Privacy

Grindr, a location-based dating app aimed at the LGBT community, has been fined 6.5m euro(£5.5m) for selling user data to advertisers.

The Norwegian Data Protection Authority said that sharing such data without seeking explicit consent broke GDPR rules. Data which it found the app had shared with third parties included GPS location, IP address, advertising ID, age, gender and the fact that the user was on Grindr.

The fine was reduced from £8.6m after Grindr provided details about its financial situation, and made changes to its app. Tobias Judin, head of the Norwegian Data Protection Authority's (DPA) international department explained:

Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis.

This was particularly intrusive because data about a person's sexual orientation constitutes special category data that merits particular protection under GDPR rules, the DPA added.

Since August, EFF and others have been telling Apple to cancel its new child safety plans . Apple is now changing its tune about one component of its plans: the Messages app will no longer send notifications to parent accounts.

That's good news. As we've previously explained , this feature would have broken end-to-end encryption in Messages, harming the privacy and safety of its users. So we're glad to see that Apple has listened to privacy and child safety advocates about how to respect the rights of youth. In addition, sample images shared by Apple show the text in the feature has changed from "sexually explicit" to "naked," a change that LBTQ+ rights advocates have asked for, as the phrase "sexually explicit" is often used as cover to prevent access to LGBTQ+ material.

Now, Apple needs to take the next step, and stop its plans to scan photos uploaded to a user's iCloud Photos library for child sexual abuse images (CSAM). Apple must draw the line at invading people's private content for the purposes of law enforcement. As Namrata Maheshwari of Access Now pointed out at EFF's Encryption and Child Safety event , "There are legislations already in place that will be exploited to make demands to use this technology for purposes other than CSAM." Vladimir Cortés of Article 19 agreed, explaining that governments will "end up using these backdoors to ... silence dissent and critical expression." Apple should sidestep this dangerous and inevitable pressure, stand with its users, and cancel its photo scanning plans.

Apple: Pay attention to the real world consequences, and make the right choice to protect our privacy.

It is not only the British parliament that is clamouring to control their subjects via an identity verification requirement fo social media users. Governments are=round the world are doubling their efforts to end online anonymity by proposing and introducing new laws that force users to hand over their identity documents (IDs) to use social media and by framing online anonymity as something that needs to be eradicated.

While most of these government efforts to end online anonymity have been widely covered in the media, America's recent proposals have managed to stay out of the spotlight. But despite flying under the radar, these proposals do exist in a discussion draft that was introduced by Congressman John Curtis in May.

The discussion draft aims to require a provider of a social media service to verify the identity of users of the service, and for other purposes and prevent anyone from creating a social media account without verifying their identity.

Not only does this discussion draft intend to make ID verification mandatory for anyone who wants to create a social media account but it also wants to force social media companies to report users to the Federal Trade Commission (FTC) whenever they suspect users have submitted fake IDs. Additionally, it contains a requirement for the FTC to submit these reports to the United States (US) Department of Justice (DOJ).

While the discussion draft does include an exception for social media providers that have annual revenues of less than $1 billion for three consecutive years, the large social media platforms where the vast majority of the more than three billion total social media users are registered will be forced to verify the real identity of their users.