Critics are voicing strong opposition to the UK’s proposed Data Protection and Digital Information Bill (DPDI), particularly its provisions regarding bank account monitoring for benefit recipients and changes to biometric data oversight. A cross-party group of parliamentarians has raised concerns over a proposal to grant the Department for Work and Pensions (DWP) access to individuals’ bank accounts, arguing that such powers could lead to wrongful benefits suspension and intrusive scrutiny.
The DPDI, currently under scrutiny in the House of Lords, faces criticism from various quarters. Last month, the Information Commissioner and numerous charities and campaign organisations criticised the bill for its lack of clarity on data collection and processing safeguards. The controversial provision to monitor benefit seekers’ bank accounts has drawn particular ire, with concerns raised about the scope and potential consequences of such surveillance.
In addition to scrutinising bank account monitoring, the DPDI also seeks to alter the oversight of biometric identification and surveillance technologies. This move has been criticised by former biometrics commissioners, civil society organisations, and the Equality and Human Rights Commission, who warn of significant gaps in existing surveillance oversight. Furthermore, concerns have been raised about the DPDI’s implications for data-sharing agreements between the UK and the European Union, with the European Parliament’s Civil Liberties, Justice, and Home Affairs Committee cautioning that it could jeopardise data-sharing adequacy agreements.
A draft report from the UK Information Commissioner’s Office (ICO) raises concerns about Google’s Privacy Sandbox, which is aimed at preserving privacy in online ad targeting and analytics. The report highlights gaps that could be exploited to compromise privacy and track individuals online. This technology seeks to replace current tracking methods with more privacy-conscious alternatives, but its credibility hinges on its ability to deliver privacy assurances.
If Google’s Privacy Sandbox fails to address regulatory, community, and competitive challenges, it could collapse, leaving adtech rivals to continue tracking users through existing or alternative methods. The ICO report represents another setback for Google’s attempts to reconcile ad targeting with privacy laws like GDPR. Google’s strategy involves moving ad auction mechanics to users’ local devices through web APIs, such as the Topics API in Chrome, which aims to convey user interests to advertisers without identifying individuals.
Critics, including the Electronic Frontier Foundation and rival browser maker Vivaldi, have raised concerns about the Privacy Sandbox’s support for behavioural advertising and its reliance on advertisers’ good behaviour rather than technical guarantees for privacy. Given Google’s market dominance and significant revenue tied to online advertising, scepticism persists about rebuilding ad architecture on its platforms. Both regulators and industry groups like the IAB have expressed concerns about the Privacy Sandbox’s potential competitive disadvantages and limitations, suggesting that Google may need to address these issues before proceeding.
Despite challenges and criticism, Google remains committed to Privacy Sandbox technologies, emphasising their aim to enhance privacy while maintaining targeted advertising. The company continues to engage with regulators and stakeholders to address concerns and ensure a solution that benefits users and the entire advertising ecosystem.
A convicted sex offender in the UK has been banned from using ‘AI-creating tools’ for five years, marking the first known case of its kind. Anthony Dover, 48, received the prohibition as part of a sexual harm prevention order, preventing him from accessing AI generation tools without prior police permission. This includes text-to-image generators and ‘nudifying’ websites used to produce explicit deepfake content.
Dover’s case highlights the increasing concern over the proliferation of AI-generated sexual abuse imagery, prompting government action. The UK recently introduced a new offence making it illegal to create sexually explicit deepfakes of adults without consent, with penalties including prosecution and unlimited fines. The move aims to address the evolving landscape of digital exploitation and safeguard individuals from the misuse of advanced technology.
Charities and law enforcement agencies emphasise the urgent need for collaboration to combat the spread of AI-generated abuse material. Recent prosecutions reveal a growing trend of offenders exploiting AI tools to create highly realistic and harmful content. The Internet Watch Foundation (IWF) and the Lucy Faithfull Foundation (LFF) stress the importance of targeting both offenders and tech companies to prevent the production and dissemination of such material.
Why does it matter?
The decision to restrict an adult sex offender’s access to AI tools sets a precedent for future monitoring and prevention measures. While the specific reasons for Dover’s ban remain unclear, it underscores the broader effort to mitigate the risks posed by digital advancements in sexual exploitation. Law enforcement agencies are increasingly adopting proactive measures to address emerging threats and protect vulnerable individuals from harm in the digital age.
The House of Representatives overwhelmingly voted 360 to 58 on a bill that could result in the unprecedented action of shutting down TikTok, a popular social media platform, over concerns related to Chinese influence and data privacy. The bill, authored by Texas Republican representative Michael McCaul, aims to protect Americans, especially children, from what he described as the ‘malign influence of Chinese propaganda’ on TikTok, which he referred to as a ‘spy balloon in Americans’ phones.’
The legislation was passed as part of a broader foreign aid package put forth by House Republican speaker Mike Johnson, which includes support for Ukraine, Israel, and Taiwan. The updated bill extends the divestment period for TikTok’s parent company, ByteDance, from six months to a year, a move supported by Senate Commerce Committee chair Maria Cantwell to allow sufficient time for potential buyers to negotiate a deal.
Following the House’s passage of the bill, TikTok voiced disappointment, emphasising its substantial economic contribution to the US and arguing against what it sees as an infringement on free speech rights. The bill’s broader implications on data privacy and surveillance practices have also drawn criticism from other tech industry figures, including the president of Signal, who warned of potential repercussions extending beyond TikTok to other social media platforms. Despite these concerns, President Joe Biden has indicated his intention to sign the bill into law if it passes the Senate, aligning with his previous statements and ongoing scrutiny of TikTok’s operations.
The UK’s privacy regulator has expressed concerns about Google’s proposed cookie replacements, stating that they must do more to safeguard consumer privacy in the UK. According to internal documents, Google’s Privacy Sandbox initiative, aimed at phasing out third-party cookies and reducing tracking, leaves gaps that could compromise anonymity.
The Information Commissioner’s Office (ICO) has reportedly drafted a report highlighting the potential for exploitation within Google’s proposed technology. Despite Google’s plans to eliminate third-party cookies by the latter half of 2024, the ICO is pushing for changes to enhance privacy protections.
The ICO’s efforts include engaging with the UK’s Competition and Markets Authority (CMA), which reviews Google’s plans amidst concerns about their potential impact on competition in digital advertising. The CMA has pledged to consider the ICO’s recommendations as part of its evaluation process.
In response, a Google spokesperson emphasised ongoing engagement with privacy and competition regulators globally, aiming to find a solution that benefits users and the digital ecosystem. Both the ICO and CMA have yet to comment on the matter.
TikTok’s efforts to separate its US operations and user data from its Chinese parent company, ByteDance, have been scrutinised, as the following reports allege continued collaboration between the two entities. Despite implementing Project Texas, which aimed to enhance data security and independence, former employees claim that data-sharing practices persisted, with US user data being regularly sent to ByteDance executives in China.
Under Project Texas, US user data was supposed to be stored on Oracle’s cloud infrastructure. Still, former employees suggest that the reality differed, with a ‘stealth chain of command’ enabling continued collaboration between US-based staff and ByteDance executives. Allegations of ongoing control from ByteDance’s top management raise questions about TikTok’s claimed independence.
These revelations have significant implications, particularly amidst Congressional efforts to pressure ByteDance to sell TikTok. The House has already passed a bill threatening to ban TikTok unless it severs ties with its parent company. However, TikTok CEO Shou Zi Chew maintains the company’s autonomy, emphasising that American entities store and oversee American data.
Why does it matter?
While some former employees downplay concerns about TikTok’s connections to ByteDance, recent reports suggest that Project Texas may not have effectively insulated US operations from Chinese influence. As scrutiny intensifies, TikTok faces renewed scrutiny over its data practices and the extent of its independence from ByteDance.
Rights groups are intensifying their calls for restrictions on using facial recognition technology (FRT) by the US government. The Electronic Frontier Foundation (EFF) has submitted comments to the US Commission on Civil Rights, asserting that FRT lacks reliability for making decisions that impact constitutional rights or social benefits and it poses risks to marginalised communities and privacy. EFF advocates for a ban on government use of FRT and strict limits on private sector use to safeguard against the perceived threats posed by this technology.
Joining EFF, the immigrant advocacy organisation United We Dream and over 30 civil rights partners have also submitted comments to the commission. They highlight concerns that a legal loophole has enabled agencies like ICE and CBP to use facial recognition for extensive surveillance of immigrants and people of colour. The alliance argues that FRT’s algorithmic biases often lead to incorrect identifications, unjust arrests, detentions, and deportations within immigrant communities.
The US Commission on Civil Rights has been conducting hearings with various stakeholders presenting their perspectives on FRT. While rights groups and advocates have raised concerns, government, enforcement agencies, vendors, and institutions, like NIST, have defended the technology. The Department of Justice emphasised its interim facial recognition policy prioritising First Amendment rights, while HUD submitted written testimony in recent weeks.
Why does it matter?
Official data from 2021 reveals that 18 out of 24 federal agencies surveyed were employing facial recognition technology, predominantly for law enforcement and digital access purposes. This ongoing debate underscores the growing scrutiny and debate surrounding using FRT in government operations and its impact on civil liberties and marginalised communities.
A wave of reconsideration is sweeping across UK businesses as they reassess the use of facial recognition technology and fingerprint scanning for staff attendance monitoring. This shift comes in response to a clampdown by the Information Commissioner’s Office (ICO), which recently ordered a Serco subsidiary to cease using biometrics for attendance tracking at leisure centres it manages.
The ICO’s directive followed its discovery that over 2,000 employees’ biometric data had been unlawfully processed across 38 Serco-managed leisure centres. As a result, Serco has been granted a three-month window to align its systems with the ICO’s compliance standards.
In the wake of the ICO’s ruling, various leisure centre operators and corporations are either reviewing or halting the use of similar biometric technologies. Notable among them is Virgin Active, which has removed biometric scanners from 32 sites and is actively seeking alternative attendance monitoring solutions for its staff.
Why does it matter?
The ICO’s intervention underscores broader concerns regarding the increasing prevalence of facial recognition and surveillance tools in employment contexts. The scrutiny extends beyond leisure centres, as highlighted by a recent case involving an Uber Eats driver who received a financial settlement over allegations of racially discriminatory facial recognition checks. These developments underscore the urgent need for robust regulations to safeguard workers’ rights in the age of AI and automated processes.
President Biden’s administration has escalated tensions with China by adding more Chinese entities to an export blacklist than any previous US government. This latest move by the Commerce Department brings the total number of entities targeted under Biden to 319, surpassing the count during Trump’s tenure. The decision underscores the increasing use of economic tools to achieve foreign policy objectives, particularly as Biden seeks to limit China’s access to advanced technology, citing national security concerns.
The heightened scrutiny on China comes amidst growing apprehensions in Washington over President Xi Jinping’s assertiveness towards Taiwan, fueling fears of Beijing leveraging American technology to bolster its military capabilities. Both Democrats and Republicans have rallied behind the tough stance on China, reflecting bipartisan consensus on the issue, especially with the upcoming elections looming. Biden has maintained Trump’s tariffs while expanding restrictions on Beijing’s access to cutting-edge innovations, notably in critical sectors like AI.
The entity list serves as a primary mechanism for sanctioning entities on national security grounds and has increasingly become a focal point in US-China relations. Beijing has denounced Washington’s actions as economic coercion and unilateral bullying, vowing to defend the rights and interests of Chinese companies. In a retaliatory move, China imposed sanctions on two US companies, signalling a tit-for-tat escalation in tensions. However, such measures are largely symbolic, with minimal impact on the targeted firms.
Despite the Biden administration’s firm stance, there have been occasional concessions, such as withdrawing a Chinese government laboratory from the entity list to address the fentanyl crisis. Nonetheless, the recent additions to the list signal a continuation of the US strategy to maintain its technological edge, particularly in dual-use technologies. As Washington tightens controls on exports to Chinese firms involved in military modernisation efforts, the stage is set for further friction in the already strained US-China relationship.
UK Prime Minister Rishi Sunak has announced a substantial investment of £55.5 million over four years in facial recognition technology, which aims to combat retail crime by identifying repeated shoplifters.
The initiative, part of a broader crackdown on theft, includes deploying bespoke mobile units equipped with live facial recognition capabilities across high streets nationwide. While controversial, its deployment has resulted in numerous arrests, primarily for offences ranging from theft to assault. However, concerns persist regarding privacy and false positives.
Despite criticism from privacy advocates like Big Brother Watch, Home Secretary James Cleverly emphasises the technology’s preventative nature, while the Metropolitan Police views it as a transformative tool in law enforcement. The Office of the Scottish Biometrics Commissioner noted that careful deployment is needed to maintain public confidence.
Why does it matter?
The development has emerged months after Scotland’s biometrics commissioner, Brian Plastow, raised concerns about the trajectory towards autocracy driven by inappropriate use of biometric surveillance in the UK. While supporting specific biometric surveillance applications, like live facial recognition, he critiques government overreach and highlights risks such as database misuse and privacy erosion. Plastow’s concerns are exemplified by incidents like the arrest of an eight-month-pregnant woman for failing to report community service. While Scotland may resist England’s path towards a vigilant state, the stance of Wales remains uncertain.