PSA, if someone asks you for contact info (e.g. a phone number) of someone you know, the correct response is "I can't give that to you, but I can give them yours".
It's efficient and adds no round-trips, it's privacy friendly, it's non-awkward and it's social engineering resistant. It's a universally good rule.
And the corollary, of course: Don't ask someone for another person's contact info - ask them to pass on yours.
@Merovius also handing over someone elses contact details without their explicit permission is literally anfelony in #Germany as it violates #GDPR & #BDSG...
I was on Morning Ireland today, talking about some of the wider implications of the Meta €1.2bn fine and orders for data transfers, TikTok and EU data relations with Chinese and US companies, and the data supply chain for EU companies.
@neil Is it procedurally possible for a #GDPR fine to be increased on appeal in Ireland? At least with antitrust cases sometime companies avoid appealing because there's a risk of getting the fine increased.
Why am I pushing a "Users' Bill of Account Rights" now? While this does not apply only to #Google, I frankly am deeply tired of people coming to me desperate, pleading, for help trying to restore access to locked out Google accounts. Google won't respond to them. They ask who they can talk to? Who can they PAY? Personal and business emails, precious photos, files. They trusted Google. They followed the rules. They did nothing illegal. And they've lost access to everything. To Google, they're just in the noise at Google scale.
It's been this way at Google since the firm's start, but over the years Google has encouraged ordinary, nontechnical people to trust them more and more. And that usually works great, until something goes wrong.
Up to now, I've sometimes been able to informally help in these situations, via contacts at Google. But even that has become much more difficult. This is getting worse, not better.
Google has the resources -- money and smart minds -- to solve these problems. This is not rocket science, or even computer science. There are straightforward ways to make this far better for Google users otherwise locked out and left to swing in the wind. The sad fact is that Google simply doesn't consider them to rise to the level worth helping.
@lauren@rrwo The #GDPR does entitle users to their data & it states that ID required to satisfy access reqs cannot be a higher degree of proof than what was needed to open the acct. The problem is that the GDPR has no teeth. Corps ignore the GDPR, ppl report it to the DPA under art. 77, then the DPA does nothing. There is nothing in the GDPR that forces the DPA to act. It’s a toothless mandate
Almost 5 years after the #GDPR, there has been little substantial enforcement in EU-level cases.
The EDPB register of final decisions reveals that most (64%) of the 159 enforcement measures by late 2022 were merely reprimands.
(Excludes "amicable resolutions")
If you've followed my work for a long time, you've watched me transition from a "#linkblogger" who posts 5-15 short hits every day to an "essay-#blogger" who posts 5-7 long articles/week. I'm loving the new mode of working, but returning to linkblogging is also intensely, unexpectedly gratifying:
Bennett and I followed up "Privacy Without Monopoly" with an appendix that focused on a territory where there is a privacy law: the EU, whose (patchily enforced) #GeneralDataProtectionRegulation (#GDPR) is the kind of privacy law that we call for in the original paper. In that appendix, we addressed the issues of GDPR enforcement:
@nattiegoogie Which reminds me, I really need to post the latest bullshit letter I got from Twitter in my ongoing right to erasure dispute with them through the Irish “DPC”.
Digital #SelfDefense is just one component. Stopping here would be naïve. It takes #sovereignty, too (owning your data), and #citizenship (getting involved with policy making), otherwise public spaces will just wither under growing #surveillance.
When the #EU started discussing the #GDPR, lots of people were "sure" it would never make a difference. Now it's in effect, we have court rulings like #SchremsI & #SchremsII, plus legal action taken by orgs like @noybeu.
Meta Ireland fined €1.2 billion for violating GDPR by transferring EU/EEA users’ data to the US without adequate protection. DPC orders Meta Ireland to suspend future transfers and cease unlawful processing within 6 months. Decision follows EDPB dispute resolution. #GDPR#Meta#DPC
「 Clearview AI, the US startup that’s attracted notoriety in recent years for a massive privacy violation after it scraped selfies off the Internet and used people’s data to build a facial recognition tool it pitched to law enforcement and others, has been hit with another fine in France over non-cooperation with the data protection regulator 」
— @TechCrunch
「 Maslouh noticed the excessive age of some of the European personal data within it, and also noted that many of the records for so-called passive applicants—who had not actively applied to Google—showed no evidence of Google ever having reached out to them. Many of these individuals were listed as working for organizations such as Interpol, the CIA, the U.K. Home Office, the European Parliament, and the U.S. Securities and Exchange Commission 」
This fine issued by the #EU to #Meta, for it's abuse of it's users data privacy (#GDPR) is a good start, but #bigTech companies should be fined on a monthly basis, if you ask me ..
#Meta was fined USD 1.3B and seems to think it doesn’t have to change how it does business. The EU and US are trying to figure out how #GDPR and the #PatriotAct can coexist peacefully—I think in vain. And EU companies use US services that are probably not compliant with GDPR to compete in the digital market.
A new record for a #GDPR fine: $1.3 billion dollars.
"The DPC said Meta infringed GDPR by continuing to transfer EU user data to the US without proper safeguards in place, despite a ruling by the European court of justice in 2020 requiring robust protection of that information."
Hearing #Meta "complaining that the company has been “singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe”" sounds awfully like my children saying "but X was doing it too…".
… to which the answer is "Yes, and I'll deal with them shortly".