(I am not a lawyer)

The Digital Service Act has been in force since February. Dutch citizens who sell something online, such as software via app stores or goods via shopping platforms, are now obliged, due to Article 22 in the DSA, to publicly publish their name, address, telephone number and e-mail address in these online stores because they are "a trader" within the DSA.

The well-known app stores (Apple's App Store and Google's Play Store) have now started to widely publish private data of people who publish software on their platforms.

However, hundreds of thousands of hobbyists and self-employed people who work from home are now forced to make their private information public because they do not have a business address or telephone number.

Also, self-employed people (sole proprietorship) in the Netherlands will soon also have the right to protect their private address as the Dutch DPA (Autoriteit Persoonsgegevens) has ruled their personal privacy is more important than public trade information.

The large online stores therefore appear to be violating the fundamental privacy rights of Dutch citizens as a result of EU legislation.

I requested the Dutch Data Protection Authority to rule on whether the DSA is contrary to Dutch privacy legislation for hobbyists and sole proprietorship companies, and whether the major shopping platforms are currently acting contrary to this legislation by publishing private data of hobby and self-employed sellers.

(Of course, I may be entirely wrong or missing the point, but open to any and all discussion and criticism.)

​

Has anyone went through the self-certification process? If so - how long did it take for the ITA to review/accept your application?

I completed it over a month ago, and paid the dues for the application review but it's still in a "New" status "Certification Application under review". Their FAQ on timeline is vague, essentially we'll get to it when we get to it. I sent a ticket in a few weeks ago as well and absolutely no response other than the generic, "we'll get to it when we get to it"

​

European Union politicians have been trying to pass "Chat Control" which would ban end-to-end encrypted communications. A new big court ruling on Telegram is a game changer for this. https://simplifiedprivacy.com/court-rules-against-eu-chat-control/

We own an apartment and have onsite parking. One card for the window screen and visitor parking by SMS. The managing agent have informed residents they must now use an app for parking. The app hasn’t been updated in years and the app providers website states they will use data for marketing, sales etc and will share data with other businesses The managing agent refuses to issue my card unless I consent to installing and using the app.

I understood that consent must be given freely, and I shouldn’t be punished eg my card withheld for not using the app. Am I correct?

Myths surrounding biometrics, often exaggerating its capabilities and the risks associated with personal data usage, can create user wariness and hinder the adoption of new technologies. This is further fueled by the unrealistic depictions in science fiction films and a general lack of information. This article aims to shed light on the collection and usage of biometric data, providing a clearer understanding of the technology.

​

Myth: Biometrics steals privacy

In the modern world, there is a fear that people will have no personal space left where they can be alone, their images are captured by biometric systems and thus become available to third parties who can use them for any purpose.

​

When biometric systems "capture" an image of a face or other body part, they process the information and convert it into special digital objects called biometric templates. Therefore, photographs and other images are not stored in biometric databases, like fingerprint images in police systems. Biometric templates can be compared to complex formulas that are completely unreadable to humans. When processing an image, the system compares the template to others, for example, one already stored in the database or was simultaneously read from an access card. Essentially, it is about determining the close correspondence of two mathematical formulas in some common measurement space. They do not contain any personal information: last name, first name, date of birth, address, etc. Therefore, it is difficult to extract any benefit from them without linking them to personal information.

​

Learn more here https://luxand.cloud/face-recognition-blog/the-biggest-facial-recognition-myths

I recently came across a post on how companies that collected data prior to GDPR coming into effect, if they had a proper consent-taking mechanism, then they could proceed to process such data.

I was wondering whether companies like Meta, Google, etc., mention the same in their policy? And if they do, how exactly do they mention it? If you have any idea about this, please share relevant documents or links.

Thank you!

Hi

We recently received data to a user’s OneDrive that was not anonymised and I t contained PII. This data was backed up to a third party M365 cloud backup solution. I contacted the third party to have it removed.

Their response:

“In terms of GDPR, the only requirement we have as data processors, is to provide tools to our users to delete their data easily and promptly. We fulfil this requirement by allowing our users to delete backup sets at user level via the product itself. We are also GDPR compliant in terms of allowing our users to set a retention period for their tenant's data, with different retention periods available for active vs inactive users within the organisation.

At this point, the only way forward here in order to purge out any reference for specific file / files would be to select the option to delete all backups for this one specific OneDrive and then re-enable the backups soon after which will backup everything under that OneDrive, unless it was deleted at source, and also other users on the same tenant would not be affected.”

We would lose all OneDrive backups for this user. We are only looking for them to delete a week’s worth of backups. I understand they can’t deleted a specific file/folder. But this request does not seem unreasonable to me and it cannot be the first time this has happened. What if this happened to a large company, where the data could have been passed on to different employees and also backed up. You can’t expect them to delete all user’s OneDrive cloud backups.

Any thoughts or advice would be appreciated.

Thanks

What do you think of the increasing introduction of digital IDs from a data protection point of view? How can data security be guaranteed? Could there be disadvantages for marginalized groups? What about the risks of hacking & tracking?

Apparently, some occupational groups can no longer unrestrictedly practice their profession without Digital ID. Although there is no direct compulsion, there also are no actual alternatives. For example, they do not receive the reimbursement of costs to which they would actually be entitled.

Should the decision whether to opt for a digital or non-digital way of carrying out daily life (e.g. whether to pay with cash or card, whether to go to the polls in person or sign things digitally etc.) be a matter of personal choice? Why / why not?

I look forward to reading your thoughts on it.

Microsoft has repeatedly promised that changes are being added to Windows 10/11 to allow you to use your default browser in the EU and this has more than once failed to live up to this promise.

​

Those on Windows Insider builds in the EU, have you been able to install Edge directly from Apps & Features as promised?

​

I censored parts of my ID card such as my photo, signature, ID number and surname because I don't want Google to have this private info about me in their servers. Are there other ways to pass this obstacle that don't involve sacrificing my privacy? (for anyone asking: I'm doing this to access dating apps, all are PEGI18, they weren't fooled by my VPN)

Several banners popping up due to GDPR regulation still ask for user acceptance for cookies saving but those based on page administrator interests. The number of those seems to be lower today than yet one, two years ago. Anyhow remarkable number of banners still do it (cookies technically necessary and those optimal/for performance, user experience) and do it due to among others administrator interest.

Actually if page is going to set cookies and aims it due to administrator interest the user acceptance is not necessary - they can do it without asking user for acceptance. This is the articulation of e.g.: German DSGVO.

I wonder what is the rational of the status quo. Lack of complete understanding?

Parliament and Council negotiators reached a provisional agreement on Wednesday on the creation of a pan-European digital identity framework.

Key points:

• An EU wallet to authenticate and access public and private services, store, share and e-sign documents.
• A wallet to be used on a strictly voluntary basis.
• Privacy dashboard to give users full control over their data

Next Steps

The legislation will now have to be endorsed by both Parliament and Council before it becomes law. The Industry, Research and Energy Committee will hold a vote on the file on 28 November

Primary source

Here's a petition calling for Europe to strengthen its digital capabilities to prevent eavesdropping from the United States and safeguard the data security of people across Europe.

But Europe seems to be better at regulating tech firms than building its own.

What are your views on this matter?

https://petition.digitalrights.tech/

Digital Markets Act (DMA) intends to ensure a higher degree of competition in European digital markets by preventing large companies from abusing their market power and by allowing new players to enter the market. It imposes new responsibilities on monopolistic tech giants, including sharing data, establishing links with competitors and making their services interoperable with rival applications. etc.

However, despite the long-term antitrust laws implemented in Europe, FAANG still has a monopoly position in Europe. It remains to be seen what role the bill will ultimately play, especially whether European countries can truly curb the absolute influence of American technology giants in Europe based on the bill. That's the crux of the matter.

In a word, it remains to be seen whether a bill will actually prevent US tech giants from thriving in Europe.

What are your views on this matter? Let me know.

I just came back from a trip to the United States. Personally, I think it is obviously safer to pay with electronic payment than with cash in the United States. Using cash often carries the risk. However, in the United States, a considerable number of people still insist on using cash instead of electronic payments. Does anyone feel the same way?

Why is that? Does anyone know the reason?

By the way, do you prefer electronic payments or cash payments?

Because the data report contains all of your original data (and particularly in a single, easily readable location often transmitted using an insecure method like personal email or local download), doesn't requesting a report open up more possibility for data leakage? What benefit does the report provide that justifies this risk? I'm struggling to reconcile this idea with the fairly consistent recommendations of reputable privacy organizations to request your data prior to requesting deletion.

Hi,

I'm a founder of a data company and one of the things we are trying to accomplish is to allow our users to request and download their social media data into their own personal pod.

From a tech perspective, all others components of our system are built, we are just struggling with finding a developer to be able to create the 'Requestor' component.

For clarity, the requestor system would work as follows:

-User selects the social media companies they have access to

-User is assisted in requesting the download of this data (so a button that activates a bot that requests the required data through the user's app)

-User receives their data download through their email, they can then upload the data to their personal data store on our site.

Do any of you know of a company or developer that has done this? I've been conducting CTO interviews for the past 2 months now and am struggling to find the right person.

Every choice has pros and cons. When searching about passkeys I can only find the pros, why is nobody talking about the cons ? There must be some tradeoff somewhere.

I have the impression of being paternalised into them by greedy and thirsty marketeers.

For starters, I think GAFAM will hugely benefit because this system uniquely identifies a person, so the profiling will be as precise as it can be.

Plus, it would be even more difficult to share a device.

Any other thoughts on the drawbacks ?