Discover and read the best of Twitter Threads about #gdpr

Most recents (24)

[THREAD] No wonder #GIRFEC is such a discredited shambles. You get a 'certificate' for completing this infantile @PerthandKinross 'training' module. localapps.pkc.gov.uk/Training/Getti…
There are so many errors in this Jan 2019 'guidance' seeking to legitimise daylight #datatheft it's hard to take remotely seriously pkc.gov.uk/media/39666/Pe…
It still references the infamous 2013 ICO 'memo' that had to be withdrawn due to citing the wrong threshold for data processing (unlawfully replicated in 2014 child protection guidelines) & contains case studies that contravene 2016 @UKSupremeCourt #namedperson judgment.
Read 9 tweets
Study on 'cookie banners' finds that in August 2018 less than 5 percent of the 5,000 most popular websites in the EU provided a visible 'choice' to *decline* extensive data sharing with third-party companies (based on analyzing a sample of 1,000 notices) #gdpr #enforcement #fail
What surprises me is that still 6-8% of users go through the trouble of deselecting *several* options despite the use of #darkpatterns. More than I expected.

Anyway, if opting into non-preticked 'categories' would be enforced, almost no one would opt in.
My take on this:

If almost no one would opt in, cookie banners would disappear.

Websites & other services may then try to take the 'sell your data or pay' route. They shouldn't be allowed to.

As a consequence, some of them may then stop providing services without payment, yes.
Read 4 tweets
We studied how users interact with different version of🍪 consent notices (aka #cookiebanners). Most people avoid making a choice regarding cookies and if they have to explicitly enable them (opt-in) the majority won't do it. Here is a short summary of our results. Thread:
We first checked what notices look like on websites. A large majority do not offer choices, but instead only ask for confirmation - which is mostly not ok according to #GDPR. See for example the ICO guidelines ico.org.uk/for-organisati…
In three studies we then tested different versions of cookie consent notices on a german e-commerce website, checked how users interacted with them and asked them to participate in a survey afterwards.
Read 9 tweets
You are worried about #facebook and #FaceApp, but use #Microsoft #Office every day? Time to be concerned! Did you know that Microsoft is processing lots of data about you without telling you about it? 1/n #GDPR #ePrivacy
Through its software and operating system, #Microsoft collects and stores personal data about user behavior, so-called #diagnostic data, on a large scale. Microsoft collects this data in various ways: 2/n
via system-generated logs of events on its servers and via the telemetry client in Windows 10, in Office 365 ProPlus, and in the mobile Office apps. These telemetry clients collect diagnostic data on your device and send this information to Microsoft's servers in the US. 3/n
Read 43 tweets
#Livestream #bankenlive zu #Libra läuft. Bankenverbands-Chef Christian Ossig. begrüsst unsere Gäste @Techquartier. @osanten hat Moderationsposition schon eingenommen.
Wer unser Diskussionspapier zu #Libra nachlesen will, findet es hier: bankenverband.de/fachthemen/dig…
Stellen Sie Fragen, Moderator @osanten erinnert daran, auch gerne hier an uns via @bankenverband unter #bankenlive.
Read 22 tweets
I can't overstate the significance of this #GDPR British Airways fine (1.5% of worldwide turnover / £183m) for anyone in security, privacy or senior management. You've got to get security right, with appropriate levels for your organisation, else the fines can be career changing.
Some factoids:
- GDPR fines (amongst other things) are for inappropriate security as opposed to getting breached. Breaches are a good pointer but are not themselves actionable. So organisations need to implement security that is appropriate for their size, means, risk and need.
- Security is an organisation's responsibility, whether you host IT yourself, outsource it or rely on someone else not getting hacked.
The GDPR has teeth against anyone that messes up security, but clearly action will be greatest where the human impact is most significant.
Read 6 tweets
My observations on the Spanish DPA #GDPR fine (thread): First, @LaLigaEN still arguing a yr later that their tech is misunderstood. App uses "audio fingerprinting" by which tiny fragments of audio sent for comparison w/content library & then discarded. 1/9
& on this basis they argue that the processing =/= personal data. The use case (detecting unlicensed soccer streaming) makes it challenging: wouldn't a common ID be needed to cross-reference audio + geo? But if not associated w/ user at point of collection? Maybe. 2/9
Side note: audio fingerprinting is pretty common: Shazam, the latest Pixels, & in most Smart TVs for viewing measurement. Greatest concerns for privacy advocates are if/when used between devices (e.g. phone/laptop surreptitiously "listening" for TV content, as done here). 3/9
Read 9 tweets
There are huge number of trackers on online pharmacies, sharing some of my observations I found while preparing a demo for @pyconweb. In lot of cases the medicine you search for, is shared with companies like FB, GA, Survey Monkey, Dynamic Yield & many more. #Privacy #GDPR :
Looking at the stats from @WhoTracks_me, about 11 trackers per page load & 36 trackers seen overall on @docmorris : whotracks.me/websites/docmo…
When you search for a medicine, in this case IbuHexal, this information is shared with trackers like Exactag, DoubleClick, Webmasterplan, Google.
Read 7 tweets
Thread] 10 reasons why the Netherlands (and everywhere else) should beware Scotland's failed #GIRFEC policy:

1. UK Supreme Court struck down Parts 4&5 of 2014 CYP Act because the mass #datatheft on which #GIRFEC policy relies breaches #Article8 & #GDPR bailii.org/uk/cases/UKSC/…
2. Scottish @homeed forum & @tymestrust are petitioning @ScotParl for a #publicinquiry into past & present #GIRFEC breaches of #humanrights parliament.scot/GettingInvolve…

3. #GIRFEC victims' testimony was excluded from evidence to parliamentary committee np-fringe.uk/the-evidence
4. Remedial legislation to resurrect #girfec #namedperson blocked by parliament: #shanarri too vague/subjective and no legally compliant code of practice no2np.org/unworkable-nam…
Read 8 tweets
Steadily approaching #GDPR anniversary and I see two big & fundamental issues everyone is really struggling with:
1️⃣Lawful grounds for processing
2️⃣DPIAs
One is as old as #EUdataP law itself but the #GDPR has injected new impetus. The other is yet to be learnt properly. Thread⬇️
There are three grounds for processing that get 99% of the attention:
1️⃣Consent seems easy & solid, but it is the most difficult.
2️⃣Contractual necessity is yet to be explored & debated properly.
3️⃣Legitimate interest is seen as the holy grail but remains largely misunderstood.
The standards for valid consent will eventually be settled by #CJEU but it is clear that #GDPR raises the bar well above what has become common practice (think cookie banners & ‘take it or leave it’ approaches). So consent is bound to become the residual option, not the default.
Read 6 tweets
Public trash receptacles removed from Ireland’s main post office out of concern about liability under GDPR independent.ie/irish-news/new…
>me looking for trash cans when living under the GDPR hellscape
Waste receptacles at Ireland’s main post office have been reinstalled after receiving official guidance from the country’s Data Protection Office that #GDPR does not apply to public trash cans.
m.herald.ie/news/the-bins-…
Read 4 tweets
The @BBFC #AgeVerification "Certificate Standard" has been published.

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?

ageverificationregulator.com/assets/bbfc-ag…
@BBFC Well, that was fast:

"this is the foundation of the non-statutory, voluntary age-verification certification scheme (the Scheme)"

"Only age-verification providers that meet the requirements of the Standard…will receive certification"

What happens to the ones that don't?
@BBFC [ Incidentally, I am going through this in real time with a mug of coffee, so there may be some jumping back and forth. Don't expect perfection. ]
Read 104 tweets
Gang, I will be voting for @TheGreenParty @europeangreens in #EP2019- the @GreensEP have a proven track record of getting things done in Brussels & Strasbourg (see eg #GDPR), & *nothing* is more important than a European #GreenNewDeal. bbc.com/news/uk-politi…
A vote for @TheGreenParty in many UK regions has a realistic chance of delivering a @GreensEP MEP, & the maths says they can influence the choice of next President of the Commission. I think they're the best choice to boost #Remain & also deliver progressive green EU policies.
Read 3 tweets
1. @ANewman_forward and I have a piece in the @FT, on #Facebook and privacy, building on our brand new book, Of Privacy and Power amzn.to/2TWwVWi. Short version - the reason why Facebook is pushing for privacy law goes back to @Snowden revelations. ft.com/stream/ec33ce8…
2. There's a new narrative about Facebook's embrace of #GDPR (@alexstamos gives one recent version of it) - that GDPR is good for companies like Facebook, because it is complex and easier for big companies to comply with than small upstart competitors. Not altogether wrong,
3. but not really right either. Facebook's ginger embrace of European style legislation is making lemonade out of lemons. Zuckerberg would surely have preferred a world with no privacy legislation, where companies were left to self regulate, and market mechanisms predominated.
Read 22 tweets
First #GDPR fine by Polish DPA. 6M records in database. Scrapped from public sources. Not informed data subjects about their rights. 229k EUR fine. Breach of Article 14. Impressive: no particular explanation provided.
English press release related to the first PL #GDPR fine. 6M user data scraped from public registers. Not informed data subjects about their rights. €220k fine. No tech component; purely lawful case. uodo.gov.pl/en/553/1009
Full justification of the #GDPR enforcement here. 220k fine is only one thing. Company has been ordered to inform all the 6M data subjects. Costs might exceed the fine. Full GDPR in action here. uodo.gov.pl/decyzje/ZSPR.4… (via G/translate)
Read 5 tweets
In 1989, @timberners_lee submitted a proposal that would change the world.

To celebrate #Web30, for the next 30 hours we're asking everyone to contribute to a crowdsourced timeline of web milestones.

Share your web moments at #Web30 #ForTheWeb: bit.ly/web30timeline
Starting now, Sir @timberners_lee is speaking from @CERN, where it all began. #Web30 #ForTheWeb

📺 Watch the live stream:
Read 96 tweets
Here’s a short EU #dataprotection thread relating to some of the work I‘ve been doing on #researchethics. The #GDPR is broadly a very good thing but it’s starting to look like a bit of a car crash for established ethical standards in research (1)
Why? A combination of highly effective market research lobbying for business as usual together with wider demands to “repurpose” data for “research” pushed EU negotiators into lowering the data protection bar for “research” activities across the board (2)
Fine you might say, research is very important and we shouldn’t overregulate. But what it means in practice is that once someone has your data, it is now much fairer game for “research” purposes (3)
Read 15 tweets
I've downloaded my personal data from Google thanks to #GDPR portability. I've made 71,600 searches since 2011, almost 25 searches per day, everyday for 8 years 😳 I've analyzed my data quickly, see what I've found in this thread ⤵️ #Google #data
First thing. I've looked at how many searches I've done by month. I was expecting an increase over time, by this isn't the case and I don't really know why. I was on holiday abroad during my lowest months. In April 2014 I did a staggering 1638 search queries, 52 searches / day
I looked at when I googled by weekday and hour and as I was baffled: it's almost perfectly distributed by weekday. I search the most on Sundays and at the beginning and end of work day. Times are in UTC and I lived almost always in Europe/Paris (UTC+1 or +2) so it must be shifted
Read 11 tweets
1/4 This is huge!! As far as I know, the UE has issued the FIRST Rapid Alert (#RAPEX) for dangerous products that may be related to data protection and #Privacy.
This drive me crazy: the product is a smartwatch for MONITORING KIDS (#ENOX SAFE KID ONE with GSM and GPS integrated)
2/4 Now the #smartwatch must be recalled from end users! The App, the server and the watch has no security in data transmission. The risk is very high due to young users… I hope that this will be notified to #DPA too for #GDPR enforcement.
3/4 I’m very happy to see #dangerous #products withdrawn from the market due to lack of data protection. It is the very first time. I hope that the monitoring system will keep on focusing on data protection. ec.europa.eu/consumers/cons…
Read 5 tweets
Facebook pays teens to install AppStore-banned vpn deep root surveillance kit onavo tcrn.ch/2Wo1J4J

May I present GDPR Article 8
GDPR on requirements for children
#GDPR. If any parent finds #onavo on a device used by a minor under 16 and is an EU citizen or a dual citizen, you may wish to contact the appropriate data protection authority and/or the Irish DPA and file a complaint and/or seek data rights counsel.
Read 4 tweets
"If you have nothing to hide you are worthless" Shoshana Zuboff #CPDP2019
Should we not gather in resistance against surveillance capitalism which has come to destroy human nature as industrial capitalism did to nature?
@murakamiwood digital is another special fix of capitalism to commodify aspects of human experience until now uncommodified.
Read 18 tweets
@AOC is right: technology reflects society. Here is an incomplete list of experts you should follow if you are interested in this topic / thread:
@safiyanoble – read her great book ‘Algorithms of Oppression – How Search Engines Reinforce Racism’ nyupress.org/books/97814798… with @NYUpress
@jovialjoy – and her Gender Shades project gendershades.org, her work with the Algorithmic Justice League ajlunited.org and the Safe Face Pledge safefacepledge.org
Read 41 tweets
beleidsmakers van de toekomst zijn misschien wel engineers. @AriefErnst #fixingtheinternet #fixinginternet
In hoeverre zijn de problemen gerelateerd aan het Internet. #nepnieuws was ook vroeger al een probleem. Monopolies zijn ook al oud. internet is alleen maar een nieuw domein -- zaal #fixingtheinternet #fixinginternet
Data moeten niet altijd centraal opgeslagen worden. Het is een vals dilemma, dat er niets kan als het niet centraal opgeslagen wordt. Voorbeelden zijn belgische gezondheid smart card, basisregistratie en eduroam @jvantill #fixingtheinternet #fixinginternet
Read 10 tweets
How is & how should #EUDataP of #journalism #media develop under #GDPR? Here are some thoughts based on a talk I gave to @sciencespo and @HECParisLaw late last year. slideshare.net/DavidErdos1/gd…
(1) State law remains highly divergent but the great majority recognise that qualified DP requirements and partial DPA supervision should apply to journalism.
(2) This law, the GDPR itself and the EU Charter all point to a continued, albeit sensitive role, for DPAs here. But these agencies have many other demands and remain highly resource constrained.
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!