Discover and read the best of Twitter Threads about #GDPR

Most recents (24)

Mercenary spyware was secretly flown to "blood soaked" Sudanese militia.

Uncovered thanks to an employee selfie.

Reminder: #EU inability to tackle #spyware crisis = global consequences.

Report by @cr0ft0n @telloglou @e_triantafillou
& @omerbenj…
Heirs to the murderous #Janjaweed have a global phone #hacking capability.

Reflect on the #NationalSecurity implications.

We've warned of this for a decade.

Yet policymakers still dither on mercenary #spyware.

It will only get worse.

Mercenary spyware companies persuaded regulators to leave them largely unregulated.

The #Sudan #militia sale is the logical conclusion.

These companies won't stop until they've burned our collective house down.
Read 7 tweets
1/16 A lot happened on the #PlatformWork directive, currently under negotiations at the @Europarl_EN and the @EUCouncil, in the past few weeks. Thought I’d put a little 🧵 together to outline key developments in the Council ahead of tomorrow’s COREPER, and what happens next⤵️
@Europarl_EN @EUCouncil 2/16 #COREPER, a meeting of all Ambassadors to the 🇪🇺, said no last Wednesday (23 Nov) to a compromise text the 🇨🇿 Presidency put together after months of negotiations. Not the end of the 🌍 but a diplomatic setback, which speaks to the sensitivity of the file
3/16 Bear in mind the 🇨🇿 do not welcome the @EU_Commission's proposal to start with. Efforts so far have been to accommodate for the more pro-platform MS of the lot, inc Eastern and Central European states. But this has irked other countries which want a more ambitious directive
Read 16 tweets
So, @Dropbox @DropboxSupport is holding my data at gunpoint with an unclear legal case. The week before my account was disabled, and since I have plenty of files in online-only sync, I cannot access that data. #GDPR

I am devastated and in full panic mode. 1/n
Note that I have *already* been in a very tough spot mentally, finally dealing with a lot of old baggage that has caught up. And now this.

I inquired why my account was disabled, and it took days of back-and-for them to tell me about TOS violation

@Dropbox @DropboxSupport #GDPR
Apparently it's a "think of the children" case, but I never got precise information what material would have constituted a TOS violation. Nor can I verify that my account hasn't have been compromised to make sure it was even my doing.

@Dropbox @DropboxSupport #GDPR
Read 25 tweets
Verohallinto on vuosien ajan kerännyt pankeilta massiivisesti arkaluontoisia henkilötietoja ilman tarkempaa syytä. Tässä ketjussa valotan ongelmaa ja sitä, miksi ja miten olen tehnyt pankilleni tarkastuspyynnön verottajalle luovutetuista tiedoista.
Suomalaispankki valitti hallinto-oikeuteen Verohallinnon tietopyynnöistä kustannuksiin vedoten jo 2013. Heti 2020 korkein hallinto-oikeus katsoi, että asiassa on sovellettava 2018 voimaan tullutta GDPR:ia. Verottajan tietopyyntö ei ollut oikeasuhtainen sen tavoitteisiin nähden. Image
Verottaja kuitenkin jatkoi laajamittaisten tietopyyntöjen tekemistä ainakin 2021 asti. Tietosuojavaltuutettu katsoi äskettäin nämäkin pyynnöt #GDPR:n vastaiseksi, koska kansallisessa lainsäädännössä ei ole tehty GDPR:n velvoitteisiin ja oikeuksiin rajoituksia tältä osin. Image
Read 10 tweets
Comme pleins de gens s’intéressent soudain à #Mastodon, j’ai décidé de m’interesser soudain à Mastodon et de vous faire un petit guide / kit de démarrage #OSINT, #GDPR, #Désinformation, c’est par ici :⤵️
Donc Mastodon n’est pas UN mais DES réseaux sociaux. Mastodon c’est le système qui permet de les faire tenir ensemble. Chaque réseau social a son serveur et son nom de domaine, mais les utilisateurs de peuvent interagir avec ceux de
L’utopie est celle-ci : imagine tu peux avec ton compte twitter commenter la photo instagram d’un ami ? C’est l’interopérabilité Image
Read 28 tweets
While the chaos of '#AcceleratedCitizensAccess' to #GPrecords continues to unfold:

...we've come across some perturbing items on the agenda for @NHSDigital's Board meeting this afternoon 👇 which I'll pick up on in this [Thread].…
First, beginning on page 158, are some Directions that @NHSEngland must know will be HIGHLY controversial - given they are telling @NHSDigital to use @PalantirTech's #Foundry to collect *patient level identifiable data* from hospitals... 1 Executive Summary  NHS England are directing NHS Digital t
I'll tweet as I do a read-through, but even these first two paragraphs are incoherent, e.g. " a way that will enable." Enable what?

And if @NHSEngland Directs NHSD to use #Palantir, NHSE is *determining the purposes and means of processing* - i.e. it is a #DataController... Whether you are a controller or processor depends on a numbe
Read 25 tweets
🔴 In July this year #DataReformBill was introduced in the House of Commons. The Bill was this govt's spin off of #GDPR

But it has now hit the brakes, announcing a revamp of the Bill. What were the plans so far & what will change?

A 🧵...

The announcement of changes to existing GDPR replacement came from Michelle Donelan.

Speaking about this at the #ToryConference, she said, "we will be replacing GDPR with our business and consumer-friendly, British data protection system" /2…
She also said that data adequacy will be retained "so businesses can trade freely."

But many are worried an added regulatory regime on top of the EU's GDPR will only add to the woes of UK businesses working with EU countries. /3
Read 15 tweets
⚠️We know #ShopifyPixels and #CustomerEvents are tempting, but hear us out before you take the plunge.

All the risks and cons involved with the new feature coming to you in this thread 🧵(1/6)
🔐Privacy & Security (2/6)

More pixels=slower load time
If the pixels bypass customer consent, especially in California or EEA, they are a legal liability.
🧑‍⚖️GDPR Compliance (3/6)

Hello, European stores! You are on your own. Here's what #Shopify says about the new feature's #GDPR compliance:

"Compliance with applicable laws, consents, code security, troubleshooting, and updates are your responsibility."
Read 6 tweets
Industry lawyers (@bakermckenzie) now even give lectures on "how to fight data subjects complaints", with a special feature on @noybeu and many procedural "tricks" like simply complying with the #GDPR only once you have a complaint filed ("Nacherfüllung"), use the short...
... statue of limitations in Austria, fight on the appeal before the Federal Administrative Court and "as last line of defense" undermine the enforcement of any final order by the Austrian DSB.

The fun thing: So far these tactics lead to delays, delays, delays but no wins.. 🙄
This is all obviously legal, but also shows how DPAs are still trying to "talk" to controllers when in fact their lawyers have clear strategies to undermine the enforcement of the #GDPR at every procedural step.

Time to wake up! 😉
Read 3 tweets
#MiCA was not the only proposal completed last week, as 🇪🇺 institutions also finalised the Transfers-of-Funds Regulation (TFR).

The #TFR is meant to implement the @FATFWatch's #travelrule for transfers of #cryptoassets in the EU.

As always, check our 🧵for details:

First, a bit of #context:

The original Transfers-of-Funds Regulation was established in 2015 and introduced the requirement for financial institutions to accompany each #transfer of funds with verified information about the originator and beneficiary of the transfer.

As part of its 2020 Action Plan on preventing #moneylaundering and #terrorism financing, the @EU_Commission put forward a legislative proposal for a recast of the original #TFR text with the main objective of expanding traceability requirements to crypto-assets.

Read 18 tweets
1) Bir hack vakası daha!

Harvard Business Review Türkiye şubesi @HBRTurkiye'nin sahibi @infomag Yayıncılık şirketinin veritabanına sızıldı ve fidye saldırısı yapıldı.

152 binden fazla veri ele geçirildi.
Kişisel verilerin bulunduğu database'in korumasız olduğu ortaya çıktı!
2) Dünya çapında onlarca ülkede faaliyet yürüten Harvard Business Review, iş dünyasında prestijli bir yayın olarak kabul edilir.

Türkiye'deki şubesi olan @HBRTurkiye'nin lisansı @infomag Yayıncılık adlı İstanbul merkezli şirkete ait.

Söz konusu hack, bu şirkete yapılıyor.
3) Şirkete ait bir veritabanın erişime açık ve korumasız olduğu 16 Eylül tarihinde bir grup uzman tarafından tespit edilmiş.

Not: Normalde, hassas müşteri verileri barındırdığı için çok güçlü bir şifreleme algoritmasıyla korunması gerekirken bu yapılmamış. Büyük zafiyet!
Read 11 tweets
Users of glassess beware! You may be leaking secret data during Zoom/Skype/etc videoconferences. Screen reflected in glasses, then visible during a videoconferencing. School-grade physics/optics sufficient to understand the exploit equations.… ImageImageImageImage
Solution/mitigation? Use a lamp. Or face bluring “reduce reflections’ light SNR, e.g., by placing a lamp facing their face whose light increase the noise portion”. Seriously this isn’t funny: if information may be leaking due to the use technology, it makes sense to do SOMETHING ImageImageImageImage
This may or may not sound hilarious/funny, but laughing aside, it is imaginable that data may eventually leak in this way (and a #GDPR data breach notice would have to be issued!). It reminds me of attacks using light sensors to steal user’s data.…
Read 3 tweets

Μία κατά λάθος ανάρτηση στη Διαύγεια ενός απόρρητου έργου του @migrationgovgr οδήγησε τους @Malichudis @IPapangeli @Balkanizator σε μια αποκάλυψη:

👉 έργα επιτήρησης προσφύγων αξίας 20 εκατ. ευρώ υλοποιήθηκαν παραβιάζοντας τον κανονισμό #GDPR.…
Tα έργα #Υπερίων και #Κένταυρος, για τα οποία έχει ασκηθεί έντονη κριτική, αφορούν:

- ένα σύστημα ελέγχου εισόδου-εξόδου, με χρήση βιομετρικών/βιογραφικών δεδομένων,

- κι ένα ψηφιακό σύστημα διαχείρισης ασφάλειας, με χρήση καμερών, drones, και αλγορίθμων ανάλυσης συμπεριφοράς. Image
Ωστόσο, οι @Malichudis @IPapangeli @Balkanizator αποκαλύπτουν πως τα 2 κεντρικά στον σχεδιασμό του υπουργείου έργα:

- σχεδιάστηκαν,
- εντάχθηκαν στα 🇪🇺 ταμεία,
- υλοποιήθηκαν,

δίχως να ικανοποιούνται αναγκαίες προβλέψεις προστασίας προσωπικών δεδομένων.…
Read 6 tweets
My observations on @AGRobBonta's first major #CCPA enforcement action, announced today against @Sephora - big news for U.S. privacy. 1/16
First, @Sephora is a strategic choice. The most significant outcome is their 2-yr agreement to honor Global Privacy Control (GPC) signals. It's very important for the AG to get this on the books, because it bolsters CCPA's key (only) redeeming feature: the universal opt-out. 2/
Despite CCPA's underlying weaknesses (advocates have rightly criticized it as an ineffectual notice & choice law), the concept of a decentralized "universal opt-out" browser mechanism has taken hold in the US and been adopted in CO, CT - with great promise. 3/
Read 16 tweets
Every time I click through one of those garbage legalese novellas you're expected to say "I Agree" to before doing something totally normal and inconsequential, I'm reminded of the legendary Lenny Bruce bit "Eat, Sleep and Crap."… 1/ A pair of shaking hands; one of them is demonic red, with sh
In this bit, all civilization begins with agreements:

> "Let's see. I tell you what we'll do. We'll have a vote. We'll sleep in Area A. Is that cool?"

> "OK, good."

> "We'll eat in Area B. Good?"

> "Good."

> "We'll throw a crap in area C. Good?" 2/
This social contract is the foundation of civilization. It's why you don't die from fecal-oral bacterial transmission.

Naturally, the legal profession has put a little more detail into the idea of what constitutes a contract in the years since. 3/
Read 71 tweets
#OmaPosti alkanut käyttää norjalaista Neomics-maksupalvelua, joka vaatii 90 pv:n pääsyn kaikkiin tilitietoihin, myös vuoden tilihistoriaan. Ei kuulosta #GDPR mukaiselta tietojen minimoinnilta? Miksi tällainen, @Postigroup? Olen saanut huolestuneilta kysymyksiä, varmaan tekin. Image
Omia tietojaan voi kysyä Neonomicsilta: "Sinulla on oikeus pyytää meitä toimittamaan sinulle kaikki sinusta keräämämme henkilötiedot. Lähetä meille sähköpostia osoitteeseen Tehdäksesi
yksityiskohtaisen käyttöoikeuspyynnön...
...lisää alle listatut tiedot viestiisi:
- Nimesi
- Osoitteesi
- Pankkisi tai digitaalisen palveluntarjoajasi tiedot
- Ajanjakso, jolta haluat omat tietosi"

(lainaukset Neonomicsin tietosuojaselosteesta)
Read 3 tweets
🔥What are the 9 #GDPR principles and why they matter for you:
1. Lawfulness (Art. 5.1.a): your personal data can only be collected, processed or used according to what the law establishes. For example, Art. 6.1 specifies six situations in which your data can be processed lawfully, consent is one of them.
2. Fairness (Art. 5.1.a): tricky principle, as there is no express indication of its meaning in the GDPR. The @ICOnews says that it means that your data cannot be processed in a way that is unduly detrimental, unexpected or misleading to you. I am working on that in my PhD :)
Read 11 tweets
1) BREAKING: #GDPR Gutting Bill on floor of the Commons at 15.30… #dataprotection

We at @OpenRightsGroup made an analysis on what to expect today. Thread below
2) This Govt want the UK digital sector to be as dirty and dishonest as them, and they wrote a law for no one but the law-breakers. Everyone else will have less rights, less choices, and less access to recourse if something goes wrong.…
3) On top of that, mass data sharing to law enforcement agencies will cement the UK digital police state. The UK Govt will authorise any data seizure or use on their whims and with secondary legislation, undermining lawfulness and purpose limitation.
Read 9 tweets
We have a message for the @EU_Commission: It's time to save the #GDPR

How? By proposing a new, complementary, law to clarify the #GDPR enforcement model, harmonise procedures, & increase the powers of the EDPB

Read our new report:
Why does the #GDPR needs saving?

🔔Alarm bells over the unequal and slow enforcement of the GDPR have been ringing

⌚️People filing complaints with their data protection authorities are waiting to see their rights materialise

🇪🇺 National procedures block DPAs' cooperation
Even filing a complaint can be difficult:

A study by The Data Protection Law Scholars Network shows that people across the EU do not have an equal right to lodge a complaint:…

This is a serious impediment to the GDPR’s efficacy for vindicating our rights.
Read 5 tweets
Η νέα απόφαση της Ολομέλειας ΣτΕ για τα θρησκευτικά έχει μια πολύ ενδιαφέρουσα ερμηνεία για τον #GDPR που αφορά ένα πολύ μεγάλο φάσμα υποθέσεων που αφορούν Υπουργικές Αποφάσεις ή ακόμη και Νόμους.
Συγκεκριμένα, το ΣτΕ έκρινε ότι όταν μια κανονιστική διοικητική πράξη καθιερώνει μια επεξεργασία δεδομένων προσωπικού χαρακτήρα που περιλαμβάνει και "ειδική κατηγορία δεδομένων" (ευαίσθητα δεδομένα), τότε το κρατικό όργανο που την εξέδωσε έχει υποχρέωση να έχει ζητήσει την γνώμη
της Αρχής Προστασίας Δεδομένων Προσωπικού Χαρακτήρα, την οποία το ΣτΕ θεωρεί "ουσιώδη τύπο" και ελλείψει αυτής της γνώμης ακυρώνει την προσβαλλόμενη διοικητική πράξη.
Read 16 tweets
Celebrating now the end of wild west on #Internet with a glass of tea! #Europe is designing its digital future & need sharp teeth to its new powers! #Platforms will operate in a legal framework that until now was nonexistent #DSA #DMA 🎊 @EU_Commission @Europarl_EN #Mythread 1/1
No more domination of technological giants in 🇪🇺 VP @vestager said #DSA #DMA are basic pillars of the efforts to impose stricter rules on #usedandabused technology groups& establish regulations suitable for #Internet era. 1/2
#Democracy now sets the rules for #digital world, rather than the tech giants. #DSA #DMA. #Vestager 1/3
Read 13 tweets
🔥🔥 1/ European Commission reprimands Dutch Data Protection Authority (AP) over its position on legitimate interest.…
#GDPR #privacy
2/ In its letter to the AP, the Commission writes:
“The strict interpretation by the Dutch regulator constitutes a serious obstacle for companies to process personal data for commercial reasons, because they would have to obtain consent from every data subject.” #GDPR #privacy
3/ According to Brussels, the Dutch supervisory authority does not strike the right balance between the right to data protection on the one hand and the freedom of undertaking on the other. #GDPR #privacy
Read 17 tweets
Remember when they sneered at Geocities pages for being an unusable eyesore? True, they had some, uh, *idiosyncratic* design choices, but at least they reflected a real person's exuberant ideas about what looked and worked well. Today's web is an unusable eyesore *by design*. 1/ A GDPR consent dialog with ...
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:… 2/
Start with those fucking "sign up for our newsletter" interruptors. Email is the last federated protocol, publishers are desperate to get you to sign up to their newsletter, which nominally bypasses Big Tech's chokepoint on communications between creators and audiences. 3/
Read 49 tweets
Time for some hot #privacy action! The House Subcommittee on Consumer Protection and Commerce hearing on the American Data Privacy and Protection Act (#ADPPA) starts at 10:30 am Eastern!

Here's the livestream and list of witnesses:…
This morning's post on The Nexus of Privacy has background.…
#ADPPA has bi-partisan sponsorship - House Energy and Commerce Chair @FrankPallone and Ranking Member @cathymcmorris, Senate Commerce Committee Ranking Member @SenatorWicker.

Conspicuous by her absence: Senate Commerce Chair @SenatorCantwell, who's working on her own bill.
Read 151 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!