Two years later, Europe’s General Data Protection Regulation has struggled with a lack of enforcement, not enough funding, limited staff resources, and stalling tactics by tech companies.
Privacy groups and smaller tech companies complain that companies like Facebook and Google are avoiding tough oversight. At the same time, the public’s experience with the G.D.P.R. has been a frustrating number of pop-up consent windows to click through when visiting a website.
I expected a lot more out of it as well. Sounds like the government needs to take it more seriously.
Facebook isn’t being completely truthful about the data available in its “Download Your Information” feature. Some information is left out.
Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it by Clicking on Settings > Your Facebook Information > Download Your Information). This is meant to tell users which advertisers have been targeting them with ads and under which circumstances. We found that information provided is less than accurate. To put it simply, this tool is not what Facebook claims. The list of advertisers is incomplete and changes over time.
As Privacy International points out, this is in violation of GDPR because Facebook doesn’t let you see all of the advertisers that have your data.
As part of Google’s DoubleClick/Authorized Buyers advertising system, the company created hidden webpages for advertisers that violate its own policies.
Google Push Pages are served from a Google domain (https://pagead2.googlesyndication.com) and all have the same name, “cookie_push.html”. Each Push Page is made distinctive by a code of almost two thousand characters, which Google adds at the end to uniquely identify the person that Google is sharing information about. This, combined with other cookies supplied by Google, allows companies to pseudonymously identify the person in circumstances where this would not otherwise be possible.
The UK Information Commissioner intends to issue a £183.39 million to British Airways for a data breach involving 500,000 users.
There were 89,271 data breach notifications in the first year of GDPR being in place, with fines issued totaling €56 million.
Despite the introduction of GDPR last year, Ireland has yet to enforce those rules against Silicon Valley tech companies.
Additionally, on Thursday Ireland’s privacy regulator has 10 open investigations trying to figure out if Facebook violated GDPR.
59,000 GDPR beaches have been reported in the 8 months since the law came into force, with the most in The Netherlands, Germany, and the UK.
Doc Searls argues that if your privacy is in the hands of others alone, you don’t have any privacy.
If you think regulations are going to protect your privacy, you’re wrong. In fact they can make things worse, especially if they start with the assumption that your privacy is provided only by other parties, most of whom are incentivized to violate it.
I think Mr. Searls makes some good points. I’m in favor of privacy regulations, but I also agree that individuals need to manage their privacy better. Privacy should also be the default, and not a feature you have to pay for.
Protonmail is launching a GDPR site to help businesses achieve GDPR compliance. It’s at GDPR.eu and features practical, easy-to-understand information.
Dave Hamilton and Andrew Orr join host Kelly Guimont to discuss new consumer privacy legislation and a contest to give up your smartphone.
Unlike Europe the United States doesn’t have GDPR, but that could change with the introduction of an American privacy bill put forth by 15 Senators.
Dave Hamilton and Andrew Orr join host Kelly Guimont to talk about AirPower’s future(?) and more rumblings about GDPR-style laws in the US.
The website tagging service Instapaper is back up and running in the European Union after temporarily shutting down in May for General Data Protection Regulation compliance.
The companies want to build an open-source data portability platform to make it easy for users to migrate between platforms.
Here’s how to manage Safari browsing history, although it might still be backed up to iCloud anyway.
Instapaper is temporarily shutting down in the EU starting on May 24th while it’s brought in to compliance with the General Data Protection Regulation, or GDPR.
Apple has a new Data and Privacy web page for European Union residents that complies with the EU’s General Data Privacy Regulation, or GDPR, laws.
You’ve probably gotten dozens of emails lately from companies about updated privacy policies. Here’s what you can do about that.