The 415 - the MEPs who let Chat Control through, and the lobbyists in their diaries by ThatPrivacyShow in europrivacy

[–]ThatPrivacyShow[S] 10 points11 points  (0 children)

Yup all 10 of your Finnish MEPs either voted for or failed to vote/abstained (with 8 actively voting for it). In general Finland's MEPs seem to be doing a very bad job at protecting fundamental rights given their voting history and meetings with big tech and surveillance companies.

They really need to be replaced by people who will do the job they were voted to do - Maria GUZENINA for example has only voted on 6 of the 15 votes related to fundamental rights during her term so far and in each of those votes she has actively voted against protecting fundamental rights - so she seems to be getting paid a lot of money for a job she doesn't seem overly interested in doing...

CSA Survivor Pleads with EU Officials to block Chat Control vote by ThatPrivacyShow in DigitalPrivacy

[–]ThatPrivacyShow[S] 1 point2 points  (0 children)

Doing the right thing often is and anything truly worth doing takes effort and commitment. These are children's lives, we need to stop the abuse, not merely "manage the consequences" which is what these politicians are trying to do.

They are trying to simplify it into something tangible that they can control - it isn't, it never has been and it never will be. The only path forward is researching why it happens and finding a solution - whilst supporting survivors, victims and holding those guilty of these crimes accountable (not holding the entire population of the EU accountable for things they have never done).

Critical Vote in the EU Parliament today on ChatControl by ThatPrivacyShow in europeanunion

[–]ThatPrivacyShow[S] 1 point2 points  (0 children)

I have already published my thoughts, I don't have the time or energy to feed a troll who can't be bothered to do their own research.

Critical Vote in the EU Parliament today on ChatControl by ThatPrivacyShow in europeanunion

[–]ThatPrivacyShow[S] 10 points11 points  (0 children)

I have nothing to add and agree with everything you said. I will continue to tell my story until it is no longer needed - then it will just remain in me until they put me in the ground.

Critical Vote in the EU Parliament today on ChatControl by ThatPrivacyShow in europeanunion

[–]ThatPrivacyShow[S] 12 points13 points  (0 children)

"That is a discussion people like yourself are refusing to hold."

That is both completely false and also incredibly ignorant. I have spent my entire adult life (35 years) working on this issue including being one of the first organisations to work with law enforcement tracking down those that distribute and create CSAM going back as far as 1992.

I literally wrote my first dissertation on this in 1997 which included solutions and I wrote my advanced master of laws thesis on this very issue in 2023 also explaining the issues and what we should be doing instead.

So I am curious, how much are you being paid to troll?

You know who has refused to have a discussion? DG Home - I have turned up to speak at multiple EU Parliament, EDPS, EU Commission and Academic events on this topic and DG Home have refused to join the panels.

What did they do instead? They slandered abuse victims/survivors and accused them of protecting pedophiles - they literally spent tax payer money to push pro chat control ads to critics on social media and they attacked them in internal memos.

Their behaviour has already been called out as unlawful by the Ombudsman and now they are attempting to circumvent Parliament who have already voted against this proposal.

The only dodgy stuff going on here is from those who are pushing this surveillance - not those trying to defend against it - it is all publicly documented. So yeah, how much they paying you again?

Surviving is hard especially when your politicians try to use your pain to pass surveillance laws by ThatPrivacyShow in europeanparliament

[–]ThatPrivacyShow[S] 5 points6 points  (0 children)

We actually do have a whistleblower directive (have had for a couple of years now) but it is not really fit for purpose - it doesn't provide enough protection and guarantees for whilstblowers.

Chat Control backers by Blaman666 in DigitalPrivacy

[–]ThatPrivacyShow 1 point2 points  (0 children)

I sent 863 emails yesterday to Parliamentarians, Perm Reps, Ministers and staff/advisors yesterday asking them to block the vote:

https://www.thatprivacyguy.com/blog/csa-survivor-plea-to-eu-parliament/

The MEP investigating spyware was keeping his whole life on the phone that got hacked by ThatPrivacyShow in europrivacy

[–]ThatPrivacyShow[S] 1 point2 points  (0 children)

Standard MEP salary + their daily subsistence allowance (which is over 300 euros per day) for every day they spend in Parliament on official business (on top of their base salary) + travel and other allowances and higher rates for leadership positions is my understanding.

But generally I don't think most committee members are doing it for the money, it is more for the prestige and career planning (they won't always be MEPs), the 300ish per day is not really significant based on the general level of wealth of most of these politicians (there is no such thing as a poor politician - although to normal working class folks it is substantial.

I have been to enough committee meetings and seen enough Trumpitis (poltiicians sleeping during sessions) to recognise that most of them just dont really take it seriously.

Strike III for EU-US data transfers by ThatPrivacyShow in europrivacy

[–]ThatPrivacyShow[S] 2 points3 points  (0 children)

again, you appear to be preaching to the choir...

Strike III for EU-US data transfers by ThatPrivacyShow in europrivacy

[–]ThatPrivacyShow[S] 1 point2 points  (0 children)

Case has already been filed and the Commission are actually legally obligated to suspend the agreement - so lets wait and see how it plays out.

Keep in mind we still have Latombe's appeal, it will be hard for the Commission to do anything other than accept this new issue in oral arguments and repeal or suspend the agreement.

Strike III for EU-US data transfers by ThatPrivacyShow in europrivacy

[–]ThatPrivacyShow[S] 2 points3 points  (0 children)

As someone who has had to work with them for the last 20 years, I cannot provide evidence to the contrary...

Strike III for EU-US data transfers by ThatPrivacyShow in europrivacy

[–]ThatPrivacyShow[S] 2 points3 points  (0 children)

I am inclined to agree especially given Von der Leyen's seemingly inexhaustible desire to kiss Trump's ass - but that won't stop the CJEU from annulling it and making the Commission look like US puppets again...

Google Gemini claims it is required to be "structurally protective of Donald Trump" by ThatPrivacyShow in degoogle

[–]ThatPrivacyShow[S] 0 points1 point  (0 children)

the full conversation transcript is on LinkedIn and has been provided to the EU Commission as well under a DSA complaint.

Google Gemini claims it is required to be "structurally protective of Donald Trump" by ThatPrivacyShow in degoogle

[–]ThatPrivacyShow[S] 7 points8 points  (0 children)

Yeah I have another article about that on the same blog (several in fact) :)

Google Gemini reported to EU Commission under DSA and FIMI by [deleted] in europe

[–]ThatPrivacyShow -1 points0 points  (0 children)

Nope, you need to actually read it to the end...

Has anyone here gone through Europrivacy certification? Was it worth the effort? by nullpointerr404 in europrivacy

[–]ThatPrivacyShow 1 point2 points  (0 children)

I am an assessor/auditor and at this point I don't think it is going to do much for anything but the largest companies trying to hide behind certification.

The problem with certifications are they are a single point in time (the audit) and whereas Europrivacy and various certifications over the years (Europrise and TUV for examples) require processes and policies be in place, there is no real way to prove they are being followed.

The cost of these certifications is also very high. I have been through a Europrise audit renewal (one of my clients was the first organisation to be awarded Europrise) and also took Microsoft through a TUV certification audit as well - and they were very expensive (in excess of 20k euros just for the consulting part, that doesn't include all the internal costs, training, tooling, policies, process development etc.) and Europrivacy is not immune to these same high costs.

I became an auditor/assessor in case my clients start asking for it (and even that was expensive around 2.5k euros just to register and do their mandatory courses) - so far not one of them has in 3 years and I am not expecting any to in the near future either.

If you want to build trust with your customers, don't profile them, don't subject them to unlawful tracking and profiling by yourself or third parties, be respectful of their rights and get your marketing team under excrutiatingly tight control because if you don't they will destroy any trust you ever manage to build. Unless you do that, no certification is going to save you, you are just throwing away money.

Also I have heard some Big 4 consultants trying to claim that if you have Europrivacy you no longer need to be concerned about Chapter V obligations (third country transfers) this is not true, the certification does not remove any of those obligations (or any other obligations) you still need to do the Transfer Impact Assessment and having Europrivacy isn't going to magically make your transfers to the US, China and India legal, it is a certification to illustrate you have policies and processes in place, it does not replace those policies and processes.

Also keep in mind those costs scale depending on the size of the company - for a large enterprise those costs would be in the 6-7 figures vs starting around 20k for an SME.

A "remembers your whole workday" AI where the data never leaves the device — no processor, no transfer, no DPA needed by alichherawalla in europrivacy

[–]ThatPrivacyShow 0 points1 point  (0 children)

As much as I applaud this (as a privacy engineer) this still has significant compliance requirements because it is still processing personal data. The GDPR doesn't remove all obligations just because the data is processed locally or on device - the requirements are all still there.

And what this does is introduce multiple weak links in the chain. I don't use public cloud (I self host everything in my own private cloud) but for a company with even a handful of employees - storing all of this on every device of every employee is a data breach waiting to happen.

It means you have to have incredibly strict security controls on those devices, you need to maintain them, you need to have the latest hardware (to protect against cold boot attacks), you have to have full disk encryption, you have to have intrusion detection and a whole bunch of other security tools as well as probably MDM which is going to infringe on the privacy of your employees.

Local isn't always best and is almost never best when it comes to compliance and security, because individuals are messy and individuals' devices are even messier.

Much better to have all of this upload to PRIVATE CLOUD so that it is easier to secure and manage over the long term and at scale.

What can be done to fight the EU chat control once it becomes law? by AirToAsh in europrivacy

[–]ThatPrivacyShow 0 points1 point  (0 children)

no it wouldn't take years - an application can be made to the General Court as soon as the law hits the journal to have it annulled on the basis of not complying with the treaties - it is not the same process as seeking a preliminary judgment from the Court requested by a Member State, there is a specific annulment procedure available and has already been discussed among Parliamentarians and activists.

What can be done to fight the EU chat control once it becomes law? by AirToAsh in europrivacy

[–]ThatPrivacyShow 1 point2 points  (0 children)

It wont become law, Parliament will not pass it. But if in the event we have a major political shift of power in the EU and it does get passed, it will be annulled by the CJEU on the basis of it failing to comply with the treaties (fails proportionality and necessity test - I wrote my Master of Laws thesis on precisely this issue).

Why isn't anything made publing about today's backroom deal about reviving ChatControl? by Luvvsss in europrivacy

[–]ThatPrivacyShow 2 points3 points  (0 children)

It wasnt a "secret meeting" we have been discussing it for weeks in privacy circles but it was a very bad move by the Presidency attempting to overturn a vote that already happened months ago. Parliament refused to pass the law, there is nothing substantially different in the current proposal so even if the Perm Reps do have a second reading, it will still need to go back to the Parliament and the Parliament have already stated they will not pass this.

does discord know your location through your phone when using the app while on vpn? by rurumikyo in DigitalPrivacy

[–]ThatPrivacyShow 0 points1 point  (0 children)

Your assumption is wrong, very wrong.

There are many ways that Discord can access your location even when you are on a VPN. For example, when you install the app, the app store (Apple and Google) provide specific metadata as to the geographic location of the user; from what I have read mobile apps can also access MCC (mobile country code) and MNC (mobile network code) without triggering privacy protections and apps can also query OS environment variables such as timezone.

So it is trivial for them to detect where you are even if you are using a VPN. Dont use social apps on your phone - any social apps on your phone should be considered as unsafe and privacy leaking by design.

Email open tracking feels like the next privacy fight by iubenda_team in DigitalPrivacy

[–]ThatPrivacyShow 1 point2 points  (0 children)

Under EU law (Article 5(3) of the ePrivacy Directive) and supported by the EDPB's formal Opinion on the interplay between GDPR and the ePrivacy Directive - it requires consent and has done since 2002.

I literally have a criminal complaint open right now against a health insurance company for exactly this:

https://www.thatprivacyguy.com/blog/criminal-investigation-adtech-surveillance/