Antitrust probes against Google data/advertising empire are much needed and very worthy. They bring light into the dark, but the conclusions are often a two-edged sword.
The Australian regulator seeks submissions for proposals that would increase data sharing with third parties.
When it comes to limiting how major platforms like Google can cross-use/exploit personal data collected from consumer-facing services for purposes like advertising, several competition authorities suggested platforms should provide users with 'control' over internal data sharing.
I think, this is half-hearted and most likely not effective, because platforms have so much power over the design of digital environments.
Even if the default is 'no', platforms can (and would) harass users until they consent, especially if they are allowed to offer incentives.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The CFPB "is preparing to change its rules on financial data, and a battle is brewing between existing financial institutions that control it, such as banks, and the upstart fintechs looking to unlock this data"
"The fintech companies argue that this data belongs to consumers and they should be able to share it with whichever app or company they want"
Translation:
"This data belongs not only to banks and credit unions, but also to us, the fintechs. We want to exploit it, too"
Are traditional financial institutions exploiting financial data for business purposes? I'm sure they do.
Is it necessarily better if a wide range of fintech companies and apps are also able to exploit it, perhaps in even more invasive and problematic ways? Not sure.
RTL Group, a large European media company majority-owned by Bertelsmann, sells its US adtech subsidiary SpotX, yet keeps operating its EU subsidiary Smartclip.
Both SpotX and Smartclip engage in large-scale personal data processing and digital profiling. rtlgroup.com/en/press_relea…
Smartclip states it uses 'anonymous identifiers' and 'anonymous user IDs for TV devices' and the 'advertiser ID' for devices, and it is 'synchronizing anonymous user IDs' with DMPs and DSPs to 'match users to user information on that 3rd party systems' 🙄 privacy-portal.smartclip.net
On their privacy info page, they use the word 'anonymous' 22 times.
IDs cannot be 'anonymous' according to the GDPR, this is just misleading.
The location data set included a "unique ID for each user that is tied to a smartphone. This made it even easier to find people, since the ... ID could be matched with other databases containing the same ID, allowing us to add real names, addresses" nytimes.com/2021/02/05/opi…
Many app vendors + data brokers are still using the deceptive notion that the use of mobile advertising IDs would make personal data somehow 'anonymous' both in marketing materials and legal docs.
But everyone knows that information linked to mobile ad IDs is just PERSONAL DATA.
Data linked to ad IDs is 'personal data' according to the GDPR, and also according to Californian privacy law. To be more specific, it is 'pseudonymous' personal data.
It cannot get 'de-anonymized', because it's not anonymized at first. Perhaps, it can get 'de-pseudonymized'.
- Why focus on cookies only? What about web storage, cache headers etc?
- Why focus on client storage at all and not on the processing/transmission of personal data, its purposes and legal bases?
- What about enforcement rather than analysis w/o any assessment of compliance? 😬
Btw. Classifying third parties based on the purposes mentioned in their privacy policies is not very helpful.
I'd classify most adtech firms as data brokers, but classifying LiveRamp, BlueKai, Neustar, ID5, Weborama etc as 'advertising agencies' really doesn't make much sense.
MS Viva, a "new suite of employee management tools", provides "human resource functions like payroll, management tools to track employee performance and resources for staff covering benefits, career development and other aspects of their life at work" wsj.com/articles/micro…
"Microsoft Viva Insights uses data and signals from Microsoft Teams, Outlook, and other Microsoft 365 apps and services, and can also access data from an existing ecosystem of ... tools and services, including Zoom, Slack, Workday, and SAP SuccessFactors" techcommunity.microsoft.com/t5/microsoft-v…
"Viva Insights gives individuals, managers, and leaders personalized and actionable insights that help everyone in an organization thrive ... [it] will, over time, bring the power of Microsoft Workplace Analytics and Microsoft MyAnalytics together under the Microsoft Viva brand"
"Nervig und sinnlos: Alle hassen Cookie-Banner", schreibt @suka_hiroaki und ja, es ist ein Desaster.
Hab mit ihm gesprochen. Entweder individualisiertes Tracking wird verboten oder Frage nach "Einwilligung" wird durch strenge Auslegung endlich unrentabel. derstandard.at/story/20001236…
Letzteres wurde 2018 versäumt. Damals wäre wohl der optimale Zeitpunkt gewesen, die "Einwilligung" in der DSGVO in einer Art auszulegen und durchzusetzen, die dazu geführt hätte, dass viele nicht eingewilligt hätten und es sich ökonomisch nicht mehr ausgezahlt hätte, zu fragen.
Hätte es 2018 überall in der EU gleich einige Verfahren gegen größere Website-Publisher gegeben, die Daten ohne adäquate Einwilligung verarbeiten und weitergeben, ähnlich wie jetzt die norwegische Datenschutzbehörde gegen Grindr, stünden wir ganz woanders.