Discover and read the best of Twitter Threads about #gdpr

Most recents (24)

General reception of AI White Paper and EU Data Strategy: a proper confirmation of European values and European sovereign tech path, though still infused with legacy economic logic. Quite vague, has better and worse moments. Some specific thoughts below. 1/x
#DigitalEU #Data #AI
First, data strategy. Take a look at the aims here. Market, openness, infinite business access to data. And a bit of EU norms & privacy. What about digital welfare state, data to improve quality of life? Confusing AIMS with TOOLS. Market is a TOOL – and an exclusive one! 2/12
The long neoliberal shadow is visible in approach to public data. We payed for it – so business will use it for free… and then levy fees for access. Didn’t we learn with @MazzucatoM how public value leakage ends with corporate behemots (eg Apple build on public R&D)? 3/12
Read 13 tweets
Petit thread #privacy sur l'annonce de la fermeture de #Fidzup, attribuée par son CEO à la mise en demeure de la @CNIL dans son article Medium :… #GDPR #EuDataP
Dans sa lettre, O. Magnan-Saurin indique 2 fois qu'il ne remet pas en cause le fond de la procédure. Mais de petits indices laissent penser qu'il n'a pas forcément saisi ce fond : il indique que les données collectées par Fidzup sont des données "non nominatives et anonymes".
Si c'était bien le cas, la loi Informatique et Libertés (seule applicable à la procédure de 2017 contre Fidzup) n'aurait pas trouvé à s'appliquer. Les données collectées sont bel et bien des données personnelles : c'est bien sûr tout leur intérêt pour les clients de Fidzup !
Read 19 tweets
Open Wifi Security (Friday evening rant)

1) Yes, at our @nordic_choice hotels we have open wifi as standard. No Client<->AP encryption (WPA/23), and no captive portal to logon to.

Let me first explain some obvious reasons for doing so. (Often disregarded by infosec pros.)
@Nordic_Choice 2) It is INCREDIBLY easy for anyone to connect and start using the Internet at our hotels. And we have absolutely all kinds of people staying with us. That includes people that are not tech-savvy at all.
@Nordic_Choice 3) Being a company who very actively seek to reduce our footprint on earth & measure our performance in "People, Planet & Profit" (not just profit), open wifi with no captive portal saves time, energy & money. It helps your mood as well. 😇
Read 22 tweets
Andrea Jelinek, Chair of @EU_EDPB, said there are currently 70 cross-border cases w final decisions, proving that OSS works; ‘these are not spectacular cases in terms of fines’ though #CPDP2020 #OneStopShop #GDPR
Most of these +70 cases are related to the rights of the data subject (erasure & access), followwd by cases related to data breach notifications.
One of the main challenges for smooth functioning of OSS are differences in national peocedural laws. ‘Resolution of cross border cases is time & resource consuming & intensive’ #CPDP2020
Read 12 tweets
A few thoughts on the leaked EU Commission's White Paper on a European Approach towards #AI
(thanks to @F_Kaltheuner for pointing it my way)

The white paper references the Commission's ongoing activities on #AI. But the main thrust is the analysis of different regulatory options to make good on @vonderleyen pledge to present legislation on #AI within the first 100 days in office.
The big story in the media such as this @POLITICOEurope piece (where you can find a link to the leaked draft) has been the consideration of a temporary ban of facial recognition in public spaces.…
Read 22 tweets
Oh, please. READ THE ACTUAL CONTRACTS! e.g. the deals @Google's signing with #NHS Trusts in the UK assign it exclusive #IPR. The power imbalance is bad enough as it is; turning people's lives into property ('ownership' vs rights) will only make things worse...
...and the few details of the @GoogleHealth/@Ascensionorg deal that are now public show the clear intent to do commercial R&D on tens of millions of patients' identifiable data *without consent* - see item 3:…

What exactly would 'ownership' get people...
..that stronger (e.g. #GDPR-like) properly-enforced #DataProtection rights wouldn't? Exactly how much do you think @Google would pay you for your entire medical history, or your genome? Do you think you'd get to negotiate? And once they paid, wouldn't they also 'own' you(r data)?
Read 3 tweets
Hey Privacy peeps! Are you lost on the #GDPR implementation? Here is a the State of play in the Member States: cc #EUdataP #privacy #RGPD. If you have comments or any update, let me know. @EU_EDPB is it possible to have an official list on your website?
AT: The law covering both the GDPR and the Law EnforcementDirective has been adopted by Parliament and enteredinto force on 25.5.2018. The text can be found under the following link:…
Moreover, AT has adopted two amendments to the new data protection law, which likewise enteredinto force on 25.5.2018. The texts can be found under the following…
Read 37 tweets
Uncovering the Disqus data machine pt.2: This figure shows the difference between the regular European experience of using a site with @disqus and the American one. (LONG THREAD)
My reporting on @disqus started with a tip - the consulting company @conzentio thought it was weird that the comment section widget from Disqus could share so much data. They had a fair point, and it turned out that it breached the #GDPR
The chart is actually lying - @LiveRamp refuses to receive data from Norwegians (451 status code) - so far fewer companies receive private information.

One might say that LiveRamp boosts the data sharing between companies. (They have not responded to my request for comment)
Read 15 tweets
Uncovering the Disqus data machine: @disqus shared the personal data of tens of millions of users without them or the websites knowing about it. thread - 1/13
During reporting for @NRKbeta I found that several well-known sites appear to send user data through @disqus . Some of them are: @wirecutter, @9to5mac, @ZDNet, @pcgamer. Political sites were also affected: @thehill, @BreitbartNews, @realDailyWire, and @gatewaypundit 2/13
The company says that 2 billion unique users hit their platform each month, but the number could likely be far lower. Disqus would not disclose the % that have their data shared. 3/13
Read 18 tweets
Tories today are in power and the UK's feeble democracy was the first of the high standing Western systems to die.

There is no longer an informed electorate.

The digital political advertising industry controls their behaviour.

Big money owns the best mass mood manipulators.
Here's how it works:

1. Collect big data about the people and their behaviour

2. Put your computers at work

3. Ditch your principles about decency

4. Do what your computers tell you works best.

You will be surprised how well the predictions work.
ad 1) Facebook admits 85m user profiles have been stolen, which could well be more, but there's much much more than FB and they're all collecting our data. This data will be used to make you enjoy a better service, but the fact that it's there means it attracts gold miners.
Read 16 tweets
1/x Geht ja schon mal gut los: @EU_EDPB erkennt richtig, dass Rechtsgrundlage eines #Delisting nicht allein Art. 17 #DSGVO (Recht auf #Löschung), sondern auch Art. 21 DSGVO (Recht auf #Widerspruch) sein kann (muss?).
@EU_EDPB 2/x Dann wird leider die Auffassung der Art. 29-Gruppe wiederholt, wonach der Suchmaschinenbetreiber den first publisher nicht über einen Antrag auf Delisting informieren darf.
Read 18 tweets
I am incandescent with rage. @AmazonUK

You are requiring delivery drivers to ask for full date of birth for controlled goods. I offered to prove my year of birth. I am obviously over 18. This is directly counter to the minimisation principle in the #GDPR
I now don’t have my Christmas delivery, because the driver would not accept offered proof of age (year only being shown from govt photo ID)
I had to reassure the driver that I was furious, but not with him. I will complain through official channels, but I want a public acknowledgement of why you are requiring this data the drivers are storing on your systems.
Read 18 tweets
[THREAD] #GDPR and #ePrivacy directive require #consent for tracking. EU websites rely on IAB #cookie banner providers to implement consent, but what happens behind the cookie banner interface? Our study @CelestinMatte @Cristianapt finds 54% of them are non-compliant. (1/11)
Many websites rely on third-party cookie banner providers, called Consent Management Providers (CMPs), that implement the IAB Europe Transparency and Consent Framework (TCF):… (3/11)
Read 12 tweets
I’m here at NY State Senate hearing on #S5642 #NYPrivacyAct and will offer some commentary…
@Partnership4NYC opens with testimony that seeks to gut the draft bill to take a far more pro-business stance. They want opt-out instead of opt-in and to strike the private right of action while delaying roll-out to 2 years from 6 months. #S6542
Business Council of New York State prefers federal law and FTC enforcement. Seems to want to narrow concern to data breach rather than address data abuse. They even object to basic data request rights! claiming it’s onerous for business (despite CCPA/GDPR). #S5642
Read 16 tweets
The @guardian featured an opinion piece about how the #GDPR is failing to protect privacy.
The piece serves as an unintentional object lesson of the same. THREAD 1/…
Here is the excerpt where the author decries prevailing opt-out practices alongside the Guardian’s consent menu doing the same.
Note: The @ICOnews states that this menu is not #GDPR compliant (“NO" should be as easy as "YES"). 2/
When I VPN as a French user The Guardian interacts with 42 third party domains (listed below) and loads 122 third party cookies.
Note: All this arises without my opt-in consent. 3/
Read 7 tweets
Nel frattempo, qualcosa si è mosso.
La segreteria di ha appena risposto alla mia segnalazione.
Vediamo quanto impiegano a sistemare **almeno** la questione delle policy #Privacy e #Cookies [#GDPR]
Per nota: @ebobferraris
Read 11 tweets
I’m at a press conference on how #GDPR is frustrating US law enforcement efforts online. DEA’s Jae Chung and DOJ’s Jason Gull speaking now.
Gull: “WHOis is turning into WHOwas ... We have information on who owned a domain six months ago, or a year ago now. It’s like having an old phone book.”

Problematic for urgent requests to preserve data in investigations.
Gull notes that WHOis was always problematic — full of false information and outdated information. He said about 1/4 of all entries were proxied through privacy services, but that many were very cooperative. Now the process of sending requests to preserve evidence is slower.
Read 14 tweets
The #HudumaNamba case is back in court for a final day of hearings today - oral highlighting of the final submissions of both petitioners and respondents

Proceedings are scheduled to begin at 10am
@thekhrc @HakiKNCHR @Haki_na_Sheria @HakiCentre @katibainstitute @lawyershubkenya @CEMIRIDE_KE @MUHURIkenya @StrathCIPIT @AmnestyKenya The judges have entered the courtroom and today's proceedings on #HudumaNamba & #NIIMS are now beginning
@thekhrc @HakiKNCHR @Haki_na_Sheria @HakiCentre @katibainstitute @lawyershubkenya @CEMIRIDE_KE @MUHURIkenya @StrathCIPIT @AmnestyKenya Before the oral highlighting begins, the judges are confirming two issues - (1) that the court has all the submissions that have been filed (initial & supplementary submissions) & (2) how we will proceed for the highlighting

Read 428 tweets
I still can't stop being amazed by the 1973 HEW Report, which recommended a US Federal Code for Fair Information Practice. Check this out - it recommended all those goodies that are currently a GDPR trademark, starting with having some sort of DPO in place 1/ :
Have data security measures in place and only share personal data with third parties after ensuring the third party has appropriate safeguards in place 2/
And it even recognized some sort of portability rights. Yes, #portability! 3/
Read 8 tweets
With my last drop of CJEU judgments brainpower for the week, here are some key points from the global takedown of #Facebook defamatory comments case published yesterday #Glawischnig Long thread alert! 1/x…
Setting the scene: this is not a data protection or #privacy case. This is a case concerning deletion of information, but grounded on defamation. It is irrelevant for the case at hand that those comments contained personal data, even if they did. 2/
Fun fact: the #GDPR specifically excludes from its scope of application those situations which also fall under the scope of liability rules for intermediary service providers, Art 12 to 15 from eCommerce Directive, precisely what the CJEU was asked to interpret. 3/
Read 18 tweets
Today's court proceedings on #HudumaNamba & #NIIMS have begun!

Day 4 is starting with continued cross-examination of witness for respondents Mr. Brian Omwenga by counsel for petitioners Yussuf Bashir @yussufugas
Counsel Awele continues the cross-examination

Counsel Awele asks: if security policies were pre-defined, those policies would perhaps assuage concerns of petitioners?

Witness: is say that's a fairly good question... this data has already been given to govt, concerns about security not raised before

Read 108 tweets
The court is now in session - follow us for live tweets as @yussufugas continues his cross examination of the government expert witness #NIIMS #HudumaNamba
@yussufugas Respondent confirms that the remaining three #GOK witnesses will be available on 2nd and 3rd. Mr Kibicho hopes to testify on the 2nd.
@yussufugas The court states that they expect to finish with the two #GOK expert witnesses today, even if the court will have to sit late
Read 81 tweets
1/ I can't believe it's been this 3 years already. the @uport_me team won a prize after launching the first version of our Self Sovereign Identity wallet at DevCon2 on #ethereum complete with social recovery using proxy contracts, wallet connect like QR codes and gas funding.
2/ Our focus is still on Self Sovereign Identity for #ethereum, but we've learnt so much since our first experiment back then.

Here is a diagram of our original architecture...
3/ Most importantly the key to safely build #identity on a blockchain is to actually use as the #blockchain as little as possible.

Ideally a good identity solution for blockchain applications provides an off-chain method of linking together on-chain interactions.
Read 17 tweets
The Irish Times covers my visit to Dublin talking about #TheGreatHack and the key lesson it teaches Americans. We need the US to catch up to the EU on #DataRights to safeguard democracy. #Tech4GoodDublin cc @ICCLtweet @INCLOnet @thegreathackdoc…
And also via @FT…Google caught allegedly circumventing the #GDPR, slapped with an investigation by Irish Data Protection Commissioner, as @johnnyryan’s research exposes Google’s dirty tricks.…
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!