At a glance.
- Calcalist calls for unbiased external investigation of police spying allegations.
- FTC combats illicit user data collection with algorithmic destruction.
- Meta hit with major fine for GDPR violations.
Calcalist calls for unbiased external investigation of police spying allegations.
The Israeli newspaper Calcalist is pushing for an independent investigation looking into allegations that Israeli police have been spying on citizens by hacking their phones. Times of Israel explains that an initial probe and report from Deputy Attorney General Amit Marari revealed no evidence of wrongdoing, but Calcalist says much of the intel the paper shared with Marari, including details about exactly where evidence of the hacking operation could be found in the police files, was disregarded. Furthermore, the newspaper has revealed for the first time that its sources came from within the police unit that allegedly carried out the surveillance, and that having the officials accused of spying essentially investigating themselves presented a conflict of interest. Calcalist commented that the initial report “seemingly indicates a desire to create a protective narrative that will prevent the [further] development of the findings,” and that “we believe that it is appropriate to refer the examination, or inquiry if necessary, to an...authoritative and independent committee.”
FTC combats illicit user data collection with algorithmic destruction.
Protocol examines the US Federal Trade Commission’s (FTC) use of algorithmic destruction as a tactic for fighting deceptive digital data practices. As we noted earlier this month, the FTC penalized WW International (formerly known as Weight Watchers) for collecting personal data from minors without parental consent by fining the company $1.5 million and requiring they delete the data in question. However, they also took the penalty a step further by ordering WW to delete the algorithms it constructed using the illicit data. This was not the first time the FTC used this method. In 2019 the agency similarly demanded Cambridge Analytica destroy algorithms the company had used to illicitly gather Facebook user data, and also used the approach in penalizing photo-sharing app Everalbum in 2021. As business models have become more reliant on turning data into profit, such algorithmic systems (and the data used to build them) have become essential means to revenue, and the FTC could routinely begin targeting these algorithms as a way of regulating improper data handling. In a recent Yale Journal of Law and Technology article, FTC Commissioner Rebecca Slaughter and FTC lawyers Janice Kopec and Mohamad Batal explained, “The premise is simple: when companies collect data illegally, they should not be able to profit from either the data or any algorithm developed using it…This innovative enforcement approach should send a clear message to companies engaging in illicit data collection in order to train AI models: Not worth it.”
Meta hit with major fine for GDPR violations.
The Irish Data Protection Commission (DPC) has fined Meta €17 million for multiple Facebook data security incidents indicating the company violated the EU’s General Data Protection Regulation, TechCrunch reports. The twelve breaches in question, which collectively compromised the data of up to 30 million Facebook users, were brought to the DPC’s attention in 2018, at which point the regulator opened an inquiry into the data handling practices of the social media platform (now owned by Meta). In a press release, the DPC stated, “As a result of its inquiry, the DPC found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR. The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches.” A Meta spokesperson attempted to downplay the violations, attributing them to flawed record keeping: “This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information. We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”