Discover and read the best of Twitter Threads about #GDPR
Most recents (24)
Microsoft just got slapped with a $20m fine for spying on kids.
Here’s what you need to know: (Thread)
#Microsoft #Xbox #Privacy 1/6
Here’s what you need to know: (Thread)
#Microsoft #Xbox #Privacy 1/6
Microsoft violated the Children’s Online Privacy Protection Act by collecting data on children who had started Xbox accounts without parental consent. They also shared the data with third parties. #COPPA #FTC 2/6
The Federal Trade Commission (FTC) reached a settlement with Microsoft on Monday, which also includes increased protections for child gamers. Microsoft admitted that it did not meet customer expectations and said it was committed to improving its safety measures. #Safety 3/6
How #FATCA IGAs relate to legislation in IRC: To be consistent with FATCA law and avoid the 30% US sanction, IGAs must require the FFIs to close the account of "US Persons" who fail to supply required data (without regard to local #GDPR law). Solutions? law.cornell.edu/uscode/text/26… 
US #FATCA can accommodate Europe's #GDPR only by by excluding @USCitizenAbroad with @TaxResidency abroad from the definition of "U.S. Person". These two screen shots illustrate the problem ... Some thoughts on how this might this be achieved. law.cornell.edu/uscode/text/26…
As the @DemsAbroadTax statement and @SEATNow_org states/implies this problem can be solved ONLY if the US joins the world in adopting residence as the criterion for @TaxResidency. Citizenship would no longer be relevant for taxation. NOT part of any current legislative proposal.
How will the US respond to Belgium's claim that the #FATCA IGA violates the #GDPR? Here is my proposal for ending the tax treaty #savingclause which would allow @USCitizenAbroad to become treaty nonresidents for US tax (effectively ending @CitizenshipTax). youtube.com/live/KqtFhae4i…
See the "third solution" in the thread below which discusses a number of responses/solutions to this #FATCA and @CitizenshipTax problem
@AmerIronCurtain asks: 1. What would it take for Belgium to get out of the #FATCA IGA? 2. What would it take to get out of the #savingclause? 3. Does the Belgium decision mean that the #FATCAIGA is illegal? Interesting questions ...
1. Article 10 of #FATCA IGA contains a notice provision that allows each country to withdraw from the agreement. But, withdrawing from the agreement leaves Belgium "subject" (pun intended) to the direct application of FATCA rules in the IRC (1471 - 1474) home.treasury.gov/system/files/1…
2. Par 4 of Article 1 of US/Belgium treaty contains #savingclause. Belgium agrees US can tax US citizens (with exceptions) regardless of treaty. Change requires treaty amendment. But US could suspend and allow US citizens to be treated as nonresidents. irs.gov/pub/irs-trty/b…
An intelligent response which reinforces the #FATCA (sorry fact) that that the real problem is US @CitizenshipTax. The Decision in Belgium underscores that the sole purpose of the FATCA IGAs is to ensure Americans cannot leave the USA and acquire rights denied to US residents.
As the @DemsAbroadTax statement states/implies this problem can be solved ONLY if the US joins the world in adopting residence as the criterion for @TaxResidency. Citizenship would no longer be relevant for taxation. But, this is NOT part of any legislative proposal.
A second solution would be “A Regulatory Fix For Citizenship Taxation” Which would define “individual” as resident. As published by @TaxNotes here … taxnotes.com/featured-analy…
When the #EU passed its landmark #GeneralDataProtectionRegulation (#GDPR), it seemed like a #privacy miracle. Despite the most aggressive lobbying Europe had ever seen, 500 million Europeans were now guaranteed a digital private life. Could this really be?
1/
1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/05/15/fin…
2/
pluralistic.net/2023/05/15/fin…
2/
Well, yes...and no. Despite flaws (#RightToBeForgotten), the GDPR has strong, well-crafted, badly needed privacy protections. But to get those protections, Europeans need their privacy regulators to enforce the rules.
3/
3/
If you've followed me a long time, you've seen my transition from a "#linkblogger" (5-15 short hits/day) to an "essay-#blogger" (5-7 articles/week). I'm loving the new mode but returning to linkblogging is also intensely, unexpectedly gratifying:
pluralistic.net/2023/05/02/wun…
1/
pluralistic.net/2023/05/02/wun…
1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/05/13/fou…
2/
pluralistic.net/2023/05/13/fou…
2/
My last #linkblogging foray was so great - and my link-backlog is so large - that I'm doing another one.
Link the first: "Siphon," @xkcd's delightful, whimsical "#physics-how-the-fuck-does-it-work" one-shot (visit the link, the tooltip is great):
xkcd.com/2775/
3/
Link the first: "Siphon," @xkcd's delightful, whimsical "#physics-how-the-fuck-does-it-work" one-shot (visit the link, the tooltip is great):
xkcd.com/2775/
3/
#RiseOfAI @Riseof_AI starts with a chatGPT piped to text-to-video keynote. @bootstrappingme says 99% of people can't spot that this is not a person. Are there stats about this? I had about 0.2 seconds of doubt, but I'm sure there's better text to speech out there now.
Fabian did a great (incl. funny) job of complying with joanna-bryson.blogspot.com/2018/11/puttin… and fighting the #futureOfWork misinfo, but repeats the "#AIAct would have blocked #chatGPT" US west-coast talking point. Has someone written a takedown of that yet? #AIEthics @meerihaataja * #riseofai
** The GDPR though should already have blocked #chatGPT hoovering up our data for @OpenAI / @Microsoft for free, is that already getting investigated for prosecution? Anyone? #DSA #AIReguation #digitalGovernance #RiseOfAI
Have a great weekend! Below everything you want to know about #ChatGPT. Thank you Vered! I will add my #thread, with some information about #EU's reaction to ChatGPT.
#Enshittification is platforms devouring themselves: first they tempt users with goodies. Once users are locked in, goodies are withdrawn and dangled before businesses. Once business customers are stuck, all value is claimed for platform shareholders:
pluralistic.net/2023/01/21/pot…
1/
pluralistic.net/2023/01/21/pot…
1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/04/12/alg…
2/
pluralistic.net/2023/04/12/alg…
2/
Enshittification isn't just another way of saying "fraud" or "price gouging" or "wage theft." Enshittification is intrinsically digital, because moving all those goodies around requires the flexibility that only comes with a *digital* businesses.
3/
3/
This is often a critique of data protection as a mechanism for #AI regulation. But especially when combined with human rights and specific anti-discrimination law, how much of a gap does that leave? 🤔 (Of course, *effective* enforcement is always and everywhere a big q)
Non-personal data, obvs, although given the #GDPR’s expansive definition that is a shrinking area, and harms relating to profiling individuals will always be in scope. Group discrimination would come under HR and equality law (if written effectively). Safety (eg cars) separate
*Within* #GDPR there are certainly specific issues which @lilianedwards @mikarv @RDBinns @jennifercobbe and others are writing about. How far they can be addressed without reopening the legislative text?
It's a big day for users of @CreativeCommons images: @Flickr has declared zero tolerance for #CopyleftTrolls, predators who exploit a bug in out-of-date versions of the CC licenses in order to threaten good-faith users of CC images who make minor errors in their image credits. 1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/04/01/pix… 2/
pluralistic.net/2023/04/01/pix… 2/
First things first: Flickr's new community guidelines prohibit copyleft trolling. 3/
This 🧵+ underlying decision really highlight the fundamental incompatibility between most #GenerativeAI tools & #GDPR style laws. That's obvious.
The real question is whether there's sufficient political will to acknowledge this truth given the commercial incentives around AI.
The real question is whether there's sufficient political will to acknowledge this truth given the commercial incentives around AI.
There was also a fundamental incompatibility between #blockchain and the #GDPR but law & policymakers largely chose to ignore it (of course it didn't matter as much because the tech wasn't as consequential). medium.com/berkman-klein-…
In the case of #GenerativeAI, I suspect these decisions will be impossible to enforce because data supply chains are now so complex & disjointed that it's hard to maintain neat delineations between a "data subject, controller & processor" (@OpenAI might try to leverage this).
⚡️Breaking news from the EU & #GDPR land: the Italian Data Protection Authority #GarantePrivacy issued an order today against OpenAI, effectively blocking #ChatGPT in Italy (ordering it not to use personal data of Italians). Here is a deep dive into the short order - 1/
What did the Italian DPA #GarantePrivacy found problematic with ChatGPT4?
- Lack of transparency
- Absence of a lawful ground for processing
- Not respecting accuracy
- Lack of age verification
- Overall breach of Data Protection by Design
Why for each? A short explainer:
2/
- Lack of transparency
- Absence of a lawful ground for processing
- Not respecting accuracy
- Lack of age verification
- Overall breach of Data Protection by Design
Why for each? A short explainer:
2/
A) Lack of transparency
Pursuant verification, the #GarantePrivacy found that no information is provided to users of the service, nor generally to people whose data have been collected by OpenAI & processed through the ChatGPT service.
=> a breach of Art. 13 #GDPR
3/
Pursuant verification, the #GarantePrivacy found that no information is provided to users of the service, nor generally to people whose data have been collected by OpenAI & processed through the ChatGPT service.
=> a breach of Art. 13 #GDPR
3/
#Vastaamo kuultavana tänään it-henkilö, jonka ominta aluetta oli multimedia. #Tietosuojavastaava Nimitys tuli ennen Interan kauppaa 5/2019 "koska sellainen piti vain olla". Virallista koulutusta aiheeseen muutama tunti Snellmannin kesäyliopistosta. #tietosuoja #GDPR
Syyttäjä: "Kuka hallinnoi #Vastaamo tietojärjestelmien käyttäjätunnuksia?" Vastaaja heiluttelee käsiään. Ei ollut kirjallisia käytäntöjä.
Syyttäjä: "Tekikö kukaan tietoturvatestausta?" Vastaaja: "Ei"
🇬🇧 Data Protection and Digital Information Bill
Hot take:
1️⃣ #GDPR exit 🇪🇺
2️⃣ #DigitalID framework 🕵️♀️
3️⃣ When AI "safeguards" should apply🧠
4️⃣ Intl data sharing changes 🇺🇸
5️⃣ More threats to your personal data 👀
🤔 more to follow from me ....
gov.uk/government/new…
Hot take:
1️⃣ #GDPR exit 🇪🇺
2️⃣ #DigitalID framework 🕵️♀️
3️⃣ When AI "safeguards" should apply🧠
4️⃣ Intl data sharing changes 🇺🇸
5️⃣ More threats to your personal data 👀
🤔 more to follow from me ....
gov.uk/government/new…
🧵 relating to @mojeek consultation response for the Bill
Yesterday we sent an urgent open letter to @michelledonelan with 25 other civil society groups. We called on the government to scrap the Data Protection and Digital Information Bill and the attack on our data protection rights. Here's why.
1/7 openrightsgroup.org/blog/the-data-…
1/7 openrightsgroup.org/blog/the-data-…
@michelledonelan The #DPDIBill lowers the threshold for organisations to refuse a Subject Access Request and removes individuals’ right to not to be subjected to solely automated decision making. 2/7
@michelledonelan The independence of the @ICOnews will be reduced by the #DPDIBill. As the ICO plays a key part in the oversight of the government’s use of data, this is extremely problematic. 3/7
Just back from a 🇺🇸 roadshow to spread the word about the emerging #AI regulation in 🇪🇺&🇬🇧, and the learning points from speaking to technology & privacy professionals are significant. Mini-🧵
1️⃣Overall, there is an understanding that this is happening and is happening fast, but for a sizeable majority, it is truly eye opening to hear about the breadth & depth of the forthcoming #AI regulatory regime and fully appreciating the precise impact is going to take time.
Around the world journalists are being imprisoned, hacked, even killed. So why should we care about copyright law?
#Thread about the "subtle censorship" of a reputation management firm that uses manipulative methods bury the truth. #StoryKillers
1/14
forbiddenstories.org/story-killers/…
#Thread about the "subtle censorship" of a reputation management firm that uses manipulative methods bury the truth. #StoryKillers
1/14
forbiddenstories.org/story-killers/…
Let's go to 2018. Mexican journalist Daniel Sanchez publishes an investigation into a company contracted by a state governor for @pagina_66.
He starts getting calls asking to take the piece down. He consults with @article19mex who tells him not to.
Daniel 1 - Company 0
2/14
He starts getting calls asking to take the piece down. He consults with @article19mex who tells him not to.
Daniel 1 - Company 0
2/14
Months later, he gets a weird email. It appears to be from the "Compliance Department" of the European Commission. They say he is infringing on a personal data law called #GDPR. Nevertheless, he keeps the article up.
Daniel 2 - Company 0
3/14
Daniel 2 - Company 0
3/14
🧵What have economists learned from the #GDPR?
I review the literature for a future NBER book on the "Economics of #Privacy" edited by @ce_tucker & @avicgoldfarb. 1/7
nber.org/books-and-chap…
I review the literature for a future NBER book on the "Economics of #Privacy" edited by @ce_tucker & @avicgoldfarb. 1/7
nber.org/books-and-chap…
Regulators & researchers seek to balance privacy & the data economy. The EU’s #GDPR is a landmark & influential regulation that defines personal data expansively. GDPR establishes:
-rules for data processing,
-rights for EU residents,
-responsibilities for firms, &
-BIG fines. 2/
-rules for data processing,
-rights for EU residents,
-responsibilities for firms, &
-BIG fines. 2/
#GDPR is hard to study:
A) Finding a suitable control group is hard because the GDPR had global spillovers. E.g., it affects EU firms & non-EU firms serving EU residents.
B) GDPR can screw with personal data: e.g., you may only see data from consenting users. 3/
A) Finding a suitable control group is hard because the GDPR had global spillovers. E.g., it affects EU firms & non-EU firms serving EU residents.
B) GDPR can screw with personal data: e.g., you may only see data from consenting users. 3/
🧵 While #ChatGPT is grabbing the headlines, pushing @GoogleAI (#LaMDA) and @Baidu_Inc to rush their plans to launch competitors, maybe it’s time to explore the security/privacy concerns generative AIs raise.
Here's a #thread on some of these, brought to you by @InfosecurityMag.
Here's a #thread on some of these, brought to you by @InfosecurityMag.
@GoogleAI @Baidu_Inc @InfosecurityMag First, @OpenAI’s #ChatGPT has already been used to develop #malware and other malicious tools, as @a_mascellino reported on January 9, 2023. #encryption #cybercrime cc @SShykevich @_CPResearch_
infosecurity-magazine.com/news/chatgpt-d…
infosecurity-magazine.com/news/chatgpt-d…
@GoogleAI @Baidu_Inc @InfosecurityMag @OpenAI @a_mascellino @SShykevich @_CPResearch_ Here’s the original @_CPResearch_ report 👇
📢JUST IN (from @NOYBeu): @DPCIreland's decisions on Instagram and Facebook:
- Facebook: noyb.eu/sites/default/…
- Instagram: noyb.eu/sites/default/…
I'm reading and live-tweeting my hot-takes (starting with the 196-page Instagram decision)!
- Facebook: noyb.eu/sites/default/…
- Instagram: noyb.eu/sites/default/…
I'm reading and live-tweeting my hot-takes (starting with the 196-page Instagram decision)!
But before that, (re-)familiarizing myself with IAPP's recent infographic on legal bases! iapp.org/media/pdf/reso…
A thread in response to @benthompson's 11 Jan @stratechery members article on Meta's #GDPR fine. If you prefer it longer, see my 2019 post, "Is Facebook Radically Evil?" contentadvisory.net/is-facebook-ra…
Background: Protection of one's personal data is enshrined in Art. 8 of the EU Charter of Fundamental Rights. (As is privacy, in Art. 7.) The EU Parliament had an obligation to represent and protect this right. The result was the #GDPR.
The GDPR protects the personal data of any resident of the EU, defined as "any information relating to an identified or identifiable natural person ('data subject')." It does not make any further distinction between "first party" and "third party" data.
If you read one thing before @DPCIreland's decisions vs. @Meta are published, let it be this tour de force by @Jenn_Bryant1008! #dataprivacy #GDPR #holdontoyourhats iapp.org/news/a/breakin…
With the Privacy Community's Who's Who sharing their views...
@gabrielazanfir: "The community spent a lot of time analyzing and understanding requirements for consent and legitimate interests in the past years, and not so much the ‘contract’ lawful ground"
