Google’s Huawei ban

Google blocks Huawei access to Android after blacklisting due to some security and privacy concerns

The Trump administration adds Huawei to the U.S. Department of Commerce’s Entity List via executive order, thereby blacklisting the company as far as U.S. corporations are concerned.  The world’s second biggest smartphone maker, Huawei, has been barred by Google from some updates to the Android operating system. The US tech firm is suspending all business activity with Huawei related to “non-public” transfers of hardware, software and technical services.

Huawei CEO Ren Zhengfei had told reporters “we have already been preparing for this. It is expected that Huawei’s growth may slow, but only slightly. Policies that threaten trading partners one after another rob companies of risk-taking attitudes and the U.S. will lose credibility.”

Huawei’s phones are unavailable to buy in the US following concerns by the US government of the company’s links to the Chinese government, so a ban of this nature won’t really affect US consumers. Instead, it’s more likely to have an effect in the UK and Europe, some of Huawei’s biggest phone markets.

What does this mean for existing Huawei users?

Existing Huawei smartphone users will be able to update apps and push through security fixes, as well as update Google Play services. Unfortunately, when Google launches the next version of Android, it may not be available on Huawei devices. Alongside that, YouTube and Maps are some of the few apps that won’t be on any of the Huawei devices.

Why has this happened?

The Chinese tech giant has been accused of spying by the US Government. This is the reason why they have been banned, as part of the escalating cold war between the two countries.

When will the ban apply?

Even thought the ban has already come into force, the Trump administration has issued a licence that will allow US companies to keep doing business with Huawei for the next three months.

Huawei claims there is no spy software nor hardware. If this was confirmed, not only US ban would apply, but Huawei’s smartphones would also breach the GDPR privacy requirements.

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

EU-Japan artificial intelligence cooperation

EU Vice-President Ansip and Japan Minister Hirai discussed bilateral cooperation to promote a human-centric approach to artificial intelligence (AI), building on the joint statement of the 26th EU-Japan summit.

European Commission Vice-President for the Digital Single Market, Andrus Ansip and Japan’s Minister of State for Science and Technology Policy, Takuya Hirai said after their meeting: “The speed of AI’s development and the global changes that it entails are at the heart of EU-Japan cooperation. It is not only important to advance and progress in AI, but also to develop and promote human-centric and ethical approaches in technologies as a basis for the development and deployment of AI. In this way, we can build trust, encourage people’s understanding and acceptance of AI and develop societies that embrace it.”

There are two publications available that are pronounced int his regard and show the direction that is intended to be adopted: “Japan’s “Social Principles of Human-Centric AI” and the European Commission’s Communication on Building Trust in Human-Centric AI.”

Both approaches share common values and aims. Japan has set out seven principles: (1) human-centric, (2) education, (3) privacy, (4) security, (5) fair competition, (6) fairness, accountability, transparency and (7) innovation. These will form the basis for creating a human-centric “Society 5.0” that can successfully combine cyber space with physical space. They go hand in hand with the seven key requirements that the Commission supports to develop AI that people can trust: (1) human agency and oversight, (2) technical robustness and safety, (3) privacy and data governance, (4) transparency, (5) diversity, non-discrimination and fairness, (6) environmental and societal well-being and (7) accountability.

“The EU is preparing to launch its new research and innovation programme, Horizon Europe. The new Japanese Moonshot Research & Development Programme, at the same time, promotes R&D for disruptive innovation and targets solutions to ambitious social and economic challenges. With the introduction of these new programmes on both sides, we expect EU-Japan cooperation in science, technology and innovation to increase in areas of mutual interest, in line with last year’s EU-Japan Strategic Partnership Agreement.” Said Commissioner Moedas and Minister Hirai.

They expect EU-Japan cooperation in science, technology and innovation to increase in areas of mutual interest.

If you need advice on your AI product, Aphaia offers both AI ethics and Data Protection Impact Assessments.

Unlawful voice data to be deleted!

A complaint from the Big Brother Watch instigated an investigation into HMRC’s Voice ID service. The ICOs investigation mainly dealt with the voice authentication for customer verification on some of HMRC’s helplines since January 2017.

Customers were given insufficient information when it came to how their biometric data would be processed. Biometric data is considered special category information and is subject to stricter conditions. They were also denied the opportunity to give or withhold consent, which is a breach of GDPR.

Steve Wood, Deputy Commissioner at the ICO, said:

“We welcome HMRC’s prompt action to begin deleting personal data that it obtained unlawfully. Our investigation exposed a significant breach of data protection law – HMRC appears to have given little or no consideration to it with regard to its Voice ID service”. “Innovative digital services help make our lives easier but it must not be at the expense of people’s fundamental right to privacy. Organisations must be transparent and fair and, when necessary, obtain consent from people about how their information will be used. When that doesn’t happen, the ICO will take action to protect the public.”

By now the ICO have issued its final enforcement notice, giving HMRC 28 days from that date to complete deletion of relevant biometric data records, held under the Voice ID system for which it does not have explicit consent.

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

Cookies, Security and Website tracking

The Dutch data protection authority has recently published its fining policy for violations of GDPR and the Dutch law implementing GDPR. When it comes to cookies, the Dutch DPA’s conclusion is that it is not compliant with GDPR for website pop-ups to block users from access to the site unless they consent to the use of tracking cookies.

Websites that only give visitors access to their site if they agree to place so-called ‘tracking cookies’ or other similar ways of tracking and recording behaviour through software or other digital methods do not comply with GDPR, according to the DPA.

“The digital tracking and recording of surfing behaviour on the Internet via tracking software or other digital methods is one of the largest processing of personal data, because almost everyone is active on the Internet. To protect privacy, it is therefore important that parties request permission from website visitors in a good way, ”says Aleid Wolfsen, chairman of the Dutch DPA.

“In this way people can make conscious and correct use of their right to the protection of personal data. If a website asks for permission for tracking cookies and if it is refused access to the website or service is not possible, people give up their personal data under pressure and that is unlawful. ”

If an individual cannot decide not to give permission without facing any consequences then it is not real free choice.

Letters have been sent out to businesses who had the most complaints against them and the Dutch DPA will intensify its monitoring to see whether the standard is being applied correctly in the interest of protecting privacy.

Furthermore, a guidanceregarding cookie walls has been published by the Dutch DPA.

Pursuant to GDPR Recital 32, “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data”. According to the Dutch DPA, the freely given requirement would not be met by a cookie wall, as it  means that the user has no choice but to consent in order to access the website. In this case consent would be an imposition instead of an alternative. The Dutch DPA suggests websites should offer meaningful options for users to access a website without consenting to tracking cookies, such as a on the basis of a payment for access model.

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.