LIVE: Grand International Parliament @CommonsCMS (continued) with @podehaye and @ICOnews parliamentlive.tv/Event/Index/ef…
In a prior @CommonsCMS hearing with Alexander Nix, it was revealed how he presented a fundamentally flawed understanding of international privacy law that has been continually reinforced by @ICOnews and it all started with @podehaye’s research.
Sorry for the confusion but @podehaye is not presenting now. It’s the information commisioners. My bad?
Ian Lucas MP: Ever received a voluntary data breach report from Facebook under UK DPA before GDPR? No.
Ian Lucas MP: Do you know if Zuckerberg knew about GSR breach before their public claim to learn from The Guardian? Denham has emails of senior people being aware of breach in 2014/2015 but don’t have Zuckerberg’s email address on chain. Can’t confirm if he knew. (whoa!)
Ian Lucas MP: Denham is not aware of any third-party apps being suspended by Fb before the revelations in March 2018
Charlie Angus, ETHI, Canada: Asks about their AggregateIQ investigation findings and rogues outside jurisdictions and need for tools to content with cross-border “data mercenaries” above an optometrist’s shop in British Columbia?
Denham describes need to follow the data across borders and reach into the cloud. They were able to seize 700 terrabytes from Cambridge Analytica for largest forensic analysis ever. Need enforcement tools and intl cooperation networks for data protections, MLATs
Angus: While Denham was Canadian privacy watchdog in 2009 she investigated Facebook and if they had taken her advice they would’ve avoided the Cambridge Analytica scandal. That report laid bare the ad model and friend-of-friends data leakage model.
Denham reflects on Lord Allan’s statement from the morning that Facebook won’t do anything unless legally compelled which is a striking justification for muscular rules and enforcement.
Angus asks about FB’s ICO appeal and she is disappointed that FB has misrepresented their findings. ICO fined FB because they allowed data harvesting without informed consent and then failed to contend with it proactively violating core principles of 30 year old concepts.
Denham: It is disengenious that Facebook compared the violation to email forwarding. A shame that such an innovative company is failing here.
Nathaniel Erskin-Smith: Why is Facebook challenging such a basic concept of privacy law 101, meaningful consent and notice? Denham notes the tension with their business model. Appeal is their right though, even though frustrating.
Erskine-Smith: Are companies responsive to naming and shaming? Denham says stop-processing personal data order is perhaps the strongest tool in the box compared to fines.
Jo Stephens MP: Asks about (Arron Banks’) Eldon insurance’s claim they self-reported a breach. Denham: We found no evidence that’s true.
Bob Zimmer, ETHI, Canada: What would you do in our place? Where would you start? Denham: Launched investigation in 2017 to understand how political parties are purchasing from data brokers and using social media. Are they compliant and transparent? Statutory Code of Conduct rec’d
Giles Watling MP: Asks about resources needed to respond to increasing volume of complaints. Opportunity is regulating processes rather than the actual operations of complaints and takedown. Show efficacy of companies’ ability to meet standards in law. We don’t have that now.
Edwin Tong, Singapore: Denham: Misinformation, disinformation, tech addiction, opaque advertising, digital privacy are all complex issues and there is no silver bullet and requires participation by citizens, companies and governments.
Julian Knight MP: Asks about “sandwich bill” fine. Denham says she would’ve levied a much larger fine hypothetically if violation had occurred under GDPR rather than UK DPA 1998. Looking at any contraventions after GDPR? Yes. Working with Irish DPA, referred matters to them.
Pritam Singh, Singapore: Opaque governments are also responsible for misinformation problems. What would ICO recommend? Freedom of Information is crucial part of open govt and open data to civil society.
Nathaniel Erskine-Smith, ETHI, Canada: Facebook acceptance of human trafficking to limit platform immunity (SESTA/FOSTA, CDA §230), what is step to hate speech and algorithmic transparency in context of “borderline content” that is byproduct of perverse incentives?
Denham: GDPR provides some basis for algorithmic explainability points to upcoming work of ICO.
Ian Lucas MP: On GSR, was Facebook aware as early as 2014? Denham will write back with names and dates of senior managers who knew about GSR when. (BOOM!)
Charlie Angus, ETHI, Canada: Ethical accountability of algorithms? Denham: A critically important area of study for lawmakers. A standing committee, ongoing studies should complement AI innovation efforts.
Rebecca Pow MP: On international cooperation across jurisdictions, very positive to see cooperation today representing 450M+ citizens; positive steps
Damian Collins: In 2013-15 was there data breach reporting structure? No. Now there is, per the GDPR to have Data Protection Officer that reports to Board. Shocking that FB didn’t have internal breach reporting flow after FTC Consent Decree.
Damian Collins: Does Six4Three evidence suggest friend data leakage so widespread that FB didn’t see it as a problem? Unsealing evidence could support ICO’s investigation. ICO requested data from Six4Three but was denied per the seal despite considerable interest.
Damian Collins: Is Cambridge Analytica effectively trading under other names? ICO is monitoring other entities, including Emerdata. Criminal trial in January (over my data!) may be relevant.
Surprise Witness: it’s @ashk4n to comment on FTC consent decree, who worked in the FB case per comments this morning by Lord Allan.
Soltani: Lord Allan made a false statement in the morning about the API v1 about permissions override.
Soltani: Whitelisted apps were able to override Facebook privacy settings which contradict Lord Allan’s statements in the morning.
Soltani: From his experience FB cannot govern itself and internal management just does not have the priorities or mindset.
Soltani: Facebook supported California Consumer Privacy Act in public while lobbying against it behind the scenes.
[Have to teach class now, so have to go but do stay tuned. This surprise Soltani appearance is explosive.]
