Enlarge (credit: Bloomberg / Contributor | Bloomberg )

This month, Meta's new Twitter-alternative Threads launched in 100 countries , but not in the European Union, due to potential conflicts between the app's vast data collection and the EU's strict data privacy laws. Immediately, reports emerged that some EU users persisted in downloading Threads anyway—by hiding their location and accessing the app via a virtual private network, or VPN.

Now, Meta has confirmed that it has taken measures to block VPN access to Threads in the EU.

"Threads is not currently available in most countries in Europe, and we’ve taken additional steps to prevent people based there from accessing it at this time," a Meta spokesperson told TechCrunch . "Europe continues to be an incredibly important market for Meta, and we hope to make Threads available here in the future."

Enlarge (credit: Getty Images | SOPA Images)

European and Irish regulators have ordered Facebook owner Meta to pay a fine of 1.2 billion euros for violating the General Data Protection Regulation (GDPR) with transfers of personal data to the United States. It's the largest GDPR fine ever.

Meta was also ordered to stop storing European Union user data in the US within six months, but it may ultimately not have to take that step if the EU and US agree on a new regulatory framework for international data transfers.

The infringement by Meta's subsidiary in Ireland "is very serious since it concerns transfers that are systematic, repetitive, and continuous," European Data Protection Board (EDPB) Chair Andrea Jelinek said in an announcement today. "Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences."

Enlarge (credit: NurPhoto / Contributor | NurPhoto )

Meta announced that starting next Wednesday, some Facebook and Instagram users in the European Union will for the first time be able to opt out of sharing first-party data used to serve highly personalized ads, The Wall Street Journal reported . The move marks a big change from Meta's current business model, where every video and piece of content clicked on its platforms provides a data point for its online advertisers.

People “familiar with the matter” told the Journal that Facebook and Instagram users will soon be able to access a form that can be submitted to Meta to object to sweeping data collection. If those requests are approved, those users will only allow Meta to target ads based on broader categories of data collection, like age range or general location.

This is different from efforts by other major tech companies like Apple and Google, which prompt users to opt in or out of highly personalized ads with the click of a button. Instead, Meta will review objection forms to evaluate reasons provided by individual users to end such data collection before it will approve any opt-outs. It's unclear what cause Meta may have to deny requests.

Enlarge (credit: Aytac Unal/Anadolu Agency/Getty Images )

Twitter’s direct messages have always been a security liability. The DMs you send to friends and Internet strangers aren’t end-to-end encrypted , making your conversations potentially accessible if Twitter suffers a data breach , or to company staffers with the right permissions to access them . Both scenarios are arguably more likely in Elon Musk’s version of Twitter, where key security and data protection staff have departed .

Since Musk acquired Twitter and started laying off thousands of employees at the start of November, remodeling the firm in his vision , multiple waves of tweeters have abandoned the platform. When they do, they often try to download their Twitter archive and delete DMs. In the chaos, the process has often been glitchy.

Enlarge (credit: FRANCESCO ZERILLI/ZERILLIMEDIA/SCIENCE PHOTO LIBRARY | Science Photo Library )

For four years, Meta has been battling European Union regulators over how its apps, Facebook and Instagram, collect user data to personalize ads. The key question for regulators was whether Meta's so-called contract legal basis—which lumps the user consent agreement into its apps’ terms of services—forced its users to choose between consenting to data collection or losing all access to the social platforms.

Yesterday, the EU’s lead privacy watchdog, the Irish Data Protection Commission (DPC), finally reached two decisions, deciding that Meta had illegally forced consent from both Facebook and Instagram users. Now, Meta must pay a $414 million fine and update its apps over the next three months to come into compliance with the EU’s General Data Protection Regulation (GDPR).

Ars could not immediately reach DPC for comment.

Enlarge / Can the GDPR's privacy protections be improved? (credit: Wikimedia )

Nick Dedeke is a professor in the Supply Chain and Information Management (SCIM) Group at Northeastern University in Boston.

The European Union introduced the General Data Protection Regulation (GDPR) in May 2016 to grant users (also called data subjects) more control over their personal data, which is typically under the custody of data aggregators and/or data processors. After an initial period of introduction to the public and stakeholders, the law took effect on May 25, 2018, and the GDPR made several positive contributions to better regulate data protection. First, it expanded some existing rights, such as the subject's right to information, right to access, right to rectification, right to cancellation, and right to object. The GDPR also created new rights, such as the right to be forgotten, the right to portable data, and the right to restrict the processing of personal data. The GDPR also included several obligations that data controllers owe data subjects.

Second, the GDPR also introduced a notable extension to existing definitions of personal data. Currently, personally identifiable information (PII) includes data such as name, address, phone number, and email. Sensitive personally identifiable information (SPII) includes data such as social security numbers, driver’s licenses or state ID numbers, passport numbers, alien registration numbers, financial account numbers, and biometric identifiers. Some data become SPII when they appear with PII data. For example, data elements such as citizenship or immigration status, medical information, ethnic, religious, sexual orientation, or lifestyle information become SPII when they are linked to the identity of an individual .

And yet they are trying to amend the rules with changed wording, outright lie about it and do nothing in the way of cooperating with a friendly legal entity, not hoarding personal data. What is this mad lust for people's information?

"Germany's federal and state data protection authorities (DSK) have raised concerns about the compatibility of Microsoft 365 with data protection laws in Germany and the wider European Union."

"According to the German watchdog's report [PDF], which was written after two years of negotiations with Microsoft, the body says that the product "remains in breach" of the General Data Protection Regulation (GDPR)."

There is more if you follow the link below.

#microsoft #GDPR #software #privacy

Enlarge (credit: Elena Lacey/Getty Images)

Next week, a law takes effect that will change the Internet forever—and make it much more difficult to be a tech giant. On November 1, the European Union’s Digital Markets Act comes into force, starting the clock on a process expected to force Amazon, Google, and Meta to make their platforms more open and interoperable in 2023. That could bring major changes to what people can do with their devices and apps, in a new reminder that Europe has regulated tech companies much more actively than the US.

“We expect the consequences to be significant,” says Gerard de Graaf, a veteran EU official who helped pass the DMA early this year. Last month, he became director of a new EU office in San Francisco, established in part to explain the law’s consequences to Big Tech companies. De Graaf says they will be forced to break open their walled gardens.