential privacy, and suggests that governments can use the results of its analysis to understand not only whether people are travelling but where, so they can adapt transport policies to ensure adequate distancing. It is unclear how…
Content Type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content Type: Examples
Three years ago, the Alphabet subsidiary Verily developed a software platform, Project Baseline, to run clinical trials on a group of volunteers who agree to share their medical data with a group of researchers at pharmaceutical companies and research hospitals. In early March, Verily began considering whether and how the software could be used to help detect COVID-19. To date, the site is in beta mode, and consists of a questionnaire that links local Bay Area residents to three testing sites.…
Content Type: Examples
Technology companies are struggling to cope with the flood of misinformation spreading across the internet, both on social media sites and on the open web, where 4,000 new websites have been created since the beginning of the year that include "coronavirus" in their title and 3% of which are considered malicious. The problem appears to be less coordinated misinformation campaigns than speculation and rumours that are organically spread. As part of the efforts to combat the problem, Google…
Content Type: Examples
Ahead of the Irish referendum to amend the Constitutions of Ireland to allow the parliament to legislative for abortion which took place in May 2018, Google decided to stop all advertising relating to the referendum on all of its advertising platforms, including AdWords and YouTube.
This followed decisions by Facebook to no longer accept advertising relating to the referendum funded by foreign organisations outside Ireland, and Twitter not allowing any advertising in relation to the…
Content Type: Examples
After four years of negotiation, in 2017 Google began paying Mastercard millions of dollars for access to the latter's piles of transaction data as part of its "Stores Sales Measurement" service. Google, which claimed to have access to 70% of US credit and debit cards through partners, said that double-blind encryption prevents both partners from seeing the other's users' personally identifiable information. Mastercard said the company shares transaction trends with merchants and their service…
Content Type: Examples
In an effort to improve political advertising transparency, Canada drafted a Bill that requires companies to develop ad libraries, to which ads are added immediately in order for researchers, journalists, and other people to be able to search and understand how political actors are targeting ads. In response, Google announced that it would blanket-ban all political ads in Canada, saying the company was unable to comply with the new law. Google’s decision shows both that the current state of…
Content Type: Examples
Simultaneous complaints have been filed with European data protection authorities against Google and other ad tech firms. The complainants are being made by Dr Johnny Ryan of Brave, the private web browser, Jim Killock, Executive Director of the Open Rights Group, and Michael Veale of University College London. The complaint notifies European regulators of a massive and ongoing data breach that affects virtually every user on the web.
Content Type: Examples
Panoptykon Foundation, the Warsaw based digital rights organization, has joined in the complaints filed in the UK and Ireland in September by Jim Killock of the Open Rights Group, Michael Veale of University College London, and Dr Johnny Ryan of Brave, by filing a new complaint in Poland. Together, the complainants in Ireland, Poland, and the UK, have also filed new evidence today with the national data protection authorities of Ireland, Poland, and the United Kingdom, that reveals how ad…
Content Type: Examples
In February 2019 Google engineers announced that they had created faster, more efficient encryption system that could function on less-expensive Android phones that were too low-powered to implement existing full-device encryption. The scheme, known as Adiantum, uses established and well-vetted encryption tools and principles. Android has required smartphones to support encryption since 2015's version 6, but low-end devices were exempt because of the performance hit. It will now be up to device…
Content Type: Examples
In October 2018, Google developers announced Manifest V3, a new standard for developing extensions for its Chrome web browser. One of the modifications included replacing the API used by extensions that need to intercept and work with network requests. The new API, DeclarativeNetRequest, limits the number of network requests an extension can access; the result was to muzzle third-party adblockers but not the new one Google was building in. Google claimed that implementing a maximum value was…
Content Type: Examples
In the run-up to the May 2019 European Parliament elections, Google announced it would launch a new set of transparency tools to combat voter manipulation. Before being allowed to buy advertising on Google platforms, campaigns will be required to verify their identity, and approved ads will be required to display the identity of their purchaser. Google will build a real-time searchable database of all political ads and show their purchasers, costs, and demographics. Facebook announced similar…
Content Type: Examples
In September 2018, Google was discovered to be prototyping a search engine, codenamed Dragonfly, designed to comply with China's censorship regime. Among other features, Dragonfly would tie users' searches to their personal phone numbers, ensuring the government could track their queries. Among the terms on Google's Mandarin-language blacklist: "human rights", "student protest", and "Nobel prize". One Google source suggested Dragonfly would also force on users potentially manipulated Chinese-…
Content Type: Examples
In September 2018, Google warned a selection of US senators and their aides that their Gmail accounts were being targeted by foreign government hackers. Google has issued warnings of phishing attempts by state-sponsored actors since 2012, though getting a notice does not mean the account has been compromised.
https://www.cnet.com/news/google-warns-us-senators-of-foreign-hackers-targeting-their-gmail-accounts/
Writer: Richard Nieva
Publication: CNet
Content Type: Examples
In June 2018, security researchers found that Google's smart speaker and home assistant, Google Home, and its Chromecast streaming device could be made to leak highly accurate location information because they failed to require authentication from other machines on their local network. The attack worked by requesting a list of nearby wireless networks from the Google device and sending that list on to Google's geolocation lookup service, whose map of wireless network names around the world is…
Content Type: Examples
Three months after the 2018 discovery that Google was working on Project Maven, a military pilot program intended to speed up analysis of drone footage by automating classification of images of people and objects, dozens of Google employees resigned in protest. Among their complaints: Google executives' decreasing transparency and attention to workers' objections; that Google's move could damage user trust; and ethical concerns over using algorithms in this potentially lethal work and Google's…
Content Type: Examples
In 2018, a group of researchers from the Campaign for Accountability posed as Russian trolls and were able to purchase divisive online ads and target them at Americans using Google's advertising platform. The researchers constructed fake profiles using the name and identifying details of the Internet Research Agency, a known Kremlin-linked troll farm; the ads appeared on the YouTube channels and websites belonging to CNN, CBS, Huffington Post, and the Daily Beast. The ads were approved in less…
Content Type: Examples
In September 2018, a number of people whose Google Pixel phones, Essential Phone, OnePlus 6, Nokia handsets, and other devices running Android 9 Pie discovered that the devices had, apparently autonomously, activated the software's Battery Saver feature. Google later explained that an internal experiment to test battery-saving features had accidentally - and erroneously - been rolled out to more users than it had intended. The silent and invasive nature of the mistake made it particularly…
Content Type: Examples
In 2018, a week before the General Data Protection Regulation came into force in the EU, Quantcast and several other publishing industry groups complained that Google in an open letter that Google was imposing GDPR risks on publishers and consumers. Under the system Google proposed for GDPR compliance, Google would impose limits on the number of technical vendors publishers could work with, thereby limiting innovation and competition, had yet to commit to joining the IAB Europe's Transparency…
Content Type: Examples
Google announced on October 8 having discovered a vulnerability in the Google+ API which has been open since 2015. This vulnerability allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information. While Google only retains 2 weeks of activity logs and cannot assert the exact reach of the breach, it believes that up to 438 applications had access to these data.…
Content Type: Examples
DoubleClick was one of the first companies set up to sell display advertising on the web. Set up in 1996, it went public in 1998, and in 1999 merged with the data collection company Abacus Direct. In response to a 2001 US Federal Trade Commission investigation of the proposed merger, DoubleClick promised to keep those two databases separate; and in 2005 when the private equity firm Hellman & Friedman acquired it, that firm promised to operate the company as two separate divisions. In April…
Content Type: Examples
In 2017 the Electronic Privacy Information Center filed a complaint with the US Federal Trade Commission asking the agency to block Google's Store Sales Measurement service, which the company introduced in May at the 2017 Google Marketing Next event. Google's stated goal was to link offline sales to online ad spending. EPIC argued that the purchasing information Google collected was highly sensitive, revealing details about consumers purchases, health, and private lives, and that Google was…
Content Type: Examples
In May 2018, Google announced an AI system to carry out tasks such as scheduling appointments over the phone using natural language. A Duplex user wanting to make a restaurant booking, for example, could hand the task off to Duplex, which would make the phone call and negotiate times and numbers. In announcing the service, Google stressed its use of "speech dysfluencies" - that is, non-verbal syllables such as "um" and "er" to make the interaction sound more natural.
The system almost…
Content Type: Examples
In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick subsidiary into a single database. The company claimed the purpose was to enable a better, more unified experience - for example, it said it would be able to deliver better search results by combining…
Content Type: Examples
In 2009, Spanish citizen Mario Costeja González objected to the fact that an auction notice from 1998, when his home was repossessed, was still accessible on the website of the Spanish newspaper La Vanguardia and the first thing people saw when they searched for him on Google. When the courts declined to order the newspaper to remove the announcement, Costeja asked Google Spain to stop linking to it in search results on his name. When Google did nothing more than forward the complaint to its…