/r/europrivacy

Photograph via snooOG

Privacy news and discussion related to European countries and the European Union (EU). We think of /r/Europrivacy as /r/privacy's Eurocentric little brother.

/r/europrivacy

20,593 Subscribers

13

Supershy.

As the state here in Estonia is growing more and more repressive by sacrificing basic human rights of its citizens in the name of "speed and efficiency" (I vaguely remember hearing about regimes like that from the past, it never ends well), breaking privacy laws set by its own courts (and by the EU) through surveilling, storing and possibly modifying all online communications while having zero oversight on who has access collected data or how all of it is being used, then I thought I would give my best on how to alleviate the pain its causing and will keep causing unless something is being done against it. Hence, I've spent the past month on developing a poor-mans VPN (read: SSH tunnel proxy) to make interception as well tampering of communications as hard as possible for any malicious party.

It works by renewing exit nodes (and thus your external IPs) almost as often as you would like (with the minimum of interval of 2 minutes) by creating a new VPS for every connection. Technically, it's a DIY TOR, but with decent internet speeds. It's currently in a very basic state, no UI, no comforts, uses Digital Ocean API under the hood to create VPS's, but works well enough to already yield comments such as "a three letter agency would like to have a word".

My next steps involve extending the provider set and eventually creating a non-profit organization (as to minimize the risks of greed taking over) for managing it. If you think you would like to either contribute or support it, then try it out, give feedback and/or create pull requests with improvements. I could probably also use some legal advice as the time progresses.

If you need to contact me, PM me here on reddit or add me on Signal (username: andrus.42).

Oh, and last, but not least, the link.

6 Comments
2024/11/02
15:48 UTC

23

Filming my commute entirely on Surveillance Cameras obtained via GDPR Requests

I'm a student. When commuting to my university by bus I encounter many CCTV security cameras in public. Would it be possible for me to do my regular commute, and when I get home ask relevant authorities to provide the CCTV footage of me that they have (coming out of home, walking in street, waiting at bus stop, on the bus, out of the bus, going into university)?

I would like to do this because I'm learning about data protection laws and it could be a weird/fun/interesting sort of art/educational project.

Would this be possible in the EU and/or the UK?

2 Comments
2024/10/25
22:24 UTC

12

GDPR tip-offs

So there's an organization with heavy presence and well-known reputation across the world in the EU engaging in systemic privacy violations and the other day I've asked NOYB about it where they replied back that while those instances do indeed constitute GDPR violations, they can only help file less-effective tip-offs to the DPAs unless any victims in the EU decide to become a complainant/plaintiff against the organization, in which it can be upgraded to a formal complaint.

So, with the absence of willing plaintiffs in the EU at the moment, would a tip-off to the DPAs made by influential figures such as government officials or MEPs be far more effective than those made by everyday Joes such as myself?

3 Comments
2024/10/13
10:42 UTC

28

Chat Control Decision Update

The EU Council was supposed to vote about the Chat Control law on September 23rd. I cannot find any information on the results. Did it pass this time or not?

7 Comments
2024/09/27
18:24 UTC

11

Is dns0.eu glued to google cloud DNS?

Every time I add dns0.eu as a DNS resolver, I see a lot of google cloud DNS servers directly from the US. And every time I disable dns0.eu, they disappear too. WTF, why is this even happening?

3 Comments
2024/09/23
20:00 UTC

6

Why do banks require biometric data, and how safe is it really?

I recently tried to open a bank account, and they asked me to provide my phone number, email, and ID through an app, which I was fine with. But then, they wanted a selfie, and I agreed. The app then opened the camera and asked me to move my head left and right, which made me uncomfortable, as it felt like I was being treated as a criminal. I ended up canceling the process because I felt uneasy.

I understand that banks need to verify identities, but why do they require this kind of biometric data? How can I be sure that my data will be stored securely and won't be sold or misused in the future? Are there any laws or regulations that prevent banks from asking for such invasive information? And what happens if a hacker or even a future government gains access to this data?
And i found that,this identity verification was handled by a third-party company, not the bank itself.
This company isn't even well-known, which means my biometric data would be stored both by the bank and this third-party. What happens to my data if this company gets sold in the future?

It feels like banks use these third-party services because they are cheaper, but that raises more questions. What does "cheaper" actually mean in this context? Are they cutting costs at the expense of data security? And how do they manage to offer their services at a lower price? Could they be manipulating or misusing the data to maintain their profit margins?

Wouldn't it be safer if banks were required to delete this data instead of just anonymizing it after a certain period? Is there a way to guarantee that my data is truly safe?

I'm worried about the potential risks here, and I’m curious to know if others have had similar experiences or concerns.
Are there any regulations to protect us in this situation, or is this just the new reality of dealing with banks in the digital age?

I'm interested in hearing your thoughts and experiences on this!

9 Comments
2024/09/23
09:55 UTC

25

All Your Post Belong To Us - Meta will use UK users content to train AI

A few days ago Meta announced it has decided to go ahead using the data of UK users from Facebook and Instagram to train their generative AI.

Only a few months ago, back in June, Meta had originally stopped those plans for both the UK and European Union. Now the UK is back on the menu, but not the EU. Why?

https://wolfhf.medium.com/all-your-post-belong-to-us-b827b81dccb3

4 Comments
2024/09/16
19:55 UTC

17

GitHub now asks for your location to join GitHub Education

3 Comments
2024/09/04
16:08 UTC

18

Subscription services should be better regulated by law?

Unfortunately, more and more companies are preventing the purchase of a program or service indefinitely.

Instead, they make it available by subscription.

We actually do not own the product or any rights to it.

We lose the product as we stop paying, or simply as it is removed.

We do not own the games on steam, and they are only VOLUNTARILY made available to us.

Many of these programs also require constant internet access even when theoretically not needed.

We don't know what happens to our data in the cloud.

An example of a change in the law:

Movies from streaming platforms should be downloadable in a format that allows its normal playback without additional special programs.

Games belong to buyers, not just given to them.

After deleting a game, the user can download the game to disk within two years from the date of deletion should be able to play offline, and transfer the game to other devices.

Computer programs must also be available for lifetime purchase at a cost not to exceed 24 monthly subscription rates.

7 Comments
2024/09/01
22:12 UTC

81

URGENT - EU Chat Control - please send an email

Click on the link of your country here (the blue link, not the "+" button):
https://op.europa.eu/en/web/who-is-who/organization/-/organization/REPRES_PERM/REPRES_PERM

And grab the email address there.

--

Then, enter here:
https://www.europarl.europa.eu/meps/en/home

Select your country in the dropdown, and then it will present you with a number of people. Click on each one, and then there's an envelope icon for the email address. Collect all of them, separated by ";".

--

With the full list, send a bulk email to all of them.

Be polite. Just say that this goes against our rights to privacy, and may even be unconstitutional, and ask them to please vote against this law.

Points I suggest including in the email:

  • I agree with the need to prevent and combat child sexual abuse.
  • I am concerned that the proposed rules imply constant surveillance of personal communications, such as messages and emails, using Artificial Intelligence directly on the device.
  • I believe that this mass monitoring constitutes a violation of the right to privacy, which is guaranteed by the Constitution.
  • The mandatory identification through ID cards may increase users' vulnerability to cyberattacks and data breaches.
  • The use of AI to monitor communications could result in false positives, unjustly exposing private conversations of innocent people.
  • I fear that real criminals will find ways to circumvent the surveillance, making these measures ineffective against those who should truly be caught. Meanwhile, innocent people, who do not try to evade these measures, may be unjustly exposed due to false positives.
  • I urge the need to find a balance between protecting children and preserving citizens' fundamental rights.

--

Remember... politicians will be exempt from this control. It's easy to create laws for the common people, but as long as they don't affect those who make the laws, everything's fine, right?... "We are all equal, but some have more rights than others."

--

The law, if you want to read:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52022PC0209

1 Comment
2024/09/01
19:14 UTC

65

ChatKontrol is back. here's a step by step on how to fight it

By Wednesday, politicians will resume work on it (https://digitalcourage.social/@echo\_pbreyer/113055345076289453)

Please help fight that thing back.

Here's the step by step:

https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

2 Comments
2024/08/31
12:50 UTC

4

Your opinions and solutions to Driver Monitoring Systems

Hi! Maybe a naïve question but you surely have seen the recent EU laws about driver monitoring: the new mandatory driver-facing camera to track attention for example, or the fact that the car will constantly track tour speed and match it against GPS data.

I get really worried about all the privacy issues that these news mandatory devices and components could create. As far as I know, the privacy aspect of these laws have been hugely tuned down because "it's for safety".

So, what is your opinion on that and do you have ideas or solutions to keep our privacy in our vehicles?

3 Comments
2024/08/25
11:50 UTC

53

Hank Green: AI Act will require companies to disclose training data by 2026

7 Comments
2024/08/24
02:55 UTC

6

Data Protection Officer job

Hello All,

As a lawyer I am hired in a company as a DPO. I would like to hear your advices, courses, recources from which I could learn more and prepare for this.

I would also like to hear your experience if someone worked or is working as a DPO.

Any help advice would be much appriciated.

Thank you all and cheers!

7 Comments
2024/08/09
14:06 UTC

19

Found out where call centers are getting my number, guess it will be hard to sue the culprits

Today I was tracking my shipment from Japan, couple of hours later my package reached customs in Milano Italy, what happened next:

Random business number from Singapore sends me a message to whatsapp which is a first, considering I barely use whatsapp, barely anyone outside family circle has this number, nevertheless I report and block the number in question, thought I was done for the day, but I was so freaking wrong.

Random number tied to Tim calls me, close call, recalls me, search for it's number, doesn't show up on Tellows.

One hour later, another unknown number calls me, instantly cut the call off, recalls me a second later -> blocked

Not even an hour later, another one, same story, calls me three times in a row, block it after the third call.

I go and check spam call history, realized that everytime one of my packages went through the customs, callcenters would start to harass me, go a tad more deeper cause I have a supposed throwaway gmail account still active, that mail was used for SDA/DHL shipments as I didn't want them to spam my primary account, said mail was never linked with Tenso or any other warehouse in Japan, if anything I should receive tons of spam through the mail I'm using with Tenso, but in 14 years no spam mail was ever delivered, on this supposed throwaway gmail account I receive warnings through false email addresses about packages stuck in customs, and, and I do only receive them when a real package reaches the custom offices, I don't even know how this is possible, I suspect it's through SDA database, I should dig a bit deeper and go through other accounts I used for SDA shipments even if those were used to ship my items outside Italy

What to do?

3 Comments
2024/08/01
20:11 UTC

2

Alternatives to filerskeepers?

Hey all. I need access to a database of data retention periods globally by country. Will need an API integration to track changes in regulation.

I know filerskeepers offer this but do you know any others? Just want to understand what’s out there. Thanks a lot

0 Comments
2024/07/25
12:06 UTC

8

List of Data Removal Laws

Can anyone please share the list of EU laws applicable to ask websites / brokers to remove my data from internet?

2 Comments
2024/07/25
11:59 UTC

17

Are there any Reddit alternatives(as in, a forum where users can create their own subforums for topics they like) that are Europe-based and follows GDPR?

As text says, I would like to see a site like this, where there are many topics represented, with a wide variety of users, and which follows GDPR so I can control how much data they retain about me or what others can see about me.

If you don't know, reddit has in the past "undeleted" the posts of some people who deleted their posts in protest at reddit policies, and it's impossible to know what data they're tracking about you so I don't think they are GDPR compliant.

2 Comments
2024/07/08
00:18 UTC

Back To Top