Google has been fined $56.8 million by privacy regulators in France, marking the country’s first use of the tough new privacy rules enacted in Europe last year. Specifically, the company is accused of violating the General Data Protection Regulation (GDPR) by using, without proper consent, the private data of users to craft personalized ads; and by burying key privacy disclosures pages deep amid oceans of text.
In a statement Monday, France’s privacy watchdog, CNIL, said that Google had been fined for needlessly obscuring information concerning the processing of its users’ data, which Europe’s privacy rules demand be made more easily accessible. Essential information about how user data is processed, stored, and used, it said, was “excessively disseminated across several documents.” It required, in some cases, up to five or six steps to unearth key disclosures, including details of how Google amasses personal information to help it pinpoint a user’s location.
Some of the information, it said, “is not always clear nor comprehensive.”
While Google says it obtains the consent of consumers prior to using their data to personalize ads, the French commission found Google’s process for informing users about what precisely they’re consenting to to be wholly inadequate. Users are “not sufficiently informed,” it said, finding Google’s language “vague” and its violations to be “continuous.”
Users are not able to fully understand the extent of the processing operations carried out by GOOGLE. But the processing operations are particularly massive and intrusive because of the number of services offered (about twenty), the amount and the nature of the data processed and combined. The restricted committee observes in particular that the purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes. Similarly, the information communicated is not clear enough so that the user can understand that the legal basis of processing operations for the ads personalization is the consent, and not the legitimate interest of the company. Finally, the restricted committee notices that the information about the retention period is not provided for some data.
Google told reporters in response that it was “studying the decision” to inform its next steps. “People expect high standards of transparency and control from us,” it said, adding that it remained “deeply committed to meeting those expectations and the consent requirements of the GDPR.”
TV station France 24 reported that CNIL’s judgement followed complaints filed by two advocacy groups in May—one by La Quadrature du Net, the French digital rights group, and another by Austrian privacy activist Max Schrems.
“We have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products,” Schrems reportedly told the station. “It is important that the authorities make it clear that simply claiming to be compliant is not enough.”
It just became that much easier for students to grab food without interrupting a study break. Starship and Sodexo have launched a robot food delivery service at Virginia’s George Mason University, giving students and staff access to food within an average of 15 minutes or less. Pay $2 through Starship’s mobile app and one of the more than 25 automatons will deliver pizza, coffee and other grub to a convenient pickup point on campus. It even ties into the school’s student meal plans (the first such tie-in anywhere, according to Starship) and debit program.
The initial partners include Blaze Pizza, Dunkin’ and Starbucks. More are coming in the weeks ahead, and there are plans for more campus offerings around the world.
Importantly, this isn’t a test project. Virginia has legalized delivery robots, letting Starship operate full-fledged service in the state so long as it honors guidelines on speed, weight and monitoring. You might not see widespread adoption until and unless other states follow suit, but the GMU rollout could pave the way for future deployments if it proves successful.
With the opioid epidemic raging, you may at this point be familiar with Purdue Pharma. It makes the powerful painkiller OxyContin and has been widely blamed for igniting the current crisis.
After debuting OxyContin in 1996, Purdue raked in billions using aggressive and deceptive sales tactics, including ratcheting up dosages of the
What you may be less aware of is the wealthy, philanthropic family behind Purdue: the Sacklers. Before the opioid epidemic, the family name was mostly associated with museums and prestigious universities, including art galleries at the Smithsonian Institution and Harvard. The Sacklers have worked to keep their good name and mostly stay out of the spotlight. But new, explosive court filings in a case brought by the state of Massachusetts stand to further thwart the family’s efforts.
Documents released this week (PDF) allege—and include new, rather damning evidence—that members of the Sackler family not only knew about the illegal and loathsome activities at Purdue, but they personally directed them. Members of the Sackler family, particularly Richard Sackler, aggressively pushed for extreme sales figures—and profits—which they accomplished in part by bullying their sales representatives; targeting vulnerable patients, such as the elderly and veterans; suggesting that the addictive opioid was an alternative to safe medications like Tylenol; and encouraging doctors to write longer and higher dose prescriptions, according to the lawsuit. All the while, the family allegedly dismissed evidence of OxyContin’s addictiveness and blamed patients for their addictions—referring to them as “reckless criminals.”
Brewing storm
When Purdue first planned to sell OxyContin (oxycodone), the Sacklers pitched the idea of downplaying its abuse potential and selling it as an uncontrolled drug in other countries, according to documents referenced in the lawsuit. This spurred OxyContin developer Robert Kaiko to email Richard Sackler, a senior vice president at the time and the billionaire son of the late Raymond Sackler, who bought Purdue in 1952 with his brother Mortimer.
Kaiko told Richard Sackler that he was “very concerned” by the idea of selling OxyContin as an uncontrolled drug. “[O]xycodone containing products are still among the most abused opioids in the US,” Kaiko wrote. “If OxyContin is uncontrolled… it is highly likely that it will eventually be abused.”
Richard responded to Kaiko, asking, “How substantially would it improve your sales?”
Opioid Deaths in Massachusetts.
Purdue made more money from higher doses.
The longer patients are on opioids, the more deadly they become.
Purdue sales reps pestered doctors.
Sales force increased from 300 to 700.
The Sacklers required reps to meet with prescribers daily.
Purdue sales reps met with doctors thousands of times.
Purdue staff tried to thwart interference from Richard Sackler.
Purdue reports noted that the conversation on opioids was changing.
Sales territory map for 2018.
At OxyContin’s launch party, Richard was optimistic about the drug’s market potential, saying that “the launch of OxyContin Tablets will be followed by a blizzard of prescriptions that will bury the competition. The prescription blizzard will be so deep, dense, and white…”
In 1999, Richard became CEO of Purdue, and the company hired hundreds of sales representatives. They were trained to tell doctors that the risk of OxyContin addiction was “less than one percent,” the lawsuit alleges. In the subsequent years, it became clear that the statistic was a lie. In 2001, when a federal prosecutor reported 59 OxyContin overdose deaths in one state, Richard wrote in an email to Purdue executives: “This is not too bad. It could have been far worse.”
With the realities of addiction and overdose becoming apparent, Richard suggested blaming the patients rather than the company’s drug. “[W]e have to hammer on the abusers in every way possible,” he wrote in a confidential email. “They are the culprits and the problem. They are reckless criminals.”
As federal prosecutors closed in, Richard and other members of the Sackler family resigned from their positions at the company and tried to distance themselves from the company’s efforts. In 2007, the family voted that Purdue should enter a plea agreement on the federal charges of fraudulent and misleading OxyContin marketing, agreeing to state that “Purdue is pleading guilty as described above because Purdue is in fact guilty.” Yet none of the Sacklers were accused of wrongdoing in the case nor have they faced any legal penalty.
Deadly blizzard
After the guilty plea, the Sacklers were ostensibly less involved with the company, which was supposedly working on cleaning up its act. It agreed to enter into a Corporate Integrity Agreement with the US government, for instance. But according to the lawsuit, the Sacklers were secretly still just as involved as ever, and the company violated its integrity agreement with continued deception.
The more-than-300-page legal filing goes on to document repeated instances in which members of the Sackler family pestered Purdue staff and set ever-increasing targets for sales and profits. Richard in particular would demand frequent sales reports and figures, often on holidays and weekends.
From 2007 to 2016, Purdue increased its sales force from around 300 reps to 700 reps, apparently to meet the demands of the Sacklers, according to the suit. The family pushed for reps to sell more and more opioids, at higher dosages, despite the fact that these were more dangerous. They also required sales representatives to meet an average of 7.5 prescribers a day and get those prescribers to commit to prescribing more and more opioids.
In 2011, Richard even wanted to shadow two reps as they went out to doctor office visits. The vice president of sales, Russell Gasdia, appealed to Purdue’s chief compliance officer to try to block Richard’s involvement, arguing that it was “a potential compliance risk” in an email. The compliance officer, Bert Weinstein, responded, “LOL… We agreed Richard needs to be mum and be anonymous.”
Meanwhile, the Sacklers continued to pour money into university ties, specifically the Massachusetts General Hospital Purdue Pharma Pain Program and the Masters of Science in Pain Research, Education, and Policy (“MSPREP Program”), the lawsuit notes. This enabled Purdue to garner good faith from budding doctors and favorable views of opioid use in pain treatments.
But as the opioid blizzard Richard had predicted reached a blinding epidemic of overdoses, the
. Richard and other family members resigned from Purdue’s board of directors last year. At the same time, Purdue agreed to stop aggressively promoting OxyContin.
In a statement emailed to Ars by Bob Josephson, executive director of communications at Purdue, the company said that the lawsuit misrepresents opioid prescriptions and cherry-picked unflattering quotes from internal documents.
Massachusetts’ amended complaint irresponsibly and counterproductively casts every prescription of OxyContin as dangerous and illegitimate, substituting its lawyers’ sensational allegations for the expert scientific determinations of the Food and Drug Administration (FDA) and completely ignoring the millions of patients who are prescribed Purdue Pharma’s medicines for the management of their severe chronic pain.
The statement noted that the FDA had determined that Purdue’s opioids were safe and effective for their intended use and that the company had fulfilled the requirements of its Corporate Integrity Agreement with the Department of Health and Human Services.
It went on:
The Attorney General has cherry-picked from among tens of millions of emails and other business documents produced by Purdue. The complaint is littered with biased and inaccurate characterizations of these documents and individual defendants, often highlighting potential courses of action that were ultimately rejected by the company.
Purdue and the individual defendants will aggressively defend against these misleading allegations. In the meantime, we continue to fight for balance in the public discourse so that society can simultaneously help pain patients in need and create real solutions to the complex problem of addiction.
The 10-Year Challenge has gone viral on platforms like Facebook, but some worry about how the data will be used.
Eric Baradat/AFP/Getty Images
hide caption
toggle caption
Eric Baradat/AFP/Getty Images
The 10-Year Challenge has gone viral on platforms like Facebook, but some worry about how the data will be used.
Eric Baradat/AFP/Getty Images
In the latest social media craze, people are sharing photos comparing how they looked 10 years ago with how they look today. Dubbed the “10-Year Challenge,” the viral fad has attracted everyone from celebrities like Mariah Carey and Justin Baldoni, to environmentalists seeking to highlight the impacts of climate change.
The challenge is light-hearted, but you may want to think twice before joining in.
That’s according to author and tech consultant Kate O’Neill, who warns that data from the challenge could be used by companies like Facebook or Amazon to train facial recognition algorithms.
In an interview with NPR’s Lulu Garcia-Navarro, O’Neill offered varying scenarios — some good, some bad — of what could happen if companies are able to utilize these algorithms for things like age recognition and progression.
First, the good.
O’Neill speculated that facial recognition technology with age progression capabilities could help find missing kids, even after many years pass. She points out that facial recognition technology has already helped track down missing children — including in India, where police identified thousands of kids in just a few days using facial recognition.
Now, the bad news.
According to O’Neill, it’s possible that data mined from the 10-Year Challenge could be used against us. She said it’s possible age progression recognition technology would be used in health care and health insurance assessments. That may sound beneficial, but writing in Wired, O’Neill pointed out, “For example, if you seem to be aging faster than your cohorts, perhaps you’re not a very good insurance risk. You may pay more or be denied coverage.”
She argued that the negative ramifications of sharing our data is a very real possibility, pointing to past incidents — such as when data for as many as 87 million Facebook users was “improperly shared” with Cambridge Analytica, a data analytics firm used by the Trump campaign in 2016.
In a statement to Wired, Facebook said the 10-Year Challenge was a user-generated meme that they gained nothing from. Regardless, O’Neill preached caution.
“I want us to have fun and I want us to connect with each other. It just comes with the caution that it has this opportunity to make our lives more difficult and more challenging too,” she told NPR. “As long as we’re eyes wide open about the full spectrum of those potentials and those uses, then we’re going to be in great shape to guide ourselves into the future.”
In order to be cautious, she advised to be on the lookout for online games and memes that encourage people to participate in specific and particular ways.
“We may not have the sophistication to recognize the pattern now, but we should be gaining that sophistication, because these types of activities are going to be increasingly common,” she said.
Some have dismissed O’Neill’s warnings, she said, arguing that many of the photos posted in the challenge were already available online anyway. But, O’Neill pushed back on this dismissal, pointing out that participating in the challenge helps to verify and curate the data.
“That action made it particularly easy in theory for a hacker or someone who engineered a social engineering experiment to gather this data in a way that made it more useful,” she said.
To combat data misuse, O’Neill argued that new regulatory approaches are needed to hold companies accountable for how they use data.
But, she also acknowledged that on the other side of the equation, there would be no data without the users sharing it.
“We need to understand the broader uses of emerging technology,” she said. “Emerging technology relies on human data, and that means us.”
Stolen
credit card details are being used to purchase V-bucks – the virtual currency
used to buy items in the game – from the official Fortnite store. By selling
V-bucks at a discounted rate to players, the criminals are effectively able to
“clean” the money.
An investigation by The Independent into online black markets selling V-bucks,
together with research by cyber security firm Sixgill, revealed the scale of the
money laundering operations.
Discounted V-bucks are being sold in bulk on the dark web – a hidden section of
the internet only accessible using specialist software – as well as in smaller
quantities on the open web by advertising them on social media platforms like
Instagram and Twitter.
By posing as potential customers, Sixgill agents uncovered operations being
conducted around the globe in Chinese, Russian, Spanish, Arabic and English.
“Criminals are executing carding fraud and getting money in and out of the
Fortnite system with relative impunity,” Benjamin Preminger, a senior
intelligence analyst at Sixgill, told The Independent.
“Threat actors [a malicious person or entity] are scoffing at Epic Games’ weak
security measures, saying that the company doesn’t seem to care about players
defrauding the system and purchasing discounted V-bucks… This directly touches
on the ability of threat actors to launder money through the game.”
Hi! We notice you’re using an ad blocker. Please consider whitelisting Autoblog.
We get it. Ads can be annoying. But ads are also how we keep the garage doors open and the lights on here at Autoblog – and keep our stories free for you and for everyone. And free is good, right? If you’d be so kind as to whitelist our site, we promise to keep bringing you great content. Thanks for that. And thanks for reading Autoblog.
Hey again!
You still haven’t turned off your adblocker or whitelisted our site. It only takes a few seconds.
