Discover and read the best of Twitter Threads about #GDPR

Most recents (24)

Microsoft just got slapped with a $20m fine for spying on kids.

Here’s what you need to know: (Thread)

#Microsoft #Xbox #Privacy 1/6
Microsoft violated the Children’s Online Privacy Protection Act by collecting data on children who had started Xbox accounts without parental consent. They also shared the data with third parties. #COPPA #FTC 2/6
The Federal Trade Commission (FTC) reached a settlement with Microsoft on Monday, which also includes increased protections for child gamers. Microsoft admitted that it did not meet customer expectations and said it was committed to improving its safety measures. #Safety 3/6
Read 6 tweets
How #FATCA IGAs relate to legislation in IRC: To be consistent with FATCA law and avoid the 30% US sanction, IGAs must require the FFIs to close the account of "US Persons" who fail to supply required data (without regard to local #GDPR law). Solutions?… Image
US #FATCA can accommodate Europe's #GDPR only by by excluding @USCitizenAbroad with @TaxResidency abroad from the definition of "U.S. Person". These two screen shots illustrate the problem ... Some thoughts on how this might this be achieved.… ImageImage
As the @DemsAbroadTax statement and @SEATNow_org states/implies this problem can be solved ONLY if the US joins the world in adopting residence as the criterion for @TaxResidency. Citizenship would no longer be relevant for taxation. NOT part of any current legislative proposal.
Read 6 tweets
How will the US respond to Belgium's claim that the #FATCA IGA violates the #GDPR? Here is my proposal for ending the tax treaty #savingclause which would allow @USCitizenAbroad to become treaty nonresidents for US tax (effectively ending @CitizenshipTax).…
See the "third solution" in the thread below which discusses a number of responses/solutions to this #FATCA and @CitizenshipTax problem
Read 4 tweets
@AmerIronCurtain asks: 1. What would it take for Belgium to get out of the #FATCA IGA? 2. What would it take to get out of the #savingclause? 3. Does the Belgium decision mean that the #FATCAIGA is illegal? Interesting questions ...
1. Article 10 of #FATCA IGA contains a notice provision that allows each country to withdraw from the agreement. But, withdrawing from the agreement leaves Belgium "subject" (pun intended) to the direct application of FATCA rules in the IRC (1471 - 1474)… Image
2. Par 4 of Article 1 of US/Belgium treaty contains #savingclause. Belgium agrees US can tax US citizens (with exceptions) regardless of treaty. Change requires treaty amendment. But US could suspend and allow US citizens to be treated as nonresidents.… Image
Read 7 tweets
An intelligent response which reinforces the #FATCA (sorry fact) that that the real problem is US @CitizenshipTax. The Decision in Belgium underscores that the sole purpose of the FATCA IGAs is to ensure Americans cannot leave the USA and acquire rights denied to US residents.
As the @DemsAbroadTax statement states/implies this problem can be solved ONLY if the US joins the world in adopting residence as the criterion for @TaxResidency. Citizenship would no longer be relevant for taxation. But, this is NOT part of any legislative proposal.
A second solution would be “A Regulatory Fix For Citizenship Taxation” Which would define “individual” as resident. As published by @TaxNotes here ……
Read 12 tweets
When the #EU passed its landmark #GeneralDataProtectionRegulation (#GDPR), it seemed like a #privacy miracle. Despite the most aggressive lobbying Europe had ever seen, 500 million Europeans were now guaranteed a digital private life. Could this really be?

1/ A toddler playing with toy ...
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:…

Well, yes...and no. Despite flaws (#RightToBeForgotten), the GDPR has strong, well-crafted, badly needed privacy protections. But to get those protections, Europeans need their privacy regulators to enforce the rules.

Read 28 tweets
If you've followed me a long time, you've seen my transition from a "#linkblogger" (5-15 short hits/day) to an "essay-#blogger" (5-7 articles/week). I'm loving the new mode but returning to linkblogging is also intensely, unexpectedly gratifying:…

1/ A kitchen junk-drawer, full...
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:…

My last #linkblogging foray was so great - and my link-backlog is so large - that I'm doing another one.

Link the first: "Siphon," @xkcd's delightful, whimsical "#physics-how-the-fuck-does-it-work" one-shot (visit the link, the tooltip is great):

3/ XKCD #2775: Siphon. Man: 'W...
Read 125 tweets
#RiseOfAI @Riseof_AI starts with a chatGPT piped to text-to-video keynote. @bootstrappingme says 99% of people can't spot that this is not a person. Are there stats about this? I had about 0.2 seconds of doubt, but I'm sure there's better text to speech out there now.
Fabian did a great (incl. funny) job of complying with… and fighting the #futureOfWork misinfo, but repeats the "#AIAct would have blocked #chatGPT" US west-coast talking point. Has someone written a takedown of that yet? #AIEthics @meerihaataja * #riseofai
** The GDPR though should already have blocked #chatGPT hoovering up our data for @OpenAI / @Microsoft for free, is that already getting investigated for prosecution? Anyone? #DSA #AIReguation #digitalGovernance #RiseOfAI
Read 24 tweets
Have a great weekend! Below everything you want to know about #ChatGPT. Thank you Vered! I will add my #thread, with some information about #EU's reaction to ChatGPT.
#ChatGPT created by #OpenAI can carry out conversations, write texts on many topics, perform complex tasks: writing code &planning an event. #Italy's privacy watchdog asked to temporarily ban ChatGPT since the information collected & sent to #chatbot is in violation of #GDPR. 1/1
#ChatGPT unlawfully "fed" the personal data of millions of users to process its replies. @GPDP_IT opened an investigation against #OpenAI: the lack of information to users whose data are collected,absence of a legal basis justifying the massive collection/storage of #data 1/2
Read 11 tweets
#Enshittification is platforms devouring themselves: first they tempt users with goodies. Once users are locked in, goodies are withdrawn and dangled before businesses. Once business customers are stuck, all value is claimed for platform shareholders:…

1/ A complex mandala of knobs ...
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:…

Enshittification isn't just another way of saying "fraud" or "price gouging" or "wage theft." Enshittification is intrinsically digital, because moving all those goodies around requires the flexibility that only comes with a *digital* businesses.

Read 107 tweets
This is often a critique of data protection as a mechanism for #AI regulation. But especially when combined with human rights and specific anti-discrimination law, how much of a gap does that leave? 🤔 (Of course, *effective* enforcement is always and everywhere a big q)
Non-personal data, obvs, although given the #GDPR’s expansive definition that is a shrinking area, and harms relating to profiling individuals will always be in scope. Group discrimination would come under HR and equality law (if written effectively). Safety (eg cars) separate
*Within* #GDPR there are certainly specific issues which @lilianedwards @mikarv @RDBinns @jennifercobbe and others are writing about. How far they can be addressed without reopening the legislative text?
Read 5 tweets
It's a big day for users of @CreativeCommons images: @Flickr has declared zero tolerance for #CopyleftTrolls, predators who exploit a bug in out-of-date versions of the CC licenses in order to threaten good-faith users of CC images who make minor errors in their image credits. 1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:… 2/
First things first: Flickr's new community guidelines prohibit copyleft trolling. 3/
Read 66 tweets
This 🧵+ underlying decision really highlight the fundamental incompatibility between most #GenerativeAI tools & #GDPR style laws. That's obvious.

The real question is whether there's sufficient political will to acknowledge this truth given the commercial incentives around AI.
There was also a fundamental incompatibility between #blockchain and the #GDPR but law & policymakers largely chose to ignore it (of course it didn't matter as much because the tech wasn't as consequential).…
In the case of #GenerativeAI, I suspect these decisions will be impossible to enforce because data supply chains are now so complex & disjointed that it's hard to maintain neat delineations between a "data subject, controller & processor" (@OpenAI might try to leverage this).
Read 4 tweets
⚡️Breaking news from the EU & #GDPR land: the Italian Data Protection Authority #GarantePrivacy issued an order today against OpenAI, effectively blocking #ChatGPT in Italy (ordering it not to use personal data of Italians). Here is a deep dive into the short order - 1/
What did the Italian DPA #GarantePrivacy found problematic with ChatGPT4?
- Lack of transparency
- Absence of a lawful ground for processing
- Not respecting accuracy
- Lack of age verification
- Overall breach of Data Protection by Design
Why for each? A short explainer:
A) Lack of transparency

Pursuant verification, the #GarantePrivacy found that no information is provided to users of the service, nor generally to people whose data have been collected by OpenAI & processed through the ChatGPT service.
=> a breach of Art. 13 #GDPR
Read 19 tweets
#Vastaamo kuultavana tänään it-henkilö, jonka ominta aluetta oli multimedia. #Tietosuojavastaava Nimitys tuli ennen Interan kauppaa 5/2019 "koska sellainen piti vain olla". Virallista koulutusta aiheeseen muutama tunti Snellmannin kesäyliopistosta. #tietosuoja #GDPR
Syyttäjä: "Kuka hallinnoi #Vastaamo tietojärjestelmien käyttäjätunnuksia?" Vastaaja heiluttelee käsiään. Ei ollut kirjallisia käytäntöjä.
Syyttäjä: "Tekikö kukaan tietoturvatestausta?" Vastaaja: "Ei"
Read 16 tweets
🇬🇧 Data Protection and Digital Information Bill

Hot take:
1️⃣ #GDPR exit 🇪🇺
2️⃣ #DigitalID framework 🕵️‍♀️
3️⃣ When AI "safeguards" should apply🧠
4️⃣ Intl data sharing changes 🇺🇸
5️⃣ More threats to your personal data 👀

🤔 more to follow from me ....…
Important 🧵from @OpenRightsGroup

4️⃣ Intl data sharing changes 👇
🧵 relating to @mojeek consultation response for the Bill
Read 6 tweets
Yesterday we sent an urgent open letter to @michelledonelan with 25 other civil society groups. We called on the government to scrap the Data Protection and Digital Information Bill and the attack on our data protection rights. Here's why.

@michelledonelan The #DPDIBill lowers the threshold for organisations to refuse a Subject Access Request and removes individuals’ right to not to be subjected to solely automated decision making. 2/7
@michelledonelan The independence of the @ICOnews will be reduced by the #DPDIBill. As the ICO plays a key part in the oversight of the government’s use of data, this is extremely problematic. 3/7
Read 7 tweets
Just back from a 🇺🇸 roadshow to spread the word about the emerging #AI regulation in 🇪🇺&🇬🇧, and the learning points from speaking to technology & privacy professionals are significant. Mini-🧵
1️⃣Overall, there is an understanding that this is happening and is happening fast, but for a sizeable majority, it is truly eye opening to hear about the breadth & depth of the forthcoming #AI regulatory regime and fully appreciating the precise impact is going to take time.
2️⃣The parallels with the emergence & spread of the #GDPR (despite the very different obligations) is what really makes people realise how ambitious #AI regulation is and how it will be affecting biz across the Atlantic.
Read 8 tweets
Around the world journalists are being imprisoned, hacked, even killed. So why should we care about copyright law?

#Thread about the "subtle censorship" of a reputation management firm that uses manipulative methods bury the truth. #StoryKillers

Let's go to 2018. Mexican journalist Daniel Sanchez publishes an investigation into a company contracted by a state governor for @pagina_66.

He starts getting calls asking to take the piece down. He consults with @article19mex who tells him not to.

Daniel 1 - Company 0

Months later, he gets a weird email. It appears to be from the "Compliance Department" of the European Commission. They say he is infringing on a personal data law called #GDPR. Nevertheless, he keeps the article up.

Daniel 2 - Company 0

Read 14 tweets
🧵What have economists learned from the #GDPR?
I review the literature for a future NBER book on the "Economics of #Privacy" edited by @ce_tucker & @avicgoldfarb. 1/7…
Regulators & researchers seek to balance privacy & the data economy. The EU’s #GDPR is a landmark & influential regulation that defines personal data expansively. GDPR establishes:
-rules for data processing,
-rights for EU residents,
-responsibilities for firms, &
-BIG fines. 2/
#GDPR is hard to study:
A) Finding a suitable control group is hard because the GDPR had global spillovers. E.g., it affects EU firms & non-EU firms serving EU residents.
B) GDPR can screw with personal data: e.g., you may only see data from consenting users. 3/
Read 9 tweets
🧵 While #ChatGPT is grabbing the headlines, pushing @GoogleAI (#LaMDA) and @Baidu_Inc to rush their plans to launch competitors, maybe it’s time to explore the security/privacy concerns generative AIs raise.

Here's a #thread on some of these, brought to you by @InfosecurityMag.
@GoogleAI @Baidu_Inc @InfosecurityMag First, @OpenAI’s #ChatGPT has already been used to develop #malware and other malicious tools, as @a_mascellino reported on January 9, 2023. #encryption #cybercrime cc @SShykevich @_CPResearch_…
Read 15 tweets
📢JUST IN (from @NOYBeu): @DPCIreland's decisions on Instagram and Facebook:

- Facebook:…
- Instagram:…

I'm reading and live-tweeting my hot-takes (starting with the 196-page Instagram decision)!
But before that, (re-)familiarizing myself with IAPP's recent infographic on legal bases!…
Issue 1: does hitting 'agree to terms' button count as #GDPR consent (Meta said it didn't intend it to count as consent... @noyb said the button was 'forced' consent and misleading): DPC agreed with Meta
Read 54 tweets
A thread in response to @benthompson's 11 Jan @stratechery members article on Meta's #GDPR fine. If you prefer it longer, see my 2019 post, "Is Facebook Radically Evil?"…
Background: Protection of one's personal data is enshrined in Art. 8 of the EU Charter of Fundamental Rights. (As is privacy, in Art. 7.) The EU Parliament had an obligation to represent and protect this right. The result was the #GDPR. Image
The GDPR protects the personal data of any resident of the EU, defined as "any information relating to an identified or identifiable natural person ('data subject')." It does not make any further distinction between "first party" and "third party" data.
Read 15 tweets
If you read one thing before @DPCIreland's decisions vs. @Meta are published, let it be this tour de force by @Jenn_Bryant1008! #dataprivacy #GDPR #holdontoyourhats…
With the Privacy Community's Who's Who sharing their views...
@gabrielazanfir: "The community spent a lot of time analyzing and understanding requirements for consent and legitimate interests in the past years, and not so much the ‘contract’ lawful ground"
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!