harsh

@harsh@eupolicy.social

Assistant Professor @ Dublin City University ; Chair W3C Data Privacy Vocabularies & Controls Community Group (DPVCG) ; Semantics x Privacy/DataProtection x Consent x GDPR

This profile is from a federated server and may be incomplete. Browse more on the original instance.

harsh, to random

A reminder that the FBI specifically suggests use of ad-blockers to combat frauds/scams arising from online advertisement https://www.ic3.gov/Media/Y2022/PSA221221. In terms of security, having adblock enabled is the best practice right now. Use https://ublockorigin.com/ in your browser/device.

harsh, to random

Personalised ads or pay up. See https://about.fb.com/news/2023/10/facebook-and-instagram-to-offer-subscription-for-no-ads-in-europe/ "To comply with evolving European regulations, we are introducing a new subscription option in the EU, EEA and Switzerland. In November, we will be offering people... the choice to continue using these personalised services for free with ads, or subscribe to stop seeing ads. While people are subscribed, their information will not be used for ads."

harsh,

What's the legal basis for personalised ads? Surely not consent, because GDPR Art-7 says "When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract." Not legimate interests either as personalised ads aren't necessary and theres a disproportionate impact on rights.

harsh,

Public benefit? I'm joking. The only option left is contract - and this relies entirely on the argument that Facebook is not just a social network, but also a personalised ads service, and people come to it for both. This is clearly not the case because nowhere in its entire site does it state this nor is it the expectation users who sign up to the service. Consumer protection might want to look into this argument as well if that's the case.

harsh,

EDPB has issued an "EDPB Urgent Binding Decision on processing of personal data for behavioural advertising by Meta" "The EDPB takes note of Meta's proposal to rely on a consent based approach as legal basis, as it was reported on 30/10. The Irish DPC is currently evaluating this together with the Concerned Supervisory Authorities (CSAs)."

bendrath, to random German
@bendrath@eupolicy.social avatar

A German court has just declared a "Do Not Track" signal from your browser as legally binding, pursuant to Article 21(5) . https://www.vzbv.de/urteile/gericht-untersagt-datenschutzverstoesse-von-linkedin

harsh,

@bendrath I only have the decision in German as a scanned PDF https://www.vzbv.de/sites/default/files/2023-10/23-10-10_Stn_vzbv_HKNRV_Gas_W%C3%A4rme_und_K%C3%A4lte_final_0.pdf Does anyone have an English version? I'm very keen to read this case. I'm also interested in asking how do we get a EDPB acknowledgement of DNT and what it means for the signal to be.

harsh, to random

Just finished reading "The Internet Con: How to seize the means of computation" by @pluralistic . Surprisingly, a lot of the book is about interoperability and making it happen legally. For me, this hit really hard because of how involved my work is around both. Key takeaway for me is that if we want to create a better tech society, we need to open up stuff with interoperability to drive innovation and competition rather than just regulate big tech expecting them to behave.

eob, to random
@eob@social.coop avatar

Here's an interesting article from last year by @harsh

https://arxiv.org/abs/2208.05786

It discusses how to create a vocabulary to express what a user is being asked to consent to on websites, and it proposes that browsers present some or all of the consent UI

Is this flexible enough to deal with the fact that privacy is very context dependent?

A user might consent to different privacy/functionality trade-offs dependent on how sensitive what they are doing is and how much they trust the current site

harsh,

@eob Hi. Thanks for highlighting my article! Its definitely not 'flexible' to cover all privacy contexts, but it does provide a good baseline for the user(-agent) to have control over the interaction by having certain functionalities be under their control. This means users can get better tools (similar to accessibility) to help them with better comprehension and decision making, and there is lesser scope for dark patterns / manipulation.

harsh, to random

California just passed a bill that gives the right to delete all data across all data brokers! I'm really liking this proactive at-scale legislative approach that CA has been taking. https://leginfo.legislature.ca.gov/faces/billStatusClient.xhtml?bill_id=202320240SB362

LukaszOlejnik, to random
@LukaszOlejnik@mastodon.social avatar

I'm sorry, but has the European Commission.. gone mad?! They bought the PR spin threatening "human extinction" because of AI. And so... they will "work" to "solve" this "problem". Maybe a new agency? :-) https://x.com/EU_Commission/status/1702295053668946148?s=20

harsh,

@LukaszOlejnik Might be something related to the trilogue discussion that they felt needed to "put into public". Kind of weird to state something like this when the first AI act isn't even finalised.

LukaszOlejnik, to random
@LukaszOlejnik@mastodon.social avatar

About my data protection complaint against OpenAI - my comments in TechCrunch about serious issues in OpenAI's LLM data processing.

During this journey I felt kind of like Josef K, in kafka’s The Trial. Let's hope that data protection law in EU works.

https://techcrunch.com/2023/08/30/chatgpt-maker-openai-accused-of-string-of-data-protection-breaches-in-gdpr-complaint-filed-by-privacy-researcher/

image/png
image/png
image/png

harsh,

@LukaszOlejnik Hi. This is very interesting and intriguing. Can we see the full complaint?

1br0wn, to internet
@1br0wn@eupolicy.social avatar

deleted_by_author

    •
    harsh,

    @1br0wn Absolute lies. As if their lobbyists weren't tracking this regulation from the first impact assessment published to draft acts and then acceptance. Enforcement has been 1 year after acceptance! It was the same story with GDPR. Everybody waking up after the 2nd snooze on the alarm...

    harsh, to random

    Enshittification continues: Microsoft announces Python scripting support in Excel, but where processing happens in the cloud. https://techcommunity.microsoft.com/t5/excel-blog/announcing-python-in-excel-combining-the-power-of-python-and-the/ba-p/3893439

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • DreamBathrooms
  • cubers
  • mdbf
  • everett
  • magazineikmin
  • Durango
  • Youngstown
  • rosin
  • slotface
  • modclub
  • kavyap
  • ethstaker
  • megavids
  • ngwrru68w68
  • thenastyranch
  • cisconetworking
  • khanakhh
  • osvaldo12
  • InstantRegret
  • Leos
  • tester
  • tacticalgear
  • normalnudes
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •