#gdpr
Text
Cool interaction I just had on twitter! It's not easily enforceable, but it seems like the thing youtube are doing where they detect if you are using an adblocker is not only economically unviable, but could actually be illegal in europe under GDPR! It requires determining if you have specific software available on your computer, which legally you can't do without consent under GDPR. I really hope someone is able to fight this! I know it's a longshot but it would be super cool.
Link to Alexander Hanff's original tweet showing a legal letter from the EU that re-enforces this point: https://twitter.com/alexanderhanff/status/722861362607747072
1K notes
·
View notes
Link
Go back to the top of this article and reread that transcript of Rep. Buddy Carter grilling TikTok CEO Shou Zi Chew. Now, Carter is a dunderhead, but he’s dunderheaded in a way that illuminates just how bad COPPA enforcement is, and has been, for 25 long years.
Carter thinks that TikTok is using biometric features to enforce COPPA. He imagines that TikTok is doing some kind of high-tech phrenology to make sure that every user is over 13 (“I find that [you aren’t capturing facial images] hard to believe. It is our understanding that they’re looking at the eyes. How do you determine what age they are then?”).
Chew corrects the Congressdunderhead from Georgia, explaining that TikTok uses “age-gating”: “when you ask the user what age they are.”
That is the industry-wide practice for enforcing COPPA: every user is presented with a tick-box that says “I am over 13.” If they tick that box, the company claims it has satisfied the requirement not to spy on kids.
But if COPPA were meaningfully enforced, companies would simply have to stop spying on everyone, because there are no efficient ways to verify the age of users at the scale needed for general operation of a website.
-How To Make a Child-Safe TikTok: Have you tried not spying on kids?
#privacy#corruption#coppa#Children’s Online Privacy Protection Act#gdpr#general data protection regulation#iab#tiktok#rep buddy carter#Shou Chew#commercial surveillance#ad targeting#ads#ad-tech#cold war 2.0#sinophobia#ireland#eu#european federalism#corporate crime jurisdictions#defund the (corporate) police#age-gating
456 notes
·
View notes
Text
reuters
Correction: €345000000. Millions not billions. I was mixing up currencies.
134 notes
·
View notes
Text
sadly, this is true now
89 notes
·
View notes
Text
Local European law PhD person is breaking down why Twitter is in trouble with European authorities - bc we live in a dystopia and I am procrastinating my research.
TL;DR : Twitter is loosing all the experts required to actually make (good, but really any) decisions regarding data privacy in Europe, and it's even funnier because they picked the one(1) European country that would give them the most tax cut but it's also the one that is really into dragging Big Tech all the way to the highest instances in the EU to make knock them down a peg.
But also more under the cut bc this is hilarious and I CANNOT WAIT for Elon Musk to discover the EU. Very much going to be a unstoppable force meets unmovable object situation, because trust me, TRUST ME, there are few things as slow, inhert and full of bureaucrats who are NOT on twitter as the EU. Anyway here is too many paragraph of me putting my diploma to good use or something, my Masters Director would be proud.
Step 1: TF is the GDPR, like, actually.
Ok the the General Directive on Privacy Regulation is a European Union Regulation, which sets clear rule on what you can and cannot do with people's information/data, in order to protect their privacy. It is very wide and very cool and the US wishes it had it (Except you, California, you're doing great).
And what's cool is also that the moment you want your digital services to be available on European territory, you need to comply with the GDPR. Doesn't matter where you are based, if it's not GDPR compliant, you don't get access to that sweet sweet European market.
For example, after the GDPR was entered into force, there were a bunch of US News Media website I could not access, because they were not complying with the GDPR yet, and were not willing to take the risk to infringe on the GDPR. Doesn't matter if they are not Europe based. What matters is the market. Dw they are fine now.
Ok, cool.
.
Step 2: Twitter was doing ok so far - I know, I'm surprised as well.
So Twitter is a US-based company, but blue-bird had to comply with the GDPR like everyone else. So far, so good-ish, and by that I mean that Twitter was not really targeted by any European or national authority for not complying.
But let me tell you the thing about the GDPR: it is. a. mess. Getting to UNDERSTAND what's even required guaranteed my cohort of European Law major that we would ALL be employed in the upcoming years. It is atrociously difficult. THE REGULATION HAS ITS OWN WEBSITE imagine a law having its own website, what the hell honestly.
The GDPR is challenging for your local true crime book club handling the email addresses of its 12 members, ok.
IMAGINE WHAT IT'S LIKE FOR TWITTER.
Behemoth social media platforms require a massive amount of workforce and expertise to make sure they comply with the GDPR. Like, I cannot stress the absurd amount of work and constant vigilance it requires. But they were doing ok.
.
Step 3: Elon Musk is an authoritarian manchild and Twitter is bleeding experts
I know both things are related but trust me, it's important to mention them separately, you'll see in a second.
Among the many high-ranking people who left, we have:
The Chief Information Security Officer
The Chief Privacy Officer / Data Protection Officier
The Chief Compliance Officer (unconfirmed officially but I would bet on it)
So they are trying to do some emergency creative problem solving by apparently having data engineers be the ones certifying compliance with the GDPR (lmao as someone who works with a bunch of data scientist I would pay money to see that happening) and nominate people to temporarily take over all these positions. To be transparent the guy they nominated as "acting GPO" (lmao I'm really feeling the confidence right now) does not seem fully incompetent, but this is still hilarious.
.
Step 4: Haha it's funny because it's Ireland
Now, ok, here is the kicker.
Twitter so far has been using a system that the GDPR allows, which is the One-Stop Shop. OSS means that Twitter picked the authorities of a specific EU State to report to, when it comes to compliance to the GDPR, it's easier for everyone than massive online companies like Twitter going to 27 different states to report what they are doing.
So they picked Ireland, because their European headquarters are based in Ireland.
HA.
I. WONDER. WHY. IRELAND???
(spoiler: it's because Ireland is a tax haven).
Now. You might think there is ONE problem on the table, but get ready, there are TWO, baby.
Haha Twitter's GDPR person has left, mate, you want to explain how you're going to comply with the GDPR when you don't have you GDPR experts anymore??
Elon Musk is, as stated before, an authoritarian manchild and the GDPR is also not super super fond of that, mate if you want the OSS system you actually need to give minimal guarantee that the data-privacy-decision-making is happening in the State of the OSS. When clearly, right now, decisions are happening wherever the hell Elon Musk decided to have his morning protein shake, and I'm pretty sure it's not Dublin. And also around 50% of the Dublin headquarters have been fired, so I don't know who is supposed to take decisions over there, honestly.
AND YOU KNOW WHAT'S EVEN FUNNIER.
IRISH COURTS IS REALLY. REALLY INTO EU LAW AND EU DATA PRIVACY
Like the case about the guy who sued Facebook for violating the right to privacy in the way it handled data? It's the Maximillian Schrems v Data Protection Commissioner case, and it comes from Ireland. Irish Judges had no issue being like "Yeah, Facebook or not, we're choosing violence".
.
Step 5: Ok now what ? Aka I sit back and grab some popcorn
So right now, Twitter is trying to convince the DPC that it's totally absolutely doing GREAT.
Sure Jan.
Anyway, the question is whether the DPC is willing to buy it. We know there has been meetings, and the DPC is at least putting SOME form of pressure on Twitter.
Outcome 1: the DPC is feeling petty and does NOT buy it. Then I'll write another post, but I think the DPC would give Twitter some time to put things in order and give enough guarantees before going on the offensive.
Outcome 2: the DPC buys it (because Dublin LOVES its Big Tech companies, and they are driving prices up to the point where Dublin is experiencing a massive housing crisis, it's fine, this is fine) . And we wait for an individual/NGO to bring a formal complain to the DPC, for the DPC to refuse it, and for the individual/NGO to challenge that decision before the Irish Courts and that becomes a whole new story that will warrant its own post - and I get to show off some useless knowledge on EU procedural law.
473 notes
·
View notes
Text
Trying to see if this is an european union problem because of companies trying to turn us against data privacy or it's generalized
8 notes
·
View notes
Text
Live is being rolled out to more places now so please do the following:
Click the spanner
Click more
Click terms and conditions
Scroll to the bottom of that
Click the link about submitting a request
Fill it out with your name, country and email
Request deletion, object to processing of your info
Send the generated email
Under GDPR in the EU and UK it's illegal to hold onto your data for longer than is strictly necessary for the service and you may request deletion at any time or they can get in serious trouble. As an overly simple summary.
Similar laws seem to apply in California and Nevada.
Peace! ✌️
To snooze it you go under your settings, account settings, then turn off everything such as based on your likes, best post first, and snooze Tumblr live.
@staff This is shit and I hate it. ❤️
26 notes
·
View notes
Text
The Court of Appeal of Brussels has made an interesting ruling. A customer complained that their bank was spelling the customer's name incorrectly. The bank didn't have support for diacritical marks. Things like á, è, ô, ü, ç etc. Those accents are common in many languages. So it was a little surprising that the bank didn't support them.
The bank refused to spell their customer's name correctly, so the customer raised a GDPR complaint under Article 16.
“The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.”
Cue much legal back and forth. The bank argued that they simply couldn't support diacritics due to their technology stack. Here's their argument (in Dutch - my translation follows)
“Bank X also explained that the current customer data management application was launched in 1995 and is still running on a US manufactured mainframe system.
This system only supported EBCDIC (“extended binary-coded decimal interchange code”). This is an 8-bit standard for storing letters and punctuation marks, developed in 1963-1964 by IBM for their mainframes and AS/400 computers. The code comes from of the use of punch cards and only contains the following characters…”
(Emphasis added.)
EBCDIC is an ancient (and much hated) “standard” which should have been fired into the sun a long time ago. It baffles me that it was still being used in 1995 - let alone today.
Look, I'm not a lawyer (sorry mum!) so I've no idea whether this sort of ruling has any impact outside of this specific case. But, a decade after the seminal Falsehoods Programmers Believe About Names essay - we shouldn't tolerate these sorts of flaws.
Unicode - encoded as UTF-8 - just works. Yes, I'm sure there are some edge-cases. But if you can't properly store human names in their native language, you're opening yourself up to a lawsuit.
Source
GDPRhub - 2019/AR/1006
The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject has the right for their name to be correctly spelled when processed by the computer systems of the Bank. To claim in 2019 that adapting a computer system to correctly handle diacritics would cost several months of work and/or constitute additional costs for the Bank, does not allow the Bank to disregard the rights of the data subject. A correctly functioning banking institution may be expected to have computing systems that meet current standards, including the right to correct spelling of people's names.
(decided on September 10th, 2019)
Extended Binary Coded Decimal Interchange Code (EBCDIC)is an eight-bit character encoding used mainly on IBM mainframe and IBM midrange computer operating systems. It descended from the code used with punched cards and the corresponding six-bit binary-coded decimal code used with most of IBM's computer peripherals of the late 1950s and early 1960s.
[...] While IBM was a chief proponent of the ASCII standardization committee,[4] the company did not have time to prepare ASCII peripherals (such as card punch machines) to ship with its System/360 computers, so the company settled on EBCDIC.
literally pre-ascii 😶
29 notes
·
View notes
Text
Warning! Tumblr has a new cookie policy thing!
They mamaged to hide the "legitimate interest" toggle very sneakily, so be sure to expand the details for every part to toggle "legitimate intetest" (THERE'S NOTHING LEGITIMATE ABOUT YOUR "INTEREST" YOU GREEDY PIECES OF SHIT) off
Also, make sure to disable the cookies off all the 9999 "partners" (other disgusting greedy corporations that waste space on your phone) or else they'll have your cookie data
Fuck corporations and fuck cookies, remember, don't give them an inch! (thank you EU GDPR, hopefully you will be expanded soon! (note, technically this form is NOT GDPR complacant btw, because it hides options behind an unclear clickthrough, which is technically illegal!))
9 notes
·
View notes
Text
Just waiting for some bright mind to decide that Tumblr needs to adhere to GDPR more and to interpret it the most Tumblr way by anonymising old posts, so the just looks like
Anonymous posted:
(empty)
6 notes
·
View notes
Text
Δικηγόρος Θεσσαλονίκης Χρήστος Μ. Τερζίδης
Δικηγόρος - Ποινικολόγος, Διδάκτωρ Νομικής Α.Π.Θ.
Μέλος της ομάδας δικηγόρων του ΚΕΘΕΑ & τ.νομικός σύμβουλος στη ΜΚΟ 'ΑΡΣΙΣ' σε θέματα προσφύγων και μετανάστων.
Πολύ μεγάλη εμπειρία-εξειδίκευση σε Ποινικό Δίκαιο & Ναρκωτικά, Δίκαιο Αλλοδαπών, Αστικό Δίκαιο + νομοθεσία eshop.
Εξυπηρέτηση κατόπιν ραντεβού,24ωρη εξυπηρέτηση σε επείγουσες περιπτώσεις (πχ συλλήψεις, αυτόφωρα αδικήματα κλπ).
#δικηγορος#δικηγοροσ#ποινικολογος#ποινικο_δικαιο#αποφυλακισεις#αυτοφωρα_αδικηματα#δικαιο_ανηλικων#προκαταρκτικη_εξεταση#προανακριση#ανακριση#δικαι_αλλοδαπων#πολιτικο_ασυλο#αδειες_διαμονης#οικογενειακο_δικαιο#διαζυγια#διατροφή#γονικη_μεριμνα#επιμέλεια_τέκνου#επικοινωνία_με_τέκνο#κτηματολογιο#μισθωσεις#κοκκινα_δανεια#ρυθμιση_χρεων_προς_τραπεζες#ρυθμιση_τραπεζικων_χρεων#εξωδικαστικη_ρυθμιση_οφειλων#eshop#eshop_lawyer#gdpr
4 notes
·
View notes
Text
¿Necesitas una VPN para ChatGPT? Cómo sortear un bloqueo de la IA en tu país
¿Necesitas una VPN para ChatGPT? Cómo sortear un bloqueo de la IA en tu país #VPN #ChatGPT #Europa
Esa es la gran pregunta. ¿Necesitas una VPN para usar la IA ChatGPT? Los italianos en este momento necesitan utilizar una VPN para poder acceder a los servicios de OpenAI después de que su agencia de protección de datos decidiera que ChatGPT no cumplía con los protocolos necesarios para garantizar la privacidad de sus usuarios.
El problema que tenemos ahora el resto de europeos, es si ese baneo…
View On WordPress
16 notes
·
View notes
Text
To save the news, ban surveillance ads
Tonight (May 31) at 6:30PM, I’m at the MANCHESTER Waterstones with my novel Red Team Blues, hosted by Ian Forrester.
Tomorrow (Jun 1), I’m giving the Peter Kirstein Lecture for UCL Computer Science in LONDON.
Then it’s Edinburgh, London, and Berlin!
Big Tech steals from the news, but what it steals isn’t content — it steals money. That matters, because if we create pseudo-copyrights over the facts of the news, or headlines, or snippets to help news companies bargain with tech companies, we make the news partners with the tech companies, rather than watchdogs.
How does tech steal money from the news? Lots of ways! One important one: tech steals ad revenue. 51% of every ad dollar gets gobbled up by tech companies — primarily the cozy, collusive ad-tech duopoly of Google/Facebook (AKA Googbook). If we can shatter the market power of the concentrated ad-tech industry, news companies would go back to getting 80–90% of the ad revenue their reporting generated, which would pay for more reporting.
There’s lots to like about fixing ads. For one thing, a fair ad marketplace would benefit all news reporting, not just the largest news companies — which are dominated by private equity-backed chains and right-wing billionaires who have repeatedly shown that any additional revenues will go to pay shareholders, not more reporters. Fair ads would also provide an income for reporters who strike out on their own, covering local politics or specific beats, without making themselves sharecroppers for Big Media.
One way to fix ads would be to break up the ad-tech “stacks.” Googbook both operate impossibly conflicted ad-placement businesses in which they bargain with themselves on behalf of both advertisers and publishers, with the winners always being the tech companies. The AMERICA Act from Senator Mike Lee would force ad giants to divest themselves of business units that create conflicts of interest. It’s popular, bipartisan legislation — and I do mean bipartisan; its backers include Elizabeth Warren and Ted Cruz! I wrote about the AMERICA Act and the role it will play in saving news from tech for EFF’s Deeplinks Blog last week:
https://www.eff.org/deeplinks/2023/05/save-news-we-must-shatter-ad-tech
This week, I’ve got a followup on Deeplinks about another important way to unrig the ad market: banning surveillance ads:
https://www.eff.org/deeplinks/2023/05/save-news-we-must-ban-surveillance-advertising
Even if we break up the ad-tech stacks, ads will still be bad for the news — and for the public. That’s because the dominant form of digital ads is “behavioral advertising” — the ad-tech sector’s polite euphemism for ads based on spying. You know these ads: you search for shoes and then every website you land on is plastered in shoe ads.
Surveillance ads require a massive, multi-billion-dollar surveillance dragnet, one that tracks you as you physically move through the world, and digitally, as you move through the web. Your apps, your phone and your browser are constantly gathering data on your activities to feed the ad-tech industry.
This data is incredibly dangerous. There’s so much of it, and it’s so loosely regulated, that every spy, cop, griefer, stalker, harasser, and identity thief can get it for pennies and use it however they see fit. The ad-tech industry poses a risk to protesters, to people seeking reproductive care, to union organizers, and to vulnerable people targeted by scammers.
Ad-tech maintains the laughable pretense that all this spying is consensual, because you clicked “I agree” on some garbage-novella of impenatrable legalese that no one — not even the ad-tech companies’ lawyers — has ever read from start to finish. But when people are given a real choice to opt out of digital spying, they do. Apple gave Ios users a one-click opt-out of in-app tracking and 96% of users clicked it (the other 4% must have been confused — or on Facebook’s payroll). The decision cost Facebook $10b in the first year. You love to see it:
https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-privacy-change-will-cost-10-billion-this-year.html
But here’s the real punchline: Apple blocked Facebook from spying on its customers, but Apple kept spying on them, just as invasively as Facebook had, in order to target them with Apple’s own ads:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
The thing that stops companies from spying on us isn’t the strength of their character, it’s the discipline imposed by regulation and competition — the fear that they’ll get fined more than they make from spying, and the fear that they’ll lose so much business from spying that they’ll end up in the red.
Which is why we need a legal ban on ads, not mere platitudes on billboards advertising companies’ “respect” for our privacy. The US is way overdue for a federal privacy law with a private right of action, which would let you and me sue the companies who violated it, even if no public prosecutor was willing to go to bat for us:
https://www.eff.org/deeplinks/2019/01/you-should-have-right-sue-companies-violate-your-privacy
A privacy law that required companies to get your affirmative, enthusiastic, ongoing, specific, informed consent to gather and process your personal data would end surveillance ads forever. Despite the self-serving nonsense the ad-tech industry serves up about people “liking relevant ads,” no one wants to be spied on. 96% of Ios users don’t lie.
A ban on surveillance ads wouldn’t just serve the public, it would also save the news. The alternative to surveillance ads is context ads: ads based on what a reader is reading, rather than what that reader was doing. Context-based ad marketplaces ask, “What am I bid for this Pixel 6 user in Boise who is reading about banana farming?” instead of “What am I bid for this 22 year old man who recently searched for information about suicidal ideation and bankruptcy protection?”
Context ads perform a little worse than surveillance ads — by about 5%:
https://pluralistic.net/2022/04/29/taken-in-context/#creep-me-not
So presumably advertisers won’t pay as much for context ads as they do for behavioral targeting. But that doesn’t mean that the news will lose money. Because context ads favor publishers over ad-tech platforms — no publisher will ever know as much about internet users as spying ad-tech giants do, but no tech company will ever know as much about a publisher’s content as the publisher does.
Behavioral ad marketplaces have high barriers to entry, requiring troves of surveillance data on billions of internet users. They are naturally anticompetitive and able to command a much higher share of each ad dollar than a contextual ad service (which would have much more competiition) could.
On top of that: if behavioral advertising was limited to people who truly consented to it, 96% of users would never see an ad!
So contextual ads will show up for more users, and more of the money they generate will land in news publishers’ pockets. If context ads fetch less money per ad, the losses will be felt by ad-tech companies, not publishers.
Finally: publishers who join the fight against surveillance ads won’t be alone — they’ll be joining with a massive, popular movement against commercial surveillance. The news business is — and always has been — a niche subject, of burning interest to publishers, reporters, and a small minority of news junkies. The news on its own is a small fry in policy debates. But when it comes to killing surveillance ads, the news has a class alliance with the mass movement for privacy, and together, they’re a force to reckon with.
My article on killing surveillance ads is part three of an ongoing, five-part series for EFF on how we save the news from tech. The introduction, which sets out the whole series, is here:
https://www.eff.org/deeplinks/2023/04/saving-news-big-tech
The final two parts will come out over the next two weeks, and then we’re going to publish the whole thing as a PDF that suitable for sharing. Watch this space!
Catch me on tour with Red Team Blues in Manchester, Edinburgh, London, and Berlin!
[Image ID: EFF's banner for the save news series; the word 'NEWS' appears in pixelated, gothic script in the style of a newspaper masthead. Beneath it in four entwined circles are logos for breaking up ad-tech, ending surveillance ads, opening app stores, and end-to-end delivery. All the icons except for 'ending surveillance ads' are greyed out.]
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2023/05/31/context-ads/#class-formation
Image:
EFF
https://www.eff.org/deeplinks/2023/05/save-news-we-must-ban-surveillance-advertising
CC BY 3.0:
https://creativecommons.org/licenses/by/3.0/deed.en
#pluralistic#class formation#ad-tech#context ads#news#gdpr#big tech#eff#monopoly#how to save the news#link taxes
223 notes
·
View notes
Text
Hasło na dziś: chciałam podzielić się z wami śmiesznymi mejlami, ale RODO.
(03.07.2019)
#hasło na dziś#hnd#motto of the day#cytat po polsku#cytaty po polsku#polski cytat#quotes#quoteoftheday#humor#life quotes#RODO#GDPR#email
2 notes
·
View notes
Text
Just when you thought the Do-Not-Track (DNT) privacy setting was gathering dust, a court in Berlin, Germany decided to exhume it. The Berlin Regional court ruled in favor of the Federation of German Consumer Organization (Verbraucherzentrale Bundesverband, vzbv), in their lawsuit against LinkedIn for ignoring users who had enabled ‘Do-Not-Track’ in their browsers. According to the German judge, companies must respect DNT settings under the General Data Protection Regulation or GDPR.
2 notes
·
View notes
Last Seen Blogs
cupcakechronicles
The Next Episode
thestarmaker
all of our strangeness
ntbagg
lllllllll
leonxcevasco-blog
life in the fast lane
