民間の空襲被害やシベリア抑留被害などの「残された戦後処理問題」をめぐる集会が２０２４年12月３日、東京の衆議院第二議員会館で開かれ、四つの被害者団体の関係者が問題の立法的な解決を訴えた。 　集会は太平洋戦争の開戦から8 […]

　埼玉県桶川市で１９９９年10月、猪野詩織さん（当時21歳）が執拗なストーカー被害を受け殺害されてから25年。父・憲一さん（74歳）、母・京子さん（74歳）と写真週刊誌『ＦＯＣＵＳ』（２００１年休刊）記者として警察より早 […]

　東京高裁の白石哲裁判長（２０２０年に定年退官）が、３人の裁判官のうちの１人が交代した口頭弁論の際に法的な手続きをせず違法があったとして、高嶋伸欣・琉球大学名誉教授（82歳）、東京都内の中学校の元教員、増田都子さん（74 […]

　韓国で２０２４年12月３日夜11時頃、国家非常事態を理由に自由や権利を制限する戒厳令が突如、尹錫悦大統領によって宣布された。 　この時、私はソウルに滞在中で、偶然国会の近くにいた。戒厳令宣布の一報を受けて、すぐに国会に […]

　大学で担当する「こどもと教育」の講義で、学生が言った。「僕は子どもが大好きです。だからこそ日本で子どもを持ちたいとは思わない。子どもたちは学校でいつも点数をつけられ、優秀な子どもだけがもてはやされる。まるで日々、虐待を […]

　政府が原発の新増設を進めるため、建設費などのコストを電気料金に上乗せし、消費者から広く徴収する支援制度の導入を検討している、と報じられている。これに危機感を抱いた国際環境ＮＧＯ「FoE Japan」などの環境団体や市民 […]

　電子部品メーカー大手の日東電工（本社・大阪市）が、韓国に設立した１００％子会社・韓国オプティカルハイテック（ＫＯＨ）の「清算」過程で集団解雇や団交拒否を行ない、これに抗議した組合員らに対しても多額の損害賠償請求や個人資 […]

　自然災害と原発災害が同時に起きた場合などに、自治体は策定していた避難計画に基づいて住民の命を本当に守れるのか。守れる確かな根拠がないならば、原発の稼働は許されてよいのか――。 　そのような住民の切迫した問題意識に基づい […]

　切望した公の判断、それも裁判所による判断が示された。埼玉県南部の川口市や蕨市に集住するクルド人を「テロリスト」「テロ支援者」と触れ回り「日本から出て行け」「たたき出せ」と排斥するヘイトデモについて、さいたま地裁（市川多 […]

　11月20日は「トランスジェンダー追悼の日」で、ヘイトクライム（差別や憎悪による犯罪）や自死により亡くなったトランスジェンダーを追悼し、その尊厳と権利について考える国際的な記念日だ。この日、東海林毅さんら97人の映画監 […]

OpenSSL Projectより、OpenSSL Security Advisory [20th January 2025]（"Timing side-channel in ECDSA signature computation (CVE-2024-13176)"）が公開されました。

States need to have and use data privacy laws to bring privacy violations to light and hold companies accountable for them. So, we were glad to see that the Texas Attorney General’s Office has filed its first lawsuit under Texas Data Privacy and Security Act (TDPSA) to take the Allstate Corporation to task for sharing driver location and other driving data without telling customers.

In its complaint, the attorney general’s office alleges that Allstate and a number of its subsidiaries (some of which go by the name “Arity”) “conspired to secretly collect and sell ‘trillions of miles’ of consumers’ ‘driving behavior’ data from mobile devices, in-car devices, and vehicles.” (The defendant companies are also accused of violating Texas’ data broker law and its insurance law prohibiting unfair and deceptive practices.)

On the privacy front, the complaint says the defendant companies created a software development kit (SDK), which is basically a set of tools that developers can create to integrate functions into an app. In this case, the Texas Attorney General says that Allstate and Arity specifically designed this toolkit to scrape location data. They then allegedly paid third parties, such as the app Life360, to embed it in their apps. The complaint also alleges that Allstate and Arity chose to promote their SDK to third-party apps that already required the use of location date, specifically so that people wouldn’t be alerted to the additional collection.

That’s a dirty trick. Data that you can pull from cars is often highly sensitive, as we have raised repeatedly. Everyone should know when that information's being collected and where it's going.

More state regulators should follow suit and use the privacy laws on their books.

The Texas Attorney General’s office estimates that 45 million Americans, including those in Texas, unwittingly downloaded this software that collected their information, including location information, without notice or consent. This violates Texas’ privacy law, which went into effect in July 2024 and requires companies to provide a reasonably accessible notice to a privacy policy, conspicuous notice that they’re selling or processing sensitive data for targeting advertising, and to obtain consumer consent to process sensitive data.

This is a low bar, and the companies named in this complaint still allegedly failed to clear it. As law firm Husch Blackwell pointed out in its write-up of the case, all Arity had to do, for example, to fulfill one of the notice obligations under the TDPSA was to put up a line on their website saying, “NOTICE: We may sell your sensitive personal data.”

In fact, Texas’s privacy law does not meet the minimum of what we’d consider a strong privacy law. For example, the Texas Attorney General is the only one who can file a lawsuit under its states privacy law. But we advocate for provisions that make sure that everyone, not only state attorneys general, can file suits to make sure that all companies respect our privacy.

Texas’ privacy law also has a “right to cure”—essentially a 30-day period in which a company can “fix” a privacy violation and duck a Texas enforcement action. EFF opposes rights to cure, because they essentially give companies a “get-out-jail-free” card when caught violating privacy law. In this case, Arity was notified and given the chance to show it had cured the violation. It just didn’t.

According the complaint, Arity apparently failed to take even basic steps that would have spared it from this enforcement action. Other companies violating our privacy may be more adept at getting out of trouble, but they should be found and taken to task too. That’s why we advocate for strong privacy laws that do even more to protect consumers.

Nineteen states now have some version of a data privacy law. Enforcement has been a bit slower. California has brought a few enforcement actions since its privacy law went into effect in 2020; Texas and New Hampshire are two states that have created dedicated data privacy units in their Attorney General offices, signaling they’re staffing up to enforce their laws. More state regulators should follow suit and use the privacy laws on their books. And more state legislators should enact and strengthen their laws to make sure companies are truly respecting our privacy.