GDPR Hasn’t Been as Aggressive as Critics Would Like

· Andrew Orr · Link

European Union flag

Two years later, Europe’s General Data Protection Regulation has struggled with a lack of enforcement, not enough funding, limited staff resources, and stalling tactics by tech companies.

Privacy groups and smaller tech companies complain that companies like Facebook and Google are avoiding tough oversight. At the same time, the public’s experience with the G.D.P.R. has been a frustrating number of pop-up consent windows to click through when visiting a website.

I expected a lot more out of it as well. Sounds like the government needs to take it more seriously.

When You Download Facebook Data, it Doesn’t Show Everything

· Andrew Orr · Link

Facebook logo

Facebook isn’t being completely truthful about the data available in its “Download Your Information” feature. Some information is left out.

Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it by Clicking on Settings > Your Facebook Information > Download Your Information). This is meant to tell users which advertisers have been targeting them with ads and under which circumstances. We found that information provided is less than accurate. To put it simply, this tool is not what Facebook claims. The list of advertisers is incomplete and changes over time.

As Privacy International points out, this is in violation of GDPR because Facebook doesn’t let you see all of the advertisers that have your data.

Google Built Fake Webpages Called 'Push Pages' to Defy GDPR

· Andrew Orr · Link

As part of Google’s DoubleClick/Authorized Buyers advertising system, the company created hidden webpages for advertisers that violate its own policies.

Google Push Pages are served from a Google domain ( and all have the same name, “cookie_push.html”. Each Push Page is made distinctive by a code of almost two thousand characters, which Google adds at the end to uniquely identify the person that Google is sharing information about. This, combined with other cookies supplied by Google, allows companies to pseudonymously identify the person in circumstances where this would not otherwise be possible.

Ireland Hinders the World on Data Privacy

· Andrew Orr · News

Despite the introduction of GDPR last year, Ireland has yet to enforce those rules against Silicon Valley tech companies.

59,000 Reported GDPR Breaches in Just 8 Months

· Charlotte Henry · News

59,000 GDPR beaches have been reported in the 8 months since the law came into force, with the most in The Netherlands, Germany, and the UK.

Your Privacy Can't be Left up to Others

· Andrew Orr · Link

Doc Searls argues that if your privacy is in the hands of others alone, you don’t have any privacy.

If you think regulations are going to protect your privacy, you’re wrong. In fact they can make things worse, especially if they start with the assumption that your privacy is provided only by other parties, most of whom are incentivized to violate it.

I think Mr. Searls makes some good points. I’m in favor of privacy regulations, but I also agree that individuals need to manage their privacy better. Privacy should also be the default, and not a feature you have to pay for.

Protonmail Launches GDPR Site to Help Businesses

· Andrew Orr · News

Protonmail is launching a GDPR site to help businesses achieve GDPR compliance. It’s at and features practical, easy-to-understand information.

15 Senators Introduce American Privacy Bill

· Andrew Orr · News

Unlike Europe the United States doesn’t have GDPR, but that could change with the introduction of an American privacy bill put forth by 15 Senators.

How to Request Personal Data From Companies

· Andrew Orr · Quick Tip

You’ve probably gotten dozens of emails lately from companies about updated privacy policies. Here’s what you can do about that.