The large number of breaches shouldn't lead to the conclusion that data protection doesn't matter anymore, quite the contrary.
It shows that making the legitimacy to use personal data dependent on the functioning of technical measures or privacy self-management is totally over.
Of course, orgs must care about security, and they must be liable for not doing so. But there will always be shady actors who will use dirty data for shady purposes.
In any case, we need to make sure that legit entities cannot legally use dirty data without risking everything.
Regulating how entities can legally use/process personal data is basically what the EU data protection regime is about. Enforcing it requires bureaucratic procedures from documenting data processing to audits to general deterrence etc.
Like with dirty money, there are pitfalls.
Admittedly, it's even more difficult to prevent law enforcement or intel agencies from using dirty personal data. But also for governments, just because data is available, e.g. because technical measures or privacy self-management have failed, shouldn't make it legitimate to use.
Some groups may always have to take special care by themselves, e.g. journalists or activists.
But the majority of people should be able to simply use digital tech and openly participate in society without being required to care about data protection and security all the time.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
According to the German Consumer Federation, the EU's #psd2 directive turned bank transaction data into a commodity and created a 'pipeline' for data flows to fintechs and other parties without much oversight.
I missed this comprehensive investigation by @kfranasz from Oct 2020 that found that 502 out of 537 websites by US senators and congressional reps (.house.gov/.senate.gov) transmitted personal data on visitors to Google, 309 to Facebook, 69 to Oracle. Bad. adalytics.io/blog/is-congre…
Actually, no website should send behavioral data to Google, FB or other surveillance marketing companies, including sites by parties and politicians.
Apart from that, formal .gov sites should really not share data with any company that exploits it for commercial purposes at all.
This is even more true for sites by public authorities.
Like the US Customs and Border Protection website that just sent personal data on my visit to FB, Google, Microsoft, The Trade Desk, mdhv.io (?) and other parties during my visit as observed in my browser.
Lobbying spend by 25 companies registered as 'data brokers' in the US, including Oracle, RELX, Experian, Equifax, TransUnion, LiveRamp, Neustar, Venntel, Zeta Global, Aristotle, X-Mode.
Update, FB received personal data on me from 1573 apps and websites over the last 6 months, up more than two-fold from January 2020 when it introduced its 'Off-Facebook Activity' tool.
Methodology: For a part of my daily web activity I use a browser without any tracking protection or ad blocker, which is also logged into FB. Like many others. Annoying and painful, but what has to be done has to be done.
Correction: The new number seems to cover >6 months.
Some sites sent data about my activities to FB hundreds of times. Media websites are among the worst offenders:
- Daily Mail: 297x
- The Independent: 280x
- The Guardian: 203x
- Vice: 158x
- Reuters: 91x
- The Atlantic: 87x
- Forbes: 72x
- The New Yorker: 53x
- Politico: 46x
Come on, this pseudo-insightful PR piece carefully crafted by a team of unknown authors in the name of the former UK Deputy Prime Minister, now Facebook's "Vice President of Global Affairs" aka chief lobbyist, is horrible, and nobody should endorse it 😡 nickclegg.medium.com/you-and-the-al…
Take a look at this chart. All the major optimization goals are simply missing - all the relevant KPIs, maximizing engagement, user retention etc. Pure misinformation.
It's a carefully crafted compilation of most of Facebook's PR spins, distractions and lies from recent years.