@Arbeiterkammer@JeremiasPrassl@algorithmwatch@GewerkschaftGPA@UNI_Europa The last decade has been quite a ride for me, from co-creating a browser game on surveillance and privacy in 2012 to getting into cross-disciplinary research on today's digital economy with a strong focus on consumer data, rooted in my background in technology, sociology et al.
When I published a first report on commercial data practices in 2014, which was followed by several other projects in this area, I also started to train Austrian unions and work councils on privacy and data protection, and listened to many experiences with workplace datafication.
From 2019 I took a deep dive into enterprise software, from ERP to HR to cybersecurity, from manufacturing execution systems to MS365, from task/workflow/process management to the mobile app as a boss, from performance rating to automated control, from low-wage to knowledge work.
In Sept 2021, I published a German-lang report on surveillance and digital control at work, including a first iteration of a map of systems and technologies that process data on employees.
Now I am really excited that I'll be able to further investigate these issues! #staytuned
Please get in touch if you know nefarious examples or examples that appear to be very common but are actually really relevant, or people who know a lot about data practices at work in specific European countries, or if you generally work on similar stuff!
cw|AT|crackedlabs|.|org
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Vodafone und Deutsche Telekom möchten ihre Position als Internetzugangsanbieter dazu missbrauchen, um NutzerInnen eine Identifikationsnummer zu verpassen, die unzählige Firmen für Tracking nutzen sollen.
Rechtlich legitimiert werden soll das durch die sinnlosen, manipulativen und supernervigen "Cookie"-Banner von Websites und anderen Diensten, die uns tausendmal im Jahr mit Einwilligungsanfragen zuspammen.
Und dann auch noch dieser völlig euphemistische Produktname "TrustPid" 🙄
Laut Datenschutzerklärung erstellen Vodafone+Telekom auf Basis von Mobilfunknummern und IP-Adressen pseudonyme personenbezogene Kennungen/IDs, die andere Firmen nutzen können, um digitale Aktivitäten zu beobachten und Einzelne fürs Targeting auszusondern: trustpid.com/privacynotice
In 2019, the Belgian DPA started an investigation into data practices of 20 popular media sites.
Now it GDPR-fined the Belgian publishing group Roularta €50k (processing 60 cookie identifiers before 'consent', insufficient information, pre-ticked boxes): autoriteprotectiondonnees.be/citoyen/enquet…
This is good, on the one hand. Rarely any European DPA has fined publishers for their use of fraudulent and annoying 'consent banners'. And the Belgian DPA's decision against the underlying TCF framework is potentially even much more consequential.
But.
- €50k is about 0,017% of Roularta group's 2021 revenue (if I got that right)
- As of today, Roularta group still tries to make users 'consent' to extensive personal data processing by >900 third-party data companies, based on the TCF. Bad 'consent' info, no 'reject' button…
In 2011, FB renamed its 'privacy policy' to 'data policy'. While the extreme depth+scale of its global surveillance machine doesn't change, FB/Meta now announced to rename it back to 'privacy policy'.
While they state they have "rewritten and re-designed" the privacy policy "to make it easier to understand and clearer about how we use your information", they don't provide comprehensive information about what they changed, only this very rough summary: facebook.com/help/policysum…
There's a huge new 9,500-words section that describes the GDPR Art 6 legal grounds FB/Meta *claims* to rely on for different kinds of personal data processing (consent, performance contract, legal obligation, vital/public interest, legitimate interest). mbasic.facebook.com/privacy/policy…
From 2014 to 2019, Twitter asked more than 140 million users for their phone numbers and email addresses to 'protect' and 'secure' their accounts, and then exploited the data for profit, violating a 2011 FTC order.
$150m fine + ban from profiting from deceptively collected data:
Collecting data under the pretext of 'security' and then exploiting it for profit is among the most evil attacks on trust into digital technology.
Of course, a $150m fine will hardly prevent any large company from doing similar stuff, unfortunately.
However, the FTC under @linakhanFTC is moving fast and getting things done, which is great, and I guess, this is really the maximum they can currently do.
MORE IMPORTANT QUESTION, where are the 4% GDPR fines and processing bans against Twitter and FB who did similar stuff? 😡
Whatever the terms 'artificial intelligence', 'AI' and 'machine learning' mean or meant, they are now primarily used to obfuscate or glamorize things, so @GeorgetownCPT will stop using them in their work on how digital technologies affect society.
@GeorgetownCPT I just briefly checked, and if I am not wrong, I can proudly say I never used the term 'artificial intelligence' in 12.5k tweets on tech, data and society except in brand names, titles of laws, quotes or scare quotes, and 'AI' only about 25 times, mostly ironic or pejorative 🙃
However, I'm GUILTY of using the term 'big data' in the subtitles of reports published in 2014 and 2016, for example 😬
Motherboard's @josephfcox and @thezedwards uncovered another data broker called Narrative that sells the digital equivalent of address lists of people who installed certain apps on their phone, e.g. lists of device identifiers of period tracking app users: vice.com/en/article/v7d…
@josephfcox@thezedwards They just registered and bought a list of so-called 'advertising IDs' of users of the Clue period tracking app, which can be easily linked to any other personal information.
"The purchase itself took minutes... The resulting file included a list of over 5,500 unique identifiers"
Narrative's response is, as so often, ridiculous. Because "many users aren't even aware that their app download data is being recorded and shared" they: put together a video 🤡
And after being caught, they promise to "remove menstruation and pregnancy tracking app install data".