Austrian telco A1 with 25 million customers in Austria, Bulgaria, Croatia, Slovenia, Serbia, North Macedonia and Belarus announces to sell 'insights into the movement of people' based on 'aggregate'+'anonymized' location data via @here's data marketplace: here.com/sites/g/files/…
Exploiting the pandemic to expand on commercial location data business, great.
"Our analytics product, A1 Mobility Insights, has already proven itself to be considerably helpful during the current coronavirus crisis. By joining the HERE Marketplace, we can go a step further"
'A1 Mobility Insights' is provided together with invenium.io. According to the FAQ, A1 'replaces' IMSI numbers with daily changing 'random IDs' before sharing data with Invenium.
According to the same FAQ, the minimum aggregation level of the analysis *output* is 20 persons, but with the disclaimer "depending on the project requirements".
Anyway, they seem to process personal data and do not mention advanced ex-ante or ex-post anonymization techniques.
They claim that the Austrian data protection authority has confirmed ('bestätigt') their 'anonymization technique' as GDPR compliant.
I'd love to see a statement on this by the Austrian DPA.
Do they really have a legal basis to process pseudonymous personal data in this way?
I think, this deserves further scrutiny + media attention.
Apart from legal questions, I doubt that 25 million A1 customers in several European countries are fine with - or even aware of - A1 analyzing their movements and selling insights for all kinds of commercial purposes.
Btw. According to Creditreform, Invenium is majority-owned by Mobilkom Beteiligungsgesellschaft mbH (firmenabc.at/invenium-data-…), which is owned by A1 Telekom Austria Group.
Originally, Invenium is a Graz University of Technology spin-off, founded in 2016: tugraz.at/tu-graz/servic…
HERE Technologies, who runs the location data marketplace, provides mapping and location data stuff. Formerly known as Navteq it has been around since ages, has been owned by Nokia, and is now owned by Mitsubishi, Japanese telco NTT, Intel, Continental, Bosch, Audi, BMW, Daimler.
HERE's customers for its 'location intelligence' products include the US Department of Homeland Security (360.here.com/what-were-doin…), partners include NSA contractors such as CACI (here.com/partners/find-…).
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Letzten März war ich kompromissbereit, was die Auswertung von aggregierten Mobilfunk-Bewegungsdaten für gemeinwohlorientierte epidemiologische Zwecke betrifft. Vielleicht ein Fehler.
Invenium sagt, man nutze Standortdaten von A1 inkl. Bob/Yesss/RedBullMobile und decke damit in AT 43% ab.
Auch wenn "je nach Projektanforderung" eine Gruppierung auf 20 Personen erfolge, werden laut FAQ pseudonymisierte personenbezogene Daten verarbeitet. invenium.io/de/blog/2020-1…
Invenium behauptet, die österreichische Datenschutzbehörde und der TÜV Saarland hätten deren "Anonymisierungsverfahren als datenschutzkonform bestätigt", ebenso eine "Studie der führenden Rechtsexperten der Universität Wien".
Denke, das sollte dringend nochmals geprüft werden.
Austria's job center wants to sort the unemployed into three classes. It has never listened to criticism of civil society. Now it's fighting the Austrian data protection authority, who banned the system.
This legal fight may have implications beyond Austria.
The data protection authority said that while case workers could theoretically modify the system's classifications, they won't have the time+resources to do so, and thus the system actually makes solely automated decisions.
In my opinion, the Austrian job center (AMS) is acting in a reckless+irresponsible manner.
Instead of being an advocate for the unemployed and listening to criticism, it's pushing for technocratic solutionism and is even willing to accept that this may weaken EU data protection.
argyle.com, a US startup that aims to aggregate employment records across employers, including data on work activities and reputation, and sell it to recruiters, lenders, insurers. It claims it has already access to 40m records.
This is terrifying + shouldn't exist.
"The short term objective for Argyle is access to 100% of employment records; the reason for fundraising at this moment is to quicken the date of 100% access"
"We started with building coverage where Equifax has not - in the gig economy" notion.so/Argyle-A-Round…
US data brokers have been gathering+selling data on work history/salary for decades, which also shouldn't happen. Argyle's sales pitch suggests they want to go far beyond that.
Predicio, a French data broker who was caught selling location data harvested from ordinary smartphone apps to the US defense contractor Venntel, also provides 'foot traffic data' in partnership with Aspectum, another US company who sells to law enforcement and homeland security.
Aspectum (aka EOS Data Analytics) claims to provide 'geospatial insight based on cell phone activity and other data sources for a better understanding of local social interaction hazards' such as 'demonstrations, protests, riots, and other mass civil disorder acts', for example.
As a part of a 'combined offer from Aspectum and Predicio', that 'enables' clients 'to track and analyze human activities', 'foot traffic data' is 'available for selected countries' including the US and most EU countries.
Microsoft Teams for Education knows what students are doing late at night.
It also knows what students are doing early in the morning, at individual level.
Generally, MS Teams for Education has extensive student monitoring capabilities built in.
Its 'Insights' tool can track which meetings students attend and for how long, what tabs they view, if they open files, post messages, reply or react with emojis. edudownloads.azureedge.net/msdownloads/Mi…
Today's digital advertising based on selling user data to the highest bidder has been called the 'largest data breach ever', and yes:
Two firms who sell targeted+mass surveillance to governments are hoovering phone location data from the ad/rtb bidstream: forbes.com/sites/thomasbr…
One of the players, Bsightful, is part-owned by the US surveillance giant Verint, who reportedly supplied phone tapping tech to the NSA.
The other, Rayzone, sells a "Global Virtual SIGINT" system that promises "wide, diverse and in-depth information on global internet users".
According to Forbes, Bsightful is "hoovering up app location data by running what’s known as a Demand Side Platform (DSP)".
That way, they can collect "location and other phone data the app developers are willfully providing, the data passing through [the so-called] bidstream".