@mihira@EU_Commission Yeah, it's currently really hidden, you have to click on "More share options".
At least all Social Media account that are selfhosted(by the #EU) or/and #GDPR compliant should always be visible if any social media button is displayed at all.
Only afterwards show biggest or "More share options" button IMHO.
My quick lunch read of this is that EDPB just ruled Meta’s forced consent (“pay or ok”) is a valid tactic (page 20). Prepare to pay for your right to click “deny all”. What a gross undermining of GDPR’s intent…
#SocialMedia#Facebook#Meta#EU#GDPR#DataProtection#AdTech#Privacy: "Today, the EDPB has issued its first decision on "Pay or Okay" in relation to large online platforms such as Instagram and Facebook, as first reported by Politico. This decision prohibits Meta from using an unlawful consent request processing personal data. It seems that by now, Meta has run out of options to continue using people's data for advertising in the EU without a consent mechanism that actually complies with the law." https://noyb.eu/en/statement-edpb-pay-or-okay-opinion
In the latest #EDRigram, we draw your attention to:
🇬🇷 Record-high #GDPR fine for Greece's Migration Ministry
🇪🇺 @europarl_en vote in favour of discriminatory #MigrationPack
💰Meta's harmful push to charge for privacy
& more!
The EDPB takes the view that "large online platforms" like Meta cannot rely on a "pay or okay" system to get "freely given" consent. [Details to follow]
OMFG #OpenAI#ChatGPT is now mixing up details across different threads, causing confusing responses. This is bad within your current thread. Worse across all your threads. BUT REALLY BAD WHEN YOU DELETE ALL YOUR THREADS AND IT STILL REFERENCES THE DELETED DATA #GDPR
#EU#Belgium#France#AI#GenerativeaAI#AITraining#DataProtection#GDPR: "As well as the Belgian Data Protection Authority decision I criticised earlier this week, it appears the French DPA has issued similar guidance on the use of personal data to train AI models. My detailed analysis below shows that, in relation to purpose-specific AI systems, it makes no sense: the training of the system cannot be separated from the ultimate purpose of the system. This has a major bearing on the issue of compatibility.
As a matter of principle and law, the creation and training of AI models/profiles for a specific purpose (be that direct marketing or health care) must be based on the legal basis relied on for that ultimate purpose.
The fact that the creation and training of the models/profiles is a “first phase” in a two-phase process (with the deployment of the models/profiles forming the “second phase”) does not alter that.
However, as an exception to this, under the GDPR, the processing can also be authorised by law or by means of an authorisation issued by a DPA under the relevant law (as in France), provided the law or DPA authorisation lays down appropriate safeguards. That is the only qualification I accept to the above principle." https://www.ianbrown.tech/2024/04/16/more-on-french-and-belgian-gdpr-guidance-on-ai-training/
Sascha van Schendel - Regulating risk profiling by law enforcement. a task for data protection law, non-discrimination law and criminal procedural law - 2024 PhD
The battle to protect our data rights continues as the #DPDIBill returns to the UK House of Lords today.
Our amendments to strengthen the Information Commissioner's Office are on the table. We need a strong, independent and effective data regulator to ensure our rights are enforced.
(1/2) If companies tell you that their processing of your data is legitimised by the GDPR‘s Recital 47, don‘t buy it! They usually refer to the Recital‘s last sentence, which states that direct marketing «may be regarded as carried out for a legitimate interest».
Instead, tell them to read the whole Recital. It mandates for a «careful assessment» of the interests involved, taking into account factors such as (the lack of) a relationship to a company.
— #privacy#DataProtection#GDPR
Some of the issues us privacy people complain about may appear rather insignificant to you. I get that.
But please let me invite you to a different perspective: As we are currently setting a lot of precedents regarding data privacy rights, how we are handling the small issues today will have an effect on how we will deal with big problems tomorrow. That is why you should care about violations of your privacy, even if they don‘t seem like much today. Because tomorrow, they might.
— #privacy#GDPR
You know those cookie-related pop-ups you see on so many websites? I always click on "deny all" or the equivalent. But apparently, on many sites, the cookies will get used anyway.
Here's a half-formed thought I need to mull a bit on:
Somehow, algorithmic (and especially "AI-driven") decision making tends to only be proposed in contexts where it can only — or mostly — affect those with the least power in the system.
Migrants and asylum seekers.
Prisoners.
Families using any form of state support (child benefits, foodstamps, etc).
Palestinians in Gaza.
It somehow never gets proposed for use-cases where it might affect the wealthy and powerful.
@rysiek Article 22 of the EU #gdpr gives people the right to not be subjected to "decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her."
Quite perceptive that they identified these risks in 2016. Of course, it's allowed if authorized by law (with appropriate safeguards).
Proposal of U.S. Federal data protection regulation. American Privacy Rights" It would be different to GDPR but cover more specific things like data brokers or targeted advertising. Allows schemes like 'See Ads or Pay Fee' (like Meta introduced). Introduces Privacy Impact Assessment, and Algorithmic Impact Assessment. It's also a cybersecurity regulation: "... establish, implement, and maintain reasonable data security ..." https://d1dth6e84htgma.cloudfront.net/American_Privacy_Rights_Act_of_2024_Discussion_Draft_0ec8168a66.pdf #privacy#cybersecurity#apr#gdpr
Instagram is now blocking web access to force consent as well. Here is how to get around giving consent:
Instagram redirects to a URL like this: [https://www.instagram.com/consent/?flow=ad_free_subscription&params_json=](https://www.instagram.com/consent/?flow=ad_free_subscription¶ms_json=)...
Change ad_free_subscription to anything, like ad_free_subscription1, hit enter.
Instagram then will show an error, but you can then navigate anywhere from there.
IANAL but as I understand #GDPR Art. 20, they kinda have to offer me API access to my Bank statements?
I'm just getting really tired of their 5 Step CSV export that results in a broken CSV format that they don't accept as being a bug because Excel just ignores null chars while my current CSV-to-QFX solution doesn't. I hacked a fix but that adds a step.
Plus they upped our non-profit sports club's account fees from 100 DKK p.a. to 1200 p.a. 😡 #finance#budget
Well, they've been completely non helpful and kept misrepresenting the law in their favor, willfully leaving out entire sentences that were inconvenient to them. Particularly #GDPR Art. 20 1. (b):
"the processing is carried out by automated means."
And 2.:
"the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible."
And they have a solution for their business customer so they've already proven it's feasible.