Share this page!

Wolfie Christl Profile picture
Twitter logo
19 Jan, 5 tweets, 2 min read
#psd2

How it started How it’s going
"The PSD2 'Open Banking' regulation has forced banks to open up consumer data via APIs..."

...so that companies can now exploit yet another category of personal information - bank transaction data - for marketing surveillance (and credit assessment etc).
rippll.com/index#open
I disagree. Practically, most people won't get "power over their banking data". In most cases, predatory data and fintech companies will get power over their banking data.
I'm not cynical, the companies who exploit data are. PSD2 and 'open banking' are now used by all kinds of actors to exploit banking data for everything from marketing surveillance to credit scoring and even tenant screening.

Next, big tech will take over.
Establishing markets cannot be an end to itself. Mandating personal data interoperability *can* make sense, but without strictly enforced limits and considering the political economy of data it will lead to yet another cesspool of data exploitation by both small and large firms.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

Wolfie Christl Profile picture
19 Jan
Dass öffentliche Stellen - wie hier das Land Oberösterreich - es nicht mal auf so sensiblen Seiten wie der Anmeldung für die Impfung schaffen, ohne Datenübertragung an Google (samt zwangsweiser "Einwilligung") auszukommen, ist echt eine Bankrotterklärung. land-oberoesterreich.gv.at/files/covid19i…
Laut Datenschutzerklärung gehts um Google reCaptcha, ein Dienst, der das Anmeldeformular vor Bots und Manipulationen etc schützen soll:
land-oberoesterreich.gv.at/files/covid19i…

reCaptcha ist aber sehr datenintensiv+intransparent. Es gibt Alternativen. Sollten die nicht reichen, brauchts welche.
Wenn ich die Seite aufrufe, wird alles mögliche an Google übertragen, einiges davon in Cookies gespeichert, inkl. "_ga" Cookie. Würde sagen, da ist einiges an personenbezogenen Daten dabei, das weit über die IP hinausgeht.

(die Formularinhalte werden nicht an Google übertragen)
Read 4 tweets
Wolfie Christl Profile picture
19 Jan
"Several large data brokers and adtech companies are still reselling data on millions from shady sources. They must urgently clean up their data supply chain, and they must be held responsible"

Amazon resold location data secretly gathered via mobile apps vice.com/en/article/epd…
Amazon resold "granular location data from X-Mode, a controversial firm that collected at least some of its data without informed consent. X-Mode, whose customers include U.S. military contractors, obtained data from Muslim Pro…"

AWS marketplace listing:
web.archive.org/web/2020051317…
"Motherboard first contacted AWS ... at the start of January and did not receive a response. Some time later, the listings were removed ... It is not clear whether AWS itself removed them or whether X-Mode did ... Neither company responded to multiple requests for comment"
Read 4 tweets
Wolfie Christl Profile picture
15 Jan
Regardless of the announced update, what kind of personal information does Whatsapp currently share with FB, according to its website?

- account+device info
- transaction data
- service-related information
- information on how you interact with others

Basically, all metadata.
Personal data Whatsapp shares with Facebook "may include other information identified in the Privacy Policy section entitled ‘Information We Collect’ or obtained upon notice to you or based on your consent"

Upon 'notice'?

Current non-EU privacy policy:
whatsapp.com/legal/updates/…
According to the current privacy policy for non-EU users, Facebook may use Whatsapp (meta)data for all kinds of extensive digital profiling including for "product suggestions (for example, of friends or connections, or of interesting content) and showing relevant offers and ads".
Read 17 tweets
Wolfie Christl Profile picture
14 Jan
This acquisition shouldn't have happened.
It may not primarily be about past body/health data.

But in addition to Fitbit's hw/sw/brand/workforce, it's about ongoing access to future device data and taking control over user+b2b relationships in order to expand Google/Alphabet's intermediary/healthcare/insurance business.
Read 5 tweets
Wolfie Christl Profile picture
6 Jan
Austrian telco A1 with 25 million customers in Austria, Bulgaria, Croatia, Slovenia, Serbia, North Macedonia and Belarus announces to sell 'insights into the movement of people' based on 'aggregate'+'anonymized' location data via @here's data marketplace:
here.com/sites/g/files/… Image
Exploiting the pandemic to expand on commercial location data business, great.

"Our analytics product, A1 Mobility Insights, has already proven itself to be considerably helpful during the current coronavirus crisis. By joining the HERE Marketplace, we can go a step further" Image
'A1 Mobility Insights' is provided together with invenium.io. According to the FAQ, A1 'replaces' IMSI numbers with daily changing 'random IDs' before sharing data with Invenium.

This would still mean they process (pseudonymous) personal data.
invenium.io/de/blog/2020-1… ImageImage
Read 9 tweets
Wolfie Christl Profile picture
5 Jan
Letzten März war ich kompromissbereit, was die Auswertung von aggregierten Mobilfunk-Bewegungsdaten für gemeinwohlorientierte epidemiologische Zwecke betrifft. Vielleicht ein Fehler.

Das Schüren von Ressentiments fällt sicher nicht unter diese Zwecke. kurier.at/chronik/oester… Image
Invenium sagt, man nutze Standortdaten von A1 inkl. Bob/Yesss/RedBullMobile und decke damit in AT 43% ab.

Auch wenn "je nach Projektanforderung" eine Gruppierung auf 20 Personen erfolge, werden laut FAQ pseudonymisierte personenbezogene Daten verarbeitet.
invenium.io/de/blog/2020-1… ImageImage
Invenium behauptet, die österreichische Datenschutzbehörde und der TÜV Saarland hätten deren "Anonymisierungsverfahren als datenschutzkonform bestätigt", ebenso eine "Studie der führenden Rechtsexperten der Universität Wien".

Denke, das sollte dringend nochmals geprüft werden.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @WolfieChristl has new unrolls!

Check out other threads from @WolfieChristl!

Read all threads by @WolfieChristl