Discover and read the best of Twitter Threads about #ePrivacy

Most recents (24)

#RA2022 📢 Le rapport d'activité 2022 de la CNIL est présenté ce matin à la presse ! 👉 cnil.fr/fr/le-rapport-…
🗣️M-L Denis « Les 4 principales missions de la CNIL :
1⃣ Informer et protéger
2⃣ Accompagner et conseiller
3⃣ Anticiper et innover
4⃣ Contrôler et sanctionner Image
"Se rapprocher de nos publics et les sensibiliser avec :
➡️ Des journées RGPD en région
➡️ Une présence en radio
➡️ Une campagne d'info et de sensibilisation pour les 8-10ans
➡️ Une nouvelle offre d'accompagnement renforcé lancée en 2023"
Renforcer notre politique d'accompagnement des professionnels avec :
➡️ 12 guides et référentiels
➡️ 3 recommandations adoptées ou MAJ
➡️ 10 projets accompagnés via le "bac à sable" EdTech
➡️ 6 consultations publiques
➡️ 27 000 nouveauc comptes sur le nouveau MOOC
Read 16 tweets
1/ Druckfrisch: LG München I (33 O 14776/19) zu #Tracking, § 25 #TTDSG, #IAB #TCF, #RealTimeBidding, #DarkPatterns - focus_de (n.rkr.).

vzbv.de/sites/default/…

vzbv.de/urteile/einsat…

Glückwunsch an @TilmanHerbrich @DianaEttig @vzbv.
Dank an @wolfiechristl.

#TeamDatenschutz
2/ Als Einstieg und Zusammenfassung kann der Beitrag von @publictorsten auf @heise_online dienen:

heise.de/news/Verbrauch…

Und wer Spaß an Meinungspluralität hat, liest sich unter dem Artikel das Heise-Forum dazu durch:
3/ Der Tatbestand stellt den Sachverhalt (streitig und unstreitig) technisch so detailliert dar, wie bislang kein anderes mir bekanntes deutsches Urteil. Lesenswert, hier Beispiel #RealTimeBidding und #Xandr.

Vortrag Kläger (S. 158):
Read 37 tweets
#PrivacyResearchDay C'est parti ! La CNIL accueille aujourd'hui des chercheurs internationaux pour présenter leurs travaux sur la #vieprivée et la protection des #données.
Suivez l'événement en direct en 🇬🇧 ou en 🇫🇷👉 cnil.fr/fr/privacy-res…
Suivez le thread ⬇️
La présidente de la CNIL Marie-Laure Denis accueille la communauté internationale au 1er #PrivacyResearchDay ! Des chercheurs qui travaillent et enseignent en Allemagne, Belgique, Espagne, Singapour, Suisse, Royaume-Uni, Luxembourg et France.
La CNIL utilise la #recherche de multiples façons :
👉 Lors de la rédaction de recommandations et de lignes directrices.
👉 Dans l'un des cas sur les #cookies, la CNIL s'est référée aux résultats de deux documents de recherche.
Read 69 tweets
Cookie consent is an issue that keeps on giving.🧵
Since 2011, the level of regulatory scrutiny on this #ePrivacy requirement has resembled the stock market: an ever oscillating line which as time goes by is only going upwards (peaking at record levels in the past two years).
Off the top of my head, key milestones in this recent progression include:
1️⃣@ICOnews 2019 report on RTB which shocked the advertising industry.
2️⃣@EUCourtPress Planet49 decision focusing on valid consent.
3️⃣@CNIL relentless & big ticket enforcement.
4️⃣Belgian DPA’s TCF decision.
Add the effective campaigning & activity of @NOYBeu & @johnnyryan and the result is an environment where targeted advertising needs to be compatible with ‘Reject All’ buttons & a cookie-less Internet. Two reactions I’m seeing:
1️⃣Non-consented targeting.
2️⃣Cookie walls.
Read 6 tweets
"Researchers developed a method to deliver a Facebook ad campaign to just one person out of 1.5 billion" "based only on the user’s interests", so on personal data (despite authors claiming otherwise!) . Ultra- targeting. #GDPR #ePrivacy #DigitalServicesAct arxiv.org/pdf/2110.06636…
Such precision is totally identifying and singling out individuals. This is highly privacy invasive. I'm SHOCKED that the researchers and the press describe it as 'without personal data'. Not true! #GDPR #ePrivacy
"4 rarest interests of a user make them unique within a user base in the same order of magnitude as the worldwide population". Such result means that such targeting is bound by regulations. This is shocking! Imressive result. Cost of targeting: 0.12€ #GDPR #ePrivacy
Read 3 tweets
It turns out that wireless charging leaks private data. It leaks information about websites visited by the user. " allows accurate website fingerprinting on a charging smartphone". Information leaked depends on the battery level. Cool work! #GDPR #ePrivacy arxiv.org/pdf/2105.12266… ImageImageImageImage
"Below approximately 80% state of charge, both wired and wireless charging side-channels observed in this experiment do not leak information. ... consistently classify traces with a battery state 90%". Privacy-preserving advice: have less than 80% battery charge? :-) ImageImage
This research work reminds my our privacy study of privacy leakage via web browser battery information API. #GDPR #ePrivacy blog.lukaszolejnik.com/battery-status… theguardian.com/technology/201… :-)
Read 5 tweets
🇬🇧 With the adoption of the #chatcontrol regulation (#ePrivacy derogation), the European Parliament last month approved the EU's first #masssurveillance legislation to allow searching private messages for allegedly illegal content. Watch again my speech before the vote 🧵(1/5)
🔍 #Chatcontrol allows e-mail and messenger providers to indiscriminately scan your private messages and chats in real-time for potentially suspicious content, including automated reporting to the police. (2/5)
A petition has been set up to oppose indiscriminate #masssurveillance via #chatcontrol, and to save the confidentiality of private communications online - but to no avail: openpetition.eu/petition/onlin…
(3/5)
Read 5 tweets
Wishing all the best to Slovenia during its Presidency of the Council of the EU 🇸🇮❤️🇪🇺. There are huge challenges and legislative files ahead, and I sincerely hope Slovenia can make as much progress as possible. I welcome the efforts for some outlined priorities. BUT!... Thread👇
The European citizens and its institutions should feel a little uneasy since, in the words of @bpolitics, a Trump-inspired Twitter troll gets to set (although in a very limited sense) the EU agenda.

bloomberg.com/news/articles/…
The Slovenian government has followed Poland and Hungary down to the authoritarian path with "war on media", unlawfully canceling the nominations of EPPO delegated prosecutors, therefore inadmissibly undermining the independence of the judiciary.

ft.com/content/100454…
Read 12 tweets
Birgit Sippel mentioning how "some Member States" **coug cough** France **coug cough** are ready to ignore primary and secondary EU law #EUdataP
She mentions the @laquadrature case and the fact that the French Conseil d'État is encouraging to disregard CJEU law. She asks what the Commission is planning to do if that were to happen.
Read 13 tweets
Étonnant que personne en 🇫🇷 ne sembe avoir relevé comment le projet Règlement #ePrivacy adopté par Conseil 🇪🇺 essaye de ‘défaire’ l’arrêt LQDN @laquadrature rendu par CJUE le 6 Oct 2020 concernant la conservation des données de connexion à des fins de renseignement
Thread 1/n
👇 ImageImage
Comme l’a noté @edri il a fallu... 1492 jours depuis l’introduction du projet par @EU_Commission pour que Conseil 🇪🇺 adopte finalement sa position ouvrant la voie aux trilogues pour ce qui est considéré comme une mise à jour indispensable de la directive #ePrivacy de 2002... 2/n
...sur la protection de la vie privée sur Internet & confidentialité des communications électroniques. Ceci n’a été rendu possible que quand 🇫🇷, longtemps opposée au texte, l’a soutenu après certains changements importants opérés par présidence 🇵🇹.. 3/n
👉 data.consilium.europa.eu/doc/document/S…
Read 12 tweets
NEW: Our report #ToTrackOrNotToTrack shows that privacy-friendly advertising is possible *without* bankrupting online publishers. But in order to promote the uptake of alternatives, EU policymakers must create a regulatory push.

➡️Read the report: en.panoptykon.org/privacy-friend…

1/7 Image
The online advertising industry has become toxic – not only for users, whose privacy is notoriously violated, but also for publishers and advertisers. Only those who dictate the rules of the game – #adtech middlemen and large online platforms – benefit.

2/7 Image
Meanwhile, many users, publishers, and governments have conceded that this is unavoidable. That we either tolerate invasive digital ads, or else all of online publishing collapses. This is a false choice – there is a way to sustain online publishing *and* uphold privacy.

3/7
Read 8 tweets
Ticketmaster fined £1.25million for security compromise (they were hacked by Magecart group, their website code was altered to steal data during payments), #GDPR breach. ~9.4m customers affected. Payment data stolen, too. ico.org.uk/media/action-w…
Third-party (chatbot provider) was breached. This spilled to Ticketmaster. Had this functionality not included on the payment site, this breach would not happen (this way, at least). Fun fact: ICO decided to enforce PCI-DSS requirements. #GDPR #ePrivacy
Ticketmaster says they were unable to use the standard subresource integrity (blog.lukaszolejnik.com/making-third-p…) to protect their site because the software changed too often (but they did not know how often). "ICO views this measure as an appropriate measure to implement" #GDPR
Read 4 tweets
Da sich in letzter Zeit zunehmend Statements von Datenschutzbehörden und Gerichten häufen, die zu Sachverhalten Stellung nehmen, die (auch) vom TK-Recht geprägt sind, hier einmal ein kurzer Abriss zu den Zusammenhängen und Unterschieden.
Das Telekommunikationsgeheimnis (bzw. auf EU-Ebene: das Recht auf Vertraulichkeit der Kommunikation) ist ein Rechtsgut, das im demselben Rang steht wie der Datenschutz und davon unabhängig ist. Historisch ist es älter, geht auf das Briefgeheimnis zurück. de.wikipedia.org/wiki/Briefgehe…
Heute sind die beiden Rechtsgüter jeweils eigenständig verankert.

TK-Geheimnis:
- 🇪🇺: Art. 7 EU-GrCh / Art. 5-10 ePrivacy-RL
- 🇩🇪: Art. 10 GG / Art. 88 TKG

Datenschutz:

- 🇪🇺: Art. 8 EU-GrCh / DSGVO
- 🇩🇪: Art. 1 I, 2 I GG, Datenschutzgesetze
Read 28 tweets
Petit thread #privacy sur l'annonce de la fermeture de #Fidzup, attribuée par son CEO à la mise en demeure de la @CNIL dans son article Medium : medium.com/@olivier.magna… #GDPR #EuDataP
Dans sa lettre, O. Magnan-Saurin indique 2 fois qu'il ne remet pas en cause le fond de la procédure. Mais de petits indices laissent penser qu'il n'a pas forcément saisi ce fond : il indique que les données collectées par Fidzup sont des données "non nominatives et anonymes".
Si c'était bien le cas, la loi Informatique et Libertés (seule applicable à la procédure de 2017 contre Fidzup) n'aurait pas trouvé à s'appliquer. Les données collectées sont bel et bien des données personnelles : c'est bien sûr tout leur intérêt pour les clients de Fidzup !
Read 19 tweets
Commissioner Breton will keep working with the Croatian presidency on the current #ePrivacy proposal, says Jakub Boratynski, head of unit for digital privacy at DG Connect. He would not be goaded into giving a deadline for a possible new proposal. Image
ePrivacy is 'like Brexit', quips German telco attaché Robert Dehm. He says it proved to be a particularly unpredictable legislative proposal. agetting it through council will continue to prove tricky, he thinks. Image
Now the panel slides from debating the legislative progress of ePrivacy to more general paranoia about GDPR/data protection. Image
Read 3 tweets
Yesterday saw the first slip-up by Thierry Breton, the new EU Commissioner for the (digital) single market. In Council, Breton told ministers the Commission would withdraw its proposal on #ePrivacy, only to backpedal a few hours later, saying 'all options' were on the table. Image
This gaffe lead mainly to a few confusing and contradictory headlines, but it opens a few questions for the next five years. The first - how will Breton fare with ministers when he tells them one thing in Council and a completely different thing to the press later?
The second and more pressing question for Breton - will he give way to pressure from member states and industry to create weak rules for the digital economy, or will he stand up to powerful interests which he himself represented just a few weeks ago?
Read 4 tweets
[THREAD] #GDPR and #ePrivacy directive require #consent for tracking. EU websites rely on IAB #cookie banner providers to implement consent, but what happens behind the cookie banner interface? Our study @CelestinMatte @Cristianapt finds 54% of them are non-compliant. (1/11)
Many websites rely on third-party cookie banner providers, called Consent Management Providers (CMPs), that implement the IAB Europe Transparency and Consent Framework (TCF): iabeurope.eu/transparency-c… (3/11)
Read 12 tweets
1/9 Thread: Achtung #Vorratsdatenspeicherung:

Widerstand ist jetzt nötig!

Mit unserer Klage wollen wir dt. #VDS kippen & Signal an andere EU-Länder senden:
digitalcourage.de/weg-mit-vds

mehr Infos:
digitalcourage.de/blog/2019/acht…
@BMJV @SPDEuropa @Gruene_Europa
@bmjv @SPDEuropa @Gruene_Europa 3/9
· in EU-Rat & Arbeitsgruppe #DAPIX gibt es keinen #Grundrechte-Flügel

· diskutiert werden ausschließlich Optionen für anlasslose Massenüberwachung

· Regierungen ignorieren Schutzpflicht des Staats gegen die Überwachung der Bevölkerung

digitalcourage.de/blog/2019/acht…
Read 9 tweets
How will key laws such as e-evidence, e-privacy and the terrorist content regulation fare under the new European parliament? A glimpse in today's presentation by the Finnish presidency in the @EP_Justice committee. Presentation by ministers Anna-Maja Henriksson & Maria Ohisalo. Image
Henriksson said she wants to expand the EU's rule of law toolbox, nodded to Article 7 proceedings against Hungary and Poland. She also said that the Finnish ministers and the Permanent Representative would publish all meetings with lobbyists.
Unfortunately, there were little more than platitudes on #eevidence, little nod to concerns by Germany and others on problematic aspect of Council and Comm. positions. Also, not a single mention of #eprivacy, which the Finns have promised to get a Council position by Year's end.
Read 6 tweets
You are worried about #facebook and #FaceApp, but use #Microsoft #Office every day? Time to be concerned! Did you know that Microsoft is processing lots of data about you without telling you about it? 1/n #GDPR #ePrivacy
Through its software and operating system, #Microsoft collects and stores personal data about user behavior, so-called #diagnostic data, on a large scale. Microsoft collects this data in various ways: 2/n
via system-generated logs of events on its servers and via the telemetry client in Windows 10, in Office 365 ProPlus, and in the mobile Office apps. These telemetry clients collect diagnostic data on your device and send this information to Microsoft's servers in the US. 3/n
Read 43 tweets
Once upon a long-forgotten time, the ePrivacy regulation was supposed to bring privacy to Europeans surfing the web. Back then, the UK ad industry was anxious to know how #ePrivacy would 'play out post-Brexit'. 2 questions:

Whatever happened to ePrivacy? And what to Brexit? Image
For the non-geeks among you, ePrivacy is meant to be the landmark data protection law to complete the work of GDPR. Drafts promise to regulate 'privacy-by-default' settings in browsers and make it harder to track users without consent.
For the past one-and-a-half years, ePrivacy has been held up in the Council by an unholy alliance of states such as Austria and Germany. Lobbyists suggest the publishing industry would suffer from curbing behavioural advertising, hence Axel Springer et al hate ePrivacy.
Read 5 tweets
Our privacy analysis of data flows in Real-Time Bidding systems, including the assessment of how much user data is valued. #ePrivacy lukaszolejnik.com/rtbdesc
Some publishers used clever mechanisms to bypass blockers and smuggle in cookies. #ePrivacy lukaszolejnik.com/rtbdesc
Following analysis of the high-frequency trading of user data. #ePrivacy #DataProtectionDay #DataPrivacyDay lukaszolejnik.com/rtbdesc2
Read 3 tweets
1. Good piece on where business is up to on #GDPR & personalisation: linkedin.com/pulse/personal… However, #ePrivacy Directive sets out cookie consent req unless "strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested"
2. There is significant EU case law on "strict necessity", as well as some on "explicit" & "specific" consent. It does not really suggest a "take-it-or-leave-it" rather than opt-in approach to additional "services"/"intrusions" (depending on your perspective) is OK/"debatable".
3. Rather it strongly points to such an approach being NOT legally OK. That may be inconvenient to #ecommerce & even v silly on the part of #EUDataP. However, those factors alone cannot change the meaning of v specifically crafted law, albeit law widely bent (or ignored) online.
Read 5 tweets
Will #eprivacy be the next expansion of #gdpr? MSFT #Skype, #Whatsapp, Facebook #Messenger would have to provide #privacy controls/consents/disclosures for tracking/logging realtime communication and messaging.
technologyreview.com/the-download/6…
This matters in a few ways. First, live chat and messaging are features of many kinds of products and services. So #ePrivacy jurisdiction may touch nearly every website, service, and gadget.
Second, #ePrivacy demands transparency for the middle part of a call, exactly where companies like @Amazon, @Google, @Skype and @SlackHQ create new value and new partner ecosystems. Translation, bots, commerce to enhance your conversation will need specific disclosures.
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!