Discover and read the best of Twitter Threads about #gdpr

Most recents (24)

My observations on the Spanish DPA #GDPR fine (thread): First, @LaLigaEN still arguing a yr later that their tech is misunderstood. App uses "audio fingerprinting" by which tiny fragments of audio sent for comparison w/content library & then discarded. 1/9
& on this basis they argue that the processing =/= personal data. The use case (detecting unlicensed soccer streaming) makes it challenging: wouldn't a common ID be needed to cross-reference audio + geo? But if not associated w/ user at point of collection? Maybe. 2/9
Side note: audio fingerprinting is pretty common: Shazam, the latest Pixels, & in most Smart TVs for viewing measurement. Greatest concerns for privacy advocates are if/when used between devices (e.g. phone/laptop surreptitiously "listening" for TV content, as done here). 3/9
Read 9 tweets
Thread] 10 reasons why the Netherlands (and everywhere else) should beware Scotland's failed #GIRFEC policy:

1. UK Supreme Court struck down Parts 4&5 of 2014 CYP Act because the mass #datatheft on which #GIRFEC policy relies breaches #Article8 & #GDPR…
2. Scottish @homeed forum & @tymestrust are petitioning @ScotParl for a #publicinquiry into past & present #GIRFEC breaches of #humanrights…

3. #GIRFEC victims' testimony was excluded from evidence to parliamentary committee
4. Remedial legislation to resurrect #girfec #namedperson blocked by parliament: #shanarri too vague/subjective and no legally compliant code of practice…
Read 8 tweets
Steadily approaching #GDPR anniversary and I see two big & fundamental issues everyone is really struggling with:
1️⃣Lawful grounds for processing
One is as old as #EUdataP law itself but the #GDPR has injected new impetus. The other is yet to be learnt properly. Thread⬇️
There are three grounds for processing that get 99% of the attention:
1️⃣Consent seems easy & solid, but it is the most difficult.
2️⃣Contractual necessity is yet to be explored & debated properly.
3️⃣Legitimate interest is seen as the holy grail but remains largely misunderstood.
The standards for valid consent will eventually be settled by #CJEU but it is clear that #GDPR raises the bar well above what has become common practice (think cookie banners & ‘take it or leave it’ approaches). So consent is bound to become the residual option, not the default.
Read 6 tweets
Public trash receptacles removed from Ireland’s main post office out of concern about liability under GDPR…
>me looking for trash cans when living under the GDPR hellscape
Waste receptacles at Ireland’s main post office have been reinstalled after receiving official guidance from the country’s Data Protection Office that #GDPR does not apply to public trash cans.…
Read 4 tweets
The @BBFC #AgeVerification "Certificate Standard" has been published.

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?…
@BBFC Well, that was fast:

"this is the foundation of the non-statutory, voluntary age-verification certification scheme (the Scheme)"

"Only age-verification providers that meet the requirements of the Standard…will receive certification"

What happens to the ones that don't?
@BBFC [ Incidentally, I am going through this in real time with a mug of coffee, so there may be some jumping back and forth. Don't expect perfection. ]
Read 104 tweets
Gang, I will be voting for @TheGreenParty @europeangreens in #EP2019- the @GreensEP have a proven track record of getting things done in Brussels & Strasbourg (see eg #GDPR), & *nothing* is more important than a European #GreenNewDeal.…
A vote for @TheGreenParty in many UK regions has a realistic chance of delivering a @GreensEP MEP, & the maths says they can influence the choice of next President of the Commission. I think they're the best choice to boost #Remain & also deliver progressive green EU policies.
Read 3 tweets
1. @ANewman_forward and I have a piece in the @FT, on #Facebook and privacy, building on our brand new book, Of Privacy and Power Short version - the reason why Facebook is pushing for privacy law goes back to @Snowden revelations.…
2. There's a new narrative about Facebook's embrace of #GDPR (@alexstamos gives one recent version of it) - that GDPR is good for companies like Facebook, because it is complex and easier for big companies to comply with than small upstart competitors. Not altogether wrong,
3. but not really right either. Facebook's ginger embrace of European style legislation is making lemonade out of lemons. Zuckerberg would surely have preferred a world with no privacy legislation, where companies were left to self regulate, and market mechanisms predominated.
Read 22 tweets
First #GDPR fine by Polish DPA. 6M records in database. Scrapped from public sources. Not informed data subjects about their rights. 229k EUR fine. Breach of Article 14. Impressive: no particular explanation provided.
English press release related to the first PL #GDPR fine. 6M user data scraped from public registers. Not informed data subjects about their rights. €220k fine. No tech component; purely lawful case.
Full justification of the #GDPR enforcement here. 220k fine is only one thing. Company has been ordered to inform all the 6M data subjects. Costs might exceed the fine. Full GDPR in action here.… (via G/translate)
Read 5 tweets
In 1989, @timberners_lee submitted a proposal that would change the world.

To celebrate #Web30, for the next 30 hours we're asking everyone to contribute to a crowdsourced timeline of web milestones.

Share your web moments at #Web30 #ForTheWeb:
Starting now, Sir @timberners_lee is speaking from @CERN, where it all began. #Web30 #ForTheWeb

📺 Watch the live stream:
Read 96 tweets
Here’s a short EU #dataprotection thread relating to some of the work I‘ve been doing on #researchethics. The #GDPR is broadly a very good thing but it’s starting to look like a bit of a car crash for established ethical standards in research (1)
Why? A combination of highly effective market research lobbying for business as usual together with wider demands to “repurpose” data for “research” pushed EU negotiators into lowering the data protection bar for “research” activities across the board (2)
Fine you might say, research is very important and we shouldn’t overregulate. But what it means in practice is that once someone has your data, it is now much fairer game for “research” purposes (3)
Read 15 tweets
I've downloaded my personal data from Google thanks to #GDPR portability. I've made 71,600 searches since 2011, almost 25 searches per day, everyday for 8 years 😳 I've analyzed my data quickly, see what I've found in this thread ⤵️ #Google #data
First thing. I've looked at how many searches I've done by month. I was expecting an increase over time, by this isn't the case and I don't really know why. I was on holiday abroad during my lowest months. In April 2014 I did a staggering 1638 search queries, 52 searches / day
I looked at when I googled by weekday and hour and as I was baffled: it's almost perfectly distributed by weekday. I search the most on Sundays and at the beginning and end of work day. Times are in UTC and I lived almost always in Europe/Paris (UTC+1 or +2) so it must be shifted
Read 11 tweets
1/4 This is huge!! As far as I know, the UE has issued the FIRST Rapid Alert (#RAPEX) for dangerous products that may be related to data protection and #Privacy.
This drive me crazy: the product is a smartwatch for MONITORING KIDS (#ENOX SAFE KID ONE with GSM and GPS integrated)
2/4 Now the #smartwatch must be recalled from end users! The App, the server and the watch has no security in data transmission. The risk is very high due to young users… I hope that this will be notified to #DPA too for #GDPR enforcement.
3/4 I’m very happy to see #dangerous #products withdrawn from the market due to lack of data protection. It is the very first time. I hope that the monitoring system will keep on focusing on data protection.…
Read 5 tweets
Facebook pays teens to install AppStore-banned vpn deep root surveillance kit onavo

May I present GDPR Article 8
GDPR on requirements for children
#GDPR. If any parent finds #onavo on a device used by a minor under 16 and is an EU citizen or a dual citizen, you may wish to contact the appropriate data protection authority and/or the Irish DPA and file a complaint and/or seek data rights counsel.
Read 4 tweets
"If you have nothing to hide you are worthless" Shoshana Zuboff #CPDP2019
Should we not gather in resistance against surveillance capitalism which has come to destroy human nature as industrial capitalism did to nature?
@murakamiwood digital is another special fix of capitalism to commodify aspects of human experience until now uncommodified.
Read 18 tweets
@AOC is right: technology reflects society. Here is an incomplete list of experts you should follow if you are interested in this topic / thread:
@safiyanoble – read her great book ‘Algorithms of Oppression – How Search Engines Reinforce Racism’… with @NYUpress
@jovialjoy – and her Gender Shades project, her work with the Algorithmic Justice League and the Safe Face Pledge
Read 41 tweets
beleidsmakers van de toekomst zijn misschien wel engineers. @AriefErnst #fixingtheinternet #fixinginternet
In hoeverre zijn de problemen gerelateerd aan het Internet. #nepnieuws was ook vroeger al een probleem. Monopolies zijn ook al oud. internet is alleen maar een nieuw domein -- zaal #fixingtheinternet #fixinginternet
Data moeten niet altijd centraal opgeslagen worden. Het is een vals dilemma, dat er niets kan als het niet centraal opgeslagen wordt. Voorbeelden zijn belgische gezondheid smart card, basisregistratie en eduroam @jvantill #fixingtheinternet #fixinginternet
Read 10 tweets
How is & how should #EUDataP of #journalism #media develop under #GDPR? Here are some thoughts based on a talk I gave to @sciencespo and @HECParisLaw late last year.…
(1) State law remains highly divergent but the great majority recognise that qualified DP requirements and partial DPA supervision should apply to journalism.
(2) This law, the GDPR itself and the EU Charter all point to a continued, albeit sensitive role, for DPAs here. But these agencies have many other demands and remain highly resource constrained.
Read 6 tweets
Your work history is distinct, more than most passwords. Your resume identifies you (who else had your last 2 to 4 jobs?) even without your name/photo. @LinkedIn as a social network relies on the collective trust of its users to honor the contexts of career and work.
#GDPR makes @LinkedIn accountable for how the company sticks to promised uses of your data, but GDPR doesn't cover how other members of the network use or abuse your information. Social norms (and peer payback like @LeenaVanD offers) can raise the stakes. But abuse happens.
Most data protection laws deal with the relationship between you and companies. The next round of laws will start to cover data in motion (chat, calls, data in transit). But they also should start to consider person-to-person use/abuse of your data. #gdpr #privacy @IdentityWoman
Read 9 tweets
Kelsey’s Naughty List! 🎄😳 In the spirit of Christmas, I've made a Naughty List of bad behaviour in the world of digital rights and privacy! In no particular order, here are some of 2018's biggest blunders for data protection, consumer privacy, and cyberlaw more generally.
NAUGHTY! The US Congress voted down an effort to reform the Foreign Intelligence Surveillance Act (FISA) Section 702 (remember Edward @Snowden?) and instead passed a bill that expanded warrantless surveillance of US citizens and foreigners. 🕵️‍♂️🌍…
NAUGHTY (AGAIN)! The US Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which expands US and foreign law enforcement to target and access people’s data across international borders. Critics of the act include @ACLU and @EFF ⛈️…
Read 11 tweets
Over the past weeks, the 🇪🇺 Parliament has issued two reports on #blockchain. I'll summarize the key points below.

First, an Opinion by the Committee on Civil Liberties, Justice and Home Affairs, which considers the tech 'capable of decentralising forms of human interaction, the markets, banking and international trade'.…
It informed the 2nd report I'll mention below and focused on the #GDPR, stressing the capacity of blockchains for data protection by design. It mentions zk-SNARKs specifically (but remains mum on implications for AML etc).
Read 17 tweets
THREAD: QUESTION FOR ALL SECURITY PEOPLE — in this day and age, would you buy a single-vendor IT security solution which advertised itself as "the gold standard" for data security protection?

Would you give that claim any credence whatsoever?
The infosec world has a long-established term for such glib claims: "Snake Oil" - this terminology goes back to the 1990s or earlier, for vendors who were selling sub-par cryptography as "military-grade" or other supposed but meaningless description…
Particularly telling for "Snake Oil" are the words and phrases that are used to describe the security solution, process, or tool, its development, mechanism, or vendor:

* "Trust Us, We Know What We're Doing"
* "Unbreakability"
* "Military Grade"…
Read 27 tweets
So, @AerServ are trying to cover up that they've had a breach. I was notified that I was in it via @haveibeenpwned and when reaching out to them, they denied that they have any data on non-registered users or that they've even had any breaches! #infosec [1/12]
After receiving the notification from HIBP, and seeing the type of data involved in the breach - I instantly wanted to know how they could have got data of mine. My mobile usage is not much further on than it was when I was using a Nokia 5110, so no questionable apps. [2/12]
I reached out to them with a subject access request, to get a copy of the data they hold about me, despite not having registered for their services (see screenshot) [3/12]
Read 12 tweets
The #EDPB published the *long awaited* draft #GDPR Territorial Scope #Guidelines today, which also have a section dedicated to the “legal representative” issue. Some takeaways below ⬇️ Thread time 1/14…
An “establishment” of a non-EU entity in the EU doesn't require a registered branch/subsidiary. Any stable arrangements will be taken into account 4 data protection law purposes.But merely the fact that the company’s website is accessible from the EU is not an "establishment"2/14
A processor in the EU is not deemed to be an “establishment” of the non-EU controller in the EU. The existence of the controller-processor relationship does not trigger the application of the #GDPR to the non-EU controller 3/14
Read 14 tweets
0/ Coming in HOT today with a thread devoted to a bunch of #crypto- and #blockchain-related events that took place over the past 24 hours or so. Here we go!
1/ ⛽️ I wasn't joking about that 'hot' thing, for @GetGitcoin have introduced Gas Price Heatmaps (

Assess the price vs. speed tradeoff vis-à-vis @ethereum gas. Super useful!

Built by @FrederikBolding. It's a visual representation of @ETHGasStation data.
2/ 🆕 Asia's top full-suite digital asset trading firm, @QCPCapital, became the first #OTC trading desk to set up a 'Space' on @AirSwap [ $AST ].

Launched last month, Spaces enable unique environments geared to support connections among groups that trade.
Read 33 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!