A plugin that flags social network pages and users as transphobic or trans-friendly has been reported to Norwegian authorities over concerns that it is in violation of data protection laws.
Shinigami Eyes uses a color-coding system to denote the attitude of a site or a user toward the trans community. The extension turns green to denote a trans-friendly site or user and red when that site or user is considered anti-trans.
A mix of manual labeling, user contributions, and machine learning is used to decide whether a site is phobic or friendly.
In the gaming world, Shinigami Eyeballs or Eyes of the Shinigami are eyes that can see both the names and the lifespans of humans floating above their heads.
Nonprofit civil liberties organization Electronic Frontier Norway (EFN) asked the Norwegian Data Protection Authority to investigate the legality of the plugin after hearing radio host Hilde Sandvik express concerns about it on the program Norsken, Svensken og Dansken.
After downloading and analyzing the plugin's source code from GitHub, EFN found that the classification of people and organizations into friendly or phobic is uploaded to a server based in the US and hosted by Amazon.
"EFN finds that the use of the program and the operation of the database it uses likely constitutes multiple violations of the GDPR and its Norwegian implementation," said a spokesperson for EFN.
"The most egregious of these being the clear violation of Article 9 which prohibits the registrations of people’s political views, philosophical convictions and physical persons' sexual relations or sexual orientations etc."
EFN warned that the app could put people in danger by marking them as trans-friendly or transphobic without their knowledge or consent.
"The software can be used to identify targets for online harassment, doxing, cyberstalking and even physical attacks," said the NGO.
EFN also expressed concerns over the opacity of the plugin’s governance process for databases containing personal data.
"It is unknown who operates the service, what the editorial process constitutes, who to contact to get copies of the data stored about oneself, and protocols and procedures for demanding being left out of the database entirely."