Discover and read the best of Twitter Threads about #GDPR

Most recents (24)

@MiaD A4: The dichotomy between privacy and patient protection is a false one! The goal should be to achieve better public health by making data privacy a leading principle on the development of technical responses to #Covid_19 (1/5) #HearTheGermanTalking #GDPR
#AIEthics #TwitterChat
@MiaD The use of tracking tools must always be voluntary. Therefore, to succeed, contact tracing programs require that people trust the technology and the institutions building them. #Privacybydesign is needed to build this trust. (2/5)
#AIEthics #TwitterChat
@MiaD In Germany we now have an agreement against a central database with identities & location data and for voluntary use. + a very active public debate on the pros and cons of a centralized versus a decentralized storage of data. (3/5) #AIEthics #TwitterChat
Read 6 tweets
A Dutch court has sided with a woman who sued her mother to force her to remove pictures of her grandchildren from social media, finding that the images violated the #GDPR.…

The mum said that she had repeatedly asked the grandmother to remove the pictures. The court found that the "purely personal" exception to the GDPR does not apply when large commercial platforms like Facebook and Pintrest are involved.

If the grandmother doesn't remove the photos, she'll be fined €50/day to a max of €1000. If she posts more images in the future, these, too, will incur €50/day fines.

Read 6 tweets
This was indeed a fantastic and very insightful panel! Perhaps a summary of the main points can be useful. Thus, a long thread. 1/n
All panelists agree: Market power in #digital markets is worrisome. Fiona and Tommaso think that #mergers can worsen this situation and directly harm consumers by killing actual or potential competition, reducing #innovation (either killing the innovation of the target or .. 2/n
…the innovation of the acquiring incumbents) and quality (including #privacy). Mergers can also cause indirect harm (Tommaso) by increasing prices in the other side(s) of the market (e.g. #advertising). 3/n
Read 14 tweets
The purpose of the EU's #GDPR was to effectively ban the ad-tech industry and its practices by annihilating the pretense that clicking "I agree" or loading a page that said, "You agree" was the same as consent for tracking.…

Under the GDPR, service providers would be forced to only collect data for explicit, enumerated purposes that could be expressed in plain language, and could only share data with other entities after each one was explicitly approved by the user.

So if you operated a site that ran 50 trackers that harvested data that was passed on to hundreds of brokers who passed it on to thousands of other brokers, then each time you got a new user, you'd have to get thousands of permissions from the user.

Read 11 tweets
@piyushchaudhry This chart justifies levels of 700-900 for #RIL in next 12 months. Also, FB - RIL deal of 9.9% stake sale will not pass the regulators due to upcoming Data Protection & Privacy law for India on lines of EU’s #GDPR.
@piyushchaudhry The whole strategy of #RIL to adopt O2C strategy (Oil to Chemicals) and hence selling stake to Aaudi Aramco seem to be under serious challenge seeing the drop in Petrochemicals business in Q4, FY20. Don’t ignore the #EV Tech replacing fuel ⛽️ consumption going forward. Serious !
@piyushchaudhry #RIL ‘s major capital is deployed in Oil & Gas/Petrochemicals Business, JIO being 2nd. % Returns from traditional Petroleum business for RIL will be less going forward. JIODigital business though depends on buying abilities of the market constituents having low per capita income.
Read 7 tweets
So, let's take a look at the latest #ContactTracing effort to emerge: - not an app, but 'components' to build apps & systems.

(There's so many tracers popping up now, it's getting like the rash of #COVID19 #SymptomSurveys that broke out last week...)

Nice to hear that @PeppPt "embrace a fully #privacy-preserving approach". So what exactly is it? (The devil, of course, is always in the detail...)

Ah! Here we are, "a brief description of our #privacy enforcing flow":

First, #AnonymousIdentifiers. Good. (And precisely what we recommended:…)

This really is a no-brainer; anyone proposing to use persistent #deviceIDs at this point is plainly a clueless numpty. Or actively seeking to #surveille.

Read 14 tweets
New: My two-month investigation of the bug bounty platforms reveals serious concerns about their business practices, and accusations that NDAs are being used to cover up security issues. 1/… @CSOonline
HackerOne's latest annual report claims they have 600,000 hackers. But do they? More likely 600,000 email addresses. CEO Alex Rice told me in 2019 only 9,650 finders filed valid vulnerability reports on H1. That's a difference of two orders of magnitude. 2/
Bugcrowd is playing the same game. When I challenged their numbers, they were unable to offer any clarification. Both platforms appear to be stretching statistics to the breaking point of credulity. 3/
Read 11 tweets
Facebook har registreret, at jeg har en interesse i homoseksualitet, og de viser målrettede reklamer til mig på den baggrund. Jeg har klaget til Datatilsynet og fik svar i februar. De to første billeder er fra det irske datatilsyn. De to næste er uddrag af Facebooks svar. (1/4)
Jeg har omtrent ti dage (jeg har været sløv) til at give et svar tilbage, hvis jeg ikke tager til takke med Facebooks generiske forklaring (som at man fx har en interesse - positiv eller negativ - i hindiusme, hvis man læser en del artikler om det). Jeg køber den ikke. (2/4)
Spørgsmålet er så, hvordan jeg får formidlet det på den sundeste måde, at det her altså er ret problematisk. Både registreringen og annonceringen. Og så at "interesse for" blot skulle være en form for objektiv, akademisk interesse uden nogen forbindelse til verden i øvrigt (3/4)
Read 4 tweets
Por favor BASTA! Es momento de frenar a tiempo el falso debate sobre la diada #privacidad Vs. #salud. No funciona así. Apelo a la responsabilidad de todos los especialistas de no instalar estas disyuntivas,que no sólo son innecesarias sino que traen confusión (cont.) #Covid_19
Nadie debe perder su #libertad #autodeterminacióninformativa ni la #protección de sus #datos y #privacidad, por preservar la #salud y luchar contra el #Covid_19 #COVID2019 #COVID. Se puede hacer esto último sin vulnerar derechos ni libertades. (Cont.)
Los #datosdesalud son datos sensibles. Para el procesamiento de los #DatosCoronavirus NO es necesario violar la privacidad ni libertad de nadie, se los puede procesar/tratar respetando las exigencias legales que impone la #proteccióndedatospersonales. (Cont.) #Covid_19
Read 19 tweets
Buongiorno @bSmart_it
La scuola delle mie figlie usa i vostri libri e in questi giorni dobbiamo accedere alla versione online per lo studio da casa.

Potreste gentilmente togliere i 4 MALEDETTI TRACKER che avete inserito nella App per lo studio destinata ai bambini?

Potete spiegarmi perchè dovrei condividere tutti i dati di uso con Facebook per fini di marketing? DATI DI STUDIO DI MINORENNI?

Vi dispiacerebbe spiegarmi perchè la app necessita di poter registrare dal microfono del dispositivo?
La consultazione ONLINE (con webapp) è persino peggio!
Avete idea di quanti cookies di terze parti e condivisione dati state generando, senza nemmeno avvisare l'utente ne tantomeno chiedere un generico consenso.
Il tutto su HTTP senza alcuna sicurezza del traffico dati.
Read 10 tweets
Mitä on #xAPI? Yhtenäinen tapa saada talteen eri paikoissa tapahtuvaa oppimista. Varmistaa järjestelmien yhteensopivuus (make sure things work, interoperability).

Toisaalta aika tylsää: "kuka-teki-mitä-missä-milloin-millätuloksella". 🤓
Yksi helppo tapa tutustua #xAPI:n mahdollisuuksiin esim. #H5P avulla. Suuri valikoima valmiita työkaluja, jotka keräävät dataa erilaisista oppimistilanteista, ei edellytä koodaamista!
Mitä hyötyä, mitä haasteita #xAPI käyttöönotossa?
Read 12 tweets
This thread lists some features of @TPP_SystmOne that supports #covid-19 preparedness.
offsite working,
record sharing,
new Airmid app and
1. company actions to minimise possibility of service interruption - see separate thread that I'll post tomorrow
2. ensure @TPP_SystmOne access wherever it is needed. Most users know that #S1 can be used mobile and at home. Many CCGs/CSUs offer HSCN access solutions or remote desktop access - so maximise preparation for home working using #S1. No complex install.
if you are considering how non GP staff are going to support your provision from home get @TPP_SystmOne installed and connected for them.
Read 11 tweets
It was strange that @NITDANigeria required immediate compliance with its #NDPR, whereas EU had a 2yr period for #GDPR. Not surprising, many organisations aren't compliant and citizens aren't aware of their rights under NDPR- @SolomonOkedara

Private citizens whose privacy and other info-related rights could be violated ate a critical factor in enforcement. This is a key reason for a period of sensitization prior to implementation of #NDPR - @SolomonOkedara
From experience, citizens tend to sleep on their online-related rights. There was scepticism about our firm's strategic litigation on the Cybercrime Act a few years ago, before govt began using it to persecute opponents- @SolomonOkedara
Read 4 tweets
"We don't sell any of your information to anyone, and we never will" (Facebook's data policy)

Here's one way of how FB has long been selling personal data to advertisers at scale, according to trade press reports.

I have long suspected they do, this is potentially huge #GDPR
So, FB shared individual-level data with advertisers or allowed them to query/link data involving device IDs via its 'measurement' partners.

This is 'personal data' as defined in the GDPR, and I'm sure FB didn't share it for charitable reasons, but received something in return.
I have long suspected that FB is directly sharing personal data with third parties for so-called 'measurement', but never had access to comprehensive info.

EU authorities must investigate this. This should be one more large GDPR case.

(AdAge article:…)
Read 16 tweets
General reception of AI White Paper and EU Data Strategy: a proper confirmation of European values and European sovereign tech path, though still infused with legacy economic logic. Quite vague, has better and worse moments. Some specific thoughts below. 1/x
#DigitalEU #Data #AI
First, data strategy. Take a look at the aims here. Market, openness, infinite business access to data. And a bit of EU norms & privacy. What about digital welfare state, data to improve quality of life? Confusing AIMS with TOOLS. Market is a TOOL – and an exclusive one! 2/12
The long neoliberal shadow is visible in approach to public data. We payed for it – so business will use it for free… and then levy fees for access. Didn’t we learn with @MazzucatoM how public value leakage ends with corporate behemots (eg Apple build on public R&D)? 3/12
Read 13 tweets
The online advertising market requires both internal & external #GDPR enforcement.
@Brave's new submission to @CMAgovUK shows why we need to act against the vast RTB data breach, but also act against Google's internal data-free-for-all too.…
@brave @CMAgovUK Google, and Facebook, operate internal data free-for-alls that sustain their monopolies. In competition law, that's a problem. But it's also a problem in data protection law - and data protection law happens to have a handy *consumer-led* remedy!
@brave @CMAgovUK @Kartellamt @ICOnews It is tricky, because the vertically integrated platforms can hide behind three layers of infringement. Data protection authorities have to knock down all three. But once they do, the Googles and Facebooks have nowhere to hide.
Read 8 tweets
Petit thread #privacy sur l'annonce de la fermeture de #Fidzup, attribuée par son CEO à la mise en demeure de la @CNIL dans son article Medium :… #GDPR #EuDataP
Dans sa lettre, O. Magnan-Saurin indique 2 fois qu'il ne remet pas en cause le fond de la procédure. Mais de petits indices laissent penser qu'il n'a pas forcément saisi ce fond : il indique que les données collectées par Fidzup sont des données "non nominatives et anonymes".
Si c'était bien le cas, la loi Informatique et Libertés (seule applicable à la procédure de 2017 contre Fidzup) n'aurait pas trouvé à s'appliquer. Les données collectées sont bel et bien des données personnelles : c'est bien sûr tout leur intérêt pour les clients de Fidzup !
Read 19 tweets
Open Wifi Security (Friday evening rant)

1) Yes, at our @nordic_choice hotels we have open wifi as standard. No Client<->AP encryption (WPA/23), and no captive portal to logon to.

Let me first explain some obvious reasons for doing so. (Often disregarded by infosec pros.)
@Nordic_Choice 2) It is INCREDIBLY easy for anyone to connect and start using the Internet at our hotels. And we have absolutely all kinds of people staying with us. That includes people that are not tech-savvy at all.
@Nordic_Choice 3) Being a company who very actively seek to reduce our footprint on earth & measure our performance in "People, Planet & Profit" (not just profit), open wifi with no captive portal saves time, energy & money. It helps your mood as well. 😇
Read 22 tweets
Andrea Jelinek, Chair of @EU_EDPB, said there are currently 70 cross-border cases w final decisions, proving that OSS works; ‘these are not spectacular cases in terms of fines’ though #CPDP2020 #OneStopShop #GDPR
Most of these +70 cases are related to the rights of the data subject (erasure & access), followwd by cases related to data breach notifications.
One of the main challenges for smooth functioning of OSS are differences in national peocedural laws. ‘Resolution of cross border cases is time & resource consuming & intensive’ #CPDP2020
Read 12 tweets
A few thoughts on the leaked EU Commission's White Paper on a European Approach towards #AI
(thanks to @F_Kaltheuner for pointing it my way)

The white paper references the Commission's ongoing activities on #AI. But the main thrust is the analysis of different regulatory options to make good on @vonderleyen pledge to present legislation on #AI within the first 100 days in office.
The big story in the media such as this @POLITICOEurope piece (where you can find a link to the leaked draft) has been the consideration of a temporary ban of facial recognition in public spaces.…
Read 22 tweets
Oh, please. READ THE ACTUAL CONTRACTS! e.g. the deals @Google's signing with #NHS Trusts in the UK assign it exclusive #IPR. The power imbalance is bad enough as it is; turning people's lives into property ('ownership' vs rights) will only make things worse...
...and the few details of the @GoogleHealth/@Ascensionorg deal that are now public show the clear intent to do commercial R&D on tens of millions of patients' identifiable data *without consent* - see item 3:…

What exactly would 'ownership' get people...
..that stronger (e.g. #GDPR-like) properly-enforced #DataProtection rights wouldn't? Exactly how much do you think @Google would pay you for your entire medical history, or your genome? Do you think you'd get to negotiate? And once they paid, wouldn't they also 'own' you(r data)?
Read 3 tweets
Hey Privacy peeps! Are you lost on the #GDPR implementation? Here is a the State of play in the Member States: cc #EUdataP #privacy #RGPD. If you have comments or any update, let me know. @EU_EDPB is it possible to have an official list on your website?
AT: The law covering both the GDPR and the Law EnforcementDirective has been adopted by Parliament and enteredinto force on 25.5.2018. The text can be found under the following link:…
Moreover, AT has adopted two amendments to the new data protection law, which likewise enteredinto force on 25.5.2018. The texts can be found under the following…
Read 37 tweets
Uncovering the Disqus data machine pt.2: This figure shows the difference between the regular European experience of using a site with @disqus and the American one. (LONG THREAD)
My reporting on @disqus started with a tip - the consulting company @conzentio thought it was weird that the comment section widget from Disqus could share so much data. They had a fair point, and it turned out that it breached the #GDPR
The chart is actually lying - @LiveRamp refuses to receive data from Norwegians (451 status code) - so far fewer companies receive private information.

One might say that LiveRamp boosts the data sharing between companies. (They have not responded to my request for comment)
Read 15 tweets
Uncovering the Disqus data machine: @disqus shared the personal data of tens of millions of users without them or the websites knowing about it. thread - 1/13
During reporting for @NRKbeta I found that several well-known sites appear to send user data through @disqus . Some of them are: @wirecutter, @9to5mac, @ZDNet, @pcgamer. Political sites were also affected: @thehill, @BreitbartNews, @realDailyWire, and @gatewaypundit 2/13
The company says that 2 billion unique users hit their platform each month, but the number could likely be far lower. Disqus would not disclose the % that have their data shared. 3/13
Read 18 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!