Privacy

  • New point release for LibreOffice 24.2

    The blog of The Document Foundation (TDF) has today announced the sixth point release of LibreOffice 24.2 for Linux MacOS and Windows, which it is describing as “the best choice for privacy-conscious users and digital sovereignty“.

    LibreOffice 24.2.6 banner

    This point release includes over 40 bug and regression fixes over LibreOffice 24.2.5 to improve the software’s stability, plus interoperability with legacy and proprietary document formats. LibreOffice 24.2.6 is aimed at mainstream users and business environments.

    LibreOffice for business

    For business use, TDF strongly recommends the LibreOffice Enterprise family of applications from ecosystem partners with a range of dedicated value-added features, long-term support and other benefits such as SLAs.

    Next week, power users and technology enthusiasts will be able to download LibreOffice 24.8.1, the first minor release of the recently announced new version with many bug and regression fixes.

    As per usual, LibreOffice users, free software advocates and community members are invited to support The Document Foundation with a donation.

    Download LibreOffice 24.2.6. Please note that the minimum requirements for proprietary operating systems are Windows 7 SP1 and macOS 10.15.

  • US firm fined by Dutch for illegal facial recognition data gathering

    Autoriteit Persoonsgegevens logoThe Dutch Autoriteit Persoonsgegevens (Personal Data Protection Authority) has announced today that it has imposed a fine of €30.5 mn. on the US company Clearwiew AI, as well as a non-compliance penalty in excess of €5 mn.

    Stylised facial recognitionClearview is an American company that offers facial recognition services, which has, inter alia, built up an illegal database with billions of photos of faces, including those of Dutch citizens. Furthermore, the authority has warned that using the services of Clearview is also prohibited.

    Clearview offers facial recognition services to intelligence and investigative services. Moreover, Clearview customers can provide camera images to find out the identity of people shown in the images. To this end, Clearview has a database with more than 30 billion photos of people, which it has scraped automatically from the internet and then converted into a unique biometric code per face, all without the knowledge and consent of its victims.

    According to the authority’s chair Aleid Wolfsen, “Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world. If there is a photo of you on the internet – and doesn’t that apply to all of us? – then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China. This really shouldn’t go any further. We have to draw a very clear line at incorrect use of this sort of technology.’

    Clearview says that it provides services to intelligence and investigative services outside the European Union (EU) only.

    Clearwiew’s services illegal and in breach of the the GDPR

    Clearview has seriously violated the privacy law General Data Protection Regulation (GDPR) on several points: the company should never have built the database and is insufficiently transparent. It should never have built the database with photos, the unique biometric codes and other information linked to them. This especially applies to the codes. Like fingerprints, these are biometric data. Collecting and using them is prohibited. There are some statutory exceptions to this prohibition, but Clearview cannot rely on them.

    Clearview is an American company without an established presence n Europe. Other data protection authorities have already fined Clearview on various earlier occasions, but the company has not changed its conduct. For this reason the Dutch regulator is investigating ways to ensure the violations stop, including whether the company’s directors can be held personally liable for data protection violations.

    Wolfsen: ‘Such [a] company cannot continue to violate the rights of Europeans and get away with it. Certainly not in this serious manner and on this massive scale. We are now going to investigate if we can hold the management of the company personally liable and fine them for directing those violations. That liability already exists if directors know that the GDPR is being violated, have the authority to stop that, but omit to do so, and in this way consciously accept those violations.’

    Clearview has not objected to the decision and is therefore unable to appeal against the fine.

  • LibreOffice 24.8 released

    Today the blog of The Document Foundation (TDF), the organisation behind the free and open source LibreOffice suite. announced the release of LibreOffice 24.8, the second version of the software to be released under the new calendar-based (YY.MM) release numbering system, for immediate download for Linux, macOS (Apple and Intel) and Windows (Intel, AMD and ARM).

    LibreOffice 24.8 banner

    The release announcement lays heavy emphasis on the suite’s privacy features. LibreOffice is the only office suite, i.e. software that can create files containing personal or confidential information that respects user privacy – thus ensuring users themselves can decide if and with whom to share the content they have created. LibreOffice is thus the best option for the privacy-conscious office suite user and provides a feature set comparable to the ubiquitous MS Office. LibreOffice also offers a range of interface options to suit different user habits, from traditional to contemporary.

    New features

    There’s a handy little video that highlights the new features incorporated in LibreOffice 24.8.


    Privacy
    • If the option Tools ▸ Options ▸ LibreOffice ▸ Security ▸ Options ▸ Remove personal information on saving is enabled, then personal information will not be exported (author names and timestamps, editing duration, printer name and configuration, document template, author and date for comments and tracked changes).
    Writer
    • UI: handling of formatting characters, width of comments panel, selection of bullets, new dialog for hyperlinks, new Find deck in the sidebar.
    • Navigator: adding cross-references by drag-and-drop items, deleting footnotes and endnotes, indicating images with broken links.
    • Hyphenation: exclude words from hyphenation with new contextual menu and visualisation, new hyphenation across columns, pages or spreads, hyphenation between constituents of a compound word.
    Calc
    • Addition of FILTER, LET, RANDARRAY, SEQUENCE, SORT, SORTBY, UNIQUE, XLOOKUP and XMATCH functions.
    • Improvement of threaded calculation performance, optimisation of redraw after a cell change by minimising the area that needs to be refreshed.
    • Cell focus rectangle moved apart from cell content.
    • Comments can be edited and deleted from the Navigator’s right-click menu.
    Impress & Draw
    • In Normal view, it is now possible to scroll between slides, and the Notes are available as a collapsible pane under the slide.
    • By default, the running Slideshow is now immediately updated when applying changes in EditView or in PresenterConsole, even on different Screens.
    Chart
    • New chart types “Pie-of-Pie” and “Bar-of-Pie” break down a slice of a pie as a pie or bar sub-chart respectively (this also enables import of such charts from OOXML files created with Microsoft Office).
    • Text inside chart’s titles, text boxes and shapes (and parts thereof) can now be formatted using the Character dialog.
    Accessibility
    • Several improvements to the management of formatting options, which can be now announced properly by screen readers.
    Security
    • New mode of password-based ODF encryption.
    Interoperability
    • Support importing and exporting OOXML pivot table (cell) format definitions.
    • PPTX files with heavy use of custom shapes now open faster.

    Cover of LibreOffice Getting Started guideMinimum requirements for proprietary operating systems are Microsoft Windows 7 SP1 and Apple MacOS 10.15.

    To coincide with the new version release, the LibreOffice Getting Started guide has been updated and is also available for download.

    As usual, users are encouraged to support the TDF’s work with a donation.

  • Facebook’s parent company fined €1.2 bn. for GDPR breach

    New logo as Facebook morphs into MetaMeta, the parent company of social media platform Facebook, has been fined a record €1.2 bn. by Ireland’s Data Protection Commission (DPC) in relation to breaches of the European Union’s General Data Protection Regulation (GDPR) in respect of user data transfers from the EU to the USA, Irish broadcaster RTE reports.

    The company has been given five months to implement changes to such data transfers.

    The DPC said Meta had infringed the GDPR by continuing to transfer EU user data to the US despite a ruling by the European court of justice requiring strong protection of such information, adding that the data transferred by Facebook under a measure called standard contractual clauses “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the [European Court of Justice] in its judgment”.

    Meta has said it will appeal the decision, as well as commenting that it was disappointed to have been singled out when using the same legal mechanisms as thousands of other companies providing services in Europe.

    The EU and the USA have agreed a new data transfer framework which is expected to be in place later this year.

    This is the largest ever fine levied in the EU for a privacy breach. The previous record penalty of €746 mn was imposed on Amazon in 2021.

  • Firefox Focus – first impressions

    Your ‘umble scribe is a great fan of the free and open source Firefox web browser and has been using the desktop version since version 0.x many years ago. One of its major attractions has been its emphasis on security and privacy.

    Until recently it was also the default browser on my smartphone, until I discovered Firefox Focus. Firefox Focus is a free and open-source privacy-focused mobile browser based on Firefox which is available for Android and iOS devices. First released in December 2015, it was initially a tracker-blocking application for mobile iOS devices, but was developed into a minimalistic web browser shortly afterwards.

    Firefox Focus iconAccording to Mozilla, Firefox Focus is a dedicated privacy browser with automatic tracking protection. meaning web pages load faster and your data stays private. It’s also easy to delete history, passwords and cookies, so advertisers and other ne’er-do-wells don’t follow you around online. Just tap the erase button on the search field and all that data is gone. Tracking protection is also very strong. The browser blocks a wide range of common trackers by default, including social trackers and those sticky ones that come from things like Facebook ads.

    After using Firefox Focus for one week, I can say I’m impressed with the way it works. Although it required me to learn how to use tabbed browsing (hint: hold down a link in your search results and a menu appears, offering the option to open the link in a new tab. Ed.), once that was cracked, I was away. As for fast page loading, that’s not disappointing either, even on notoriously slow-loading sites, like that of Bristol City Council, which still seems to be powered by a horse turning a shaft in the basement of the Counts Louse (which some call City Hall. Ed.). 😉

    If you value your privacy and security, I’d recommend Firefox Focus on your mobile device.

  • French Customs censured for illegal retention of personal data

    CNIL logoFrench IT news site Le Monde Informatique reports that the French Customs authorities have been sent a formal notice by the CNIL, France’s data privacy regulator, in respect of an illegal data file containing the details of more than 45,000 people, including copies of identity documents and records of criminal offences.

    French Customs logoBusinesses are not the only organisations with which the CNIL has found fault for holding illegal files containing personal data. Public sector organisations can also fall foul of the law.

    The French Customs authorities, which come under the control of the Ministry for the Economy have been caught red-handed following a report in respect of Customs’ file used for recording information about vessels and their crews which is known as SIRENE. Intended to identify all the people checked at sea or in port in order to combat fraud, this system was in fact developed and implemented with no legal basis and not in accordance with the law, according to the CNIL

    Checks were carried out by Customs’ Channel-North Sea-Atlantic coastguard service and inspections revealed that recourse to this system did not comply with France’s Data Protection Act. This data system actually lists information about the vessels checked and their passengers, including personal information such as marital status, address, occupation and copies of identity documents, as well as criminal convictions (drug trafficking, counterfeiting, off-the-books employment, failure to co-operate, sexual assault, possession of illegal weapons, intentional homicide and murder).

    6 months to comply or be fined

    All told, the details of 45,793 persons – including 392 minors – are included in the SIRENE file. “The creation and use of the SIRENE file are not provided for by any legislation (for example a law or a decree). In addition, the CNIL has not received a request for an opinion concerning its implementation, in violation of the Data Protection Act (articles 87 and 89, the CNIL explained. Other grievances have also been lodged against the Ministry for the Economy, such as the failure to send an impact assessment in respect of the protection of personal data and the lack of a clear distinction between the data of the different categories of persons concerned. or the fact that the latter were not made aware that their data had been included.

    Following the CNIL’s formal notice, the Ministry for the Economy and Customs have 6 months to comply otherwise a penalty could be issued.

  • Czech government using open source web analytics

    Czechia coat of armsJoinup, the EU’s open source news site, reports that the Czech Republic is to begin using the Matomo open source web analytics tool on the Czech citizen portal and gov.cz websites, where it will replace Google Analytics.

    This change will ensure that the data by the sites collected will stay within the EU and, as the Czech administration will be using its own instance of Matomo, it will retain full control of the records.

    The change was triggered by an open letter sent by the Czech the digital freedom watchdog luridicum Remedium after it noticed the Czech state vaccination system website was using Google Analytics during the COVID-19 crisis. The Czech Data Protection Authority and public sector strategic partner NAKIT then pursued the matter and replaced Google Analytics with Matomo on Czechia’s Ministry of Health website. This move later led to further action and the country will continue following this trend on public sector websites.

    Previously named Piwik, Matomo has been in development since 2007 and is presently deployed on 1.4 million websites, including those of NASA, the European Commission, the United Nations and Amnesty International.

    The Czech decision to choose Matomo follows those of other European countries seeking to keep control of their citizens’ data. Last year the French and Austrian data protection authorities determined that Google Analytics was not compliant with EU data privacy standards, in particular because Google’s data transfers to the United States are contrary to the EU’s General Data Protection Regulation (GDPR).

  • Content liability: Big Tech squares up to Uncle Sam

    US Supreme Court sealFollowing the announcement anti-trust action by the United States Department of Justice along with the Attorneys General of California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee, and Virginia against Google, Meta (owners of Facebook and Instagram), Microsoft and Twitter have all made statements seeking to defend their actions.

    In their legal opinions, the big US tech giants, including Microsoft, Meta and Twitter, are warning the Supreme Court against amending Section 230 of the Communications Decency Act (CDA). This would enable actions against content recommendation algorithms, French IT news site Le Monde Informatique reports.

    One week after Google’s filing of a defence statement with the US Supreme Court warning that amending Section 230 of the Communications Decency Act (CDA) “would upend the internet“, several companies including Twitter, Meta and Microsoft, have filed their own legal opinions. They support Google’s argument that a restriction of the law could have disastrous consequences for the content editors. By virtue of the 1996 CDA, the companies are shielded from liability for content posted by their users, including comments, criticism and advertising.

    US Supreme Court west facade
    US Supreme Court.
    Image courtesy of Wikimedia Commons and UpstateNYer

    However, the Supreme Court has been asked to examine whether Section 230 was still pertinent and appropriate, given that it was promulgated before the internet became part of everyday life. The law was subject to a minute before the suit filed by the family of Nohemi Gonzalez, a 23 year-pld US citizen killed in Paris during the 13th November 2015 terrorist attacks claimed by ISIS. The Gonzalez family asserts that the algorithms should be regarded as editorial content not covered by the immunity from liability granted by Section 230 and thus Google’s YouTube subsidiary has violated the US Anti-Terrorism Act (ATA) when its algorithms have recommended ISIS-linked content to users. The Supreme Court is set to hear oral arguments in the case on 21st February next.

    Criticisms of the protections of Section 230 for websites

    Both Democratic and Republican members of Congress have criticised the protections provided for by the law. The Republicans believe that those in respect of liability make websites take partial decisions regarding content removal, whilst the Democrats would like the same sites to take more responsibility as regards moderation. In a statement President Biden has stated that his administration would support the position that Section 230 protections should not apply to recommendation algorithms. In its petition of 19th January, Microsoft asserts that if the Supreme Court makes amendments to Section 230, it would “strip these digital publishing decisions suit—and it would do so in illogical ways that are inconsistent with how algorithms actually work.“.

    The company added that any decision aimed at restricting the law “thereby expose interactive computer services to liability for publishing content to users whenever a plaintiff could craft a theory that sharing the content is somehow harmful“. In its own petition Meta stated that the plaintiffs’ argument is “deeply flawed from a legal point of view”; by interpreting Section 230 as a means of protecting sites from liability for content posted by its users whilst removing protection from content “ignores the way in which the internet works“. The company continued by describing the plaintiffs’ position as “regrettable from a practical point of view” and by stating that a ruling in their favour would ultimately prompt “online services to remove important, provocative and controversial content on matters of general interest“.

    Protection from liability essential for website operation according to Twitter

    Twitter has said that the current interpretation of Section 230 “ensures that sites such as Twitter and YouTube can work in spite of the unfathomable amount of information they make available and the potential liability that might result from this“. Since Twitter’s acquisition by Elon Musk, the site has been criticised for having reinstated the accounts of people it previously banned, such as disgraced former president Donald Trump or alpha male par excellence and all-round amateur human being Andrew Tate who is currently under investigation in Romania for alleged human trafficking.

    However, the review of several other high-profile cases will have to take place before the law is changed. Last week the Supreme Court was set to discuss its jurisdiction in two cases that challenge Texas and Florida laws prohibiting online platforms from removing certain political content. In addition, a Twitter vs. Taamneh case, which has many similarities with the Gonzalez vs. Google case, is due to oral pleadings on 2nd February. In this case Twitter, Facebook and YouTube are accused of having aided and abetted another attack claimed by Islamic State.

  • Another data protection fine for Meta

    New logo as Facebook morphs into MetaAfter a record fine of €390 mn. at the start of January, the Irish Data Protection Commission is imposing a further fine of €5.5 mn. on Meta, this time for WhatsApp’s policy with regard to personal data under the GDPR, Le Monde Informatique reports.

    Has been welcoming (in tax terms) to American IT companies, but is proving to be as very sensitive area for implementation of the GDPR. Meta has just experienced this once again with a fine of €5,5 mn. imposed by Ireland’s Data Protection Commissioner. This is the social network’s second fine in less than a month; on 4 January the same commission announced a record fine of €390 mn. on the personal data processing policy of Facebook and Instagram (posts passim).

    In this instance it’s WhatsApp’s policy that is being censured following a complaint filed on 25 May 2018 – the date the GDPR entered into effect – by a German user. After this date the messaging service updated its general conditions of use and informed its users they had to click on “accept and continue” to indicate their consent. If they did not reply, they no longer had access to the service.As in the decision of 4th January, WhatsApp regards its data processing policy must be considered like a “contract” according to the GDPR (Article 6.1) concluded between the company and the user.

    EDPB lays it on thick

    The Irish Data Protection Commission investigated and drew up a draft decision which was submitted to the European regulators parties involved in this case. It proposed not imposing additional financial penalties. WhatsApp had already been fined €225 mn. in September 2021 for similar actions. However, the DPC pleaded for recognition of the contractual and thus legal nature of WhatsApp’s personal data policy – a position which caused an outcry from other data protection regulators.

    The DPC approached the EDPB for a decision. It dismissed the legal basis of the contract and added an additional infringement of the transparency obligation. As a consequence, the Irish DPC is adding €5.5 mn. to the fine imposed on Meta, WhatsApp’s parent company.

Posts navigation