Google and healthcare provider Ascension collaboration raises privacy concerns

blue and silver stetoscopeGoogle Cloud has been providing Ascension, the second biggest healthcare provider in the US, with cloud infrastructure services since July 2019. Providing software services to healthcare providers to facilitate the secure management of patient data is not uncommon for Google. The services Ascension are taking are similarly commonplace- the migration of data to Google Cloud, utilizing suite productivity tools and providing technological tools to Ascension’s doctors for use. What perhaps is the defining factor is the scale, with this being the largest project of its kind to date – managing data of over 50 million Americans. This was dubbed “Project Nightingale”.

Continue reading

Citation: The Guardian: Google and Facebook to investigate the targeting of micro-political ads

The Guardian has an excellent piece on recent moves by Facebook and Google in seeking to ban micro-targeting political ads.

The practice, which underpins the Cambridge Analytica scandal, is being reviewed by the news providers. The harvesting of political oriented data is common and is usually undertaken as part of an effort to profile users.

Facebook has been known to group users for the purposes of ads-targeting, some of which considers political interests. This allows for nuanced and in many cases, an alarming degree of differentiation and influence of users.  The US legislatures have taken issue with this approach in the past.

The ICO has recently reached an agreement with Facebook over the fines put in place over the Cambridge Analytica scandal. The regulator continues work into data misuse in political advertising, to which the issue of micro-targeting of political ads is central.

Morrisions data breach vicarious liability case before UK Supreme Court

Following its data breach in November 2013 the Morrisons data breach case is now before the UK Supreme Court. The breach involved the personal data of 5,500 employees.

An employee, Mr Skelton, took a memory stick containing the records of employees home. In January 2014 he uploaded the contents onto a data sharing website, later sending it to newspapers. Continue reading

Citation: The Guardian: Edward Snowden on encryption

The Guardian has released an excellent piece from Edward Snowden on the importance of encryption.

The piece considers the importance of encryption as a standard and by design as a mechanism to protect from surveillance. The article itself considers the benefits of end-to-end encryption- where data is encrypted at source and encrypted throughout processing. In these cases third party interference typically attempts to interfere with the intial processing of data prior to encryption, embedding itself throughout the process thereafter.

Messaging services such as Facebook and WhatsApp operate via end to end encryption to protect messages by design. However, much is left to be done to ensure data ecosystems have sufficient protection- third party vendors and intermediaries must ensure the same high level of data protection to ensure holistic data protection.

For the purposes of data protection legislation encryption is considered an act which processes data in and of itself. This means the act of encryption will usually bring the processing party into the remit of data protection legislation.