🔒 Your data, your choice.
💪 Your data, your right.
Since 25 May 2018, we have been busy enforcing the General Data Protection Regulation – our response to the rapid increase in personal data collection and sharing within our Union and outside.
The #GDPR has ensured personal data is processed securely, fairly, and with your explicit consent.
More than that, it has provided monitoring and sanctioning powers to spearhead a Digital EU that respects your data and fuels progress.
#FediBlock snarfed.org and brid.gy for bridging fediverse folks to Bluesky against their will (and in likely contravention of GDPR in the EU) with typical Silicon Valley techbro sense of entitlement:
“[O]pt in results in far fewer users, and users are critical for a bridge to be useful.”¹
Reddit can restore your deleted posts. However, if people flood them with GDPR / CCPA delete requests, they may become liable for lawsuits if they don't comply....
🧵1/3 Tested for you: If I #block an #instance or people privately, I can no longer interact with them after a short wait, even though I can still see the profile. But I have tried this with #Threads and it does NOT work!
Regardless of whether I block the whole domain or just one account (test with Insta-Boss), I can still interact and comment (he probably, too?). So I will have to move to another instance with #blockThreads ▶️ https://fedipact.online/#privacy#dataSecurity#GDPR@Gargron
The flagship #Misskey instance is experiencing growing pains, but is also discouraging #Fediverse residents in #Europe (or rather the #EuropeanUnion 🇪🇺) from signing up due to #GDPR issues.
👉🏾 Misskey (https://misskey.io) signing up 20,000 new users per day
👉🏾 After consulting lawyers, Misskey.io will now discourage Europeans from signing up
👉🏾 #Firefish could fill in the vacuum in Europe
So almost every GDPR cookie consent banner out there has a section for "legitimate interest" cookies that they can leave on by default and you will inadvertently accept even if you choose "Reject all" unless you go to the detailed settings and disabled those too....
“The fediverse is a privacy nightmare” - A lot of good thoughts by @Bloonface
Whilst the headline may be inflammatory, the thrust of the article stands: That as soon as you publish anything on the fediverse it'll get copied to 10’s of 1,000's of servers, and is then completely and irrevocably out of your control.
Some may argue that's a feature rather than a bug (and I'd be tempted to agree to a large extent), but I wonder what proportion of the fediverse is aware - let alone understand the implications - of it.
The more I read on #Meta, #ActivityPub and #GDPR, I get the impression that the fundamental architecture of the #Fediverse is almost incompatible with GDPR. How is this discussed within the Fedi #admin circle?
EDIT: because people ask me, here are two insightful sources:
Meta is proposing a paid option to opt-out of advertising on Instagram and Facebook. It's basically extortion to have your right to #privacy protected.
Ads can and should be delivered without resorting to illegal #surveillance that violates users' rights and exposes them to predatory or discriminatory advertising.
If #Meta can't conduct their business legally, that should be their problem to solve not ours.
About GDPR, I think it's so much more than "the cookie law”. In retrospect, it achieved exactly what it was designed to do - make it possible to see what's really happening with our data.
That we blindly accept cookie banners without holding companies accountable for doing so much tracking (or as devs, using tools without asking if the data they gather is needed) is totally on us. GDPR did give us the means, we're not yet taking full advantage of it. 🔐
The #DigitalMarketsAct mandates Meta to "enable end users to freely choose to opt-in to [combining or cross-using personal data] by offering a less personalised but equivalent alternative".
When I pointed out to Meta that by offering users to either #consent to #SurveillanceAds or pay € 275 per year for #Instagram & #Facebook isn't "equivalent alternative" they said, Meta has to do that because of #GDPR 😤 Really??
Ok, so today the #ECJ published its judgement for case C-252/21 #Meta. The case touches upon issues I have been writing about since #GDPR became applicable. I’ll focus on the #GDPR and broader data economy issues only.
#Reddit users are mad about the #API charges that hit third party #apps, but I actually find this from #Huffman much more concerning: "...data licensing is a new potential business for us."
What he's actually saying - they want to sell user data to AI companies for them to train their models. This should be a reason to delete all your content and leave the platform. In Europe, you should raise a #GDPR-deletion request.
Privacy is a funny concept, isn't it? Very few people want the whole world to know what medical complaints they have. But most hospitals are open-access buildings, where the waiting rooms have large monitors to tell patients that their doctor is running late. A few years ago I was sat in the proctology waiting room. […]
As the title says, Reddit replied to my GDPR request to delete all my data saying I had to do it first, which I suspect is in violation of GDPR law....
🆕 blog! “How do you stop people accessing data they shouldn't?”
I used to work in a call centre for a Very Big Company. Every week, without exception, we'd get a bunch of new starters to train. And every week, without exception, a newbie would be fired after looking up a famous person's data. This was in the days before GDPR. There was a lot less […]
But when I put forward a website violating #GDPR that was misusing my data and used opt-out checkboxes the ICO replied:
"Having reviewed the organisation’s use of tick boxes for customers to opt-out of postal marketing and the sharing of their data with third parties, we can confirm that the organisation has acted within ICO guidelines."
👉🏾 According to @RobertJBateman obtaining IP addresses & even usernames (via Federation‽) sans consent could violate #EuropeanUnion 🇪🇺 law 😱
👉🏾 A privacy policy may or may not be enough
👉🏾 If not compliant, I will migrate my #Mastodon, #Misskey & #Pixelfed instances out of #Europe.
All I want is a CDN that's also private in a way that I don't need to include any US entities on the list of sub processors. I guess bunny.net is not on the list 🔓
Flood Reddit with GDPR / CCPA delete requests
Reddit can restore your deleted posts. However, if people flood them with GDPR / CCPA delete requests, they may become liable for lawsuits if they don't comply....
ELI5: Legitimate-interest cookies
So almost every GDPR cookie consent banner out there has a section for "legitimate interest" cookies that they can leave on by default and you will inadvertently accept even if you choose "Reject all" unless you go to the detailed settings and disabled those too....
OC For those in the know about privacy laws and the such. What is a proper response to reddit's claim that they cannot remove all the information associated to an account without first the user removing all of their posts?
As the title says, Reddit replied to my GDPR request to delete all my data saying I had to do it first, which I suspect is in violation of GDPR law....