Digital #SelfDefense is just one component. Stopping here would be naïve. It takes #sovereignty, too (owning your data), and #citizenship (getting involved with policy making), otherwise public spaces will just wither under growing #surveillance.
When the #EU started discussing the #GDPR, lots of people were "sure" it would never make a difference. Now it's in effect, we have court rulings like #SchremsI & #SchremsII, plus legal action taken by orgs like @noybeu.
"Is there something better coming?” I think it’s #Mastodon; and I think it’s Mastodon for a bunch of reasons. One is that the Mastodon standard was developed when the tech platforms were totally disinterested and didn’t have their fingers on the scale...."
@mjgardner@tchambers@pluralistic well, as per #GDPR the minimum is to be able to export the data in a common format. We use csv at #nodebb, and while you can't easily reimport that format back to another piece of software it is still possible at least.
Why am I pushing a "Users' Bill of Account Rights" now? While this does not apply only to #Google, I frankly am deeply tired of people coming to me desperate, pleading, for help trying to restore access to locked out Google accounts. Google won't respond to them. They ask who they can talk to? Who can they PAY? Personal and business emails, precious photos, files. They trusted Google. They followed the rules. They did nothing illegal. And they've lost access to everything. To Google, they're just in the noise at Google scale.
It's been this way at Google since the firm's start, but over the years Google has encouraged ordinary, nontechnical people to trust them more and more. And that usually works great, until something goes wrong.
Up to now, I've sometimes been able to informally help in these situations, via contacts at Google. But even that has become much more difficult. This is getting worse, not better.
Google has the resources -- money and smart minds -- to solve these problems. This is not rocket science, or even computer science. There are straightforward ways to make this far better for Google users otherwise locked out and left to swing in the wind. The sad fact is that Google simply doesn't consider them to rise to the level worth helping.
@lauren@rrwo The #GDPR does entitle users to their data & it states that ID required to satisfy access reqs cannot be a higher degree of proof than what was needed to open the acct. The problem is that the GDPR has no teeth. Corps ignore the GDPR, ppl report it to the DPA under art. 77, then the DPA does nothing. There is nothing in the GDPR that forces the DPA to act. It’s a toothless mandate
@nattiegoogie Which reminds me, I really need to post the latest bullshit letter I got from Twitter in my ongoing right to erasure dispute with them through the Irish “DPC”.
Almost 5 years after the #GDPR, there has been little substantial enforcement in EU-level cases.
The EDPB register of final decisions reveals that most (64%) of the 159 enforcement measures by late 2022 were merely reprimands.
(Excludes "amicable resolutions")
If you've followed my work for a long time, you've watched me transition from a "#linkblogger" who posts 5-15 short hits every day to an "essay-#blogger" who posts 5-7 long articles/week. I'm loving the new mode of working, but returning to linkblogging is also intensely, unexpectedly gratifying:
Bennett and I followed up "Privacy Without Monopoly" with an appendix that focused on a territory where there is a privacy law: the EU, whose (patchily enforced) #GeneralDataProtectionRegulation (#GDPR) is the kind of privacy law that we call for in the original paper. In that appendix, we addressed the issues of GDPR enforcement:
Their representative polls found that "the further away from the GP, the less people are willing to share their #HealthData" and yet BEUC concludes that while data use by medical profl's should require #OptIn consent, for secondary use by #BigPharma and #BigTech an #OptOut option is enough. ❓❓❓
「 Maslouh noticed the excessive age of some of the European personal data within it, and also noted that many of the records for so-called passive applicants—who had not actively applied to Google—showed no evidence of Google ever having reached out to them. Many of these individuals were listed as working for organizations such as Interpol, the CIA, the U.K. Home Office, the European Parliament, and the U.S. Securities and Exchange Commission 」
#TrustArc is the most obnoxious #GDPR popup solution. Takes up the whole screen, relies on <iframe>s to work, and saving the preferences takes another minute. Whenever I see a website using it, I just disable JavaScript altogether
Meta Ireland fined €1.2 billion for violating GDPR by transferring EU/EEA users’ data to the US without adequate protection. DPC orders Meta Ireland to suspend future transfers and cease unlawful processing within 6 months. Decision follows EDPB dispute resolution. #GDPR#Meta#DPC
「 Clearview AI, the US startup that’s attracted notoriety in recent years for a massive privacy violation after it scraped selfies off the Internet and used people’s data to build a facial recognition tool it pitched to law enforcement and others, has been hit with another fine in France over non-cooperation with the data protection regulator 」
— @TechCrunch