Daily Digest (6/16)

Dueling COVID-19 Privacy Bills Facing Hurdles in Congress; Google Loses $57M French GDPR Appeal; Event Data Recorders Becoming Standard in New Cars; Tim Hortons’ App Using ‘Double-Double’ Tracking on Customers. Click “Continue reading” below.

Dueling COVID-19 Privacy Bills Facing Hurdles in Congress

Federal lawmakers disagree over potential COVID-19 privacy legislation, with Democrats calling for state laws to hold weight despite federal laws while Republicans prefer preemption.

Democrats also are pushing for a private right of action in any bill, The Wall Street Journal reports.

Lawmakers from both parties, however, agree that privacy protections are critical to either legislation.

They began serious talks about a general federal privacy standard late last year after Republicans and Democrats both discussed respective proposals in the Senate Commerce Committee.

The plans overlapped in many ways and would allow consumers to opt in to share sensitive information. They also would require businesses to minimize how they use such data, the Journal reports.

But unresolved differences reappeared last month in dueling bills tailored for data-collection around the coronavirus pandemic, leaving some policy analysts doubtful the bills would move forward.

“They kind of left me with a sense of déjà vu,” Müge Fazlioglu, senior Westin research fellow at the International Association of Privacy Professionals, told the Journal.

Source (external link):

Google Loses $57M French GDPR Appeal

France’s Council of State, the Conseil d’État, denied Google’s appeal of its $57 million EU General Data Protection Regulation fine from the French data protection authority in January 2019.

Google’s appeal focused on the lack of jurisdiction the French authority had in regulating the company’s European operations, AdExchanger reports.

The Conseil d’État, which serves as the supreme court of administrative justice, is expected to deliver its final ruling by the end of the month.

Google’s fine, however, is dwarfed by the $229 million penalty U.K.’s British Airways received in July 2019 for a huge data breach the year before.

Source (external link):

Event Data Recorders Becoming Standard in New Cars

Popularly known as “black boxes,” event data recorders (EDRs) are now becoming standard in almost every new car sold, according to Consumer Reports.

The recorders track such vehicle data as speed, acceleration, braking, steering and air-bag deployment before, during, and after a crash.

First introduced by General Motors Corp. in basic form on air-bag-equipped models in the mid-1970s, EDRs were used by manufacturers in 64% of all new models by the 2005 model year, according to the National Highway Traffic Safety Administration (NHTSA).

The Insurance Institute for Highway Safety (IIHS) told Consumer Reports that more recent data showed all new cars having some form of EDR. But the specific information gathered varies by manufacturer, and some companies make it easier to retrieve data than others.

However, a 2012 NHTSA rule standardizes the data collected by the black boxes and how it can be retrieved, according to Consumer Reports, prompting concern from privacy experts.

They argue the data can be used in court cases to prove accident fault. States also have different laws governing the release of the information.

Source (external link):

Tim Hortons’ App Using ‘Double-Double’ Tracking on Customers

The mobile-ordering app for Tim Hortons, the Canadian-based fast-food chain, is employing “double-double” tracking to learn how customers sleep, work and vacation.

In a report by The Financial Post, a writer found that Tim Hortons has been tracking him, when the device was on and off, for months.

“It’s staggering how much the company knows about me,” last week’s report says. “The company’s app silently logged my coordinates and relayed them back to its corporate servers.”

The writer discovered the trove of data Tim Hortons and its parent company, Restaurant Brands International Inc. (RBI), had amassed after a public-records request under Canada’s Personal Information Protection and Electronic Documents Act.

“According to the data, Tim Hortons had recorded my longitude and latitude coordinates more than 2,700 times in fewer than five months, and not just when I was using the app,” the report said.

Radar Labs Inc. tracks the data for Hortons, collecting it and sending to RBI servers.

Duncan Fulton, Tim Hortons’ chief corporate officer, told the Financial Times that users consented to the tracking when they gave the app access to GPS on their cellphones — and should not if they did not want to be tracked.

But Erinn Atwater, of the nonprofit Open Privacy group in Vancouver, called the “double-double” monitoring “unexpected.”

“It’s certainly far more invasive than I would consider acceptable for a coffee-shop app,” she said. “I don’t think any of us want corporations watching every single move we make without any insight into it.”

Source (external link):

— By DPN Staff