Opt-in global Mastodon full text search. Join the index!
2024-04-11 09:21:18

EU Parliament votes to strengthen GDPR enforcement
2024-06-14 21:24:35

European Pirate Party
The EU Pirate party has done a lot of work against surveillance and against removing encryption in the past five years. They have not done so well in the voting this time ( the German Pirate Party MEP will lose the post). Recently, Wired published a detailed account of the history and some of the controversies around the party. It's worth a read!
2024-04-12 09:18:46

On 5th May 2022 I made a complaint to the DPC that the entire An Post/ GeoDirectory advertising database was in breach of GDPR.
On 17th July 2023, the DPC wrote to confirm it had opened a wideranging ‘own volition’ inquiry into the GeoDirectory database.
No further update has issued.
2024-06-13 09:32:44

This has been replaced.
initial toot:…
2024-04-11 10:07:14

EU Parliament votes to strengthen GDPR enforcement
EU Parliament votes to strengthen GDPR enforcementMembers of the European Parliament voted on Wednesday (10 April) on amendments to s…
2024-06-11 15:52:59

Smile! You're on candid camera! (Oh wait, does that violate GDPR?) #DE24
2024-05-12 12:01:57

i also <3 the smell of a GDPR right-to-be-forgotten request rejection in the morning.
2024-04-29 06:25:35

Non-profit noyb files a GDPR complaint against OpenAI in Austria on behalf of an unnamed public figure, who found ChatGPT produced his incorrect birth date (Natasha Lomas/TechCrunch)
2024-04-29 18:34:12

Same principle as my case against Cambridge Analytica in 2019: an inadequate SAR and the UK authorities agreed but the SCL companies liquidated. Sam Altman can’t wind-up OpenAI so easily and also Max Schrems gets results. #GDPR #AI
2024-05-08 01:18:59

Apparently you can’t easily delete your content from Stack Overflow so I have put a GDPR deletion request in.
All these AI fuckers can suck it. 🖕
2024-05-12 15:22:26

In the end, I had to file a #compaint against the large question-and-answer portal mentioned in my last post. They simply ignore the right to erasure under the #gdpr so that they do…
2024-06-11 07:12:54

A Survey on Machine Unlearning: Techniques and New Emerged Privacy Risks
Hengzhu Liu, Ping Xiong, Tianqing Zhu, Philip S. Yu
2024-05-17 16:11:24
> The very people who comply with and execute the GDPR consider it to be positive for their company, positive for privacy and not a pointless, bureaucratic regulation. This is rare as it contradicts the conventional negative narrative about regulation. …
2024-05-07 05:01:33

Someone recently complained that #StackOverflow is “misusing” their answers for commercial purposes and now wishes to have all their content deleted under GDPR.
Here's the thing: Everything published there is #CreativeCommons-licensed under CC BY-SA 4.0. If you don't li…
2024-06-06 11:10:52

Meta's AI plans are against EU law, says @…'s Max Schrems
'This is clearly the opposite of GDPR compliance'…
2024-05-08 01:18:59

Apparently you can’t easily delete your content from Stack Overflow so I have put a GDPR deletion request in.
All these AI fuckers can suck it. 🖕
2024-04-12 20:23:48

NIST and Web3 Security – A Developing Perspective
The National Institute for Standards and Technology just released an initial draft of “A Security Perspective on the Web3 Paradigm” as document IR 8475. It is not long and it is a great take on how NIST is thinking about Web3 security. Here is the link:
#Web3 #NIST #Security #InfoSec #BlockChain #IPFS
2024-04-30 11:42:54

It's funny cause it hits the right targets (Big Tech) but the way that GDPR has become mostly a lever to do a replacement-punishment is kinda weird.
Sure, you now have a stick to beat MetaMicrosoftGoogle's money bags with but is it really about privacy? About an affirmative use that's based on an actual vision for how privacy in connected societies should work? Or is it just "I can't get you for what I feel you do wrong so I'll try to frame it as a privacy issu…
2024-04-11 10:02:18

DK8x22 - PostePay
DK8x22 - PostePayL'app PostePay improvvisamente vuole ficcanasare in tutti i dati del nostro cellulare "per combattere le frodi". Non sono sicuro che il…
2024-05-28 12:46:22

We have to talk about #chatcontrol again, unfortunately 🤦
There's lots of detail in the (German) article at #chatcontrol for secure E2EE chat/messenger services. What is similar to the original, widely criticized (#GDPR interpretations, that would not count as informed, freely given consent.
Summary: the latest proposal is still dangerous and needs to be rejected. Please boost, reshare, and tell your country's EU council/commission/parliament trilogue negotiation members!
2024-05-03 11:14:28

#WeAreFairphone tells me that GDPR demands they delete all my personal data from my phone before repairing it. While I won't change their minds, I'd still like to call bullshit on this one.
Unless of course anyone can point me to the specific section covering that.
2024-04-29 15:00:59

A user has triggered a minor meltdown by emailing a template GDPR right to be forgotten email to me and the support emails of a long list of other services (Jetbrains, Medium, etc) with all of us on CC.
Deleting their account data is easy. The hard part is managing the now-endless series of autoreplies back & forth between customer support CRMs, reply-all-ing the entire CC list to acknowledge the request, which then updates the pending ticket in every other service, which then auto…
2024-05-17 08:22:11

#Symfony bundle for a #GDPR friendly workflow to backup, restore and anonymize your data<…
2024-04-12 20:23:48

NIST and Web3 Security – A Developing Perspective
The National Institute for Standards and Technology just released an initial draft of “A Security Perspective on the Web3 Paradigm” as document IR 8475. It is not long and it is a great take on how NIST is thinking about Web3 security. Here is the link:
#Web3 #NIST #Security #InfoSec #BlockChain #IPFS
2024-04-24 03:07:46

You know, if Congress wanted to solve our data privacy problems, they'd solve our data privacy problems with a simple, national GDPR bill.
But instead, they want to ban TikTok, so they’ve found a way to try and do it, and now Biden plans to sign it. In an election year. 🤦‍♂️
#TikTok #uspol
2024-05-31 11:15:45

Spain's data protection regulator AEPD bans Meta from launching election features on Facebook and Instagram in the country, citing GDPR concerns (Natasha Lomas/TechCrunch)
2024-06-09 13:23:23

I got a notification to opt-out of #Meta training AI on my data, when I couldn't deal with it. Then it was impossible to find.
Today, I succeed as follows, without using the app:
- Go to, click on your avatar in top right, select settings&privacy, then privacy center
- Expand "Other policies and articles" in the left pane
- Click "How Meta uses information for generative AI models"
- Search (Ctrl-F) for "right to object" and follow the link.
#consent #gdpr #facebook #optOut #EU
2024-04-29 10:51:13

Schrems NGO files GDPR complaint against OpenAI over AI ‘hallucinations’
Schrems NGO files GDPR complaint against OpenAI over AI ‘hallucinations’Noyb, the Austrian non-profit founded b…
2024-05-09 23:27:45

I had to follow up several times with one of the largest German question-and-answer platforms to get my "right to be forgotten" enforced. The answers to my request are pure comedy. They obviously don't understand the #gdpr or don't want to understand it (which wou…
2024-05-17 09:48:30

Me to Xero: You removed access to MY data from the API
Xero: Yes its data we only make available to banks and regulated industries
Me: It's my data, I entered it.
Xero: Sorry.
Me: OK, so you prefer I make a monthly GDPR request to get the data?
Xero: Oh, ok. We restored your API access.
2024-04-29 06:53:11

Enhancing Legal Compliance and Regulation Analysis with Large Language Models
Shabnam Hassani
2024-05-16 14:39:28

DK 8x26 I costi del GDPR, ma anche no
DK 8x26 I costi del GDPR, ma anche noSi può prendere sul serio un paper USA che parla di costi del GDPR?…http…
2024-06-06 10:02:14

This has been replaced.
initial toot:…
2024-04-22 06:46:46

How should AI decisions be explained? Requirements for Explanations from the Perspective of European Law
Benjamin Fresz, Elena Dubovitskaya, Danilo Brajovic, Marco Huber, Christian Horz
2024-04-18 09:29:12

Spotted a rather obnoxious dark pattern from #openai here - you can stop your ChatGPT data being used for training, but only if you also disable chat history.
Clearly it's possible to separate these two options, but someone has chosen not to. No way is this GDPR-compliant.
2024-04-17 08:33:09

Because cookies are governed by a Directive (the e-Privacy Directive) which is then written into local law by local statute (in Ireland’s case the e-Privacy Regulations) (mostly unlike the GDPR) some lucky countries see greater enforcement or protections
2024-06-17 17:35:01

GDPR and the Right To Be Forgotten (RTBF) and other Rights
A bit of a longer read.
I recently had the opportunity to engage a bit here on Mastodon on the question of data privacy and the EU General Data Protection Regulation (GDPR). I’ve had a chance to think about this a bit more and am providing the following thoughts. This is not a complete analysis of data privacy under GDPR, but I hope it will be helpful for organizations or agencies who fall under this regulation. I appreciate those who commented previously (references below).
First, some disclaimers:
-       I am not a lawyer. I recommend you talk to one if you are developing software that handles private information or are simply storing or sharing private information.
-       I have read the entire GDPR and recitals, but I am not current on recent legal refinements.
-       I have also read other data compliance regulations such as CCPA and at one point I read all of the data privacy regulations of all 50 US states.
-       Why did I do this? My company was subject to GDPR and a number of other privacy regulations and we were selling a data security solution. Our customers had a reasonable expectation that we would help them meet compliance regulations.
-       We developed internal policies and procedures to comply with GDPR.
-       We honored all GDPR requests related to RTBF.
-       We consciously designed systems that supported and enabled GDPR compliance.
-       We invested in and partnered with a blockchain start up and designed and developed for IPFS.
Some definitions might be helpful. GDPR refers to individuals (individual people like you and me) as Data Subjects. The rights granted are granted to individual users and consumers. Organizations that collect private information about Data Subjects are Data Controllers. When we stored information in our CRM we were a Data Controller as defined by GDPR. It takes a bit of reading to get used to these definitions, but they are fairly straightforward.
Context is important when understanding a regulation like GDPR.
I benefited from my time living in and starting a business in Europe (West Germany, in the 1980s). This part of the world had experienced unspeakable horrors during WWII and were living very close to the repression that existed just across the border in eastern Europe. Repressive regimes abuse confidential information and weaponize secrecy in order to exert control over others. My colleagues from Germany, Italy, France, the UK and Poland understood this in a fundamental, human way. I see GDPR as a natural expression of their desire to protect their nations, their communities, their families and themselves. This is why I deeply respect the EU’s right to promulgate these privacy regulations.
Under GDPR the individual becomes the ultimate owner of their private information. There is no implied ability of a Data Controller to override that right (with some exceptions, see below), or to assume that any rights granted to a Data Controller by an individual are permanent and immutable. An individual can give a Data Controller permission to store their private information, and, importantly, an individual can revoke that permission. This is a fundamental difference with how we in the US tend to think of privacy. It is very important to fully grasp this concept if you are planning to do business in the EU.
The Right To Be Forgotten (sometimes called the Right To Deletion) gives the individual the right to ask for their data to be removed from a Data Controller’s system and for that to occur in a timely fashion. But it is only one right defined under GDPR. There are others:
-       Right to opt in or out of data sharing.
-       Right to change data sharing permissions.
-       Right to know with whom data has been shared.
-       Right to correct data.
-       Right to assume data is pseudonymized, usually with encryption.
-       Right to be informed in a timely way of any data beach.
This is not a complete list of the rights and responsibilities conferred under GDPR, but these are probably the most well-known, and probably where many organizations fail to implement proper controls.
Of course, there are exceptions to data privacy rights under GDPR. Some of them are:
-       Legal requirements to retain data (tax history, etc.).
-       Some freedom of information requirements.
-       Some public knowledge aspects.
-       General public health and safety.
Please note that GDPR does not provide an exception to the rules because your technology prevents you from meeting RTBF deletion requests (looking at you, blockchain and IPFS). There is no programming around these requirements and clever developers do not get a magical pass to ignore them.
It is also important to understand that RTBF is still being refined. This is a bubbling pot of legal activity. In my opinion the direction seems to be in favor of protecting Data Subject’s privacy rights and enforcing RTBF.
GDPR applies to the EU countries and to anyone doing business in the EU. There are lots of other privacy regulations that are similar to GDPR. In the US, there is the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act of 2020 (CPRA). The UK, Australia, New Zealand and many other countries also have privacy regulations that are similar in intent. Once you start absorbing the requirements of these regulations you start to think of private information in a new way.
Ok, now for some recommendations:
If you are a software developer creating that killer app and the next big Unicorn, build in GDPR support right from the beginning. We know how difficult it is to “bolt on” security after the fact. It is equally hard to re-engineer applications to meet GDPR. So, get it right from the beginning and avoid some angst as you approach an IPO or a global rollout.
If you are a business and have dreams of scaling your business beyond your local community, think about how you collect, store and share information about individual consumers. It is almost certain you are going to run into some flavor of GDPR at some point and you will want to be prepared. If you are not covered by GDPR, CCPA or other privacy regulations now, you may soon be.
If you are using social media platforms as a part of your marketing strategy (who isn’t ???) be sure you understand how your social media provider meets GDPR. Sharing sensitive data with social media and big data brokers can be a GDPR nightmare. Make sure your social media partner has processes in place to meet GDPR data deletion requests.
It was previously mentioned here that developer tools like git and Gitlab would likely not come under GDPR controls. I think the point was that tools like git and Gitlab are not typically used to collect information on individuals, and I think that is correct. It is not that GDPR exempts developer tools from its compliance scheme (it doesn’t), it is just that it is rare to use developer tools to store a lot of personal information. One caution: be careful about test data that you might store as a part of automated testing routines. Don’t store test data with information about real people! Anonymize or tokenize the data before adding it to git.
What about Web3 technologies?
Web3 technologies like blockchain and IPFS can make it extremely difficult (nearly impossible) to meet GDPR requirements for RTBF. If your application ingests data to blockchains and/or IPFS, or provides a public gateway to allow this type of data ingestion, I would recommend implementing application logic to prevent sensitive personal data from being added. I’ve built blockchain and IPFS applications and there is no effective delete function. If you have to store sensitive data, I would recommend against using these technologies.
Lastly, remember that you will probably need proper legal advice (that is not me!) related to GDPR and other compliance regulations. Governance and compliance are proper components of a business plan and software design process.
Here are some resources that may be helpful:
EU General Data Protection Regulation (lots of resources here):
#GDPR #CCPA #CPRA #Compliance #Security #BlockChain #IPFS #Software #SoftwareDevelopment #Programming
2024-05-23 12:47:38

i'm pretty sure some of her assistants will send me rtbf gdpr requests soon
2024-05-17 06:48:14

GDPR: Is it worth it? Perceptions of workers who have experienced its implementation
Gerard Buckley, Tristan Caulfield, Ingolf Becker