Discover and read the best of Twitter Threads about #gdpr

Most recents (24)

1/4 This is huge!! As far as I know, the UE has issued the FIRST Rapid Alert (#RAPEX) for dangerous products that may be related to data protection and #Privacy.
This drive me crazy: the product is a smartwatch for MONITORING KIDS (#ENOX SAFE KID ONE with GSM and GPS integrated)
2/4 Now the #smartwatch must be recalled from end users! The App, the server and the watch has no security in data transmission. The risk is very high due to young users… I hope that this will be notified to #DPA too for #GDPR enforcement.
3/4 I’m very happy to see #dangerous #products withdrawn from the market due to lack of data protection. It is the very first time. I hope that the monitoring system will keep on focusing on data protection.…
Read 5 tweets
Facebook pays teens to install AppStore-banned vpn deep root surveillance kit onavo

May I present GDPR Article 8
GDPR on requirements for children
#GDPR. If any parent finds #onavo on a device used by a minor under 16 and is an EU citizen or a dual citizen, you may wish to contact the appropriate data protection authority and/or the Irish DPA and file a complaint and/or seek data rights counsel.
Read 4 tweets
"If you have nothing to hide you are worthless" Shoshana Zuboff #CPDP2019
Should we not gather in resistance against surveillance capitalism which has come to destroy human nature as industrial capitalism did to nature?
@murakamiwood digital is another special fix of capitalism to commodify aspects of human experience until now uncommodified.
Read 18 tweets
@AOC is right: technology reflects society. Here is an incomplete list of experts you should follow if you are interested in this topic / thread:
@safiyanoble – read her great book ‘Algorithms of Oppression – How Search Engines Reinforce Racism’… with @NYUpress
@jovialjoy – and her Gender Shades project, her work with the Algorithmic Justice League and the Safe Face Pledge
Read 41 tweets
beleidsmakers van de toekomst zijn misschien wel engineers. @AriefErnst #fixingtheinternet #fixinginternet
In hoeverre zijn de problemen gerelateerd aan het Internet. #nepnieuws was ook vroeger al een probleem. Monopolies zijn ook al oud. internet is alleen maar een nieuw domein -- zaal #fixingtheinternet #fixinginternet
Data moeten niet altijd centraal opgeslagen worden. Het is een vals dilemma, dat er niets kan als het niet centraal opgeslagen wordt. Voorbeelden zijn belgische gezondheid smart card, basisregistratie en eduroam @jvantill #fixingtheinternet #fixinginternet
Read 10 tweets
How is & how should #EUDataP of #journalism #media develop under #GDPR? Here are some thoughts based on a talk I gave to @sciencespo and @HECParisLaw late last year.…
(1) State law remains highly divergent but the great majority recognise that qualified DP requirements and partial DPA supervision should apply to journalism.
(2) This law, the GDPR itself and the EU Charter all point to a continued, albeit sensitive role, for DPAs here. But these agencies have many other demands and remain highly resource constrained.
Read 6 tweets
Your work history is distinct, more than most passwords. Your resume identifies you (who else had your last 2 to 4 jobs?) even without your name/photo. @LinkedIn as a social network relies on the collective trust of its users to honor the contexts of career and work.
#GDPR makes @LinkedIn accountable for how the company sticks to promised uses of your data, but GDPR doesn't cover how other members of the network use or abuse your information. Social norms (and peer payback like @LeenaVanD offers) can raise the stakes. But abuse happens.
Most data protection laws deal with the relationship between you and companies. The next round of laws will start to cover data in motion (chat, calls, data in transit). But they also should start to consider person-to-person use/abuse of your data. #gdpr #privacy @IdentityWoman
Read 9 tweets
Kelsey’s Naughty List! 🎄😳 In the spirit of Christmas, I've made a Naughty List of bad behaviour in the world of digital rights and privacy! In no particular order, here are some of 2018's biggest blunders for data protection, consumer privacy, and cyberlaw more generally.
NAUGHTY! The US Congress voted down an effort to reform the Foreign Intelligence Surveillance Act (FISA) Section 702 (remember Edward @Snowden?) and instead passed a bill that expanded warrantless surveillance of US citizens and foreigners. 🕵️‍♂️🌍…
NAUGHTY (AGAIN)! The US Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which expands US and foreign law enforcement to target and access people’s data across international borders. Critics of the act include @ACLU and @EFF ⛈️…
Read 11 tweets
Over the past weeks, the 🇪🇺 Parliament has issued two reports on #blockchain. I'll summarize the key points below.

First, an Opinion by the Committee on Civil Liberties, Justice and Home Affairs, which considers the tech 'capable of decentralising forms of human interaction, the markets, banking and international trade'.…
It informed the 2nd report I'll mention below and focused on the #GDPR, stressing the capacity of blockchains for data protection by design. It mentions zk-SNARKs specifically (but remains mum on implications for AML etc).
Read 17 tweets
THREAD: QUESTION FOR ALL SECURITY PEOPLE — in this day and age, would you buy a single-vendor IT security solution which advertised itself as "the gold standard" for data security protection?

Would you give that claim any credence whatsoever?
The infosec world has a long-established term for such glib claims: "Snake Oil" - this terminology goes back to the 1990s or earlier, for vendors who were selling sub-par cryptography as "military-grade" or other supposed but meaningless description…
Particularly telling for "Snake Oil" are the words and phrases that are used to describe the security solution, process, or tool, its development, mechanism, or vendor:

* "Trust Us, We Know What We're Doing"
* "Unbreakability"
* "Military Grade"…
Read 27 tweets
So, @AerServ are trying to cover up that they've had a breach. I was notified that I was in it via @haveibeenpwned and when reaching out to them, they denied that they have any data on non-registered users or that they've even had any breaches! #infosec [1/12]
After receiving the notification from HIBP, and seeing the type of data involved in the breach - I instantly wanted to know how they could have got data of mine. My mobile usage is not much further on than it was when I was using a Nokia 5110, so no questionable apps. [2/12]
I reached out to them with a subject access request, to get a copy of the data they hold about me, despite not having registered for their services (see screenshot) [3/12]
Read 12 tweets
The #EDPB published the *long awaited* draft #GDPR Territorial Scope #Guidelines today, which also have a section dedicated to the “legal representative” issue. Some takeaways below ⬇️ Thread time 1/14…
An “establishment” of a non-EU entity in the EU doesn't require a registered branch/subsidiary. Any stable arrangements will be taken into account 4 data protection law purposes.But merely the fact that the company’s website is accessible from the EU is not an "establishment"2/14
A processor in the EU is not deemed to be an “establishment” of the non-EU controller in the EU. The existence of the controller-processor relationship does not trigger the application of the #GDPR to the non-EU controller 3/14
Read 14 tweets
0/ Coming in HOT today with a thread devoted to a bunch of #crypto- and #blockchain-related events that took place over the past 24 hours or so. Here we go!
1/ ⛽️ I wasn't joking about that 'hot' thing, for @GetGitcoin have introduced Gas Price Heatmaps (

Assess the price vs. speed tradeoff vis-à-vis @ethereum gas. Super useful!

Built by @FrederikBolding. It's a visual representation of @ETHGasStation data.
2/ 🆕 Asia's top full-suite digital asset trading firm, @QCPCapital, became the first #OTC trading desk to set up a 'Space' on @AirSwap [ $AST ].

Launched last month, Spaces enable unique environments geared to support connections among groups that trade.
Read 33 tweets
It’s @AnaGuerberof kicking us off for the second (half) day of #2018TEF. Don’t forget, you can contribute here:… #xl8
And the first speaker today is @KBenammar, a philosopher specialising in #reframing and transformative thinking. I’m curious!
Here’s more about Karim’s background and work:
Read 33 tweets
Petit #Thread sur une campagne en cours de vrais/faux messages adressés à des #TMPE autour du #RGPD.
Selon les organisateurs, cela aurait vocation à générer une étude pour sensibiliser... j'y reviendrai, pas sur le fond, mais sur la forme...
CC @reesmarc
Je suis le webmaster du client destinataire, et en cherchant sur le net, j'ai découvert qu'il n'est pas le seul à recevoir ces messages (4 "spams" en tout a priori) - et pour cause...
1er message reçu chez mon client avec le titre "Demande d’information RGPD" de Mike[.]Rosebird[@]electronicprivacy[.]eu - Le domaine a été acheté le 18/10 chez Gandi et utilise les services AWS pour un marqueur (pixel) caché - un lien "bloquer mon email" en pied de msg.
2/n Mike[.]Rosebird[@]electronicprivacy[.]eu / spam RGPD
Read 24 tweets
At least the right to rectify and the right to erasure (#RTBF) in the #GDPR already apply to inferred data according to the European Data Protection Board
See WP 251 rev.01, p 18: "The rights to rectification and erasure apply to both the ‘input personal data’ (the personal data used to create the profile) and the ‘output data’ (the profile itself or ‘score’ assigned to the person)."
At least, I guess output data is like inferred data...?
Read 3 tweets
1. Good piece on where business is up to on #GDPR & personalisation:… However, #ePrivacy Directive sets out cookie consent req unless "strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested"
2. There is significant EU case law on "strict necessity", as well as some on "explicit" & "specific" consent. It does not really suggest a "take-it-or-leave-it" rather than opt-in approach to additional "services"/"intrusions" (depending on your perspective) is OK/"debatable".
3. Rather it strongly points to such an approach being NOT legally OK. That may be inconvenient to #ecommerce & even v silly on the part of #EUDataP. However, those factors alone cannot change the meaning of v specifically crafted law, albeit law widely bent (or ignored) online.
Read 5 tweets
The French data protection authority has issued the first formal guidance on the relationship between #blockchain and the #GDPR in the #EU.

I'll tweet some of the main points. Here is the full text:…
1. The @CNIL makes clear that its goal issuing this publication is to provide concrete guidance to actors in the space. This is to be applauded. Many in this space try to build compliant systems but are having a hard time figuring out what this entails.
2. *Data controllers*: unsurprising: where users directly engage with the ledger they can sometimes be controllers.

This, however, is only so where natural or legal persons exercise a professional or commercial activity (broad interpretation of household activity).
Read 19 tweets
This is a good question: what is the root cause of the lack of privacy online today? Why does media track so much? My personal take is that it boils down to browsers and mobile platforms. Not only is that the master fix, but it is within reach. Follow the thread❗👇
First, I have some assumptions that I want to ensure you know:
1) Without a free and well-funded press before long we'd have no privacy at all. This does NOT justify an exception regime for media, but it constrains the solution. Getting rid of media is not the right option.
2) I do not buy into strict deontologism. It's not enough to make a rule, we need to make it work. If you force people into a choice between the law and survival, don't be surprised that they at least bend the rules. If you incentivise defection, expect defectors.
Read 20 tweets
The next #EUelections2019 will take place in May.
We propose new rules to ensure that they are organised in a free and fair manner, and to better protect them from manipulation by third countries or private interests.!fx67KH #SOTEU #EUprotects
To ensure that Europeans are able to make their political choices next May in fair and secure elections, our new set of measures focus on:
🛡️Data protection
⚖️Appropriate sanctions
#SOTEU #EUelections2019
More in our factsheet ↓
Recent revelations have shown risks for citizens to have their data misused and be targeted by mass online disinformation campaigns.
We propose sanctions for the illegal use of personal data to deliberately influence elections.!fx67KH #SOTEU #EUelections2019
Read 5 tweets
There is a massive and systematic data breach at the heart of the behavioral advertising industry. This needs to change.

I together with @jimkillock @mikarv worked with @RaviNa1k to file regulatory complaints today under the #GDPR against adtech.…
That page was displaying oddly for some people. Being fixed now. Remove the last backslash from the URL and it displays correctly
Here are some highlights from our filing with the Irish Data Protection Commissioner
(PDF at…)
Read 3 tweets
Morning campers! I’ll be live-tweeting from the European Court of Justice today about @Google’s “Right to be Forgotten” hearing.

What’s the main point? Should Europe (or France’s #privacy regulator) be able to apply its rules over the internet worldwide.

A recap:
La Vanguardia, a Spanish newspaper, published records in the late 1990s detailing the debt delinquencies of Mario Costeja.

About a decade later, Costeja sued, saying that the publication breached his right to privacy.
After a lengthy legal dispute, the case was referred to the ECJ which, in 2014, ruled that individuals had the right to ask that search engines like @Google remove links (but not the underlying webpages) from search results
Read 60 tweets
Today @Brave wrote to @IAB @IABTechLab to provide feedback on the OpenRTB 3.0 #adtech spec. It appears to severely infringe Article 5 of the #GDPR 1/…
Our letter contains a summary of the various personal data that are broadcast in the OpenRTB system. Note that these data are very likely to include “special categories” of personal data, since they show what the person is watching and reading, can include brokers’ segment IDs 2/
Unless OpenRTB 3.0 is very radically altered, so that no personal data are contained in the bid request, it appears that it will severely infringe Article 5 of the #GDPR, and all that flows from Article 5’s principles. 3/
Read 6 tweets
A thread for the "#software is not political" crowd. Whether you like it or not, all software is political because technology AFFECTS PEOPLE. If you came to #tech thinking you'd escape having to think about people, #politics, and society - you were mistaken. I'll show you why...
Before we start, remember this as you read. Just because YOU think the answer to any of these issues is clear-cut, it doesn't mean that issue is not political.

There are people who take the OPPOSITE position with just as much conviction, and they think it's clear-cut too.
Also - as an engineer, a developer or designer - if you choose to ignore the political and societal implications of your #technology, YOU HAVE MADE A POLITICAL CHOICE.
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!