NL forced Microsoft to provide its software for govt and universities under data terms that prohibit MS from exploiting personal/behavioral data for its own purposes.

✅ It's possible
➡️ This is what everyone in the EU deserves, including Home/Pro users
privacycompany.eu/blogpost-en/ne… Image
When everything from operating systems to Office sw to files to communication essentially becomes cloud-based services, we cannot let private companies exploit data how they see fit.

Of course everyone deserves this, not only in the EU. But the EU could realistically enforce it.
I admit, a single buyer of hundreds of thousands of licenses has better leverage than hundreds of thousands of home and business buyers, customers, citizens scattered across the 'market'.

MS has many ways to divide+conquer from fait accompli via lock-in to darkpattern 'choice'.
EU regulators make weak statements about non-compliance if at all. They don't enforce the GDPR against users (makes sense for larger orgs only anyway), they don't enforce it against MS.

This needs a coordinated effort, perhaps at EC level, probably going beyond data protection.
And of course, there would still be many remaining issues.

Which of Microsoft's services (e.g. Win10, Word) are digital infrastructure to an extent that exploiting data for other purposes must be banned, and what exactly are purposes to provide, maintain and 'improve' a service?
Perhaps even more important, how do we make sure that MS does not systematically let (and benefit from) companies *other* than itself exploiting data in almost inescapable ways, from b2c/b2b 'apps' and 'services' that plug into MS platforms to employers that exploit worker data?
Above thread, basically:

"The political economy of platform power and data at the example of Microsoft, and how to fix it"

You're welcome :p

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

Feb 22
"Who hacked The DAO? My exclusive investigation ... appears to point to Toby Hoenisch, a 36-year-old programmer who grew up in Austria and was living in Singapore at the time of the hack"

Oh, another 'crypto' entrepreneur from Austria! 🤖
forbes.com/sites/laurashi…
Btw. In 2017, Hoenisch raised $80m in an ICO for TenX, which never delivered (Wirecard, oh my), together with another Austrian, who left TenX after reports on his "past affiliation with an Austrian multi-level marketing scheme", as Forbes put it, and poses now as the clean guy. Image
Here's one of these media reports, and I want to emphasize that do not claim that anything written in this article is true, because of reasons. Anyway, it makes me a bit sad that the embedded video is not available online anymore.
ccn.com/80-million-ico…
Read 5 tweets
Feb 18
Die ORF-Website will die "Einwilligung" in die Übertragung personenbezogener Verhaltensdaten an 46 Drittparteien, viele davon reine Datenhandelsfirmen.

Nicht cool, dass viele Medien-Websites sowas machen. Gar nicht cool, wenn der öffentlich-rechtliche Rundfunk das macht. ImageImage
Die Gestaltung der "Einwilligung" ist unklar und manipulativ. Es geht nicht um "Cookies", sondern um Datenübertragung an Dritte. Es gibt nicht mal einen gleichwertigen "Ablehnen" Button. Allein das macht die Einwilligung ungültig. Ohne diese ist die Datenverarbeitung nicht legal.
Aber selbst wenn ein "Ablehnen" Button vorhanden wäre, wäre die Datenübertragung nicht legal.

Die EU-Datenschutzbehörden haben das Pseudo-Einwilligungssystem "TCF", das auch auf der ORF-Website genutzt wird, vor zwei Wochen für unrechtmäßig erklärt:
netzpolitik.org/2022/datenschu… Image
Read 30 tweets
Feb 15
Google's "infamous 'Web & App Activity' controls for paid users of Google Workspace" is "split up into two settings" …HOWEVER, "Google is taking advantage of this settings split to re-enable some tracking features, even if users have previously opted out"
arstechnica.com/gadgets/2022/0…
"The crux of those earlier privacy lawsuits was that having privacy settings bizarrely split across two switches was unnecessarily confusing. Now, with Search History, privacy settings are split across three switches" 🤡
"Regarding the promise to not use data from 'Workspace core services', Google's statement doesn't cover Google Search ... which is the primary vector for Google ads and data for Google ads. That's right—the 'Search History' setting from Google doesn't cover Google Search history"
Read 6 tweets
Feb 14
In a few cases, it is perhaps possible to discuss the 'value' of personal data in itself, e.g. data sets to train and validate ML models.

In many cases, however, the value an organization can extract from data depends on its capacity to directly or indirectly apply it to people.
I think, the value an organization can extract from personal data depends on its direct or indirect control over a sociotechnical system's capacity to *act on* individuals and groups, to decide about how to treat people, target them, mediate their choices or behaviors etc.
The most direct form of such a capacity to act on people based on personal data is the 'customer relationship', e.g. with loyalty program members, magazine subscribers, bank customers ...or users who registered at an online service, downloaded an app or bought a networked device.
Read 11 tweets
Jan 31
I want to share some more details about what we found in our investigation into gambling data that are highly relevant to GDPR enforcement and privacy regulation at large.

For example, this is how companies share personal data with each other during a bunch of 'cookie syncs'. Image
I guess rarely anyone has ever analyzed the data flows during only a few 'cookie syncs' at such a level of detail.

It's not about 'cookies' but about an ongoing exchange of personal identifiers that many data companies use to recognize, track and follow everyone across websites.
The chart shows data transmissions we observed during only a few visits to skycasino.com, which initiated requests to the adtech firm MediaMath, which shared the ID it uses to recognize a user with many other firms and initiated further personal data processing by them. Image
Read 31 tweets
Jan 31
We observed that a Sky Bet gambling site transmitted extensive personal data on gambling activities to FB, Google, Microsoft, Adobe and to the TransUnion subsidiaries Signal and Iovation.

When asked about it under the GDPR, they mostly failed to disclose what data they process.
For example, when a user deposited cash at Sky Bet, the website immediately informed FB, Google, Microsoft, Adobe, MediaMath and Signal (TransUnion) about the exact amount deposited.

Several third-party data companies including Google and FB received data on almost every click.
In total, we observed 2,154 data transmissions to 44 third-party companies during only 37 visits to Sky Bet gambling sites.

The TransUnion subsidiary Signal created an extensive digital profile about a person who was a heavy Sky Bet user and lost a lot.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(