Discover and read the best of Twitter Threads about #gdpr

Most recents (24)

Users of glassess beware! You may be leaking secret data during Zoom/Skype/etc videoconferences. Screen reflected in glasses, then visible during a videoconferencing. School-grade physics/optics sufficient to understand the exploit equations.… ImageImageImageImage
Solution/mitigation? Use a lamp. Or face bluring “reduce reflections’ light SNR, e.g., by placing a lamp facing their face whose light increase the noise portion”. Seriously this isn’t funny: if information may be leaking due to the use technology, it makes sense to do SOMETHING ImageImageImageImage
This may or may not sound hilarious/funny, but laughing aside, it is imaginable that data may eventually leak in this way (and a #GDPR data breach notice would have to be issued!). It reminds me of attacks using light sensors to steal user’s data.…
Read 3 tweets

Μία κατά λάθος ανάρτηση στη Διαύγεια ενός απόρρητου έργου του @migrationgovgr οδήγησε τους @Malichudis @IPapangeli @Balkanizator σε μια αποκάλυψη:

👉 έργα επιτήρησης προσφύγων αξίας 20 εκατ. ευρώ υλοποιήθηκαν παραβιάζοντας τον κανονισμό #GDPR.…
Tα έργα #Υπερίων και #Κένταυρος, για τα οποία έχει ασκηθεί έντονη κριτική, αφορούν:

- ένα σύστημα ελέγχου εισόδου-εξόδου, με χρήση βιομετρικών/βιογραφικών δεδομένων,

- κι ένα ψηφιακό σύστημα διαχείρισης ασφάλειας, με χρήση καμερών, drones, και αλγορίθμων ανάλυσης συμπεριφοράς. Image
Ωστόσο, οι @Malichudis @IPapangeli @Balkanizator αποκαλύπτουν πως τα 2 κεντρικά στον σχεδιασμό του υπουργείου έργα:

- σχεδιάστηκαν,
- εντάχθηκαν στα 🇪🇺 ταμεία,
- υλοποιήθηκαν,

δίχως να ικανοποιούνται αναγκαίες προβλέψεις προστασίας προσωπικών δεδομένων.…
Read 6 tweets
My observations on @AGRobBonta's first major #CCPA enforcement action, announced today against @Sephora - big news for U.S. privacy. 1/16
First, @Sephora is a strategic choice. The most significant outcome is their 2-yr agreement to honor Global Privacy Control (GPC) signals. It's very important for the AG to get this on the books, because it bolsters CCPA's key (only) redeeming feature: the universal opt-out. 2/
Despite CCPA's underlying weaknesses (advocates have rightly criticized it as an ineffectual notice & choice law), the concept of a decentralized "universal opt-out" browser mechanism has taken hold in the US and been adopted in CO, CT - with great promise. 3/
Read 16 tweets
Every time I click through one of those garbage legalese novellas you're expected to say "I Agree" to before doing something totally normal and inconsequential, I'm reminded of the legendary Lenny Bruce bit "Eat, Sleep and Crap."… 1/ A pair of shaking hands; one of them is demonic red, with sh
In this bit, all civilization begins with agreements:

> "Let's see. I tell you what we'll do. We'll have a vote. We'll sleep in Area A. Is that cool?"

> "OK, good."

> "We'll eat in Area B. Good?"

> "Good."

> "We'll throw a crap in area C. Good?" 2/
This social contract is the foundation of civilization. It's why you don't die from fecal-oral bacterial transmission.

Naturally, the legal profession has put a little more detail into the idea of what constitutes a contract in the years since. 3/
Read 71 tweets
#OmaPosti alkanut käyttää norjalaista Neomics-maksupalvelua, joka vaatii 90 pv:n pääsyn kaikkiin tilitietoihin, myös vuoden tilihistoriaan. Ei kuulosta #GDPR mukaiselta tietojen minimoinnilta? Miksi tällainen, @Postigroup? Olen saanut huolestuneilta kysymyksiä, varmaan tekin. Image
Omia tietojaan voi kysyä Neonomicsilta: "Sinulla on oikeus pyytää meitä toimittamaan sinulle kaikki sinusta keräämämme henkilötiedot. Lähetä meille sähköpostia osoitteeseen Tehdäksesi
yksityiskohtaisen käyttöoikeuspyynnön...
...lisää alle listatut tiedot viestiisi:
- Nimesi
- Osoitteesi
- Pankkisi tai digitaalisen palveluntarjoajasi tiedot
- Ajanjakso, jolta haluat omat tietosi"

(lainaukset Neonomicsin tietosuojaselosteesta)
Read 3 tweets
🔥What are the 9 #GDPR principles and why they matter for you:
1. Lawfulness (Art. 5.1.a): your personal data can only be collected, processed or used according to what the law establishes. For example, Art. 6.1 specifies six situations in which your data can be processed lawfully, consent is one of them.
2. Fairness (Art. 5.1.a): tricky principle, as there is no express indication of its meaning in the GDPR. The @ICOnews says that it means that your data cannot be processed in a way that is unduly detrimental, unexpected or misleading to you. I am working on that in my PhD :)
Read 11 tweets
1) BREAKING: #GDPR Gutting Bill on floor of the Commons at 15.30… #dataprotection

We at @OpenRightsGroup made an analysis on what to expect today. Thread below
2) This Govt want the UK digital sector to be as dirty and dishonest as them, and they wrote a law for no one but the law-breakers. Everyone else will have less rights, less choices, and less access to recourse if something goes wrong.…
3) On top of that, mass data sharing to law enforcement agencies will cement the UK digital police state. The UK Govt will authorise any data seizure or use on their whims and with secondary legislation, undermining lawfulness and purpose limitation.
Read 9 tweets
We have a message for the @EU_Commission: It's time to save the #GDPR

How? By proposing a new, complementary, law to clarify the #GDPR enforcement model, harmonise procedures, & increase the powers of the EDPB

Read our new report:
Why does the #GDPR needs saving?

🔔Alarm bells over the unequal and slow enforcement of the GDPR have been ringing

⌚️People filing complaints with their data protection authorities are waiting to see their rights materialise

🇪🇺 National procedures block DPAs' cooperation
Even filing a complaint can be difficult:

A study by The Data Protection Law Scholars Network shows that people across the EU do not have an equal right to lodge a complaint:…

This is a serious impediment to the GDPR’s efficacy for vindicating our rights.
Read 5 tweets
Η νέα απόφαση της Ολομέλειας ΣτΕ για τα θρησκευτικά έχει μια πολύ ενδιαφέρουσα ερμηνεία για τον #GDPR που αφορά ένα πολύ μεγάλο φάσμα υποθέσεων που αφορούν Υπουργικές Αποφάσεις ή ακόμη και Νόμους.
Συγκεκριμένα, το ΣτΕ έκρινε ότι όταν μια κανονιστική διοικητική πράξη καθιερώνει μια επεξεργασία δεδομένων προσωπικού χαρακτήρα που περιλαμβάνει και "ειδική κατηγορία δεδομένων" (ευαίσθητα δεδομένα), τότε το κρατικό όργανο που την εξέδωσε έχει υποχρέωση να έχει ζητήσει την γνώμη
της Αρχής Προστασίας Δεδομένων Προσωπικού Χαρακτήρα, την οποία το ΣτΕ θεωρεί "ουσιώδη τύπο" και ελλείψει αυτής της γνώμης ακυρώνει την προσβαλλόμενη διοικητική πράξη.
Read 16 tweets
Celebrating now the end of wild west on #Internet with a glass of tea! #Europe is designing its digital future & need sharp teeth to its new powers! #Platforms will operate in a legal framework that until now was nonexistent #DSA #DMA 🎊 @EU_Commission @Europarl_EN #Mythread 1/1
No more domination of technological giants in 🇪🇺 VP @vestager said #DSA #DMA are basic pillars of the efforts to impose stricter rules on #usedandabused technology groups& establish regulations suitable for #Internet era. 1/2
#Democracy now sets the rules for #digital world, rather than the tech giants. #DSA #DMA. #Vestager 1/3
Read 13 tweets
🔥🔥 1/ European Commission reprimands Dutch Data Protection Authority (AP) over its position on legitimate interest.…
#GDPR #privacy
2/ In its letter to the AP, the Commission writes:
“The strict interpretation by the Dutch regulator constitutes a serious obstacle for companies to process personal data for commercial reasons, because they would have to obtain consent from every data subject.” #GDPR #privacy
3/ According to Brussels, the Dutch supervisory authority does not strike the right balance between the right to data protection on the one hand and the freedom of undertaking on the other. #GDPR #privacy
Read 17 tweets
Remember when they sneered at Geocities pages for being an unusable eyesore? True, they had some, uh, *idiosyncratic* design choices, but at least they reflected a real person's exuberant ideas about what looked and worked well. Today's web is an unusable eyesore *by design*. 1/ A GDPR consent dialog with ...
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:… 2/
Start with those fucking "sign up for our newsletter" interruptors. Email is the last federated protocol, publishers are desperate to get you to sign up to their newsletter, which nominally bypasses Big Tech's chokepoint on communications between creators and audiences. 3/
Read 49 tweets
Time for some hot #privacy action! The House Subcommittee on Consumer Protection and Commerce hearing on the American Data Privacy and Protection Act (#ADPPA) starts at 10:30 am Eastern!

Here's the livestream and list of witnesses:…
This morning's post on The Nexus of Privacy has background.…
#ADPPA has bi-partisan sponsorship - House Energy and Commerce Chair @FrankPallone and Ranking Member @cathymcmorris, Senate Commerce Committee Ranking Member @SenatorWicker.

Conspicuous by her absence: Senate Commerce Chair @SenatorCantwell, who's working on her own bill.
Read 151 tweets
Good morning! We're back at #MetaForum2022. Day 2 is all about European Language Equality. @GeorgRehm now opening proceedings.

Live-stream: Georg Rehm at the rostrum, opening the day.
The project is not about getting to full language equality. It's about setting up a strategy to get there, together with the many partners.
Today's first keynote comes to us from Luxembourg (moien!), courtesy of June Lowery-Kingston (@DigitalEU). June works on #accessibility, #multilingualism and safer internet.
Read 37 tweets
#Greece has announced that it intends to request #EU funding to extend the border fence in the Evros region.

This is an area already riddled with pushbacks, violence and deaths.

Some thoughts 👇 on why this cannot and should not happen 🧵…
The extended fence would be built in an already highly militarized border, with abundant border guards patrolling (including via @Frontex), thermal cameras and even a sound cannon being reportedly used.…
Greece recently announced they had prevented 40K entries at this border in 2022 alone.…
Read 11 tweets
Having seen a few posts about director liability and data protection, I thought it would be worth setting out how it works and how the ICO would prosecute a director for their company’s UK #GDPR misdeeds.

Put simply, they can’t.
Section 198 of the UK DPA says if “an offence under this Act has been committed by a body corporate” and it can be proved that it happened with the consent or connivance or because of the neglect of a director (or similar), they are liable to be prosecuted.
This section doesn’t apply to any contraventions of the UK GDPR, only to *offences* set out in the UK DPA. The offences themselves are a mixed bag, ranging from obtaining personal data without the authorisation of the controller to unauthorised reidentification.
Read 11 tweets
Cookie consent is an issue that keeps on giving.🧵
Since 2011, the level of regulatory scrutiny on this #ePrivacy requirement has resembled the stock market: an ever oscillating line which as time goes by is only going upwards (peaking at record levels in the past two years).
Off the top of my head, key milestones in this recent progression include:
1️⃣@ICOnews 2019 report on RTB which shocked the advertising industry.
2️⃣@EUCourtPress Planet49 decision focusing on valid consent.
3️⃣@CNIL relentless & big ticket enforcement.
4️⃣Belgian DPA’s TCF decision.
Add the effective campaigning & activity of @NOYBeu & @johnnyryan and the result is an environment where targeted advertising needs to be compatible with ‘Reject All’ buttons & a cookie-less Internet. Two reactions I’m seeing:
1️⃣Non-consented targeting.
2️⃣Cookie walls.
Read 6 tweets
I wanted to share a recent case study on joint controllership that we published, and a few of the lessons learned. The case study can be found here:…
A small 🧵
cc: @DPCIreland @cbridgeinfo
A brief summary: We reached out to the @DPCIreland on behalf of one of our voluntary sector clients on a tricky situation: What to do when you’re a small SME or Not-for-Profit in Ireland inextricably linked to a larger organization outside of Ireland?
Since working with @cbridgeinfo our client has worked steadily to get their data house in order. They started life as part of a larger UK parent charity, but had since established themselves independently in Ireland.
Read 13 tweets
Now that we have the text of the #DMA published, let me point out a couple of outstanding provisions that have data protection implications & that show why this Regulation concerns all businesses & platform users, not only gatekeepers. Let's go 🧵 1/?…
First of all, check out the list of Core Platform Services that may pull a business into the gatekeeper class (Art 2). Notably including web browsers, virtual assistants, & *online advertising services*, e.g. Exchanges, as long as they are provided by a business offering a CPS 2/
But this is not a thread about the threshold to become a gatekeeper (check Art 3). It just points out data protection implications of the #DMA. Of note, "consent", "profiling" in the #DMA are defined as in the #GDPR. Bonus: "non-personal" data & "data" are also defined 3/
Read 25 tweets
GA4 is the new hot. Or the new not. Depends on who you ask 🤷‍♀️

Regardless of where you stand though, here are 10 reasons why you should implement GA4 today, 🧵
1/ Universal Analytics (current #googleanalytics) is being sunset (aka killed) starting July 1, 2023. That means you have a little over a year to make the switch to GA4. Sure, you could wait until June 30th, 2023 to pull that trigger… but I wouldn’t suggest it (read on for why)
2/ To get Year over Year (Y/Y) data in GA4 by the UA sunset date, you’ll need to set it up by June 30th, 2022. THAT’S LESS THAN 2 MONTHS FROM NOW. Don’t panic, here’s my ultimate guide to setting up GA4
Read 14 tweets
Om jag kommer sakna Microsoft-sviten när jag slutar på VGR? Nej, jag ska nog klara mig.

Här en skärmdump på vad som kan möta en när man letar dokument i Sharepoint. Det är dessa molntjänster vi är beroende av för att kunna ”digitalisera” offentlig sektor, enligt somliga 🤦‍♂️ Image
En annan sak att lära sig leva utan är att när en session i Microsofts magiska ”single sign-on” gått ut, man klickar på något och konfronteras med inloggning. Då landar man på en bekräftelse att man har loggat ut!!
Är utloggningsinformationen (nedan bild) behörighetsskyddad? Image
Heja Scarepoint, kommer inte sakna detta mög! Produktivitet FTW!
För balansens skull vill jag ta till protokollet att _mitt_ jobb gör jag i VScode och Github. Tänk om allt Microsoft gjorde var lika bra som det som finns för utvecklare? 🤔 Skärmdump från Sharepoint
Read 17 tweets
The internet has ushered in an era of unprecedented invasive surveillance. Commercial operators large and small spy on us in every way and sell and give away and leak our data to criminals, cops, spies, advertisers and stalkers. 1/ A row of newspaper boxes on...
This isn't because you're not paying for "the product," which makes *you* the product. Companies that *can* abuse you *do*. 2/
John Deere will sell you a $800,000 tractor and then lock you out of getting it fixed so they can charge you a fortune for repairs. You're paying for the product, but you're still the product.… 3/
Read 31 tweets
New OA paper out in @J_Law_Biosci co-authored with @JcMalgieri: "#Mental data protection and the #GDPR".
We discuss what #privacy and #DataProtection regime is needed for data about a person's mental states. 1/6…
In this article, we introduce the notion of ‘mental data’, defined as any data that can be organized and processed to make inferences about the mental states of a person, including their #cognitive, #affective and #conative states 2/6
We review the range of technologies (e.g. #BCIs, affective computing systems, & digital behavioral tech) that enable increasingly reliable statistical associations between certain data patterns & mental activities such as memories, intentions, & emotions. 3/6
Read 6 tweets
After 16 hours long negotiations, the #DSA is done! While the final text of the Act is not available yet, this is what we learned thus far 🧵
❌Safeguards that would prevent legally mandated upload filters and strengthen the protection of E2EE communication - both under Article 7 - are not included in the final text.
✅It seems that search engines will not be obliged to de-list illegal content/websites. The last minute proposal of @EP_Legal that would force search engines to de-list whole entire websites and indiscriminately scan the content is out.
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!