#Max Reynders
Text
The European Commission has announced a pact with the US to allow easier legal transfer of personal data across the Atlantic.
Data privacy activists vowed to challenge the agreement in court.
President Joe Biden and EU officials welcomed the deal, which overcame objections about US intelligence agencies' access to European data.
The deal ensures Meta, Google and other tech giants can continue sharing information with the US.
Two previous attempts to create a legal framework on US-EU data sharing had been shot down in European courts over privacy concerns.
Monday's pact aims to ease European concerns over any personal information that ends up shared with US intelligence agencies.
Americans are mostly shielded legally from electronic snooping by US spy agencies, but foreigners are not.
The EU-US agreement allows Europeans to object if they suspect their data has been collected by American intelligence.
A Data Protection Review Court, made up of US judges, will be created to hear the claims.
The EU-US Data Privacy Framework, which goes into effect on Tuesday, also pledges only "necessary and proportionate" data will be collected.
EU Justice Commissioner Didier Reynders said the "robust" agreement meant "personal data can now flow freely and safely" from Europe to the US.
But non-profit group NOYB (None of Your Business), led by Austrian privacy activist Max Schrems, vowed to challenge the decision.
Mr Schrems said in a statement: "Just announcing that something is 'new,' 'robust' or 'effective' does not cut it before the [European] Court of Justice.
"We would need changes in US surveillance law to make this work and we simply don't have it."
Mr Schrems previously challenged Facebook's storage of data, saying it violated his European privacy rights, and the European Union's top court agreed.
President Biden paved the way for the final deal by issuing an executive order in October 2022 requiring US intelligence officials to add more data collection protections while balancing them with national security concerns.
Compared with the EU, the US has lenient privacy laws.
In May, the EU hit Facebook owner Meta with a $1.3bn (£1bn) fine, ordering the company to stop sharing European users data across to the US.
Meta has said without a legal outline for data transfers, it would be forced to stop providing its products and services in Europe.
7 notes
·
View notes
Text
intel
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
List of friends
Cortana zahra neiva Jessa rhodes
Travis Fimmel Satoshi Tajiri Mariya Putina eskmo
wil wheaton matthew broderick
tom cruise wine
steven spielberg fergie
vin diesel
camila cabello kaia
adam driver
charlotte francesca phat Zelda relly
rob hawkins
lizzy vanessa zac
katrina
eskmo
Ildris elba akira toriyama brody
kimbal musk haley lu richardson ana de armas demi
johnny Simms gia valentina adam blac ava dalush
johnny depp gesalf josephine skriver amerie
watt jobs winter jade wolf Megan good
george
olivia wilde Isaac liev schreiber earl jones
kristen bell
selena quintanilla green pete jacky
harrison mark olga
eve mavrakis liam
valerie
anato james jeff soto
jack hibbs christopher rygh
silvia jons nikolas artem michelle can
sydney cole taylor sands
phoenix twilight castle play diamond
britney spears jamie watson marysia
kosinska aubri ibrag viki odintcova
lisa stelly luis vesciglio afra saracoglu lily chey katya polyak
billie joe armstrong david jack guirl lily ermak margot robbie helen owen sohn
lili del bosqué angelina petrova andee layne nilam farooq
julian gross nastya nass chris perez
elijah wood sean astin
gabby rodriguez
alli martinez monika jablonska christiano ronaldo lloyd omadhebo
adele
ziggy azalea renae cruz james blake
bailey stewart taylor rae angelica kara
taylor rae
ashly anderson
thebe neruda kgositsile krista keehus
brandon marston hefner
tyler okonma sarah fergley daniel hernandez
steven rinella brenton thwaites chloe pacey
james patrick caviezel nina milano
jason ritcher
leonardo dicaprio constanze saemann shia lebouf tavis bradley
alyssa funk jessica alba
monique friend ali
ryan huber shea jones
esther heesch jenna j ross alejandro
psychic surfing
charm bomb blast brique bambi
northwood blyth
alina malai steven spenser pearce mia marli
anjelica ebbi evelin stone carlotta bruna biel juste
max reynders emily butt robert coral
birdwell henry cavill
annie belsar
alexandria can nahuatl hailee steinfeld cameron smoller michelle olvera maluma
koti rose rima vaidila charlotte carter
allen gifo
ginebra emma mae emma macdonald chris styan alex brown grace villarreal
gemma arterton asuna fox imogen heap wir russell brand jeff goldblum
vincenzo luvineri elçin sangu matilda
anna ingrid lutz antonio folletto alex roe
felipe andres coronel carla morrison
julianne hough winona ryder lindsay hansen
ryan reynolds chris pratt ella hughes
danny d kornelia suchecka
ryan gosling caprice maddy belle
tabatha natalie zbrailova sam
worthington maria ozawa alfonso ribeiro jada pinkett smith
orlando bloom kiera knightley will smith vanessa chester
kate beckinsale cazzie david hailie jade johnathan jim sturgess evan rachel wood
kara david williams nastassia vitskop clarrise
nicole kidman amy adams rachel
mcadams steven strait
brad pitt jeff daniels angelina steven downes
keanu reeves michael jackson halle
berry hozier how to dress well
jenna ortega thalia crawford brianda deyanara
clara noa rigmor kitty de jong yasmin
amneeria susanna wurs
nicole pry below ska lydia ldsse riley reid jordan ullman lana rhoades majid al maskati
bruce venture serapis queen victor dee dee
sasha rose dj laya
victor lou nina james light daria sidorchuk
karol g
mauro gentile
megan batoon michelle lewin
alyssa bernal justin bieber bridget satterlee kate
savannah thales
bree
fevre stefanie scott sasha obama chris milton
bella
daisy john boyega irine meier
ana cheri anita frankie miles
bensu soral bas hakan bas eva dos
santos emanuel sasha rose
eddy grim Pollyanna fruzsi tóth andrea furnari franceska fournier
jesse kat oddica
katrina jade victoria sweet
irine
martyna matt black renee herbert manue kornisiuk susan noyes taylor kitsch
8 9 1 0 2
inja zalta taylor lee iskra lorena duran
harli lotts shanth enjeti klaudia marcel karussel livia brito pestana Marcel vivan russo
dina denoire rachel cook maneet kaur longia aslihan malbora
kevin parker amalia flores crystal hannah
ari vega
victoria loren ela velden jessie
jacqueline
france femme helaine rôse tieu
alex zedra kristine froseth nadzbanag alina samsonova mehdi luciana
alloy ash
kandle osborne alesha bush owl hoo taniana
amber nikolawashere morgan ketzner dpat sophia rose bandit almila ada
robert clarence irwin
raquel rojas maleph ishen lucas lima avneet kaur dibujante
Porna justin hayward gundam evan
chris hemsworth kevin johnson hayao miyazaki
jordan mcewen
Chris Palio j. d. pardo
merve jessy hartel sarah innocenzi whosjessy
pien wekking daria esra heijmans diana raych
ege dev suggs asli enver kasia bielecka
bahar sahin natalia barulich yasmin
wilshin marlen valderrama alvarez
polina rai hande ercel aly bivins Olivia culpa
janina patricia summersett larae lain bray hadlie plummer
monique kivela
georgia fowler christian jami lyn fehr jelena marija
ola przywitowska camila morrone
marleen maja alex hunter fitzalan
chelsey pecoy michelle vivasl kaya ozgu arunya guillot
emily tanner katya kotaro nail ardevora olivia munn
abby neff okaginer kleofina zeynep tugce bayat
ashley thompson
renee murden girl_favorite_girl jemima robinson mimi schorer
katie color broken crown bogdana daniya
cassie amato chuiko model gigi paris mishka chantal silva
irina dreyt aidee alexandria hernandez emily feld nancy leonard
kristina pimenova nata lee shelby bay clements twins
kattrin katti laura kristina leskiv eterygel
melis tuzunguc justin cylnes dubnitskiy anna belik
darya taranik marie antoinette
chocolatier julia rompalska leyla lydia tugutlu
razi arianna hicks abrill rios cassandra cano maler
polina zavalskaya monia xodidar maddie carina
kanadie morrison oleksandra stephanie knight jade rostoldo
marina yuliya ivan felicia fontaine angela fabiola
bekky aliya yalaya isabela moner llayda akdogan
mich perez burcu ozberk barbara palvin nastia karagodina
ines sandy cheeks karol sevilla gabriele millas
cairo dwek rits badiani alice matos joe jonas
lera petrenkoo kristi veronich anzhelika
ruslana raquel chaves natalia arants eva luky anova
sinem unsal valenti vitell
violetta fedorenko
anastasia revenko seray kaya gulper ozdemir adriana
niki jensen
gizem gunez alina dub elizabeth lenard cindy mello
nicola mcpherson leonie lagriffoul
kristina bridget mendez
ry anya charly jordan bel maia pangaea festyle
ashli moreno jess beatriz bekyg
kimberly daugherty kamilla mraz
deanna bessin lera elena kamperi luiza marquesa
nesrin cavadzade vokatya paula jailyne
kielah marie mara lafonta kleofina
shaelah olya emilia jodie
too many feels elena anne paula manzanal
dacre montgomery blue-ranger
savino quatela
carla tofano ulzzang
sacred
00312
elk hooves anna saturn
shyla jennings
megan fox
alex coal
sagrada jennifer lawrence
Ensenada nohely
jeff bezos jason morgan terence paul winter
brook
atu
milla jovovich
weeknd natalie
lahwf harry san fran Big Sur
daniel craig iamjapanese
margret gnarr capri anderson
mina diva
felice fawn
gambino jerry seinfeld veronica
balestrini rakim mayers rihanna
lido halsey megumi ogata g eazy
yoke miyamura bebe rexha
nina paladino leo rebecca catherine
smith anllela sagra
alyssa hudson
emma coronel aispuro cara delahoyde massey kostja ullmann lily james mackenzie foy gracie abrams meghan markle
kerry cherry courtney james miguel
robles caitlin stacey angela aguilar
anna dj dangerous
haim jynx key peele
5 6 7 8
shakira spawn
cun mina girl tube guru Paige
I'm done with you!
4 notes
·
View notes
Text
Morning Star
The first ‘seat’ I designed for @mxdvs, made out of solid European oak.
377 notes
·
View notes
Text
Max Reynders, @MXDVS - Artist, Creative Director - Léon Der Wintersoldat Mütze, Brille von Asos, Mantel von Spitfire 1995,MISBHV, Jogginghose aus Eorri-Baumwolle, Enfin Leve 1914 Stiefel, Dr. Martens
Schauen Sie nach @MXDVS
2 notes
·
View notes
Text
Ireland opens GDPR investigation into Facebook leak
Facebook’s lead data supervisor in the European Union has opened an investigation into whether the tech giant violated data protection rules vis-a-vis the leak of data reported earlier this month.
Here’s the Irish Data Protection Commission’s statement:
“The Data Protection Commission (DPC) today launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet. This dataset was reported to contain personal data relating to approximately 533 million Facebook users worldwide. The DPC engaged with Facebook Ireland in relation to this reported issue, raising queries in relation to GDPR compliance to which Facebook Ireland furnished a number of responses.
The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data.
Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users by means of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer features of its service, or whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect.”
Facebook has been contacted for comment. Update: The company did not provide a statement but confirmed it’s in contact with regulators to answer their questions.
The move comes after the European Commission intervened to apply pressure on Ireland’s data protection commissioner. Justice commissioner, Didier Reynders, tweeted Monday that he had spoken with Helen Dixon about the Facebook data leak.
“The Commission continues to follow this case closely and is committed to supporting national authorities,” he added, going on to urge Facebook to “cooperate actively and swiftly to shed light on the identified issues”.
Today I spoke with Helen Dixon @DPCIreland about the #FacebookLeak. The Commission continues to follow this case closely and is committed to supporting national authorities. We also call on @Facebook to cooperate actively and swiftly to shed light on the identified issues.
— Didier Reynders (@dreynders) April 12, 2021
A spokeswoman for the Commission confirmed the virtual meeting between Reynders and Dixon, saying: “Dixon informed the Commissioner about the issues at stake and the different tracks of work to clarify the situation.
“They both urge Facebook to cooperate swiftly and to share the necessary information. It is crucial to shed light on this leak that has affected millions of European citizens.”
“It is up to the Irish data protection authority to assess this case. The Commission remains available if support is needed. The situation will also have to be further analyzed for the future. Lessons should be learned,” she added.
The revelation that a vulnerability in Facebook’s platform enabled unidentified ‘malicious actors’ to extract the personal data (including email addresses, mobile phone numbers and more) of more than 500 million Facebook accounts up until September 2019 — when Facebook claims it fixed the issue — only emerged in the wake of the data being found for free download on a hacker forum earlier this month.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Despite the European Union’s data protection framework (the GDPR) baking in a regime of data breach notifications — with the risk of hefty fines for compliance failure — Facebook did not inform its lead EU data supervisory when it found and fixed the issue. Ireland’s Data Protection Commission (DPC) was left to find out in the press, like everyone else.
Nor has Facebook individually informed the 533M+ users that their information was taken without their knowledge or consent, saying last week it has no plans to do so — despite the heightened risk for affected users of spam and phishing attacks.
Privacy experts have, meanwhile, been swift to point out that the company has still not faced any regulatory sanction under the GDPR — with a number of investigations ongoing into various Facebook businesses and practices and no decisions yet issued in those cases by Ireland’s DPC. (It has so far only issued one cross-border decision, fining Twitter around $550k in December over a breach it disclosed back in 2019.)
Facebook’s tardy disclosure of breach timing raises GDPR compliance questions
Last month the European Parliament adopted a resolution on the implementation of the GDPR which expressed “great concern” over the functioning of the mechanism — raising particular concern over the Irish data protection authority by writing that it “generally closes most cases with a settlement instead of a sanction and that cases referred to Ireland in 2018 have not even reached the stage of a draft decision pursuant to Article 60(3) of the GDPR”.
The latest Facebook data scandal further amps up the pressure on the DPC — providing further succour to critics of the GDPR who argue the regulation is unworkable under the current foot-dragging enforcement structure, given the major bottlenecks in Ireland (and Luxembourg) where many tech giants choose to locate regional HQ.
After the @EP_Justice and other EU DPAs raised concerns, the Irish Parliament is now also planning to look into the work of @DPCIreland in a hearing on April 27th.
Glad to see pro-active steps to debate how #GDPR can be effectively enforced in all EU member states!
https://t.co/2mDaFOwEiR
— Max Schrems
(@maxschrems) April 10, 2021
On Thursday Reynders made his concern over Ireland’s response to the Facebook data leak public, tweeting to say the Commission had been in contact with the DPC.
He does have reason to be personally concerned. Earlier last week Politico reported that Reynders’ own digits had been among the cache of leaked data, along with those of the Luxembourg prime minister Xavier Bettel — and “dozens of EU officials”. However the problem of weak GDPR enforcement affects everyone across the bloc — some 446M people whose rights are not being uniformly and vigorously upheld.
“A strong enforcement of GDPR is of key importance,” Reynders also remarked on Twitter, urging Facebook to “fully cooperate with Irish authorities”.
Last week Italy’s data protection commission also called on Facebook to immediately offer a service for Italian users to check whether they had been affected by the breach. But Facebook made no public acknowledgment or response to the call. Under the GDPR’s one-stop-shop mechanism the tech giant can limit its regulatory exposure by direct dealing only with its lead EU data supervisor in Ireland.
A two-year Commission review of how the data protection regime is functioning, which reported last summer, already drew attention to problems with patchy enforcement. A lack of progress on unblocking GDPR bottlenecks is thus a growing problem for the Commission — which is in the midst of proposing a package of additional digital regulations. That makes the enforcement point a very pressing one as EU lawmakers are being asked how new digital rules will be upheld if existing ones keep being trampled on?
It’s certainly notable that the EU’s executive has proposed a different, centralized enforcement structure for incoming pan-EU legislation targeted at digital services and tech giants. Albeit, getting agreement from all the EU’s institutions and elected representatives on how to reshape platform oversight looks challenging.
And in the meanwhile the data leaks continue: Motherboard reported Friday on another alarming leak of Facebook data it found being made accessible via a bot on the Telegram messaging platform that gives out the names and phone numbers of users who have liked a Facebook page (in exchange for a fee unless the page has had less than 100 likes).
The publication said this data appears to be separate to the 533M+ scraped dataset — after it ran checks against the larger dataset via the breach advice site, haveibeenpwned. It also asked Alon Gal, the person who discovered the aforementioned leaked Facebook dataset being offered for free download online, to compare data obtained via the bot and he did not find any matches.
We contacted Facebook about the source of this leaked data and will update this report with any response.
In his tweet about the 500M+ Facebook data leak last week, Reynders made reference to the Europe Data Protection Board (EDPB), a steering body comprised of representatives from Member State data protection agencies which works to ensure a consistent application of the GDPR.
However the body does not lead on GDPR enforcement — so it’s not clear why he would invoke it. Optics is one possibility, if he was trying to encourage a perception that the EU has vigorous and uniform enforcement structures where people’s data is concerned.
“Under the GDPR, enforcement and the investigation of potential violations lies with the national supervisory authorities. The EDPB does not have investigative powers per se and is not involved in investigations at the national level. As such, the EDPB cannot comment on the processing activities of specific companies,” an EDPB spokeswoman told us when we enquired about Reynders’ remarks.
But she also noted the Commission attends plenary meetings of the EDPB — adding it’s possible there will be an exchange of views among members about the Facebook leak case in the future, as attending supervisory authorities “regularly exchange information on cases at the national level”.
Answers being sought from Facebook over latest data breach
Europe sets out plan to boost data reuse and regulate ‘high risk’ AIs
from iraidajzsmmwtv https://ift.tt/3e3cdQp
via IFTTT
0 notes
Text
No quick fix for transatlantic data transfers, says EC
Europe’s justice commissioner has conceded there will be “no quick fix” for EU-US data transfers in the wake of the decision by the region’s top court in July that struck down a flagship data transfer agreement which was being used by thousands of businesses.
Despite the ‘Schrems II’ judgement being the second such CJEU strike in around five years, commissioners from the EU’s executive body and US counterparts in the U.S. Department of Commerce announced last month that they had begun discussions on a potential replacement for the now defunct EU-US Privacy Shield.
Justice commissioner, Didier Reynders, said today that talks on an ‘enhanced framework’ are continuing but he admitted there’s no fast track fix for the schism between Europeans’ fundamental rights and US surveillance law.
“There is a common willingness to fully comply with the judgement of the court — on both sides we want to find ways in which to address the issues raised by the court,” said Didier Reynders. “We will intensify our engagement with the US in the coming weeks but we also have to recognize that the judgement raises complex issues related to the sensitive area of national security. Therefore there will be no quick fix.”
He went on to suggest that changes to US law may be needed for any Privacy Shield 2 to be possible — giving the example of the lack of a redress mechanism for EU citizens as an area where legislation may be needed — before emphasizing that any such legislative change would clearly take time (he noted, for example, that the US election is looming — which bakes natural delay into any such timeline).
“We are working with the US counterparts to evaluate the possibility of a strengthened framework — and of course it’s possible to build on existing elements but of course it’s maybe also a necessity to have legislative changes,” he said. “That’s the real question that we have with the US authorities. And that will of course have an impact on the time needed to put in place a new framework.
“It’s a real political debate; it’s not just a technical issue. And if we look at the domestic developments and debates in the US around privacy at the state and federal level but also limitation for intelligence service program there are probably more common grounds to find viable solutions than when the Privacy Shield was negotiated. You have also seen that the reaction of US authorities were constructive; they want to explore where to address the issues raised by the judgement but again sometimes, on the base of actual elements, there is maybe some legislative changes [required].”
“What we need are sustainable solutions that deliver legal certainty in full compliance with the judgement of the court,” he added. “That is also the message I have clearly passed to my EU counterparts and on which I will keep insisting.”
Reynders was speaking to the EU Parliament’s civil liberties (LIBE) committee, which was holding a hearing into the implications of the Court of Justice of the EU (CJEU) invalidating the EU-US Privacy Shield — aka the Schrems II ruling.
The chair of the European Data Protection Board (EDPB), Andrea Jelinek, had also been invited to speak, alongside Max Schrems himself, the European privacy campaigner who now has two successful strikes against EU-US data transfer mechanisms — after the CJEU invalidated Safe Harbor in 2015 and the EU-US Privacy Shield this July following his complaints.
The discussion delved into the implications of the CJEU ruling for an alternative data transfer mechanism called Standard Contractual Clauses (SCCs) which were not invalidated by the court, even as their use for US data transfers is now larded with legal risk as a result of US surveillance overreach.
Reynders told the committee the Commission is continuing its work on modernizing SCCs to bring them into line with the EU’s General Data Protection Regulation (GDPR) framework — saying it will produce a draft version this month and is aiming to complete the process before the end of the year.
“Now that the judgement has been assured we will of course preserve the elements of the existing SCCs that have led to the court to find them valid. At the same time we will try to reflect and operationalize in all texts the additional clarification provided by the court on the conditions under which SCCs can be used — taking also fully into account the guidance issued by the EDPB that it should help companies in their compliance effort,” he added. “But of course we need to see what kind of more longer term evolution in the US [law there might be].”
Reynders said the same the issues around data transfers will arise with the UK, post Brexit — as it seeks an adequacy agreement and the Commission will have to assess its domestic laws, including infamously draconian surveillance laws — and with other third countries like China where there’s no adequacy agreement in place (nor any prospect of a finding of privacy protections that are essentially equivalent to those in the EU).
“We want to stay open to those that apply the rules,” he added.
Jelinek said the EDPB has just set up a taskforce to work on around 100 strategic complaints filed last month by Schrems’ digital rights group, noyb, that target EU-based entities across the region which are using SCCs for data transfers for Google Analytics and/or Facebook Connect integrations.
noyb argues there’s no legal basis for those transfers and that DPAs should step in and suspend them.
“We are going to work not only close together but closer together than we’ve ever done [with EU data protection authorities] to solve this issue,” said Jelinek. “We will analyze the matter and ensure that we will go together in the same direction.”
Enforcement of EU data protection law is both a duty for supervisory authorities and “a matter of credibility”, she added. “You can be sure we are investigating all together within the taskforce but again I have to tell you that enforcement… is a matter of the national supervisory authorities. Each and every supervisory authority has to enforce in their own country those complaints which are ruled with them.”
The prospect of any enforcement of Schrems’ original SCC complaint to the Irish DPC — filed some seven years ago at this point — is still a distant one, according to what he told the committee.
“Enforcement is going to be a matter of credibility,” he said. “So far the understanding is that there will be no enforcement — or no serious enforcement — that’s also the reason we have filed a couple of complaints already to make sure that there’s some movement. And I think there needs to be some kind of highlight cases where the industry feels there’s a feeling where they actually have to comply with all of this.
“I also want to throw in real short that we got a letter this week that I cannot disclose yet from the Irish data protection regulator informing us that, defacto, they will probably not pursue this case that is ongoing for seven years for the next, I would assume one or two years… We’re very sorry to see that the regulator in Ireland, despite being under a court order that they have to enforce this judgement is apparently choosing not to do so.”
We reached out to the Irish DPC for a response to Schrems’ remarks and it told us he is “wrong” in that supposition but at the time of writing the regulator had not provided any further comment. We’ll update this report if we get more.
Schrems was withering is his view of the Irish DPC’s record, telling the committee that its handling of his complaint was not a pro-privacy case but a “pro-delay case”.
“We have already said at the beginning that this case could have been done by the DPC itself. And we now get back to exactly the problems we have outlined five years’ ago — that the DPC is now working on again.” he said.
“The bottom line is probably there’s not going to be a decision within the next two or three years — if they continue like that. Which means the original complaint I filed after Snowden will probably take up to ten years to get a first instance decision. Then we’ll have three layers of appeals in Ireland. So I’m probably going to be retired once this case is actually finally decided! I’m going to be grey and old and that’s not how fundamental rights in Europe should work — and I think we really have to work on that.”
Max Schrems on the EU court ruling that could cut Facebook in two
0 notes
Text
0 notes
Text
0 notes
Photo
MXDVS cargo pants + leg holster
https://mxdvs.co
#MXDVS#cargo#rick owens#leg holster#vegan sneaker#black#l#c#mayhem#Max Reynders#madebyme#2019#ateliermxdvs
565 notes
·
View notes
Text
0 notes
Text
0 notes
Text
0 notes
Text
Ireland opens GDPR investigation into Facebook leak
Facebook’s lead data supervisor in the European Union has opened an investigation into whether the tech giant violated data protection rules vis-a-vis the leak of data reported earlier this month.
Here’s the Irish Data Protection Commission’s statement:
“The Data Protection Commission (DPC) today launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet. This dataset was reported to contain personal data relating to approximately 533 million Facebook users worldwide. The DPC engaged with Facebook Ireland in relation to this reported issue, raising queries in relation to GDPR compliance to which Facebook Ireland furnished a number of responses.
The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data.
Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users by means of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer features of its service, or whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect.”
Facebook has been contacted for comment.
The move comes after the European Commission intervened to apply pressure on Ireland’s data protection commissioner. Justice commissioner, Didier Reynders, tweeted Monday that he had spoken with Helen Dixon about the Facebook data leak.
“The Commission continues to follow this case closely and is committed to supporting national authorities,” he added, going on to urge Facebook to “cooperate actively and swiftly to shed light on the identified issues”.
Today I spoke with Helen Dixon @DPCIreland about the #FacebookLeak. The Commission continues to follow this case closely and is committed to supporting national authorities. We also call on @Facebook to cooperate actively and swiftly to shed light on the identified issues.
— Didier Reynders (@dreynders) April 12, 2021
A spokeswoman for the Commission confirmed the virtual meeting between Reynders and Dixon, saying: “Dixon informed the Commissioner about the issues at stake and the different tracks of work to clarify the situation.
“They both urge Facebook to cooperate swiftly and to share the necessary information. It is crucial to shed light on this leak that has affected millions of European citizens.”
“It is up to the Irish data protection authority to assess this case. The Commission remains available if support is needed. The situation will also have to be further analyzed for the future. Lessons should be learned,” she added.
The revelation that a vulnerability in Facebook’s platform enabled unidentified ‘malicious actors’ to extract the personal data (including email addresses, mobile phone numbers and more) of more than 500 million Facebook accounts up until September 2019 — when Facebook claims it fixed the issue — only emerged in the wake of the data being found for free download on a hacker forum earlier this month.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Despite the European Union’s data protection framework (the GDPR) baking in a regime of data breach notifications — with the risk of hefty fines for compliance failure — Facebook did not inform its lead EU data supervisory when it found and fixed the issue. Ireland’s Data Protection Commission (DPC) was left to find out in the press, like everyone else.
Nor has Facebook individually informed the 533M+ users that their information was taken without their knowledge or consent, saying last week it has no plans to do so — despite the heightened risk for affected users of spam and phishing attacks.
Privacy experts have, meanwhile, been swift to point out that the company has still not faced any regulatory sanction under the GDPR — with a number of investigations ongoing into various Facebook businesses and practices and no decisions yet issued in those cases by Ireland’s DPC. (It has so far only issued one cross-border decision, fining Twitter around $550k in December over a breach it disclosed back in 2019.)
Facebook’s tardy disclosure of breach timing raises GDPR compliance questions
Last month the European Parliament adopted a resolution on the implementation of the GDPR which expressed “great concern” over the functioning of the mechanism — raising particular concern over the Irish data protection authority by writing that it “generally closes most cases with a settlement instead of a sanction and that cases referred to Ireland in 2018 have not even reached the stage of a draft decision pursuant to Article 60(3) of the GDPR”.
The latest Facebook data scandal further amps up the pressure on the DPC — providing further succour to critics of the GDPR who argue the regulation is unworkable under the current foot-dragging enforcement structure, given the major bottlenecks in Ireland (and Luxembourg) where many tech giants choose to locate regional HQ.
After the @EP_Justice and other EU DPAs raised concerns, the Irish Parliament is now also planning to look into the work of @DPCIreland in a hearing on April 27th.
Glad to see pro-active steps to debate how #GDPR can be effectively enforced in all EU member states!
https://t.co/2mDaFOwEiR
— Max Schrems
(@maxschrems) April 10, 2021
On Thursday Reynders made his concern over Ireland’s response to the Facebook data leak public, tweeting to say the Commission had been in contact with the DPC.
He does have reason to be personally concerned. Earlier last week Politico reported that Reynders’ own digits had been among the cache of leaked data, along with those of the Luxembourg prime minister Xavier Bettel — and “dozens of EU officials”. However the problem of weak GDPR enforcement affects everyone across the bloc — some 446M people whose rights are not being uniformly and vigorously upheld.
“A strong enforcement of GDPR is of key importance,” Reynders also remarked on Twitter, urging Facebook to “fully cooperate with Irish authorities”.
Last week Italy’s data protection commission also called on Facebook to immediately offer a service for Italian users to check whether they had been affected by the breach. But Facebook made no public acknowledgment or response to the call. Under the GDPR’s one-stop-shop mechanism the tech giant can limit its regulatory exposure by direct dealing only with its lead EU data supervisor in Ireland.
A two-year Commission review of how the data protection regime is functioning, which reported last summer, already drew attention to problems with patchy enforcement. A lack of progress on unblocking GDPR bottlenecks is thus a growing problem for the Commission — which is in the midst of proposing a package of additional digital regulations. That makes the enforcement point a very pressing one as EU lawmakers are being asked how new digital rules will be upheld if existing ones keep being trampled on?
It’s certainly notable that the EU’s executive has proposed a different, centralized enforcement structure for incoming pan-EU legislation targeted at digital services and tech giants. Albeit, getting agreement from all the EU’s institutions and elected representatives on how to reshape platform oversight looks challenging.
And in the meanwhile the data leaks continue: Motherboard reported Friday on another alarming leak of Facebook data it found being made accessible via a bot on the Telegram messaging platform that gives out the names and phone numbers of users who have liked a Facebook page (in exchange for a fee unless the page has had less than 100 likes).
The publication said this data appears to be separate to the 533M+ scraped dataset — after it ran checks against the larger dataset via the breach advice site, haveibeenpwned. It also asked Alon Gal, the person who discovered the aforementioned leaked Facebook dataset being offered for free download online, to compare data obtained via the bot and he did not find any matches.
We contacted Facebook about the source of this leaked data and will update this report with any response.
In his tweet about the 500M+ Facebook data leak last week, Reynders made reference to the Europe Data Protection Board (EDPB), a steering body comprised of representatives from Member State data protection agencies which works to ensure a consistent application of the GDPR.
However the body does not lead on GDPR enforcement — so it’s not clear why he would invoke it. Optics is one possibility, if he was trying to encourage a perception that the EU has vigorous and uniform enforcement structures where people’s data is concerned.
“Under the GDPR, enforcement and the investigation of potential violations lies with the national supervisory authorities. The EDPB does not have investigative powers per se and is not involved in investigations at the national level. As such, the EDPB cannot comment on the processing activities of specific companies,” an EDPB spokeswoman told us when we enquired about Reynders’ remarks.
But she also noted the Commission attends plenary meetings of the EDPB — adding it’s possible there will be an exchange of views among members about the Facebook leak case in the future, as attending supervisory authorities “regularly exchange information on cases at the national level”.
Answers being sought from Facebook over latest data breach
Europe sets out plan to boost data reuse and regulate ‘high risk’ AIs
from RSSMix.com Mix ID 8204425 https://ift.tt/3e3cdQp
via IFTTT
0 notes
Text
0 notes
Text
0 notes
Last Seen Blogs
southswell-blog-blog
South Swell
paradiisecircus
* SO MOVE ME, BABY !
baomoitrongnuoc
Báo mới trong nước
movieflixer
Movieflixer
arti-fish-al-intelligence
kaykay