shawnhooper, to privacy
@shawnhooper@fosstodon.org avatar

Request from a team member:

"I want to test out the utility of this application I want to confirm that it is GDPR-LMNOP compliant before I get too far."

I love that they check.

adamczyk, to random Polish
@adamczyk@pol.social avatar

Kochani, oglądam ostatni sezon "Rojsta", bardzo mi się podoba, a tego mema będę kolegom z pracy wysyłać do końca swoich dni.


openrightsgroup, to UKpolitics
@openrightsgroup@social.openrightsgroup.org avatar

24/7 GPS monitoring of migrants enabled the UK Home Office to collect vast amounts of personal data, invading people’s privacy and inflicting psychological burdens.

It’s a punitive and offensive measure that has rightly been found unlawful by the Information Commissioner’s Office.

https://www.wired.com/story/gps-ankle-tags-uk-privacy-illegal/

GavinChait, to random
@GavinChait@wandering.shop avatar

Follow along with me on my adventures.

In 2021 I cancelled my subscription & migrated. I deliberately, & carefully, deleted my credit card information & all passwords from the account. I received email acknowledgement, & then I forgot about it.

That was a mistake.

Turns out, they continued to charge me. Every year. Even increased the fee.

GavinChait,
@GavinChait@wandering.shop avatar

My bank, helpfully, reversed the last charge, but can't help me further, or stop them from trying again.

I contacted LastPass. They acknowledge I don't have an account, & that they have no basis for charging me.

Then they ended all further correspondence. Unhelpfully, I now get regular spam telling me how important my case is to them, but not engaging with me.

I just filed a complaint with ICO, & we'll see how this goes ...

But - and I cannot stress this enough - .

Soficious, to ai Portuguese
@Soficious@masto.pt avatar

Toda esta trapalhada com o Wordpress e Tumblr, onde o que os utilizadores publicam nestas plataformas será (ou poderá ser) usado em AI, é assustador.

Ontem mencionaram na minha stream que isto pode quebrar o , mas mesmo assim, como alguém que escreve na internet e partilha os seus textos, fico sem vontade alguma de continuar. Não quero que uma "" ande a consumir o que faço sem a minha permissão. Perdemos todos com isto: eu, por não escrever, vocês que deixam de me ler.

fabio, to meta
@fabio@manganiello.social avatar

Under the terms, consent or refusal for processing and selling personal data must be given freely.

Users must always be in control of their data and decide what they want to share, without paying fees for this freedom.

You can’t give users a choice between breaking the law (by taking away the possibility of choosing what can be shared), or asking users to pay a premium for law compliance.

Just like thieves don’t get contracts along the lines “you can steal from these shops, and if shop owners want to keep you away from their goods then they have to pay an antitheft fee to make up for your lost theft revenue”.

’s “privacy tax” is just like Apple’s alleged “3rd-party store tax”: users are not supposed to give a single fuck about the “likely financial loss” that a business will go through if a regulating body finds their practices to be illegal and requires the business model to change.

If revenue acquired through illegal means was never supposed to be there in the first place, then there are no losses to be charged to the consumers.

https://www.theregister.com/2024/02/29/meta_gdpr_complaints/

finnmyrstad, to privacy
@finnmyrstad@eupolicy.social avatar

📡We are filing complaints, together with other consumer groups, against Meta today.

Their pay-or-consent choice these past months is a smokescreen.

Behind it lies massive, illegal data processing.

https://nrkbeta.no/2024/02/29/forbrukerradet-med-koordinert-klage-mot-meta/

coffeeClean, (edited ) to reddit in Reddit sent me invitations to their IPO to my "deleted" accounts! That's a GDPR violation!

You are on a privacy-offending Cloudflare site (), so Tor users are blocked from seeing your Cloudflare-jailed image. If you care about privacy you will bounce from that instance.

Without seeing the image, I have to ask how an anonymous user gets rights. Or has started supporting an identification mechanism of some kind? When I start the reg process, it asks for an email address, username, and pw, not a first + lastname (but my test stopped when a Google reCAPTCHA push was attempted). I have zero sympathy for Reddit – they are rotten to the core scumbags, but I do not see how the GDPR can be applied to anonymous accounts.

(edit) I gather from other comments you must have posted an email. Would be great if you could copy the text of the email into the body of your post so everyone can see it and so people using screen readers can hear it. Thanks!

coffeeClean, (edited ) to reddit in Reddit sent me invitations to their IPO to my "deleted" accounts! That's a GDPR violation!

The GDPR is a not a directive. It’s a regulation. Nontheless, I read that the GDPR was specifically mirrored into UK law with a couple minor modifications.

But to answer @automaton, AFAIK the does not apply in this situation anyway because Reddit accounts are “anonymous”. The GDPR only protects identified people.

/cc @d00ery

alda, to wordpress
@alda@topspicy.social avatar

For the record (pun intended), what is called a "post" in #WordPress and is used in #Automattic's terms and conditions is what other frameworks would refer to as "objects" or "records".

"Custom post types" are "models" in the context of MVC patterns.

Blog posts and news articles are posts. Images are posts. Contact form submissions are posts. Customer purchases in #WooCommerce are posts.

alda, (edited )
@alda@topspicy.social avatar

Your WooCommerce customers are user records. Their personally identifiable information is stored in the wp_user_meta table.

All of this is uploaded to Automattic's infrastructure (which is largely located in the US) as "shadow site" data if you use #Jetpack and the #GDPR implications of that are worrying to me.

shaedrich, to meta
@shaedrich@mastodon.online avatar

When will we finally recognize people's inability and denial to leave hostile web services (looking at you, #Meta, #Google, etc.) as similar to how addicts and people in toxic relationships (often times related to #MentalHealth impacts) act?

#privacy #freeWeb #indieWeb #smallWeb #GDPR #enshittification

ralb, to privacy
@ralb@privacyofficers.social avatar

A big recruiting platform just answered my demand for access to my personal data (which was presumably given to them by a data broker) by sending me a screenshot of the data broker‘s job ads with no further explanation.
Do they want me to apply?!? I don‘t think the data broker would hire me though. They already know me and I‘m quite sure they do not like me very much. 😆

ralb, to privacy
@ralb@privacyofficers.social avatar

News about significant data breaches appear to break on a daily basis now. Yet some (business) people still give me strange looks when I tell them that the best way to protect data is to not have it stored. 🙄 You can‘t lose what you don‘t have. It‘s that simple. 🤷‍♂️

Frederik_Borgesius, to ai
@Frederik_Borgesius@akademienl.social avatar

‘The AI Act's debiasing exception to the GDPR’

A new blog post by Marvin van Bekkum & me.

The AI Act includes a debiasing exception to the General Data Protection Regulation's ban on using sensitive data (special categories of data). The EU considerably improved the text of the exception, compared to the first draft by the European Commission, adding several safeguards for processing sensitive data.

https://iapp.org/news/a/the-ai-acts-debiasing-exception-to-the-gdpr/

#ai #tech #law #eu #gdpr #dataprotection #privacy #aiact

Jeremiah, (edited ) to random
@Jeremiah@alpaca.gold avatar

I was surprised how many startup founders at were unaware European companies cannot use most US-based cloud services without violating GDPR because the US government has surveillance authority over most cloud infrastructure providers.

https://noyb.eu/en/next-steps-eu-companies-faqs

More about FISA 702: https://www.brennancenter.org/our-work/research-reports/whats-next-reforming-section-702-foreign-intelligence-surveillance-act

EU-based alternatives: https://eucloud.tech/

SebastienK, to privacy Dutch
@SebastienK@mastodon.social avatar

A company that uses facial-recognition in vending machines on school campuses claims it’s machines are GDPR compliant.

“According to and , students shouldn't worry about data because the are "fully compliant" with the world's toughest privacy law, the European Union's General Data Protection Regulation ().”

I really hope that company will get caught lying soon.

https://arstechnica.com/tech-policy/2024/02/vending-machine-error-reveals-secret-face-image-database-of-college-students/

slothrop, to random
@slothrop@chaos.social avatar

The future isn’t just dystopic.

It’s also really really stupid.

Vending machine in Canadian school is found to use face recognition, maker claims its compliant

From: @arstechnica
https://mastodon.social/@arstechnica/111983058045079745

itnewsbot, to medical
@itnewsbot@schleuss.online avatar

Vending machine error reveals secret face image database of college students - Enlarge (credit: Aurich Lawson | Mars | Getty Images)

Canada-b... - https://arstechnica.com/?p=2005753

ralb, to privacy
@ralb@privacyofficers.social avatar

If I had a Euro for every time a company tried to convince me that the GDPR is valid only as long as it does not interfere with their respective business model, I‘d have MANY Euros. 🤦‍♂️🙄 Of course, the exact opposite is true: Their business models are valid only as long they are not interfering with the GDPR!

Imperor, to reddit
@Imperor@mastodon.social avatar

#reddit is going to sell their user data to #google so they can train their #AI and #LLM on reddit user data - apparently this could very well be a huge #gdpr violation.

@AlteredStateBlob made a good write up on what's going on and what you can do to enforce your rights and put a stop to this unbridled greed.

https://kbin.social/m/privacy@lemmy.ml/t/854172/Any-EU-based-users-of-reddit-should-immediately-file-a

#news #dpo #dpa #dataprotection #dataprivacy #privacy #ai #llm

LukaszOlejnik, to random
@LukaszOlejnik@mastodon.social avatar
Frederik_Borgesius, to security
@Frederik_Borgesius@akademienl.social avatar

NL: 'Major data breach at jewellery chain Brandfield: "a goldmine for criminals"'

'Groot datalek bij juweliersketen Brandfield: "een goudmijn voor criminelen"’

With some quotes from me (in text and in the radio show).

https://www.bnr.nl/nieuws/binnenland/10540897/groot-datalek-bij-juweliersketen-brandfield-een-goudmijn-voor-criminelen

Brendanjones, to ai
@Brendanjones@fosstodon.org avatar

Just the latest in companies using all your content and data to make money with .

Here’s an idea (🧵 incoming):

It’s probably too late (this is a classic case of regulations lagging behind technology, to the detriment of individuals and society), but I’d like to see regulation that stops companies using or selling their data for training AI models, if users did not very explicitly opt in to having their data used like this.

https://arstechnica.com/information-technology/2024/02/your-reddit-posts-may-train-ai-models-following-new-60-million-agreement/

Brendanjones,
@Brendanjones@fosstodon.org avatar

Thinking on this further, it’s basically an extension of the principle of requiring opt-in consent, like requires for personal data but extended to all user data.

I can see that it may slow “innovation” (the scare quotes meaning “use whatever resources you can to extract more profit”), but given corporations have proven they’ll exploit users for profit, this seems like a needed control on that exploitation.

If anyone would implement this I expect it’d be the .

End 🧵

ralb, to privacy
@ralb@privacyofficers.social avatar

I just filed a complaint against the Austrian subsidiary of a credit rating agency for allegedly violating my GDPR-access-rights. Other than a copy of the (extensive) data they have on me, they have provided almost no additional information on its processing. This makes it virtually impossible for me to exercise my data subject rights and therefore contradicts the GDPR‘s principles. Now, the data protection authority will have a say.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • bokunoheroacademia
  • DreamBathrooms
  • khanakhh
  • everett
  • magazineikmin
  • Youngstown
  • rosin
  • ethstaker
  • slotface
  • InstantRegret
  • Leos
  • kavyap
  • GTA5RPClips
  • rhentai
  • lostlight
  • osvaldo12
  • Durango
  • cisconetworking
  • thenastyranch
  • tacticalgear
  • relationshipadvice
  • tester
  • mdbf
  • cubers
  • modclub
  • HellsKitchen
  • normalnudes
  • sketchdaily
  • All magazines