According to the German Consumer Federation, the EU's #psd2 directive turned bank transaction data into a commodity and created a 'pipeline' for data flows to fintechs and other parties without much oversight.

Statement and report:
vzbv.de/pressemitteilu…
vzbv.de/sites/default/…
While banking regulators are pushing for competition, oversight about data protection and consumer privacy is missing.

The VZBV is thus calling for stricter rules, better enforcement, the #psd2 evaluation should focus on data protection.

Position paper:
vzbv.de/sites/default/…
Specifically, the sphere of licensed #psd2 intermediaries and API providers who may share data with non-licensed parties raises many questions.

They also warn that 'consent' may become an illusion when sharing bank transaction data with e.g. landlords or telcos becomes the norm.
I'm afraid #psd2 is a disaster in the making.

Creating a market for financial profiling, especially if not effectively regulated at all, may once again shape a whole industry in a way we regret later. But as soon as it's there it will be incredibly difficult to make a change.
Financial profiling affects the lives of many, especially of the disadvantaged.

If we don't get #psd2 right, we'll soon see a large number of predatory financial data firms, expanded credit scoring and a further consolidation of risk+marketing surveillance.

Also, big (fin)tech.
I think #psd2 (and #openbanking globally) deserve much more attention.

It's about competition, data/consumer protection, actually about society at large.

I feel like the only ones who care are industry lobbyists. Thus, I find the German consumer federation's report very worthy.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

8 Apr
The large number of breaches shouldn't lead to the conclusion that data protection doesn't matter anymore, quite the contrary.

It shows that making the legitimacy to use personal data dependent on the functioning of technical measures or privacy self-management is totally over.
Of course, orgs must care about security, and they must be liable for not doing so. But there will always be shady actors who will use dirty data for shady purposes.

In any case, we need to make sure that legit entities cannot legally use dirty data without risking everything.
Regulating how entities can legally use/process personal data is basically what the EU data protection regime is about. Enforcing it requires bureaucratic procedures from documenting data processing to audits to general deterrence etc.

Like with dirty money, there are pitfalls.
Read 5 tweets
5 Apr
I missed this comprehensive investigation by @kfranasz from Oct 2020 that found that 502 out of 537 websites by US senators and congressional reps (.house.gov/.senate.gov) transmitted personal data on visitors to Google, 309 to Facebook, 69 to Oracle. Bad.
adalytics.io/blog/is-congre…
Actually, no website should send behavioral data to Google, FB or other surveillance marketing companies, including sites by parties and politicians.

Apart from that, formal .gov sites should really not share data with any company that exploits it for commercial purposes at all.
This is even more true for sites by public authorities.

Like the US Customs and Border Protection website that just sent personal data on my visit to FB, Google, Microsoft, The Trade Desk, mdhv.io (?) and other parties during my visit as observed in my browser.
Read 4 tweets
5 Apr
Lobbying spend by 25 companies registered as 'data brokers' in the US, including Oracle, RELX, Experian, Equifax, TransUnion, LiveRamp, Neustar, Venntel, Zeta Global, Aristotle, X-Mode.

By @alfredwkng and @tenuous: themarkup.org/privacy/2021/0…
"The Markup contacted all 25 companies for comment on their lobbying activities. Several companies, like ... LiveRamp denied being data brokers"

Ridiculous.
Why may Deloitte have registered as a data broker?

They calculate health risk scores based on data from clients & data brokers including financial data, purchases, music preferences, high school grades… 🤔
www2.deloitte.com/content/dam/De…
www2.deloitte.com/content/dam/De…
www2.deloitte.com/us/en/legal/pr…
Read 6 tweets
3 Apr
Update, FB received personal data on me from 1573 apps and websites over the last 6 months, up more than two-fold from January 2020 when it introduced its 'Off-Facebook Activity' tool.
Methodology: For a part of my daily web activity I use a browser without any tracking protection or ad blocker, which is also logged into FB. Like many others. Annoying and painful, but what has to be done has to be done.

Correction: The new number seems to cover >6 months.
Some sites sent data about my activities to FB hundreds of times. Media websites are among the worst offenders:

- Daily Mail: 297x
- The Independent: 280x
- The Guardian: 203x
- Vice: 158x
- Reuters: 91x
- The Atlantic: 87x
- Forbes: 72x
- The New Yorker: 53x
- Politico: 46x
Read 27 tweets
2 Apr
The way digital advertising works today implies that myriads of companies share personal data on millions with shady actors every second.

A group of US senators asked major adtech firms who they share data with. Spoiler: It won't be easy to answer this.
wsj.com/articles/u-s-s…
"we must understand the serious national security risks posed by the unrestricted sale of Americans’ data to foreign companies and governments”

I don't think the national security angle is the only relevant one, but it will certainly give the initiative the urgency it deserves.
"They also asked the companies to provide the names of all foreign clients who had access to user data through auctions over the past three years"

Affected adtech firms / data brokers include Google, AT&T/Xandr, Verizon, Index Exchange, Magnite, OpenX, PubMatic, Twitter/MoPub.
Read 4 tweets
1 Apr
Come on, this pseudo-insightful PR piece carefully crafted by a team of unknown authors in the name of the former UK Deputy Prime Minister, now Facebook's "Vice President of Global Affairs" aka chief lobbyist, is horrible, and nobody should endorse it 😡
nickclegg.medium.com/you-and-the-al…
Take a look at this chart. All the major optimization goals are simply missing - all the relevant KPIs, maximizing engagement, user retention etc. Pure misinformation.

It's a carefully crafted compilation of most of Facebook's PR spins, distractions and lies from recent years.
Sorry, I'm a bit annoyed, yes.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!