Photograph via snooOG

Privacy news and discussion related to European countries and the European Union (EU). We think of /r/Europrivacy as /r/privacy's Eurocentric little brother.


20,222 Subscribers


Chat Control must be stopped! An interview with Patrick Breyer on the dangers of mass surveillance in the EU.

06:38 UTC


Client-Side-Scanning/Chat Control EU

On Wednesday the EU council will vote on Chat Control and it would be great if people especially from France wrote a letter (eMail) to their Permanent Representatives Committee: https://op.europa.eu/en/web/who-is-who/organization/-/organization/COREPER/

Original post on Mastodon: https://chaos.social/@quincy/112630111659090465

1 Comment
16:37 UTC


Browser Fingerprint

Hi all,

So, I just recently discovered what a Browser Fingerprint actually is.

I don't know if anyone can answer this:

If I used an account in let's say 2017, used my email address etc, but deleted that account. Then in 2018 I made a new account, on the same device, but different email address, would the browser fingerprint be the same?

Now the website say that they delete email address and all that data when you delete your account.

Also, if you had multiple accounts, but deleted them, would they be able to like search their database for a browser fingerprint to tie them all to one person?


12:30 UTC


Google Analytics

So I know GA collects data like browser info, device info, geolocation etc.
Let's say a website or app, like Discord or Reddit uses GA to collect this information, and a user has multiple different profiles, can they tell, if they looked at the data, that it's all the same person?
Or does it not work like that?
As GA say that it does not create user profiles, just collects data to show how users are interacting with the site/app.

09:50 UTC


Where can you find the source code to Skred Messenger?


I was looking for a Signal alternative, and saw in this spreadsheet


That Skred might be a viable option. I did find one user on Reddit saying:

"It looks sketchy at best.Claims that the encryption used is open sourced... So not the whole application then I assume. No link on their site to any source code. Would not use personally."

And indeed I couldn't find a link to the source code, I checked in GitHub.

So it's not actually open source? The app description mentions:

"All exchanges are encrypted from start to finish, from mobile to mobile. They are not stored on any server. The encryption technologies are open source and based on the work of hackers and hacktivists of the Guardian Project

Skred originated from the Skyrock Group, which in turn came from the free radio movement in France. It defends the freedom of expression on the air and on the internet. With Skred, you are free!"

Would you trust it?


23:56 UTC


Alexey Pertsev's (Tornado Cash) conviction is a conviction against anyone building privacy tools

Alexey Pertsev, one of the developers of Tornado Cash, was convicted after being arrested in 2022. According to Dutch judges, the developer is guilty of facilitating money laundering through the development of the Tornado Cash software.

Tornado Cash provides the technical capability to hide the act of money laundering, and therefore, in the Court's opinion, Tornado Cash cannot be seen as a mere tool for the user (but isn't that the very definition of a tool?).

This argument is extremely bold, especially considering that in the European Union, as well as in the United States, laws are in place specifically designed to exclude any liability for telecommunications and hosting service providers for the content that passes through their platforms.

If it applies to platforms and communication services that HAVE control over the information, it should apply even more so to a service like Tornado Cash, which does NOT have control over the same.

Due to the way Tornado Cash was designed and built, there is no other option — say the judges — but to consider its creators as accomplices in money laundering activities.

It follows, therefore, that if this argument prevails, anyone who develops privacy tools will be guilty of knowingly aiding criminals who use them. At the same time, anyone who chooses to use these tools will be considered a potential criminal.

More on this week's article here (it's free to read).

07:57 UTC


The surveillance of travelers in the European Union

Many people believe that the European Union is a happy oasis where one can move freely without any limits.

But if we look at some new laws, we get a very different picture, describing instead an increasingly pervasive and systematic physical surveillance system ready to follow our every step within the European borders.

There are two main areas where the European Union operates this surveillance: air transport within the EU borders and the new Entry/Exit system, which mostly concerns those coming from outside the EU.

It all starts with the Passenger Name Record (PNR), the passenger code to which all data related to air travel and more are linked (including hotel and car rental information if applicable).

The PNR became a surveillance tool with the EU Directive 2016/681, which regulates the use of booking code data (PNR) for the purposes of prevention, detection, investigation, and prosecution of terrorist offenses and serious crimes.

This surveillance does not only apply to those already suspected but to anyone, as also stated by the legislator:

Such controls are developed through the analysis of the information that each passenger provides to air carriers when booking the flight. It is a particularly extensive set of data that allows for significant analysis activities, at the outcome of which individuals who are not necessarily already known to the authorities may be identified but, due to the characteristics of the journeys made, appear worthy of further investigation for terrorism and other serious forms of crime...

More on the topic here, if you want to know more. I write weekly about such topics in my newsletter. It's free to subscribe!

07:04 UTC


The European Union Council is pushing for anti-encyrption and against privacy by design

A leaked documentation shows that the Council intends to leverage the Chatcontrol regulation to create a sort of scoring system for online services and platforms. Privacy friendly platforms and services that enable users to be anonymous or pseudoanonymous, or that even offer end-to-end encrypted communications by default will score lower and therefore will be considered high risk. This is a quote directly taken from the documentation:

If a privacy-friendly platform cannot or does not collect data on users (to monitor their behavior or metadata), it will score worse. Services through which users “predominantly engage in public communication” (i.e. instead of private chats) will score better and thus be less likely to receive detection orders.

[...] Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE.

This obviously goes against any "privacy by design" principle but of course governments have been fighting privacy and encryption for more than 30 years now and it doesn't come at a surprise. Of course data protection laws like the GDPR won't protect europeans.

These are the attacks with which, little by little, governments count on demoralizing entrepreneurs and users, leading them to voluntarily give up any “privacy enhancing” technology, for fear of reprisals.

I write about privacy and mass surveillance weekly on my newsletter. Follow me and subscribe (it's free) if you want to delve deep into the global crypto war!

16:57 UTC


Seeking suggestions for master's thesis research question

Hello everyone,

I'm currently working on my master's thesis in Law and I'm in the process of narrowing down potential research questions. My area of interest is European regulation concerning data protection, AI, and medical devices (GDPR, AIA, MDR, respectively) in its interconnection with neurotechnology for medical and non-medical purposes, and I was hoping to explore something that hasn't been extensively studied yet.

If anyone has any suggestions or ideas for a research question, I would greatly appreciate your input! Feel free to share any topics you think are interesting or gaps in the current research that could be explored further.

Thanks in advance for your help!

17:03 UTC


Which are major parties positions on privacy?

European elections are just around the corner. I'd prefer not having deal with anti privacy law propositions every month the next four years, but I found such a chore finding out who I could vote to help protecting privacy, or at least, finding a party that can be voted in all, or at least most, of the EU and cares about privacy. I'm sure some of you could provide a quick answer for this. Thanks in advance.

22:57 UTC


Legal Prohibitions on Re-Identification


May I ask for help in enumerating laws and regulations that prohibit the re-identification of anonymized or de-identified personal information?

So far I am aware of Canada's Consumer Privacy Protection Act, California Consumer Privacy Act and the UK Data Protection Act 2018. I know there was proposal in Australia but it has yet to be made into a law.


10:32 UTC


Queries on the Digital Services Act

I understand that the Digital Services act prohibits dark patterns per Article 25.

  1. Does this extend to dark patterns in Internet of Things devices?

  2. What happens to all the data collected prior to the enactment of the Digital Services Act, if it was collected by means of a dark pattern?

  3. Is there any EU regulation on data brokers who may be selling data from websites that used dark patterns?


06:21 UTC


Queries on the Digital Services Act

I understand that the Digital Services act prohibits dark patterns per Article 25.

  1. Does this extend to dark patterns in Internet of Things devices?

  2. What happens to all the data collected prior to the enactment of the Digital Services Act, if it was collected by means of a dark pattern?

  3. Is there any EU regulation on data brokers who may be selling data from websites that used dark patterns?


06:20 UTC


The Digital Services Act and privacy in the Netherlands.

(I am not a lawyer)

The Digital Service Act has been in force since February. Dutch citizens who sell something online, such as software via app stores or goods via shopping platforms, are now obliged, due to Article 22 in the DSA, to publicly publish their name, address, telephone number and e-mail address in these online stores because they are "a trader" within the DSA.

The well-known app stores (Apple's App Store and Google's Play Store) have now started to widely publish private data of people who publish software on their platforms.

However, hundreds of thousands of hobbyists and self-employed people who work from home are now forced to make their private information public because they do not have a business address or telephone number.

Also, self-employed people (sole proprietorship) in the Netherlands will soon also have the right to protect their private address as the Dutch DPA (Autoriteit Persoonsgegevens) has ruled their personal privacy is more important than public trade information.

The large online stores therefore appear to be violating the fundamental privacy rights of Dutch citizens as a result of EU legislation.

I requested the Dutch Data Protection Authority to rule on whether the DSA is contrary to Dutch privacy legislation for hobbyists and sole proprietorship companies, and whether the major shopping platforms are currently acting contrary to this legislation by publishing private data of hobby and self-employed sellers.

(Of course, I may be entirely wrong or missing the point, but open to any and all discussion and criticism.)

06:13 UTC


EU-US DPF Certification Review

Has anyone went through the self-certification process? If so - how long did it take for the ITA to review/accept your application?

I completed it over a month ago, and paid the dues for the application review but it's still in a "New" status "Certification Application under review". Their FAQ on timeline is vague, essentially we'll get to it when we get to it. I sent a ticket in a few weeks ago as well and absolutely no response other than the generic, "we'll get to it when we get to it"

1 Comment
17:23 UTC

Back To Top