Discover and read the best of Twitter Threads about #gdpr

Most recents (24)

So, @AerServ are trying to cover up that they've had a breach. I was notified that I was in it via @haveibeenpwned and when reaching out to them, they denied that they have any data on non-registered users or that they've even had any breaches! #infosec [1/12]
After receiving the notification from HIBP, and seeing the type of data involved in the breach - I instantly wanted to know how they could have got data of mine. My mobile usage is not much further on than it was when I was using a Nokia 5110, so no questionable apps. [2/12]
I reached out to them with a subject access request, to get a copy of the data they hold about me, despite not having registered for their services (see screenshot) [3/12]
Read 12 tweets
Just stumbled upon some alerting information which ties a now Cabinet Minister to Pre-EUreferendum digital preparations
💣Time is of the essence so getting this out there.💥
@brexit_sham @shahmiruk @chrisinsilico @carolecadwalla @peterjukes @CommonsCMS @StillDelvingH
👇#Palantir
1/ First just to show you the relevance of the timings here I need to remind everyone about when the EURef Bill was Introduced and passed in Parliament.

A manifesto commitment of the Con Party.
It was Introduced on 28th May 2015
Act Passed in HoC 9 June 2015
Assent 17thDec 2015
2/ Secondly I would like to take you back to @chrisinsilico's evidence to DCMS stated that #Palantir had had several meetings with #CambridgeAnalytica & Nix of #SCL & CambAnal & Palantir used Kogans GSR data together in same office.
Potted History here.
Read 22 tweets
The #EDPB published the *long awaited* draft #GDPR Territorial Scope #Guidelines today, which also have a section dedicated to the “legal representative” issue. Some takeaways below ⬇️ Thread time 1/14 edpb.europa.eu/sites/edpb/fil…
An “establishment” of a non-EU entity in the EU doesn't require a registered branch/subsidiary. Any stable arrangements will be taken into account 4 data protection law purposes.But merely the fact that the company’s website is accessible from the EU is not an "establishment"2/14
A processor in the EU is not deemed to be an “establishment” of the non-EU controller in the EU. The existence of the controller-processor relationship does not trigger the application of the #GDPR to the non-EU controller 3/14
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

It’s @AnaGuerberof kicking us off for the second (half) day of #2018TEF. Don’t forget, you can contribute here: app.sli.do/event/apmn47dy… #xl8
And the first speaker today is @KBenammar, a philosopher specialising in #reframing and transformative thinking. I’m curious!
Here’s more about Karim’s background and work: karimbenammar.com/en/contact
Read 33 tweets
Petit #Thread sur une campagne en cours de vrais/faux messages adressés à des #TMPE autour du #RGPD.
Selon les organisateurs, cela aurait vocation à générer une étude pour sensibiliser... j'y reviendrai, pas sur le fond, mais sur la forme...
CC @reesmarc
1/n
Je suis le webmaster du client destinataire, et en cherchant sur le net, j'ai découvert qu'il n'est pas le seul à recevoir ces messages (4 "spams" en tout a priori) - et pour cause...
1bis/n
1er message reçu chez mon client avec le titre "Demande d’information RGPD" de Mike[.]Rosebird[@]electronicprivacy[.]eu - Le domaine a été acheté le 18/10 chez Gandi et utilise les services AWS pour un marqueur (pixel) caché - un lien "bloquer mon email" en pied de msg.
2/n Mike[.]Rosebird[@]electronicprivacy[.]eu / spam RGPD
Read 24 tweets
At least the right to rectify and the right to erasure (#RTBF) in the #GDPR already apply to inferred data according to the European Data Protection Board
See WP 251 rev.01, p 18: "The rights to rectification and erasure apply to both the ‘input personal data’ (the personal data used to create the profile) and the ‘output data’ (the profile itself or ‘score’ assigned to the person)."
At least, I guess output data is like inferred data...?
Read 3 tweets
1. Good piece on where business is up to on #GDPR & personalisation: linkedin.com/pulse/personal… However, #ePrivacy Directive sets out cookie consent req unless "strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested"
2. There is significant EU case law on "strict necessity", as well as some on "explicit" & "specific" consent. It does not really suggest a "take-it-or-leave-it" rather than opt-in approach to additional "services"/"intrusions" (depending on your perspective) is OK/"debatable".
3. Rather it strongly points to such an approach being NOT legally OK. That may be inconvenient to #ecommerce & even v silly on the part of #EUDataP. However, those factors alone cannot change the meaning of v specifically crafted law, albeit law widely bent (or ignored) online.
Read 5 tweets
The French data protection authority has issued the first formal guidance on the relationship between #blockchain and the #GDPR in the #EU.

I'll tweet some of the main points. Here is the full text: cnil.fr/sites/default/…
1. The @CNIL makes clear that its goal issuing this publication is to provide concrete guidance to actors in the space. This is to be applauded. Many in this space try to build compliant systems but are having a hard time figuring out what this entails.
2. *Data controllers*: unsurprising: where users directly engage with the ledger they can sometimes be controllers.

This, however, is only so where natural or legal persons exercise a professional or commercial activity (broad interpretation of household activity).
Read 19 tweets
This is a good question: what is the root cause of the lack of privacy online today? Why does media track so much? My personal take is that it boils down to browsers and mobile platforms. Not only is that the master fix, but it is within reach. Follow the thread❗👇
First, I have some assumptions that I want to ensure you know:
1) Without a free and well-funded press before long we'd have no privacy at all. This does NOT justify an exception regime for media, but it constrains the solution. Getting rid of media is not the right option.
2) I do not buy into strict deontologism. It's not enough to make a rule, we need to make it work. If you force people into a choice between the law and survival, don't be surprised that they at least bend the rules. If you incentivise defection, expect defectors.
Read 20 tweets
The next #EUelections2019 will take place in May.
We propose new rules to ensure that they are organised in a free and fair manner, and to better protect them from manipulation by third countries or private interests.
europa.eu/!fx67KH #SOTEU #EUprotects
To ensure that Europeans are able to make their political choices next May in fair and secure elections, our new set of measures focus on:
🛡️Data protection
🔍Transparency
🔐Cybersecurity
🌐Cooperation
⚖️Appropriate sanctions
#SOTEU #EUelections2019
More in our factsheet ↓
Recent revelations have shown risks for citizens to have their data misused and be targeted by mass online disinformation campaigns.
We propose sanctions for the illegal use of personal data to deliberately influence elections.
europa.eu/!fx67KH #SOTEU #EUelections2019
Read 5 tweets
There is a massive and systematic data breach at the heart of the behavioral advertising industry. This needs to change.

I together with @jimkillock @mikarv worked with @RaviNa1k to file regulatory complaints today under the #GDPR against adtech.

brave.com/adtech-data-br…
That page was displaying oddly for some people. Being fixed now. Remove the last backslash from the URL and it displays correctly
Here are some highlights from our filing with the Irish Data Protection Commissioner
(PDF at brave.com/DPC-Complaint-…)
Read 3 tweets
Morning campers! I’ll be live-tweeting from the European Court of Justice today about @Google’s “Right to be Forgotten” hearing.

What’s the main point? Should Europe (or France’s #privacy regulator) be able to apply its rules over the internet worldwide.

A recap:
La Vanguardia, a Spanish newspaper, published records in the late 1990s detailing the debt delinquencies of Mario Costeja.

About a decade later, Costeja sued, saying that the publication breached his right to privacy.
After a lengthy legal dispute, the case was referred to the ECJ which, in 2014, ruled that individuals had the right to ask that search engines like @Google remove links (but not the underlying webpages) from search results
Read 60 tweets
Today @Brave wrote to @IAB @IABTechLab to provide feedback on the OpenRTB 3.0 #adtech spec. It appears to severely infringe Article 5 of the #GDPR 1/ brave.com/iab-rtb-proble…
Our letter contains a summary of the various personal data that are broadcast in the OpenRTB system. Note that these data are very likely to include “special categories” of personal data, since they show what the person is watching and reading, can include brokers’ segment IDs 2/
Unless OpenRTB 3.0 is very radically altered, so that no personal data are contained in the bid request, it appears that it will severely infringe Article 5 of the #GDPR, and all that flows from Article 5’s principles. 3/
Read 6 tweets
A thread for the "#software is not political" crowd. Whether you like it or not, all software is political because technology AFFECTS PEOPLE. If you came to #tech thinking you'd escape having to think about people, #politics, and society - you were mistaken. I'll show you why...
Before we start, remember this as you read. Just because YOU think the answer to any of these issues is clear-cut, it doesn't mean that issue is not political.

There are people who take the OPPOSITE position with just as much conviction, and they think it's clear-cut too.
Also - as an engineer, a developer or designer - if you choose to ignore the political and societal implications of your #technology, YOU HAVE MADE A POLITICAL CHOICE.
Read 12 tweets
Thanks @Buttarelli_G for this Op-Ed: "Big tech is still violating your #privacy" The "take-it-or-leave it" 'consent' approach shows how strongly network effects lock-in people washingtonpost.com/news/theworldp…
to the incumbent platforms. It's a paradox that the Founding Fathers in the US were fearful of accumulation of power in government but that recent successive governments have let the accumulation of power in Big Tech unchecked supposedly on the belief that competition would keep
actors in check. When #data is increasingly perceived as being an essential facility for a at least number of sectors and its dominant players, it is consequently challenging to build a service which provides the choices that competitive markets are meant to provide when
Read 7 tweets
I thought the spirit of #GDPR was supposed to be that it should be easy and simple to control how my data is used by websites. Yet this is what I had to go through in order to do that when I tried to read a @HuffPostUK tweet... (1)
First, I had to NOT press okay on this screen. Instead I had to press "here". (2)
Then I had to find the "Privacy Dashboard" option in this very very very very long page of links. (3)
Read 27 tweets
It's a criminal offence to falsifying a legal instrument. But if the #MetPolice / #LBRUT do it, then there is not even an investigation. 12 years of silence. Evidence to prove it - ukcoverup.com/search-warrant-

#skynews #lbc #theresamay #uk #bbcnews #coverup #c4news #worldnews #ukgov
Welcome to the #Metpolice who also changed & falsified my arrest details. Have a look at the evidence here ukcoverup.com/arrest-details as it's all easy to prove & that's why it's never addressed

#R4today #corruption #coverup #leadership #values #corevalues #bbcnews #skynews #itvnews
Read 97 tweets
When it comes to #DataProtection ..
Indians must ask for all the rights mentioned in #GDPR from Article 12 to Article 22 ..
If govt don't want to give apply Article 23 .. I won't even press for it ..
Stop writing sham of laws Mr. @rsprasad ..
India demands Real GDPR
#GDPR Article 15 has "Right of access by the data subject" (Screenshot 1)
In Prasad babu's #Dataprotection it become "Right to Reconfirmation and Access"
Huge and Vast differences ..Means, It has no rights at all for the Indians
#GDPR Article 16 Gives CLEAR & UNAMBIGUOUS "Right to rectification"
Prasad Babu's #DataProtection Section 25 becomes "Right to correction etc"
A Wholesome Cocktail of Ambiguous Processes and obfuscations so User may have to wait "from Weeks to Forever" to rectify
Read 8 tweets
Here's someone who's highly engaged in politics, news and society but didn't know about #MyHROptOut until this morning.

If you're in media and wondering if this needs more coverage, here's your answer. #MyHealthRecord #Privacy
Opting out doesn't appear to be going well for people so far. I've seen multiple reports of long wait times on the phone and web server crashes.

I've you're planning to opt out, I'd suggest maybe not doing it today, but definitely not waiting too long.

#MyHealthRecord #Privacy
For the record, I've gone back and forward on opting out myself.

As a journalist with strong interests in tech and privacy, I really want to see the system for myself. Kick its tyres and experience its flaws and limitations personally. But ...

#MyHealthRecord #Privacy
Read 142 tweets
My keynote, tomorrow #Computing2018: "No, let’s not put it on the blockchain".

"To carve out some scenarios where blockchain optimist narratives fall short, & specific properties of distributed ledgers & blockchain work against requirements. Includes GDPR, but no 20M fines."
#blockchain Keynote was well received.
The scenarios in this thread, link to slides at the end.
1. Short-term information of any value. Everybody will have to keep it forever and you can't get rid of it.
2. Information that will remain valuable over a longer period.
Of course you encrypt, it but while it's forever on the blockchain, the crypto may be proved broken, Moore's law may cause key to be too short, or quantum may happen (yeah right). I said "crypto", I meant it :)
Read 13 tweets
(thread) Do you want to take control of your online presence? Check out what the #GDPR offers! #GDPRexplained gdprexplained.eu
The #GDPR is the new EU regulation that protects you from having your personal data abused by private businesses, state administrations and other organisations. #GDPRexplained gdprexplained.eu
Personal data is any information that can be linked to an identifiable individual. It can be very broad since linking can be done by connecting pieces of information you leave behind in many different (online & offline) places. gdprexplained.eu #GDPRexplained
Read 8 tweets
My @Uber driver last night, going home from airport asked me where was I coming from.
Told here about #WCEU
- what is that, she asked.
- the European Conference for #WordPress, I said.
Her eyes sparkling, she grabbed the wheel firm, looked in the rear view mirror at me and said,
almost whispering:
- I installed that last week on my own, I want to sell accessories for women online, to support my kids.
No wedding ring on her hand, but I did not ask details, not sure if single mom or not.
Instead, once we arrived, I spent 30’ going over ecommerce options
for WordPress, recommended @WooCommerce, explained #SSL and #GDPR.
She only interrupted a few times to say “wait, wait!” as she was writing notes on her phone.
I was cold, exhausted, my family waiting inside, yet I was fascinated to share as much as possible with her. #WCEU
Read 10 tweets
This troll has published a thread attacking @Femi_Sorry for his video on EU democracy. I don’t like feeding trolls, but this one is getting attention for the wrong reason and his thread deserves detailed rebuttal. It’s a staggering tissue of lies and half-truths.
The EU always consults national govts in areas where it has exclusive competence. It does this through the “comitology” process - a network of committees in which member state governments advise, consult, and manage the EU civil service in its work.
When it comes to actually legislating in areas of exclusive competence, in the vast majority of all cases the Member States (Council) and elected MEPs are the legislators acting on a proposal from the Commission.
Read 32 tweets
Will #eprivacy be the next expansion of #gdpr? MSFT #Skype, #Whatsapp, Facebook #Messenger would have to provide #privacy controls/consents/disclosures for tracking/logging realtime communication and messaging.
technologyreview.com/the-download/6…
This matters in a few ways. First, live chat and messaging are features of many kinds of products and services. So #ePrivacy jurisdiction may touch nearly every website, service, and gadget.
Second, #ePrivacy demands transparency for the middle part of a call, exactly where companies like @Amazon, @Google, @Skype and @SlackHQ create new value and new partner ecosystems. Translation, bots, commerce to enhance your conversation will need specific disclosures.
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!