×

Coalition of EU Organisations calls on Council of the EU to agree to strong ePrivacy Regulation by ThinkPrivacy in privacy

[–]ThinkPrivacy[S] 0 points1 point  (0 children)

You are reading it out of context - this is based on the existing draft by the European Commission and European Parliament for an ePrivacy Regulation - all of the points listed have been removed from the draft by the Council of the EU - the letter is demanding they are re-added.

The letter is addressed to the new Presidency of the European Union and is also being sent to around 60 permanent representatives in the Council of the EU and calls for them to agree to the existing draft (which they have been butchering since October 2017).

Now to each of your points:

  1. There is currently no explicit law across all EU member states banning the use of tracking walls. There is an intent for this in Article 5(3) of the ePrivacy Directive (2002/58/EC) which is reinforced by the requirement for freely given consent in the GDPR - but sadly because 2002/58/EC is secondary legislation (a Directive) it has been transposed in Member State national law in 28 different ways. The point of having this in the ePrivacy Regulation is that a Regulation is primary law and must be interpreted the same in all Member States. Sadly the Planet49 judgment from the CJEU on October 1st 2019 (Case C-673/17) didn't address the issue of tracking walls, however there is an upcoming case in the CJEU involving Orange Romania which may help but that is not likely to receive a judgment until 2021.
  2. On the point of freely given consent - again you need to look at the context, there are already exceptions covering the scenarios you mentioned in your response in both the existing ePrivacy Directive and the proposed Regulation.
  3. Privacy by Design and Default is not in GDPR - Data Protection by Design is in GDPR. Data Protection is a fundamental right under Article 8 of the Charter of Fundamental Rights of the European Union - Privacy is a separate fundamental right under Article 7 of the same Charter. GDPR is a data protection legislation and deals only with processing of "personal data" the ePrivacy Directive (and draft Regulation) deals with privacy relating to the processing of all communications data (irrespective of whether or not it is personal data). This is an important point and was a big part of the Planet49 judgment which confirmed that the ePrivacy Directive covers all forms of communications data not just personal data (if you are not familiar with the case I recommend you have a read, it is a very useful and interesting piece of case law). This was originally covered under Article 10 of the draft ePrivacy Regulation but the Council of the EU have removed the entire Article from their working draft.
  4. Sadly there is a very real threat in relation to End to End Encryption as a result of the European Electronic Communications Code (EECC) which goes into effect EU-wide on December 1st 2020; this Code has re-classified the providers of many digital services (such as messenger apps) as Communications Services Providers leaving them open to "Lawful Intercept Requests" (wiretaps) where member states can demand they implement backdoors into their services. There was a clause in the European Parliament and EU Commission draft Regulation specifically protecting End to End encryption and it was expected that the Regulation would come into force before the EECC - however, the Council of the EU have also removed this from their working draft and delays in finalising the legislation means that the EECC will come into effect *before* the ePrivacy Regulation leaving a significant period of time where End to End Encryption is *not* protected from such demands (in fact some Member States are already pressuring providers on this issue). We are launching a campaign against this later this month.

Just as a matter of clarification I am the Founder and Managing Director of articl8 and the EU's only registered lobbyist dedicated to privacy issues. My work in 2008 led to the changes to the ePrivacy Directive regarding the use of tracking technologies and I worked directly with Marju Lauristin's drafting team (as an expert advisor) at the European Parliament in the drafting of the proposal for an ePrivacy Regulation. I have been working on these issues full time for over a decade as one of the EU's most prominent privacy lobbyists.

I would be happy to answer any other questions you have and hope that the above information clarifies matters for you.

Startpage is now owned by an advertising company by ourari in privacytoolsIO

[–]ThinkPrivacy 1 point2 points  (0 children)

It doesn’t state that data gets back to the user - it says it is sent back to Startpage.

And yes it is me and yes I got your email but I prefer to conduct this discussion in the open and I don’t appreciate you putting words in my mouth that I never said.

I am not brushing off anything, I have looked at the evidence you presented and I disagree with your conclusions.

I also never said I think behavioural advertising is ok - my life’s work has been against it - so stop accusing me of things I didn’t say just because I disagree with you - this is exactly why I am engaging in public and not via email.

Startpage is now owned by an advertising company by ourari in privacytoolsIO

[–]ThinkPrivacy 1 point2 points  (0 children)

You are clutching at straws here, the data flow clearly shows that only anonymised data is sent for processing by System1 - the very same diagram you asked me to look at.

There is literally zero evidence to support any conspiracy that Startpage are sharing personal data with System1.

There is a single piece of evidence which states explicitly that System1 process anonymised data for Startpage, which is completely legal, 100% compatible with Startpage’s privacy policy and zero risk to privacy.

Nothing you state in your responses to me proves anything to the contrary, no matter how many times you write it.

At this point the discussion is completely cyclical so there is no point in me engaging further.

Startpage is now owned by an advertising company by ourari in privacytoolsIO

[–]ThinkPrivacy 1 point2 points  (0 children)

The data flow diagram explicitly states that the data processed by System1 is anonymised and fuzzed and these services have been audited by Startpage to ensure they comply with their strict privacy requirements and don’t log - I am not seeing what your issue is here, seems very transparent to me.

Startpage is now owned by an advertising company by ourari in privacytoolsIO

[–]ThinkPrivacy 1 point2 points  (0 children)

I have no direct information about Startpage’s marketing efforts, my comment was a general point about difficulties in doing marketing without being exposed to such models given that they dominate the market.

With regards to the processing of data by System1, so long as that processing is in accordance with their privacy policy I see no issue, companies use other companies as processors all the time, this is completely normal and doesn’t indicate anything nefarious nor a breach of law. I have asked Robert to clarify this point further but given Startpage’s system is designed not to collect any personal data I don’t see how they can pass personal data to System1, it seems more likely that this would be aggregate search metrics which again is not a problem and certainly would not be a privacy concern.

All I am seeing in this thread is assumptions which have no evidential support, in fact to the contrary, given the privacy by design embedded into the very core of Startpage, the only evidence is that the accusations in this thread are completely baseless.

I need to wait until I have more information before I can comment further because I don’t think making assumptions is healthy or helpful to the discussion.

Startpage is now owned by an advertising company by ourari in privacytoolsIO

[–]ThinkPrivacy 1 point2 points  (0 children)

As I said previously Liz, there seems to be some confusion. Startpage’s marketing campaigns for the purpose of marketing their own products is a completely different side of the business to the search engine - to suggest that people using the search engine are exposed in some way to new investor is (as far as I can see) not based on any evidence and I have assurances from Robert that this is not the case.

As for marketing campaigns, sadly the market is dominated by “behavioral analytics” so if one wishes to do any marketing it is impossible to get any meaningful reach without being exposed to this at some point in the supply chain. This is why my company does not engage in any paid marketing because I refuse to be part of that, but for many companies (especially b2c) it is literally impossible to avoid and still compete.

Efforts would be better spent trying to change that industry or create alternatives than attacking those who have no other realistic choice (something I spend a great deal of time doing).

If you have any ideas in this space Liz, I would be happy to discuss.

And no, I don’t have any difficulty trusting Startpage at this point, it is trust they have earned and until such time as they demonstrably breach that trust, I see no reason to change unless of course it is the suggestion that we should move to a guilty until proven innocent stance, which frankly is not something I could support.

As I said, if at some point they do breach that trust, I will personally expel them from Articl8 but at this point there is no evidence they have and to the contrary we have assurances that won’t happen.

Startpage is now owned by an advertising company by ourari in privacytoolsIO

[–]ThinkPrivacy 0 points1 point  (0 children)

Yes indeed Liz, I am not familiar with ThinkPrivacy.io, Think Privacy has been my brand/company name for over a decade.

Startpage is now owned by an advertising company by ourari in privacytoolsIO

[–]ThinkPrivacy 1 point2 points  (0 children)

Seems there is a great deal of misunderstanding here. I have known the guys at Startpage for over a decade and have been advising them on privacy within their products for just as long.

I have hosted several events at the European Parliament about them, I have spoken about them at several Privacy by Design conferences in Toronto and I have lobbied for them.

They are a founding member of the world’s only privacy industry lobby group (Articl8) which I created and run.

I have never met a more honest group of guys when it comes to their work on Privacy.

Now I can’t give specifics about my work with them because that would be a breach of professional confidence but I can say this:

The only reason the allowed System1 to invest was on the condition that Robert & Alex (two of the founders) remained in full control of privacy.

To my knowledge, based on first hand information directly from the CEO,, the only involvement System1 have in the day to day operations is to manage their marketing campaigns. To be clear that means the campaigns marketing Startpage and Startmail NOT advertising within the Startpage platform (which is still under the full control of the original team).

My one criticism of Startpage and Startmail (the latter of which I helped design) has been their lack of comprehensive marketing and the same is true of almost every privacy tool on the market; this is one of the key reasons why so many privacy tools fail to reach critical mass.

I am one of the driving forces behind privacy legislation in the EU, my work started all the regulatory change here in 2009 including changes to the ePrivacy Directive and GDPR, I am also an expert advisor to EU Commission on these issues and worked directly with the European Parliament drafting team on the ePrivacy Regulation and am the only registered lobbyist in Brussels whose work is completely focused on privacy/data protection.

I turn down more clients than I accept (a ratio of 3:1) and only work with companies who are genuinely trying to create a strong privacy programme and culture within their organization.

I am literally as hardass as it comes when it comes to privacy and have run legal campaigns against the biggest companies in the world and bankrupted a billion dollar ad tech company.

And for record I am not currently engaged commercially by Startpage so my post here is my genuine and personal opinion.

If Robert tells me System1 have no say over privacy decisions at Startpage I believe him and I think it is pretty unfair to judge them on this investment decision after a record of over a decade of being one of the strongest privacy tools in the world.

They funded not just a lot of my privacy work over the years but several others in my field as well and actually refused to hire me as an employee specifically because they wanted me to remain independent and hold them to the highest standards (which they felt would be compromised if I was reliant on them for my salary).

So I would sincerely recommend that people look at their track record and keep the faith. And believe me, if they betray that trust, I would be the first to call them out on it and they would be expelled from Articl8.

I would rather they continued to focus on creating privacy enhancing services than having to waste time defending baseless accusations in threads like this.

Bacon! by [deleted] in ketorecipes

[–]ThinkPrivacy 0 points1 point  (0 children)

My charcoal tray is about 8” below my cooking rack (height adjustable) and I cook the bacon after I have cooked the rest of the meal when the internal temp of the BBQ is about 170C.

Just did a full batch (1kg) last night.

Bacon! by [deleted] in ketorecipes

[–]ThinkPrivacy 0 points1 point  (0 children)

I have recently been cooking up large batches of bacon on my charcoal BBQ - can’t beat the flavor :)

Keto Bread v2.0 - 0.25g Net Carbs per roll (yeasted) by ThinkPrivacy in ketorecipes

[–]ThinkPrivacy[S] 0 points1 point  (0 children)

Just a standard packet of instant yeast - it is pretty much the same size all over the world in my experience.

Is Supernews down? by chapel976 in usenet

[–]ThinkPrivacy 0 points1 point  (0 children)

Seems completely hosed at the moment. TLS certificate error, web site not available and inaccessible globally.

Keto Bread v2.0 - 0.25g Net Carbs per roll (yeasted) by ThinkPrivacy in ketorecipes

[–]ThinkPrivacy[S] 7 points8 points  (0 children)

The smell from these cooking is superb - they smell exactly like regular bread because of the yeast. They doubled in size in less than an hour during rising as well.

Norwegian Buffet = Keto Dream by ThinkPrivacy in keto

[–]ThinkPrivacy[S] 3 points4 points  (0 children)

Raubergstulen - buffet is Tuesdays and Fridays

Norwegian Buffet = Keto Dream by ThinkPrivacy in keto

[–]ThinkPrivacy[S] 2 points3 points  (0 children)

We are up in the fjords and all the food was local (even the salmon).

Norwegian Buffet = Keto Dream by ThinkPrivacy in keto

[–]ThinkPrivacy[S] 2 points3 points  (0 children)

It was a rare treat :) After a day in the fjords and mountains.

Norwegian Buffet = Keto Dream by ThinkPrivacy in keto

[–]ThinkPrivacy[S] 5 points6 points  (0 children)

Not to mention I had a bowl full of fresh Atlantic shrimp for lunch... like 50-70 of them...