|
This is definitely a concern I have about our new contact tracing in the UK, what's to stop this information from being sold on then used to target individuals for future advertising, or just sharing this information and the consequence of sharing such private medical data?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
I have to laugh at this, Oz has an app from Singapore purportedly to trace infections blooms. We go to walk the dog at the beach, down to the dog park and to the shopping centre, and we leave the bloody phones at home!
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
GuyThiebaut wrote: the consequence of sharing such private medical data I have my (strong) doubts that this tracking (especially that based on apps using Bluetooth signal strength to estimate the distance between persons) will contribute much to stop the pandemic.
BUT: The information collected, regardless of method used, is your location - nothing more. Is that "private medical data"?
The fact that I am present at the office, or at the grocery store, or at a movie theater is not "private", confidential information. I can't keep it secret from those who see me there.
So, while I strongly dislike that someone continously logs my whereabouts, it is neither "private" nor "medical" information.
|
|
|
|
|
Yes, as soon as the app identifies you as being at risk due to being in the vicinity of someone identified with Covid-19 that becomes medical information about you.
Also if data is shared about individuals who have Covid-19 that again becomes medical information being shared.
If the information stored is tracking information, then it will be possible to match that data to a set of individuals or a particular individual - as the tracking will continue to the front door of a house and workplace which will be enough information to identify an individual.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
GDPR fail
|
|
|
|
|
How does thei treatment of your data pertain to their ability to offer their service?
Have they given you the GDPR informative?
Did you sign the GDPR agreement for your data treatment with a clearly stated controller or processor, finality of use of data and lenght of time data are stored?
Do they have in place adequate measures to restrict the access of data from not authorized people?
They are violating the hell out of the GDPR.
GCS d--(d+) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
den2k88 wrote: How does thei treatment of your data pertain to their ability to offer their service? It is part of the rules for re-opening coming from above...
They have to get the data to help in possible tracking of infection chains.
Not really their fault / will.
den2k88 wrote: Have they given you the GDPR informative?
Did you sign the GDPR agreement for your data treatment with a clearly stated controller or processor, finality of use of data and lenght of time data are stored?
Do they have in place adequate measures to restrict the access of data from not authorized people? Of course not.
den2k88 wrote: They are violating the hell out of the GDPR. Yes, because they are doing it the comfortable way. Instead of thinking a bit.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Nelek wrote: It is part of the rules for re-opening coming from above...
So they don't need an explicit signature for data treatment (health and public health are exempt) but all the other points stand and could spell bankruptcy for any activity like that. Especially at the hands of competitors.
GCS d--(d+) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
den2k88 wrote: but all the other points stand and could spell bankruptcy for any activity like that. Especially at the hands of competitors. Yes, you are right.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
It is really fun how people bitched about GDPR. Until their data is concerned. Typical human ...
|
|
|
|
|
den2k88 wrote: How does thei treatment of your data pertain to their ability to offer their service?
Its Just for tracking the chain. If someone who visited was infected, thy need to know who else was their in the premise during that time.
This is Ok but the execution is terrible.
cheers,
Super
------------------------------------------
Too much of good is bad,mix some evil in it
|
|
|
|
|
In many countries, hotels were (are?) required to keep registers of guests. These were reported regularly to the police (and, in detective stories, were left around for the hero/villain to read...). The restaurant equivalent is no less intrusive.
I believe that a restaurant employee (rather than the patron) should be the one to fill in the details, precisely in order to avoid the situation that you describe. The fact that the government is not directly involved is irrelevant; it is still a breach of privacy. What would your reaction have been if you saw your best friend's name there, along with the name of a woman who is not his wife?
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Daniel Pfeffer wrote: In many countries, hotels were (are?) required to keep registers of guests Yes, that's right.
But in all my years travelling I have not seen any book open to all the public.
I have seen how they copied / scanned my passport and I had to fill some formularies, but it was always saved in a non public place.
Of course, if they get hacked or there is a burglar / spy or whatever... they will get my data too. But at least not every single person going through the lobby.
And that's the problem in the german business right now. The books are there at the entrance, so everyone going by can do a picture of the page and have all the personal data of previous customers.
Daniel Pfeffer wrote: The fact that the government is not directly involved is irrelevant; They are involved... they have forced the rule to the gastronomy and small service business (hair dresser or similars) where the customer stays for a certain amount of time.
The big problem is it is really bad ruled (as most of the time).
They just say... keep track.
And the restaurants are more than happy to be allowed to re-open again and do it in the most comfortable way, without thinking in the implications
The "law" / rule should be much, much more specific. To avoid this situations.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
modified 28-May-20 5:38am.
|
|
|
|
|
I have visited many hotels where you fill in the guest book yourself. If the first blank line is far down on the page, you don't even have to turn the page to see the information of the 20-30 (or more) guests signing in before you.
In Norway, each town council may restrict all sale of alcoholic drinks, like beer. One common such restriction is (was?) that you may buy beer as long as your name, address and time of purchase is logged by the seller and securely stored for ten years. This is so much hassle that most grocery stores will do it only for a crate at a time. So instead of buying yourself two cans of beer, you buy twentyfour. ... This was common in the Bible Belt (the south coast) at least into the late 1980s. Most towns realize that business loose a lot of money with such restrictions, and it really doesn't keep beer drinking down anyway. So today, the sale of beer has been liberated in most places.
(One journalist made a story on checking whether there logs of beer buying was ever accessed by the police, but couldn't find a single case in all of modern history. So the logging was all wasted effort.)
|
|
|
|
|
Same in hairdresser and other places.
I wouldn't have a problem to give my data for possible infection chains tracking (the official reason).
But it is being done really wrong.
Just place the "contact book" in a safe area where only the staff can access it, let the customer write the data in a piece of paper and copy the info in the book.
The positive side of it: You can write what you want, you don't have to identify yourself with you IDcard.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Nelek wrote: I wouldn't have a problem to give my data for possible infection chains tracking (the official reason).
Me too, and I am happy to oblige but having that "Log book" to be publicly available for anyone is kind of weird and wrong.
Nelek wrote: The positive side of it: You can write what you want, you don't have to identify yourself with you IDcard
I saw couple of entries with name M Mustermann and phone number. I bet phone number was correct though
cheers,
Super
------------------------------------------
Too much of good is bad,mix some evil in it
|
|
|
|
|
super wrote: having that "Log book" to be publicly available for anyone is kind of weird and wrong. That's exactly my point. That should be not there. I don't even expect that only the manager or restaurant owner handles the book, but at least keep it in the office, bring it when a customer comes in, staff write the data of the customer and take it back to the office.
That would be much better and way more compliant than now.
super wrote: I saw couple of entries with name M Mustermann and phone number. I bet phone number was correct though I would do it too. I do want them to call me if there are problems and if it happens, then I will give my real data to help the officers to follow the chain, but in the log book... it brings nothing.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I think this whole handling of COVID-19 by the government breaks a few more rules than GDPR
When they break into your home and fine you (in an already difficult time) AND GIVE YOU A CRIMINAL RECORD because you have guests they're crossing a few lines.
I guess "giving out personal details to everyone who asks for it" is just another emergency ordinance that just adds insult to injury.
|
|
|
|
|
Sander Rossel wrote: I guess "giving out personal details to everyone who asks for it" is just another emergency ordinance that just adds insult to injury. That's wrong.
The correct formulation should be:
"Forcing everyone to ask for your personal data."
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
super wrote: Here Privacy is not an issue because
1. Its not being tracked by govt all the time ? Be afraid, be very afraid.
|
|
|
|
|
Three weeks ago, the Norwegian public broadcaster (NRK) published a story: For 3500 euro (NOK 35,000), they bought "anonymous" tracking data for 140,000 smartphones for ten months of 2019, more than 400 million positions.
The phne owner was not identified, but when data shows a phone located at the same location every night, you can look up in the phone direcory who lives there. You can see its location eight hours every weekday, revealing where the owner works. Look up the "suspect" in Facebook, and you can have your guesses confirmed (and hook it up to a lot more infor about the owner).
The NRK guys picked one phone as a case study. They found the identy of the guy from were he slept and worked, and made a detail survey of his movements for more than half a year: Were he went with his family in the weekends, which restaurants he had been visiting. They saw that he had spent a lunch break to drive to the address of a competitor in the same trade (and a few weeks later, he started spending working hours at that location). NRK made contact with the guy, who was truly shocked by the detail level, but was willing to participate in a TV program to discuss the disclosures.(Maybe NRK had asked others that refused to participate; they obviously do not tell about that.).
The data also identified several persons as army officers with the highest security clearance: Their phones were traced from their homes into the top security parts of a military installation.
They also identified 8300 phones visiting hospitals, violence shelters etc. Most were clearly employees, but a fair share were temporary visitors, who e.g. arrived on a Friday night without returning to their normal residence until a couple of days later, possibly after a visit to the police station. (For obvious reasons, none of these were asked to participate in the TV program.)
This story has caused quite some uproar, both in the military establishment, at the violence shelters, among politicians and common people. It is still hot in media, after three weeks.
When you see how much can be deduced about your private activities from "anonymous" data that anyone can buy for a moderate sum of money, registering your phone number with the restaurant is like a drop in the ocean. As long as you carry your smartphone with you, anyone can buy information revealing how much time you spent there, how you traveled to the restaurant, where you spend the following night etc.
In theory, you can deny GPS access to all apps. That could severely limit the app's functionality. Some developers choose to depend all functionality on GPS access: One bank insisted that telling the location of their nearest branch office at all times was so essential to their "image" that the entire banking app blocked if you denied GPS access. And: Most of us want to reveal our position to e.g. Facebook friends. We give up this information voluntarily! If you loose your phone, or it is stolen, you want to find/trace it using the associated web service. You want the map app to show your current postition. ... You asked for it, you got it.
Even if you delete all apps, the OS may report your position to the OS developers. Even if you have no smartphone but an old plain GSM phone, it is continously traced by the base stations. Precision is a lot poorer than with GPS, but in city areas with a dense mesh of GSM bases, it may reveal which streets you are walking, tolerance down to +/- 10-20 meters. This info is known only to the network operator, but authorities (police) has the right to access it - and they regularly do.
Your only way to evade continous tracing is to leave your phone at home, or completely turned off. As long as you carry your smartphone with you: Stop worrying about revealing your name, phone number, home address, employer... Those are trivialities. If the spy doesn't know yet, he can easily deduce all of that from the GPS information continously reported by your apps.
|
|
|
|
|
Got a link to the story? (Doesn't matter if it's in Norwegian)
|
|
|
|
|
There are quite a few ...
Avslørt av mobilen[^] - one of the first stories, with this guy that they traced and made contact with to "tell his story".
Norske offiserer og soldater avslørt av mobilen[^] - about the military guys that were traced into the Rena military installation.
Mobilsporing: 8300 mobiler sporet på sykehus og krisesentre[^] - tracing phones in hospital and violence shelters.
Hofstad Helleland om mobilsporings-avsløringen: – Dypt urovekkende[^] - politicians' reactions to the disclosures.
Datatilsynet opnar gransking etter NRK-avsløring[^] - The Norwegian Data Protection Authority reactions to the disclosures, and their (so far unsuccessful) attempts to get in contact with the company selling the data.
Venstre-leder skremt: – Vi er ikke i stand til å sikre våre egne[^] - another politician's reactions to the revelations.
Britisk datatilsyn starter undersøkelser etter NRK-avsløring[^] - the Norwegian DPA is now cooperating with their British counterpart to investigate this British company selling the data.
Guide: Slik begrenser du sporing av din mobil[^] - a guide to Norwegian users on how to reduce the amount of location information your smartphone reveals.
These are the major stories from NRK. The last three are from "NRKbeta", an NRK website presenting all sorts of "nerdy" articles about digital technology and related stuff. NRK stories used to have a "User's comments" column based on Disqus, but when it was revealed that Disqus sells information to others about the readers making comments, NRK cancelled their Readers' Comments column. For the NRKbeta articles, they have a Readers' Comments system developed by themselves, and there are sometimes quite extensive discussions.
There have been several others in other net fora, and it has been discussed in several discussion groups. There has been discussions in radio and TV programs, etc.
Please note a couple points: If you do not read Norwegian yourself, but must rely on e.g. Google translate, the first five stories (the non-NRKbeta ones) are presented in a modern, "fancy" way with floating text frames and video backgorunds etc. You can't easily "Mark All" and paste into Google Translate, but must do it more or less piece by piece.
And, you may be aware that we have two variants of the Norwegian language: The East Norway "bokmål" and the mostly West Norway "nynorsk" (attempting to capture a lot more of the tradional Norwegian dialects). The "Datatilsynet opnar gransking etter NRK-avsløring" story is in nynorsk. Google Translate may be less capable of translating the story to English.
If you do master Norwegian, you might want to watch a TV program NRK presented last November on a closely related problem: They picked one profile in social media to investigate how easily they could make a complete profile of that guy, and how easily they could manipulate him based on this information. In the process, they made undercover contact with the brother of the "victim" to check that it wouldn't involve too large risks. Like in this phone tracing story, after the hoax was revealed, the "victim" was willing to stand up and let the story be told on TV. The program is found at NRK TV – Folkeopplysningen – Sosiale Mehdi[^].
Norwegian subtitles are available; I can mail to you a rough translation to English (assuming that you can download the program an replay it with your translated subtitle file - if you don't, you can find one tailored for NRK at snippsat / Wx_nrk / Downloads[^]), so you can enjoy it even if you do not master Norwegain.
This program is really worth watching!
|
|
|
|
|
Thanks. I'll try struggling through myself this weekend.
|
|
|
|
|
data collected like this can be prone to misuse... next thing you know it might turn into a who to burgle next list...
Caveat Emptor.
"Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
|
|
|
|
|