Discover and read the best of Twitter Threads about #GDPR

Most recents (24)

I’m at a press conference on how #GDPR is frustrating US law enforcement efforts online. DEA’s Jae Chung and DOJ’s Jason Gull speaking now.
Gull: “WHOis is turning into WHOwas ... We have information on who owned a domain six months ago, or a year ago now. It’s like having an old phone book.”

Problematic for urgent requests to preserve data in investigations.
Gull notes that WHOis was always problematic — full of false information and outdated information. He said about 1/4 of all entries were proxied through privacy services, but that many were very cooperative. Now the process of sending requests to preserve evidence is slower.
Read 14 tweets
The #HudumaNamba case is back in court for a final day of hearings today - oral highlighting of the final submissions of both petitioners and respondents

Proceedings are scheduled to begin at 10am
@thekhrc @HakiKNCHR @Haki_na_Sheria @HakiCentre @katibainstitute @lawyershubkenya @CEMIRIDE_KE @MUHURIkenya @StrathCIPIT @AmnestyKenya The judges have entered the courtroom and today's proceedings on #HudumaNamba & #NIIMS are now beginning
@thekhrc @HakiKNCHR @Haki_na_Sheria @HakiCentre @katibainstitute @lawyershubkenya @CEMIRIDE_KE @MUHURIkenya @StrathCIPIT @AmnestyKenya Before the oral highlighting begins, the judges are confirming two issues - (1) that the court has all the submissions that have been filed (initial & supplementary submissions) & (2) how we will proceed for the highlighting

Read 428 tweets
With my last drop of CJEU judgments brainpower for the week, here are some key points from the global takedown of #Facebook defamatory comments case published yesterday #Glawischnig Long thread alert! 1/x…
Setting the scene: this is not a data protection or #privacy case. This is a case concerning deletion of information, but grounded on defamation. It is irrelevant for the case at hand that those comments contained personal data, even if they did. 2/
Fun fact: the #GDPR specifically excludes from its scope of application those situations which also fall under the scope of liability rules for intermediary service providers, Art 12 to 15 from eCommerce Directive, precisely what the CJEU was asked to interpret. 3/
Read 18 tweets
1/ I can't believe it's been this 3 years already. the @uport_me team won a prize after launching the first version of our Self Sovereign Identity wallet at DevCon2 on #ethereum complete with social recovery using proxy contracts, wallet connect like QR codes and gas funding.
2/ Our focus is still on Self Sovereign Identity for #ethereum, but we've learnt so much since our first experiment back then.

Here is a diagram of our original architecture...
3/ Most importantly the key to safely build #identity on a blockchain is to actually use as the #blockchain as little as possible.

Ideally a good identity solution for blockchain applications provides an off-chain method of linking together on-chain interactions.
Read 17 tweets
The Irish Times covers my visit to Dublin talking about #TheGreatHack and the key lesson it teaches Americans. We need the US to catch up to the EU on #DataRights to safeguard democracy. #Tech4GoodDublin cc @ICCLtweet @INCLOnet @thegreathackdoc…
And also via @FT…Google caught allegedly circumventing the #GDPR, slapped with an investigation by Irish Data Protection Commissioner, as @johnnyryan’s research exposes Google’s dirty tricks.…
Read 4 tweets
Yes @Slate, consent is not an "ethical rubber stamp".

But no, #gdpr does not "require companies to ask for consent prior to data collection processes".

Consent as legal basis seems to be one of the most persistently misunderstood elements of GDPR.…
"We aren’t saying that consent has no place in this ecosystem. But it shouldn’t be the only way we let people make decisions about data protection."

Exactly! That's why GDPR has 6 legal bases for processing, one of which is consent. And consent is often not an appropriate basis.
Choose legal basis that reflects the relationship and processing, consent is often not appropriate and if consent is difficult it's probably because a different legal basis is the right one - @ICOnews…
Read 5 tweets
+++ BREAKING +++
Düsseldorf court has "serious doubts" regarding the legality of @Kartellamt 's decision against #Facebook, suspends the decision.…
@Kartellamt Here is a THREAD with a quick analysis of the decision:
1/ In the 1st part of the decision, the court argues that #Facebook 's data collection does not constitute an exploitative abuse. The main argument is the lack of causality between Facebook's (presumed) market dominance and the collection of data.
Read 11 tweets
My latest for @newscientist: Facebook's ad targeting could identify gay people in countries where it's illegal. I asked @acrumin to run the data three days ago: 4.2 million people were tagged as interested in homosexuality in countries where it's banned…
@newscientist @acrumin Facebook told me: “The interest targeting options we allow in ads reflect people’s interest in topics, not personal attributes" - but there's likely to be overlap…
@newscientist @acrumin Lots of data protection and privacy experts I spoke to are worried that the doing so is in a grey area at best, and breaches #GDPR at worst. Anyway, strongly recommend reading…
Read 4 tweets
Looks like the Bavarian State Office for Data Protection Supervision is currently reviewing the GDPR compliance of the monitoring and recording functions from $TSLAQ. What possible could go wrong if Germans have concerns when it comes to data protection?…
Thank you very much for your request for advice on the use of Tesla, which we received from the Hessian Commissioner for Data Protection and Freedom of Information on 15.08.2019. We comment on this as follows:
The product features of the Tesla vehicles named by you are currently being examined by us on the basis of other data protection complaints, as these - as you have noted - process personal data from publicly accessible areas.
Read 7 tweets
Here is a little thread you need to know about the #GDPR and accountability 👇👇
#eudatap #privacy
Chapters 2, 5 and 9 #GDPR contain the rules for processing personal data. However, 100% compliance with these rules is impossible in practice. #eudatap #privacy
So, during the #GDPR negotiations, the EU Council of Ministers pushed hard on the accountability principle enshired in Chapter 4. They called it "the risk-based approach". #eudatap #privacy
Read 16 tweets
Just got retargeted on desktop FB by a company, whose site I visited on my mobile phone using Chrome 'incognito' mode earlier today. Didn't knowingly visit a similar website. Might still be some random/correlation stuff, or can FB pixel somehow identify users in 'incognito' mode?
I'm sure there are technical solutions to (re)identify users in 'incognito' mode e.g. based on fingerprinting, but the main question for me is do FB (or Google) use them? The study (…) doesn't seem to address incognito mode, does it?
I was using cellular data (no Wifi), so the only thing that could have happened here is that they re-identified my (temporary) cellular IP in 'incognito' mode?
Read 5 tweets
[THREAD] No wonder #GIRFEC is such a discredited shambles. You get a 'certificate' for completing this infantile @PerthandKinross 'training' module.…
There are so many errors in this Jan 2019 'guidance' seeking to legitimise daylight #datatheft it's hard to take remotely seriously…
It still references the infamous 2013 ICO 'memo' that had to be withdrawn due to citing the wrong threshold for data processing (unlawfully replicated in 2014 child protection guidelines) & contains case studies that contravene 2016 @UKSupremeCourt #namedperson judgment.
Read 9 tweets
Study on 'cookie banners' finds that in August 2018 less than 5 percent of the 5,000 most popular websites in the EU provided a visible 'choice' to *decline* extensive data sharing with third-party companies (based on analyzing a sample of 1,000 notices) #gdpr #enforcement #fail
What surprises me is that still 6-8% of users go through the trouble of deselecting *several* options despite the use of #darkpatterns. More than I expected.

Anyway, if opting into non-preticked 'categories' would be enforced, almost no one would opt in.
My take on this:

If almost no one would opt in, cookie banners would disappear.

Websites & other services may then try to take the 'sell your data or pay' route. They shouldn't be allowed to.

As a consequence, some of them may then stop providing services without payment, yes.
Read 4 tweets
We studied how users interact with different version of🍪 consent notices (aka #cookiebanners). Most people avoid making a choice regarding cookies and if they have to explicitly enable them (opt-in) the majority won't do it. Here is a short summary of our results. Thread:
We first checked what notices look like on websites. A large majority do not offer choices, but instead only ask for confirmation - which is mostly not ok according to #GDPR. See for example the ICO guidelines…
In three studies we then tested different versions of cookie consent notices on a german e-commerce website, checked how users interacted with them and asked them to participate in a survey afterwards.
Read 9 tweets
You are worried about #facebook and #FaceApp, but use #Microsoft #Office every day? Time to be concerned! Did you know that Microsoft is processing lots of data about you without telling you about it? 1/n #GDPR #ePrivacy
Through its software and operating system, #Microsoft collects and stores personal data about user behavior, so-called #diagnostic data, on a large scale. Microsoft collects this data in various ways: 2/n
via system-generated logs of events on its servers and via the telemetry client in Windows 10, in Office 365 ProPlus, and in the mobile Office apps. These telemetry clients collect diagnostic data on your device and send this information to Microsoft's servers in the US. 3/n
Read 43 tweets
#Livestream #bankenlive zu #Libra läuft. Bankenverbands-Chef Christian Ossig. begrüsst unsere Gäste @Techquartier. @osanten hat Moderationsposition schon eingenommen.
Wer unser Diskussionspapier zu #Libra nachlesen will, findet es hier:…
Stellen Sie Fragen, Moderator @osanten erinnert daran, auch gerne hier an uns via @bankenverband unter #bankenlive.
Read 22 tweets
I can't overstate the significance of this #GDPR British Airways fine (1.5% of worldwide turnover / £183m) for anyone in security, privacy or senior management. You've got to get security right, with appropriate levels for your organisation, else the fines can be career changing.
Some factoids:
- GDPR fines (amongst other things) are for inappropriate security as opposed to getting breached. Breaches are a good pointer but are not themselves actionable. So organisations need to implement security that is appropriate for their size, means, risk and need.
- Security is an organisation's responsibility, whether you host IT yourself, outsource it or rely on someone else not getting hacked.
The GDPR has teeth against anyone that messes up security, but clearly action will be greatest where the human impact is most significant.
Read 6 tweets
My observations on the Spanish DPA #GDPR fine (thread): First, @LaLigaEN still arguing a yr later that their tech is misunderstood. App uses "audio fingerprinting" by which tiny fragments of audio sent for comparison w/content library & then discarded. 1/9
& on this basis they argue that the processing =/= personal data. The use case (detecting unlicensed soccer streaming) makes it challenging: wouldn't a common ID be needed to cross-reference audio + geo? But if not associated w/ user at point of collection? Maybe. 2/9
Side note: audio fingerprinting is pretty common: Shazam, the latest Pixels, & in most Smart TVs for viewing measurement. Greatest concerns for privacy advocates are if/when used between devices (e.g. phone/laptop surreptitiously "listening" for TV content, as done here). 3/9
Read 9 tweets
There are huge number of trackers on online pharmacies, sharing some of my observations I found while preparing a demo for @pyconweb. In lot of cases the medicine you search for, is shared with companies like FB, GA, Survey Monkey, Dynamic Yield & many more. #Privacy #GDPR :
Looking at the stats from @WhoTracks_me, about 11 trackers per page load & 36 trackers seen overall on @docmorris :…
When you search for a medicine, in this case IbuHexal, this information is shared with trackers like Exactag, DoubleClick, Webmasterplan, Google.
Read 7 tweets
Thread] 10 reasons why the Netherlands (and everywhere else) should beware Scotland's failed #GIRFEC policy:

1. UK Supreme Court struck down Parts 4&5 of 2014 CYP Act because the mass #datatheft on which #GIRFEC policy relies breaches #Article8 & #GDPR…
2. Scottish @homeed forum & @tymestrust are petitioning @ScotParl for a #publicinquiry into past & present #GIRFEC breaches of #humanrights…

3. #GIRFEC victims' testimony was excluded from evidence to parliamentary committee
4. Remedial legislation to resurrect #girfec #namedperson blocked by parliament: #shanarri too vague/subjective and no legally compliant code of practice…
Read 8 tweets
Steadily approaching #GDPR anniversary and I see two big & fundamental issues everyone is really struggling with:
1️⃣Lawful grounds for processing
One is as old as #EUdataP law itself but the #GDPR has injected new impetus. The other is yet to be learnt properly. Thread⬇️
There are three grounds for processing that get 99% of the attention:
1️⃣Consent seems easy & solid, but it is the most difficult.
2️⃣Contractual necessity is yet to be explored & debated properly.
3️⃣Legitimate interest is seen as the holy grail but remains largely misunderstood.
The standards for valid consent will eventually be settled by #CJEU but it is clear that #GDPR raises the bar well above what has become common practice (think cookie banners & ‘take it or leave it’ approaches). So consent is bound to become the residual option, not the default.
Read 6 tweets
Public trash receptacles removed from Ireland’s main post office out of concern about liability under GDPR…
>me looking for trash cans when living under the GDPR hellscape
Waste receptacles at Ireland’s main post office have been reinstalled after receiving official guidance from the country’s Data Protection Office that #GDPR does not apply to public trash cans.…
Read 4 tweets
The @BBFC #AgeVerification "Certificate Standard" has been published.

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?…
@BBFC Well, that was fast:

"this is the foundation of the non-statutory, voluntary age-verification certification scheme (the Scheme)"

"Only age-verification providers that meet the requirements of the Standard…will receive certification"

What happens to the ones that don't?
@BBFC [ Incidentally, I am going through this in real time with a mug of coffee, so there may be some jumping back and forth. Don't expect perfection. ]
Read 104 tweets
Gang, I will be voting for @TheGreenParty @europeangreens in #EP2019- the @GreensEP have a proven track record of getting things done in Brussels & Strasbourg (see eg #GDPR), & *nothing* is more important than a European #GreenNewDeal.…
A vote for @TheGreenParty in many UK regions has a realistic chance of delivering a @GreensEP MEP, & the maths says they can influence the choice of next President of the Commission. I think they're the best choice to boost #Remain & also deliver progressive green EU policies.
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!