This, brought to you by publisher lobbyists, is bad:
And this looks unclear and/or just broken.
What is an "equivalent offer"? Would this allow "tracking or pay"?
The other recital basically doesn't say anything, does it?
("consent directly expressed by an end-user should always prevail")
If so then bad. I want people to pay for content and quality journalism, but "tracking or pay" is unacceptable. Those who cannot afford to pay for myriads of subscriptions would continue being exposed to tracking. Acceptable: "non-intrusive ads or pay".
So, communications metadata can be further processed for 'compatible' purposes other than the purposes it was initially collected for if there is "any link" between them, plus some considerations about the context, plus pseudonymization? And profiling is ok if no 'legal effects'?
I hope, the European Parliament will fight hard in the Trilogue negotiations.
I'd be willing to accept limited comms metadata analytics for specific limited purposes at aggregate levels in order to avoid high-frequency consent requests in certain cases.
But the industry will exploit every tiny little loophole, and I'm afraid the proposal contains several.
Did I ever mention that I am not a fan of mixing
- scientific research in the public interest
- research for commercial interests
- statistical purposes in general
...into one?
And what's that?
Do I get this right that this would mean that third-party network/cybersecurity/fraudprevention firms such as ThreatMetrix and Iovation, as well as CDNs, would be completely EXEMPT from ePrivacy?
When did this enter the Council's ePrivacy proposals?
There's a provision that requires measures that aim to ensure security etc to be "proportionate" and "performed in the least intrusive manner", which is VERY important.
But what if you're exempt from ePrivacy?
Even if exempt from ePrivacy, personal data processing is still subject to the GDPR, I know.
But I think it's crucial to make clear that data processing for network security and fraud prevention must be 'proportionate' and 'performed in the least intrusive manner' in ePrivacy.
Why? Just take a look at ThreatMetrix, only one of many vendors in the space:
"I tracked all relevant ePrivacy events since 2016. I also directly participated in the works as an expert ... The EP version is best for privacy, while the Council one is the weaker one, and even self-inconsistent in certain places, which is worrying"
Antitrust probes against Google data/advertising empire are much needed and very worthy. They bring light into the dark, but the conclusions are often a two-edged sword.
The Australian regulator seeks submissions for proposals that would increase data sharing with third parties.
The CFPB "is preparing to change its rules on financial data, and a battle is brewing between existing financial institutions that control it, such as banks, and the upstart fintechs looking to unlock this data"
"The fintech companies argue that this data belongs to consumers and they should be able to share it with whichever app or company they want"
Translation:
"This data belongs not only to banks and credit unions, but also to us, the fintechs. We want to exploit it, too"
Are traditional financial institutions exploiting financial data for business purposes? I'm sure they do.
Is it necessarily better if a wide range of fintech companies and apps are also able to exploit it, perhaps in even more invasive and problematic ways? Not sure.
RTL Group, a large European media company majority-owned by Bertelsmann, sells its US adtech subsidiary SpotX, yet keeps operating its EU subsidiary Smartclip.
Both SpotX and Smartclip engage in large-scale personal data processing and digital profiling. rtlgroup.com/en/press_relea…
Smartclip states it uses 'anonymous identifiers' and 'anonymous user IDs for TV devices' and the 'advertiser ID' for devices, and it is 'synchronizing anonymous user IDs' with DMPs and DSPs to 'match users to user information on that 3rd party systems' 🙄 privacy-portal.smartclip.net
On their privacy info page, they use the word 'anonymous' 22 times.
IDs cannot be 'anonymous' according to the GDPR, this is just misleading.
The location data set included a "unique ID for each user that is tied to a smartphone. This made it even easier to find people, since the ... ID could be matched with other databases containing the same ID, allowing us to add real names, addresses" nytimes.com/2021/02/05/opi…
Many app vendors + data brokers are still using the deceptive notion that the use of mobile advertising IDs would make personal data somehow 'anonymous' both in marketing materials and legal docs.
But everyone knows that information linked to mobile ad IDs is just PERSONAL DATA.
Data linked to ad IDs is 'personal data' according to the GDPR, and also according to Californian privacy law. To be more specific, it is 'pseudonymous' personal data.
It cannot get 'de-anonymized', because it's not anonymized at first. Perhaps, it can get 'de-pseudonymized'.
- Why focus on cookies only? What about web storage, cache headers etc?
- Why focus on client storage at all and not on the processing/transmission of personal data, its purposes and legal bases?
- What about enforcement rather than analysis w/o any assessment of compliance? 😬
Btw. Classifying third parties based on the purposes mentioned in their privacy policies is not very helpful.
I'd classify most adtech firms as data brokers, but classifying LiveRamp, BlueKai, Neustar, ID5, Weborama etc as 'advertising agencies' really doesn't make much sense.
MS Viva, a "new suite of employee management tools", provides "human resource functions like payroll, management tools to track employee performance and resources for staff covering benefits, career development and other aspects of their life at work" wsj.com/articles/micro…
"Microsoft Viva Insights uses data and signals from Microsoft Teams, Outlook, and other Microsoft 365 apps and services, and can also access data from an existing ecosystem of ... tools and services, including Zoom, Slack, Workday, and SAP SuccessFactors" techcommunity.microsoft.com/t5/microsoft-v…
"Viva Insights gives individuals, managers, and leaders personalized and actionable insights that help everyone in an organization thrive ... [it] will, over time, bring the power of Microsoft Workplace Analytics and Microsoft MyAnalytics together under the Microsoft Viva brand"