BEIS seemingly breaches GDPR rules in trying to gather suggestions for 2022 new year honours list

Hundreds of email addresses for the UK’s leading business bosses have been shared accidentally in an apparent gaffe by the Department for Business, Energy and Industrial Strategy (BEIS).

The error, which appears to put BEIS in breach of GDPR rules governing the use of private data, occurred while the department was gathering suggestions for the 2022 new year honours list.

Continue reading...
  • chevron_right

    How to choose you Jabber service?

    debacle · Sunday, 24 January - 01:38 edit · 1 minute

Aren't we all envious of users of #Whatsapp, #Signal, #Telegram or #Threema? The choice of service is easy for them. There is none! Happy users!

Instead we use #Jabber or #XMPP, because we love self-hosting, don't we? Well, it is important to have the option to self-host, but in most cases it is not the best option to actually do it. So we need to select a server, based on our priorities.

I suggest to look out for:

  1. More than one admin? A single admin might be in holidays, when you need them most. Or they outburns and closes the service on short notice. Beware of the lorry factor.
  2. Sound financial base? If you pay for the service, you have a higher chance, that the service is here to stay. A service based on donations might work as good as a commercial one.
  3. Good uptime history?Here is some limited informtion about it. Also, the longer a service exists, the longer it will survive, because of the Lindy effect.
  4. Good #LTS grade? Use only A grade servers from the IM Observatory.
  5. Acceptable data privacy statement? IANAL, but you know, #GDPR and so on...
  6. High XMPP compliance? This XMPP Compliance Tester lists many servers.
  7. Cool domain name? and other details like how much server space you have for sharing cat content, how long messages are archived, whether an .onion domain is available, or transports (gateways) to #IRC or other networks are provided.

Useful lists of servers can also be found on Freie Messenger and JabberEs.

  • favorite

    10 Like

    ericbuijs , Timothée Jaussoin , DebXWoody , Yannv , Xabi , Minh Le , Holger Weiß , melmc , melmc , purplesun

  • chevron_right

    Tesla: Überwachungskameras auf Rädern

    debacle · Wednesday, 13 January - 22:58 edit

Das Fernsehmagazin Kontraste berichtet:

Egal wo man mit einem Tesla hinfährt. Tesla guckt mit. Sieht sogar noch einiges mehr als der Fahrer. Acht Kameras filmen, was sich rund um den Wagen bewegt. Sie. Mich. Alles.


"Wenn ein Fahrzeug im öffentlichen Verkehrsraum fährt und dabei ständig alle anderen aufzeichnet, ist das ein klarer Datenschutzverstoß. Das darf nicht sein. Solche Kameras dürfen immer nur im Einzelfall bei einem konkreten Ereignis eingesetzt werden. Aber das dauerhafte Filmen durch Fahrzeuge ist verboten." (Stefan Brink - Landesdatenschutzbeauftragter Baden-Württemberg)

#tesla #auto #verkehr #überwachung #surveillance #datenschutz #gdpr #dsgvo #privacy

  • favorite

    1 Like


  • chevron_right

    Stopping the biggest lie on the Internet

    debacle · Tuesday, 1 December - 21:51 edit · 1 minute

Stopping the biggest lie on the Internet

Everybody knows about the biggest lie on the Internet. It is:

☑ Yes, I read the Privacy policy and I agree with every single word of it.

But there is an easy way to stop that lie: Just enforce by law, that the single checkbox is not considered sufficient anymore to agree with 150 pages of juridical text. Instead there must be a short exam about randomly selected statements, such as one percent of all statements of the policy. E.g. instead of just agreeing to Microsoft Privacy policy when using Skype, users have to go through something like this:

1. Please fill in the missing term about the personal data we collect:

Contacts and _____________. Data about your contacts and _____________ if you use a product to share information with others, manage contacts, communicate with others, or improve your productivity.

(Correct answer: "relationships")

2. What would you need to get before using recording features of Skype?

(Correct answer: "consent from all parties to the communication in advance")

3. As you well know, we store and process your personal data in your region, in the United States, and in any other country where Microsoft or its affiliates, subsidiaries, or service providers operate facilities. In which countries are our major data centers maintained?

☐ Australia ☐ Austria ☐ Azerbaijan ☐ Bavaria ☐ Brazil ☐ Canada ☐ Chile ☐ Denmark ☐ Finland ☐ France ☐ Germany ☐ Greece ☐ Hong Kong ☐ India ☐ Iran ☐ Ireland ☐ Jamaica ☐ Japan ☐ Korea ☐ Kyrgyzstan ☐ Luxembourg ☐ Malaysia ☐ Mexico ☐ Netherlands ☐ Norway ☐ Scotland ☐ Singapore ☐ Switzerland ☐ South Africa ☐ United Kingdom of Great Britain and Northern Ireland ☐ United States of America

(Correct answer: Australia, Austria, Brazil, Canada, Chile, Finland, France, Germany, Hong Kong, India, Ireland, Japan, Korea, Luxembourg, Malaysia, Netherlands, Singapore, South Africa, United Kingdom of Great Britain and Northern Ireland, United States of America)

4. You did realise that storing your personal data on US data centers is illegal in the EU, didn't you?

☐ Yes ☐ No

(Whatever answer: End of game for users in the EU)

Sorry, Microsoft, I'm not picking on you! I could have used any other service than Skype, but it is so popular these days!

#dataprotection #privacy #gdpr #eu #privacypolicy #skype #microsoft

  • favorite

    4 Like

    Holger Weiß , DebXWoody , ericbuijs , Timothée Jaussoin

  • Ar chevron_right

    Facebook halts Oculus Quest sales in Germany amid privacy concerns / ArsTechnica · Thursday, 3 September, 2020 - 18:53

Facebook halts Oculus Quest sales in Germany amid privacy concerns

Enlarge (credit: Aurich Lawson / Facebook)

Facebook subsidiary Oculus says it has "temporarily paused" sales of Oculus Quest headsets to customers in Germany. Reports suggest the move is in response to concerns from German regulators about the recently announced requirement that all Oculus users will need to use a Facebook account by 2023 to log in to the device.

"We have temporarily paused selling Oculus devices to consumers in Germany," Facebook writes in a brief message on the Oculus support site . "We will continue supporting users who already own an Oculus device and we're looking forward to resuming sales in Germany soon."

Facebook declined an opportunity to provide additional comment to Ars Technica. But in a statement to German News site Heise Online ( machine translation ), the company said the move was due to "outstanding talks with German supervisory authorities... We were not obliged to take this measure, but proactively interrupted the sale."

Read 7 remaining paragraphs | Comments

  • Ar chevron_right

    Court tosses US-EU data sharing agreement amid US surveillance concerns / ArsTechnica · Thursday, 16 July, 2020 - 20:29 · 1 minute

EU Commissioner for Values and Transparency - Vice President Vera Jourova (L) and the EU Commissioner for Justice Didier Reynders (R) are talking to media during the EU Commission press conference on data protection at International Level on July 16, 2020 in Brussels, Belgium.

Enlarge / EU Commissioner for Values and Transparency - Vice President Vera Jourova (L) and the EU Commissioner for Justice Didier Reynders (R) are talking to media during the EU Commission press conference on data protection at International Level on July 16, 2020 in Brussels, Belgium. (credit: Thierry Monasse | Getty Images )

Europe's highest court today struck down the agreement by which companies operating in the EU are allowed to transfer data to the United States. The court ruled that the agreement leaves European customers' data too exposed to US government surveillance.

The agreement, known as Privacy Shield, has been in place since 2016, and more than 5,000 companies operate under its terms. Boiled down, the Court of Justice of the European Union (CJEU) basically ruled that US law is too weak to protect EU citizens' data to the extent EU law demands. As the court put it in a press release ( PDF ):

The limitations on the protection of personal data arising from the domestic law of the United States, on the access and use by US public authorities of such data transferred from the European Union... are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law.

As a result of the case, US companies doing business in Europe or handling data from European clients will either have to negotiate new individual data-handling arrangements, called Standard Contract Clauses (SCC), with the EU or stop porting data from European operations into the US. The ruling applies to data that companies such as Facebook move around to US servers for internal reasons, but it does not affect "necessary" data transfers, such as take place when someone in Europe sends an email to a recipient in the US, books a flight or a hotel on a US website, or does something equally mundane.

Read 12 remaining paragraphs | Comments

  • chevron_right

    Contact publication

    Timothée Jaussoin · Monday, 24 September, 2018 - 21:39 edit

#Chrome recent changes just shows how much trust you can actually put in Google nowadays. I'd be really happy if #Google is condamned by justice for not respecting the #GDPR. For now, hopefully, we still have browsers like #Firefox that is both technically and ethically better :) Long live the red panda!