The Immigration Exemption aims to let the UK Home Office and companies refuse requests for personal data because it might 'prejudice the maintenance of effective immigration control'.
We've fought against this exceptionalism in data protection, but the Data Protection and Digital Information Bill could undo it all.
🗣️ @sarahalsherif ORG Programme Manager for Migrant Digital Justice.
We challenged the Immigration Exemption with @the3million as it prevents migrants from challenging mistakes in data and #immigration decisions.
The UK Court of Appeal found it unlawful due to insufficient safeguards and considerations of the risk to migrants' rights.
The government has now complied with the Court Order BUT in a way that makes it as difficult as possible for migrants to uphold their data rights in practice.
#EU#Germany#DataProtection#DataLeaks#Privacy#DataBrokers: "The document lists more than 60 names and is publicly available on the site of a data broker. Most of those names are said to belong to German citizens. Their date of birth, passport number and expiration date is also listed. Such data is considered particularly sensitive because it can be used for identity theft. Selling and publishing it online is a disaster from a data protection perspective.
The list was uploaded to the site of a data broker in the EU, that allows others to buy or sell data. We are not naming the site here because the list is still online. The document listing more than 60 names is apparently a free sample. Interested parties can use such samples to get an impression of the data – before buying more of it. The data broker makes money from each sale: according to its own information, it keeps part of the sales price as a fee.
netzpolitik.org was able to identify several people on the list. They live in Bavaria or Lower Saxony and confirm that their data and ID numbers are genuine. Some were shocked to learn their data was public. One person tells us on the phone: „Data protection, you often hear about it. But it’s a different feeling when you see your own data openly on the Internet.“"
Under the pretense of safeguarding, the programme harvests and retains people's data, mostly children, even when no action is taken.
We need to stop Prevent before it becomes a global problem.
Read this new report by Rights and Security International: "The UK is helping Indonesia violate freedom of religion, risks complicity in torture and disappearances." ⬇️
Changes in the UK Data Protection and Digital Information Bill will exacerbate the existing power imbalances that migrants, refugees and asylum seekers have over their data.
#EU#SocialMedia#Meta#Facebook#AdTech#DataProtection#Privacy: "First Statement. The AG Opinion (C-446/21) has just been published. Please refresh this page for any updates. While we are still analysing the details, we hope the initial reaction below captures the key takeaways:
Katharina Raabe-Stuppnig, lawyer representing Mr Schrems: "We are very pleased by the opinion, even though this result was very much expected."
Use of data for advertising must be limited by time, type and source. So far, Meta uses all the data it has ever collected for advertising. For example, Facebook user data can go back as far as 2004. To prevent such practices, the GDPR established the principle of "data minimisation" in Article 5(1)(c) GDPR. So far, Meta has simply ignored this and has not foreseen any deletion periods. The application of the 'data minimisation principle' radically restricts the use of personal data for advertising - even if users have consented to ads. It applies regardless of the legal basis used for the processing, so even a user who consents to personalised advertising cannot have their personal data used indefinitely. While the AG says that the national court would have to decide on the details, factors may be the type of personal data (like age -v- behavioral data), the source (like actively provided data -v- passiv technical tracking) or the context of the collection (like on a social network -v- on third pages)."
#AI#Privacy#DataProtection#AIRegulation: "AI today is both old and new. The technologies branded as "AI" today are actually old technologies that are working more effectively given vast increases in data and computing power.
It is important to avoid "AI exceptionalism" — treating AI as if it were so unique that we are unable to see how its privacy problems are often outgrowths of existing privacy issues. The privacy problems associated with AI largely revolve around practices privacy laws have long dealt with, such as the collection and processing of personal data. To be effectively addressed, these privacy problems should be tackled holistically, not just in the context of AI. Rarely is there a magic line separating privacy issues in AI from those in the digital age generally.
AI can increase existing privacy problems, add dimensions and complexities to them, or remix them. Merely addressing AI is like trying to remove weeds without digging up their roots."
The European Committee on Civil Liberties, Justice and Home Affairs has issued a new warning that the Data Protection and Digital Information Bill puts the UK's adequacy agreement with the EU in question.
A move that would take chunks out of the UK economy and our data rights.
"The concerns of the LIBE committee highlights how the data rights of people in the UK will be reduced compared to people living in Europe. This should not be acceptable to our parliamentarians.”
Surveillance measures in the #DigitalHostileEnvironment will intensify if the UK Data Protection and Digital Information Bill succeeds in weakening data rights.
Yet the majority of migrants, refugees and asylum seekers we surveyed with Positive Action in Housing haven’t heard about the Bill.
Our survey of migrants, refugees and asylum seekers with Positive Action in Housing found that most people worry about the UK government sharing their data with third-party organisations.
Right to work checks in the UK, run through error-prone technology offered by an increasing number of third-party companies, put #migrants in precarious positions.
Many people have been unfairly dismissed from jobs and found that their data is outside of their control.
ORG, Migrants' Rights Network and Migrants at Work run the #ChallengeTheChecks campaign to uncover the data harms resulting from right to work checks.
ORG and Positive Action in Housing surveyed migrants, refugees and asylum seekers about digital rights. The results show a distrust over how the government handles their data.
When people migrate, their data migrates with them. Data that can expose people to the threats they were escaping.
Migrants should enjoy the same human rights as everyone else, including the protections of digital rights. This is #DigitalSanctuary ⬇️
📢 How do we protect your privacy? Stay informed about our latest actions to keep your personal data safe, & behind-the-scene content via our social media channels. Explore the intertwining world of data protection with technologies and other policy areas with our podcast series.
Data allows election campaigns to deliver micro-targeted messaging with the power to manipulate public opinion.
The #DPDIBill will make it easier for political parties to use our data and introduces a wide basis to process data for “democratic engagement” purposes.
Despite the Cambridge Analytica scandal, the government wants to lower accountability just as a UK general election looms.
#SocialMedia#Facebook#Meta#EU#GDPR#DataProtection#AdTech#Privacy: "Today, the EDPB has issued its first decision on "Pay or Okay" in relation to large online platforms such as Instagram and Facebook, as first reported by Politico. This decision prohibits Meta from using an unlawful consent request processing personal data. It seems that by now, Meta has run out of options to continue using people's data for advertising in the EU without a consent mechanism that actually complies with the law." https://noyb.eu/en/statement-edpb-pay-or-okay-opinion
#EU#Belgium#France#AI#GenerativeaAI#AITraining#DataProtection#GDPR: "As well as the Belgian Data Protection Authority decision I criticised earlier this week, it appears the French DPA has issued similar guidance on the use of personal data to train AI models. My detailed analysis below shows that, in relation to purpose-specific AI systems, it makes no sense: the training of the system cannot be separated from the ultimate purpose of the system. This has a major bearing on the issue of compatibility.
As a matter of principle and law, the creation and training of AI models/profiles for a specific purpose (be that direct marketing or health care) must be based on the legal basis relied on for that ultimate purpose.
The fact that the creation and training of the models/profiles is a “first phase” in a two-phase process (with the deployment of the models/profiles forming the “second phase”) does not alter that.
However, as an exception to this, under the GDPR, the processing can also be authorised by law or by means of an authorisation issued by a DPA under the relevant law (as in France), provided the law or DPA authorisation lays down appropriate safeguards. That is the only qualification I accept to the above principle." https://www.ianbrown.tech/2024/04/16/more-on-french-and-belgian-gdpr-guidance-on-ai-training/