Issue 25 — Someone other than Schrems is pulling a Schrems

Here’s the gist: Come here for insights on the hottest topics in privacy according to our peers’ tweets so you can walk into any happy hour or team meeting and sound like the absolute baller you are. No current topic gets by you!

If you read this, please send help. Washington D.C. feels more like New Orleans lately. The three-minute walk to the coffee shop has me drenched by the time I arrive. Like my face it wet. Recently, a kind barista saw me coming and gently ordered her colleague to fetch me a towel. It's just not cute on me. It's not cute.

That has nothing to do with anything. Except I tried to make this newsletter hot for you. Here are the details I want to bring to your attention in this edition of the newsletter, which I wrote with love from me to you.

We've got data-transfer drama, AI-based lawsuits and hearings, and children entering the Senate's playpen. Read on!

This dude is not down with the new DPF

It’s not Schrems this time! But it’s a very Schremsy move. On Thursday, Sept. 7, French lawmaker Philippe Latombe announced he’d like to put the freshly approved EU/U.S. Data Privacy Framework in a tomb of its own.

Do you see wut I did there?

Governments from both sides signed the DPF into existence just two months ago. And while anyone following the decade-or-so of drama on cross-border data transfers expected a challenge to the agreement (Schrems himself said he’s on it), Latombe’s move is a bit of a curveball.

Latomb filed two challenges with the EU Court of Justice, one to suspend the agreement immediately, and another on the DPF’s text itself, reports Laura Kayali for POLITICO. Latomb said the DPF violates the GDPR and the Union’s Charter of Fundamental Rights because it “doesn’t guarantee respect for private and family life”

Let the years of uncertainty begin!

Get out of the car (cuz it’s selling your data)

As the Mozilla Foundation has found: Drivers aren’t getting a good deal on data privacy in these sophisticated smart cars. Mozilla researched 25 car brands and found every one of them collects more personal data than necessary, and 84% of them share or sell your data.

I say “your” data because I don’t own a car. Because, you see: In DC they want you to run out of money! So you have to pay $275 a month for some yellow spray paint in a rectangular shape on some concrete. And I refuse to pay that. But for those of you who do drive: Yikes!

Mozilla’s *Privacy Not Included project found “every major car brand fails to adhere to the most basic privacy and security standards in new internet-connected models.” The worst offender? Nissan.

Sure, you love your Altima. And why wouldn’t you. But also: Nissan's privacy policy says it collects “sexual activity, health diagnosis, and genetic data,” and “reserves the right to share and sell” that information to data brokers, law enforcement, and other third parties.

How do they get your sexual activity data? I asked the same question. See tweet thread below.

The TL;DR of the study is cars are the ACTUAL WORST at protecting privacy, especially given how much of our lives we live in our cars. Whether you're picking up the kids or your new boyfriend, microphones and sensors pick up word or movement. And while Nissan got dinged for being the worst of the worst, the study notes that it’s likely many other brands are collecting and selling the same data, they’re just not as transparent about it.

All AI all the time blah blah blah

In my last newsletter, I talked about the risks AI data-scraping poses to personal data on the sites from which the algorithm scapes. This week, two unnamed software engineers who use ChatGPT filed a class-action lawsuit accusing Microsoft and OpenAI of training their AI technology “using stolen personal information from hundreds of millions of users,” Reuters reports. It’s the second class-action OpenAI faces on this; a similar suit was filed in June.

Meanwhile, the Senate Committee on Consumer Protection, Product Safety and Data Security will hold a hearing on Sept. 12 to discuss “The need for transparency in artificial intelligence.” We’ve been having these hearings for years, at least since 2017, but we go again. Lawmakers will hear from witnesses on which uses of AI are high risk, and how to be transparent with consumers (good luck). The same day, the Senate Judiciary Committee will also hold a hearing on how to legislate AI. Prof. Woody Hartzog, who's brilliant and Southern-boy kind, will testify at that one alongside Microsoft's Brad Smith.

And Sept. 6, California Gov. Gavin Newsom issued an executive order directing state agencies and departments to do a joint risk-analysis of potential threats AI poses to the state’s critical infrastructure, study the benefits and risks of AI to communities, government, and state government workers, and train state government workers to use state-approved AI “to achieve equitable outcomes.”

The children are doing gigs at Senate hearings?

Regardless of how you feel about Max Schrems, anyone would have to agree that his advocacy organization, nyob, has outsized impact on the privacy industry. Standing up to tech giants like Meta, the group wins cases. Any privacy pro knows exactly what you’re talking about when you say Schrems II.

That’s why my eyebrows raised when I read about Design It For Us, a coalition of students aimed at bringing young people into legislative conversations about how to best protect kids online. The group assembled as Congress debated the Kids Online Safety Act. The founders felt they should be active collaborators on the laws intended to protect them and their peers.

The Washington Post reports the group has already met with House and Senate leaders, White House officials, and other advocates. In February, they testified before the Senate Judiciary Committee. The group successfully convinced lawmakers to exclude teens from a KOSA provision that would have required parental consent for teens. The bill now covers users 12 and under.

If you’ve been to Congress or watched C-SPAN, you know it takes Congress years sometimes to understand the technology to be regulated. Staffers do their best, but the median age of Senators is 65.3 and rising. How can we have these conversations, and why would we, without young people’s debriefs on the realities of growing up with addictive tech? We can’t. So, yay!

What I've been up to lately

Hot Tweet of the week

PREACH!

Hey, thanks for reading! If you liked it, please help me out by sharing it on your socials and subscribing! Or one of those things? Appreciate you. You're doing amazing. Keep it up. xoxo.