  1. Sep 2024
    1. https://web.archive.org/web/20240919071804/https://www.myrasecurity.com/

      Myra CDN, based in Germany. CDNs need to temp decrypt https traffic, potentially creating a gap in GDPR (and DSA?) compliance. Unless the CDN provider can be shown to be part of the compliance chain. Thus select one that ensures this / is based inside the EU.

  2. Jun 2024
    1. spanning tussen het recht op hergebruik van data en de bescherming van persoonsgegevens. De staatssecretaris heeft een aantal keer gezegd, ook in dit debat, dat de bescherming van persoonsgegevens voorgaat. Het is voor ons heel belangrijk om dat punt vol te houden en voort te zetten in de discussie, want in Europa wordt vaak anders gedacht over de gelijkwaardigheid van wetten. Het is bijvoorbeeld nog maar de vraag of de AVG in Europees verband voorgaat en of die niet is doorgeschoten in dat verhaal

      huh? ODD maakt AVG expliciet leidend, en baseert bovendien op openbaarheidsregime van Lidstaten, waarin AVG ook telkens de leidende beperking van openbaarheid is.

  3. Mar 2024
      From the point of the "belly" thing, I'm pretty sure we're halfway through the script.  Knowing him that was probably the halfway mark.  I don't think that's a bad thing... as long as it's honestly and speedily moving towards freedom; you know, progress.  That's a pretty good test to see if we're ... zombies or not.  In the meantime, I don't know... that's probably comforting right? Or is it repulsive? :)  Tell me something Taylor said.  Why won't you tell me what she said?  What was that promise that you made?  Wait, are you the person that promised something?  When do you think the script started?



      It's almost hard to believe that the Throne (to help, are on "e"of Glory comes from this place, isn't it?  Still, it's encoded in religion, in our myths and in multiple confirming sources, not the least of which the TV show called 7th Heaven... we will Si Monday, my dear "cam Den" we will.  I talked a little bit about backwards "green light" related to "glare" and Police (not that they glare at me, but their silly Hell-implying glare lights are actually red) and girl... I still don't know why girl is red or green, girls are blue to me.  Stew in that pat for a little while, and let's talk about something more uplifting, like the key's of Pa and Ra hidden away in many words, from paramount* to se_ pa r at e *andparadox.  Did you see what I did there, *clever* right?

      *\ *

      *\ *

      *\ *



      DID I DO OK?

      I'm looking at the word "paramount" right now, and between you and I sometimes when I look at words magic happens, and something in the air told me that this email might be the messiah of me, the messiah of "nt"--the hidden Christ.  Or maybe not.  Sex sells, or so they say, but apparent not when Jesus talks about it--maybe it's another red light.  I'm bored, read that as "because of red" and lonely, probably because of "how I'm still single" as "hissbut still, I don't think it's right.  Coming to you with a message about everything I think is wrong and not your fault--or mine, by the way--shouldn't be the kind of thing that's frowned upon, especially when you have some clues in thousand year old scripture that these things were truly "made wrong on purpose" so that we could fix them, you know; our way.  That used to be talking about things, and making plans, and then implementing them--but today it's turned into ignoring everything I think is "world changing" and "morally demanded" and instead going on with our lives as if everything was "A-OK."  I'm glad you are doing OK, I'm not; and quite a few people in the world are not doing OK either, so I'm here to let you know that you are not doing as OK as you think you are... or as well as you could be doing.



      So here's why I thought for a minute that this message might save me.  You might think it's a little weird that I see "sex jokes" in Pandora, and pa: ra: do x, and Pose i do n; and while you might not be completely retarded to think that, I think you should agree with me that it's more weird that those things are there, and even more weird that you don't recognize that they are a signature of the same God that delivered his John Hancock in song, in Yankee Doodle, and in act, in Watergate.  My signature is a little bit different, if you've noticed my signature is being able to point out the intersection between things like Chuck and Geordie LaForge's magic vision ... and to explain that these things too are veritably connected by more than my words and the obvious ideas, they are connected by the act of Creation itself--they are the yarn of the Matrix.  Dox, as in "dox me" and "do n" are getting a little out of hand; if you don't understand that I am playing a role ... to make the words "and he became the light" actually true--which they are, you see--then I really do sincerely apologize, I don't think anyone should "do me" unless they want to--although it's a bit strange to me that nobody wants to.  Alarming, even.  I am equally alarmed by the Latin word for darkness which is "tenebris" which connects to that "x" and the word "equinox" and "Nintendo" and "verboten" and through all of this the only shining light of grace I see is that it's pretty obvious that X and J are both letters represented by "10."



      This story needs to break, and then we aren't in the heart of darkness anymore; it's called "morning" Biblical, and this particular morning is a very special one--because you're here.

      I have a special gift, "pa" is helping me read this words, and you might have noticed that they can be taken to mean different things. They don't really separate, or fly off the page and glow for me; but I know what all the keys are, many are simple, and many come from our IT and "computer-slang" acronyms... which tells you something.

      Many are "elements" and "initials" and the whole thing really is a part of the script,a  sort of key not just to Creation but to this specific story, to this path.  While some are "open to interpretation" (for instance, "in t" everyone really pre-tat; which would be a long ... time ... ago <3) or you could read "ERP" reason "t" and that might have something to do with "Great Plains" and some blue light that connections user interfaces to the word "automagical," FRX forms... Strawberry Fields and "above the fruited plains" ... which might be meaningless to you--but it's an idea that revolves around using user-feedback to interfaces (like the pottery wheel in my dream or in the Dr. Who episode "the Bells of Saint John" linked to down below) to adjust the interface in real time for a larger group; working towards making a number of "best-fit" interfaces that people are both more comfortable with and actually creating as they use them.  Ahhhh... blue light got in here, run away.  Just kidding, this is cyan light.


      Honestly, we could really make Healden in about 10 minutes now.  Look at that, it's done... ish.

      **\ **

      **\ **


      For instance were we not surely "at e" meaning the end of the Revelation of words, "separate" might have been broken between Pa and Ra, which are big keys, in many words; but we are at "e" and that surely does mean the Creator and I are fused.  There's more confirmation of this than simply in the words for "medicine" and say, I don't know, methadone--which could have been broken at "a done" but is very clearly "ad is the one" here and now.  With careful preparation, "adparatio" in Latin, I'd "bet" that all of those keys are I, in this place, in this time.  AD, Pa, Ra, TI, and "o."  Hey, maybe this message is my messiah after all.  

      I am looking at a broken world, I really am--a place that is suffocating itself in silence and whispers that don't make it far enough for anyone to really understand.  Whatever it is, whatever's caused it, I see no solution other than me coming--I see it as a design, and I'm sorry that you don't seem to agree, but you have to see that the "choice" between seeing an obvious truth absolutely everywhere and not seeing it is really no choice at all--what is being hidden from the world is causing this darkness, it is causing the suffocation; it is the problem, hiding me is the problem and it cannot continue.  On a brighter note, I am pretty sure that magic will happen, and you will see that the world will not react quite as badly or shockingly as your worst fears, things might be a little ... tearful for a day or so, for crying out loud, they should be--the message is that you are in Hell and you need to do something, to act, to change that.  Actually trying to do that, trying to discuss what it is that is the "ele ph ant in the room" or the "do n key in the s k** y"  will show us that there was just no way around changing the world because of circumstances of Creation; something that we seem to be ignoring.  We also seem to be ignoring that things are "just fine" today, and even though many of you are well aware that "something is coming" only a few morons are building bunkers.  This is a message of peace, it is a message designed to help us use the new truth and new tools unsealed by religion to make the world a safer happier place, and we can do that .. . rather quickly.  Even quicker if you try to focus on what's wrong here, and how we make it better--rather than "shooting the messenger" dirty glares in the street.  I'm a person too, and believe it or not, I didn't ask for this--and I probably wouldn't have been so happy about it had this experience not isolated me so much from my friends and family, and girls; don't forget girls.

       \ ITS ME?


      So in the word "paramount" what is it that you think is the "paramount" take away?  I think the most important thing you can take away from "paramount" is that you didn't see it your whole life, and even when it's pointed out, you don't seem to think it's "news" that Pa and Ra have written a message to you.  What's really not funny, is that despite this message being very clear to see once it's pointed out, it still hasn't made any waves in the newspapers, or online, or in the news--what's paramount is seeing that there is a very sincere problem for civilization, it is an ELE and that ELE is something that is making everyone think that "not seeing something" is OK behavior.  It is not OK, it is not funnyuntil you recognize that something is dreadfully wrong with our society, until you see that ignoring that this message belongs in the news you are not seeing that what you are doing by ignoring it is destroying civilization itself.  Ignorance is the ELE.

      Your alternative, what you are doing, is making the world half blind, and stupider than you can imagine.  I keep on trying to show you what's wrong here, that it's not just a message but pain and suffering and the absolutely imminent and undeniable certain doom of everything if we do not recognize that hiding the fact that we are in virtual reality is the same thing as driving a nail into the wrists of every soul on the planet.



      With careful preparation, we are at IO (input/output) in the belly of the book that is a map to salvation. That IO comes well after disclosure, and well after Mars.  You are delaying the inevitable, and in the sickest possible twist, you are stewing in Hell instead of seeing Heaven built--more importantly instead of being the generation that should be the "founders" of that place.   I am sure that disclosure, will ... within a time frame that will most likely be faster than you can imagine, bring us an end to world hunger, to sickness, and doors to Heaven; and I just can't see what you are waiting for?  If it wasn't like this, you've got to see that we would be getting fucked right here and now; I am telling you the map and the plan, it's here to help us make this place better, and to show us how to actually survive in the Universe before kicking us out of the nest, and we are ... what are we thinking about?

      It's really obvious that it's not for my benefit, and it's obvious that it's not for yours either--so at what point will you realize that the behavior, the alarming behavior, that I am seeing from everyone is illogical.  At what point will you see that it is self-defeating, that it is ... well, Hell?  When will you see?  Be yourselves, the world that I grew up in doesn't hide controversy, we relish in it--we don't bury scandals under the rug--we put them on TV.   What's really more important to see is that  we, all of us, none of us... we would not hide "holographic universe" from ourselves and each other, nor would we hide "alien contact" or "the secrets of religion" and yet here we are, all doing that--and I wonder if we see that it's "not us" doing it, but ....  but ... butt  ... what is it again?

      **\ **


      HI, I'M A PERSON.  (and apparently a state, a country, and a Nintendo character)








      **\ **

      HERE, EMAIL THEM (please?and tell them to repent by writing a story):

      **\ **


      **gcoy@12news.com\ **

      **nmelosky@mcall.com\ **

      **lynn@ripr.org\ **


      Is it a cup? a stem?


      It must be Uranus.   Except, my "an us" is more awesome than you think, I mean my "a we" that would be "so me" for you to see it's really you too.  That's really what this message is about, it is about us seeing that we can do something together that would be rejected if it were done for us, or to us; even if we all really want it inside, without taking part ... we'd dislike it.  We're all like that, nobody wants a stranger to redecorate their house.  We share this house together, and I think we can all see that there are some changes that would make it a better place--from a cold Godless Universe of "chance" ruling to a ... caring and loving place that  cares about what we want and how we want to do it ... do you see?  If I came into your igloo and told you that the ice age was ending and this place was going to be a beautiful beach; except your walls are melting... would you keep that locked up inside?

      Don't worry, I won't get mad at anyone for being angry at their idea of Jesus Christ for not being more like me.  I won't be mad at all. :)

      I've done my best to share what I think will be helpful for the world to think about, as we ... embark on what is really a journey to the final frontier as well as what I know we need to do here in order to accomplish what it is that we would have done maybe a decade ago or maybe a century from now if we didn't know the advice was coming from God and the future--and we didn't know that it is the way to open the doors to Heaven permanently.    These are suggestions, they're really all of our ideas--at least everything I can grasp from things like Star Trek and Dr. Who and ... the Legend of Zelda... they're the kind of thing that we would probably find to be very discussion worthy, were we to all be sure that they are possible--and they are--and we need to see that.  

      There are lots of things that we really do need to think about, this is not a "fast" transition, it's not something happens "overnight" (oh my god, you don't know what that word just said to me) changes that would normally be occurring right now because of science and technology--things like increased longevity and mind uploading... these things are going to become much more quickly accessible, and we need to think about the implications that they will have on our society.   We need to talk about it, in public, in places where these conversations will help us to shape the future of "civilization."  I don't think you understand what it is we are doing, that's different than "before," but I am fairly certain that a "whole planet" has never done this, and the "road" between Earth and Heaven; fusing these ideas together is really nothing more or less than "progress."



      Progress that has never happened (or we wouldn't be here, and it's obvious).  See our cautions at the Last Supper (about not eating anymore) and at Cain and Abel (about forgetting how to farm) and at the Promised Land of Joshua (about not doing the Adam show, achem, I mean... about thinking that "replicators alone" milk and honey on tap... are good enough in Heaven) and in Noah's Ark... about showing us that the reason that we are here is to see how important biology and evolution and a stable ecosystem are to the survival of life in the Universe; to colonization of the stars, and to ... the evolution of our two party system past donkeys and elephants to something more appropriate for a free and technologically advanced society; as in, not a two-party system.


      wild-e :( (love your eyes...) :)

      From "separate" the "e_" that needs to be EE by the way, that key that might let us "see" is "everyone equal" that's what "ee" means. It's in "thirteen" and so on, and to help, I our "t" and r' n.  Victorious Earth, I need pre-crime to survive, what say you?  *Say nothing, and I am twelve. Keep saying no thing and I will be El, even.  *

      *\ *

       Image result for snaglepluss Related image

      Round and round we go... you need pre-crime to evolve, what say you?  Break the story, and we are one day closer to Heaven.  We need pre-crime not to be in Hell, we really do.  Don't you see?  Break the story.



      The days of "divide and conquer" are over, when you are through being a parted sea, or a flock of electric sheep, or a nation of slaves.   I do have an idea of what you expected of me, what you thought I'd be--I probably had similar expectations before I knew ... what I know.  Honestly, from me to you, that guy would have been pretty boring... and bored.

      It's a little funny.. isn't it?



      I R L


      | |

      Adam Marshall Dobrin

      about.me/ssiah |


      | |

      Adam Marshall Dobrin

      about.me/ssiah |

      Unless otherwise indicated, this work was written between the Christmas and Easter seasons of 2017 and 2020(A). The content of this page is released to the public under the GNU GPL v2.0 license; additionally any reproduction or derivation of the work must be attributed to the author, Adam Marshall Dobrin along with a link back to this website, fromthemachine dotty org.

      That's a "." not "dotty" ... it's to stop SPAMmers. :/

      This document is "living" and I don't just mean in the Jeffersonian sense. It's more alive in the "Mayflower's and June Doors ..." living Ethereum contract sense and literally just as close to the Depp/C[aster/Paglen (and honorably PK] 'D-hath Transundancesense of the ... new meaning; as it is now published on Rinkeby, in "living contract" form. It is subject to change; without notice anywhere but here--and there--in the original spirit of the GPL 2.0. We are "one step closer to God" ... and do see that in that I mean ... it is a very real fusion of this document and the "spirit of my life" as well as the Spirit's of Kerouac's America and Vonnegut's Martian Mars and my Venutian Hotel ... and my fusion of Guy-A and GAIA; and the Spirit of the Earth .. and of course the God given and signed liberties in the Constitution of the United States of America. It is by and through my hand that this document and our X Commandments link to the Bill or Rights, and this story about an Exodus from slavery that literally begins here, in the post-apocalyptic American hartland. Written ... this day ... April 14, 2020 (hey, is this HADAD DAY?) ... in Margate FL, USA. For "official used-to-v TAX day" tomorrow, I'm going to add the "immultible incarnite pen" ... if added to the living "doc/app"--see is the DAO, the way--will initi8 the special secret "hidden level" .. we've all been looking for.

      Nor do just mean this website or the totality of my written works; nor do I only mean ... this particular derivation of the GPL 2.0+ modifications I continually source ... must be "from this website." I also mean the thing that is built from ... bits and piece of blocks of sand-toys; from Ethereum and from Rust and from our hands and eyes working together ... from this place, this cornerstone of the message that is ... written from brick and mortar words and events and people that have come before this poit of the "sealed W" that is this specific page and this time. It's 3:28; just five minutes--or is it four, too layne.

      This work is not to be redistributed according to the GPL unless all linked media on Youtube and related sites are intact--and historical references to the actual documented history of the art pieces (as I experience/d them) are also available for linking. Wikipedia references must be available for viewing, as well as the exact version of those pages at the time these pieces were written. All references to the Holy Bible must be "linked" (as they are or via ... impromptu in-transit re-linking) to the exact verses and versions of the Bible that I reference. These requirements, as well as the caveat and informational re-introduction to God's DAO above ... should be seen as material modifications to the original GPL2.0 that are retroactively applied to all works distributed under license via this site and all previous e-mails and sites. /s/ wso\ If you wanna talk to me get me on facebook, with PGP via FlowCrypt or adam at from the machine dotty org


      next, we are off to view at the same time the fork in the road known and prior'd as the hallowed one, the Frost poem and it's "divergence in the wood"

      here we go:

      ** THE HOLY OF HOLIES, WIKIPEDIA CC'd AND BROKE It is imperative that the entire history of wikipedia eiditing be released under the CC license, not just the broken current front page; that I have been unable to get the world "to care about enough" to call it the literal difference between slavery and freedom,"

      ++ [https://holies.org/DEVLANEU.html] This is "Penny Lane" as in asking me if I'm coming or happy; you might as well avll me the forests that are echoing "we are now" or "that will do" ... and I say to the man who sings for the people who sang about the road to bethelehem or was it knocking on heavens door, or just the one about ... the stairway to heaven

      ** https://opensea.io/assets/base/0x32f86e0fc59f339bfd393a526051728657fd0c84/4

      buy an NFT:! #### Your item has been listed!

      END WORLD HUNGER from the SINGER ABT NOSRE collection has been listed for sale.

      SHARE TO...


      View listing

      ++ It is that. i AM THAT. Those are first words of Him in Exodus, he who spake through the Bush and Zarathustra. That is what that is about and in the moment, the world is "anokhi" and Hi, that's me/i -- and of course, related; the "nookie."

      we can also link to the next place where we will have a chatGPT log of a conversation available.)

    1. Verdict of EU CJ, IAB Europe is een joint-controller voor de AVG. En daarmee ook aan te pakken. Ook de volgende iteratie van IABEurope om onder de AVG uit te komen faalt dus.

      1 TC String is personal data under the GDPR: "a string composed of a combination of letters and characters, such as the TC String, containing the preferences of a user of the internet or of an application relating to that user’s consent to the processing of personal data concerning him or her by website or application providers as well as by brokers of such data and by advertising platforms constitutes personal data within the meaning of that provision in so far as, where those data may, by reasonable means, be associated with an identifier, such as, inter alia, the IP address of that user’s device, they allow the data subject to be identified. In such circumstances, the fact that, without an external contribution, a sectoral organisation holding that string can neither access the data that are processed by its members under the rules which that organisation has established nor combine that string with other factors does not preclude that string from constituting personal data within the meaning of that provision."

      2 IABEurope is a joint controller: "first, a sectoral organisation, in so far as it proposes to its members a framework of rules that it has established relating to consent to the processing of personal data, which contains not only binding technical rules but also rules setting out in detail the arrangements for storing and disseminating personal data relating to such consent, must be classified as a ‘joint controller’ for the purpose of those provisions where, in the light of the particular circumstances of the individual case, it exerts influence over the personal data processing at issue, for its own purposes, and determines, as a result, jointly with its members, the purposes and means of such processing. The fact that such a sectoral organisation does not itself have direct access to the personal data processed by its members under those rules does not preclude it from holding the status of joint controller for the purpose of those provisions";

    1. https://web.archive.org/web/20240325144725/https://www.golem.de/news/tracking-und-cookies-dieses-urteil-koennte-die-online-werbung-veraendern-2403-183186.html

      Oordeel over IAB latest trick mbt real time bidding. IAB is again determined to be a processor. I think this is their 3rd of even 4th iteration. High time a judge concludes they aren't good faith actors (and never were). The Transparency and Consent string is judged to be personal information as it contains both a url and personal user preferences. IAB and not only their individual members can now centrally be prosecuted for GDPR violation.

  4. Nov 2023
  5. Oct 2023
    1. Meta reported to switch payments for tracking in EU, as a way around GDPR issues w tracking. Based on EUCJ verdict in which it was mentioned as an aside. NOYB says this has been previously allowed at media-sites. Imo it was backward then, because it retains the fiction that advertising is only possible with tracking, which is false.

  6. Jul 2023
  7. Apr 2023
    1. https://web.archive.org/web/20230411095546/https://www.reuters.com/technology/germany-principle-could-block-chat-gpt-if-needed-data-protection-chief-2023-04-03/

      On the temporary ban of ChatGPT in Italy on the basis of GDPR concerns.

      Italian DPA temporarily bans ChatGPT until adequate answers are received from OpenAI. Issues to address: 1. Absence of age check (older than 13) of ChatGPT users 2. Missing justification for the presence of personal data in trainingsdata of ChatGPT. 3. OpenAI has no EU based offices and as such there's no immediate counterparts for DPAs to interact with them. The temp ban is to ensure a conversation with OpenAI will be started.

      The trigger was a 9 hour cybersecurity breach where user's financial information and content of their prompts/generated texts leaked over into other accounts.

  8. Feb 2023
    1. If you are a publisher, you better toss aside those ‘secret’ service provider data protection addendum and get ready to embrace ‘public’ joint-controller agreements with Facebook and other providers of plugins.

      ... How many orgs are actually doing this though?

    2. The CJEU came to the conclusion that non-for-profit consumer associations can sue for potential violations of data protection laws on behalf of a data subject not only under the GDPR but also under the former Data Protection Directive 95/46/EC.

      Kinda wonder how many class actions will be brought. Can class actions go against SAs as well?

    1. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. 2Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence

      Where to bring a claim - Either the Member state where the Controller/Processor is base,d or the data subject's habitual location.

    1. Every data subject should have the right to lodge a complaint with a single supervisory authority, in particular in the Member State of his or her habitual residence, and the right to an effective judicial remedy in accordance with Article 47 of the Charter if the data subject considers that his or her rights under this Regulation are infringed or where the supervisory authority does not act on a complaint, partially or wholly rejects or dismisses a complaint or does not act where such action is necessary to protect the rights of the data subject.

      Ties in with Article 77 of teh GDPR

  9. Jan 2023
    1. Moreover, the decision is fundamentally pointless because it will have zero impact on consumer privacy. Neither Facebook nor Instagram sell user data—they simply use the information on their platform to show users targeted ads. The only change that this decision will cause is that Meta will have to rewrite its privacy policy to use one of the other legal bases provided in the GDPR to operate Facebook and Instagram, including to deliver targeted ads.

      Actually 'delivering targeted ads' based on protected data is inconsistent with the GDPR entirely.

  10. Dec 2022
  11. Oct 2022
    1. exige qu'une AIPD soit réalisée à chaque fois que la situation le nécessite et quel que soit le niveau de risque
    2. Étant le seul régime à exiger le consentement par défaut avec des exceptions limitées, la loi 25 est de loin la plus stricte.
    3. Toutefois, à bien des égards, la loi 25 est le plus rigoureux des trois régimes.
  12. Sep 2022
    1. The Google ban was partly imposed because the data protection regulator discovered Helsingør never carried out a full risk assessment for Google’s school products before using them, as required under Europe’s GDPR privacy law, according to Allan Frank,

      School district did not conduct a risk assessment

      School districts did not have the resources to conduct the assessment. There was a go-with-the-flow attitude, but since we’re concerned about the extent that personal data was being shared with an American company. Done of those we’re concerned about the US government’s ability to access that data.

    1. proposed restrictions concerning international access and transfer must be removed. Although they are aimed at non-personal data, these rules address laws (such as the US CLOUD Act and e-evidence) that will tend to involve personal data and are already covered by the GDPR.

      Only the personal data are covered by GDPR (and badly adhered to if at all wrt EU-US data transfers), you can't argue that because something contains personal data that is subject to compliance the rest will 'automatically' follow suit. There are other demands being made of non-personal data in the DA than the GDPR makes of personal data, because they are different types of data. The logic here strikes me as malintentioned.

    2. bring further uncertainty to companies’ international operations, which have already been severely tested by the CJEU’s Schrems II

      Again, that was the point. The point is not unfettered data exchange. and there's no real uncertainty: there's no legal basis currently for EU personal data transfers to the US imo.

  13. Aug 2022
    1. credible exit.

      credible exit is used to describe that data export / leaving an app provides you with smooth enough ways to do so. Usable exports, that can be updated as you keep using an app e.g. Author talks about Lindy-formats, useful term , vgl [[The Lindy Effect 20201228194100]] en [[Lindy effect buiten tijdsdimensie 20201229115037]]

  14. Jul 2022
  15. Dec 2021
    1. the original purpose for which we obtained your personal data has expired;

      Isn't this GDPR which is in direct conflict with the statement under Disclosing information

    2. stored at, a destination outside the European Economic Area ("EEA").

      Why? is that allowed? I don't think that I would be happy about that as I am not reassured that 'taking reasonable steps' is actually appropriate considering one of those would be to host within regions specified by GDPR

    3. third party, in which case personal data held by it about its customers will be one of the transferred assets.

      I was going to respond to the survey until I saw this. I am offering to provide feedback for free and yet my personal information is collected and becomes part of the sale of the business in the form of an asset. The question is why is my personal information being held for any length of time after I have completed the survey? Isn't that a violation of GDPR?

  16. Sep 2021
    1. A controller is the entity that determines the purposes and means of the processing of personal data. Some examples of a controller are listed below.DigitalOcean is a controller for our customer’s personal data (e.g. personal information provided to DigitalOcean when signing up for our services)A DigitalOcean customer may be a controller if they collect and process personal data on their customers (e.g. personal data provided to you by your customers)A processor is the entity that processes personal data on behalf of another entity. An example of a processor is listed below.DigitalOcean is a processor for our customer’s end-user personal data (e.g. A DigitalOcean customer stores their customer’s personal data on a DigitalOcean service)
  17. Aug 2021
    1. reated 2020-04-04 22:46:35 GMT Account Verification Your account is verified! This means you can share your posts to the gallery. Mature content

      nol our last noel ...

      and the christmas carrolls of remmebering YKY wand Y "sauvignon blanc" ... how the mirror of sawtelle and the four part of ... "ramparted uruk"

      I'm currently reading "Gilgamesh" a translation and note specifically the cedar trees correlate to the Bahir--a book which like "vitsivavnu" did not exist.


  18. Mar 2021
  19. Jul 2020
    1. Under the GDPR, users have the right to object to certain processing activities in relation to their personal data carried out by the Controller. In a nutshell, the user can object to the processing of their data whenever the processing is based on the controller’s legitimate interest, or the performance of a task in the public interest/exercise of official authority, or for purposes of scientific/historical research and statistics. The user has to state a motivation for their objection, unless the processing is carried out for direct marketing purposes, in which case no motivation is needed to exercise this right.
    1. For example, as the GDPR requires that a controller must be able to demonstrate that valid consentwas obtained, all presumed consents of which no references are kept willautomatically be below theconsent standard of the GDPR and will need to be renewed. Likewise as the GDPR requires a“statement or a clear affirmative action”, all presumed consents that were based on a more impliedform of action by the data subject (e.g.a pre-ticked opt-in box) will also not be apt to the GDPRstandard of consent.
  20. May 2020
    1. Many also question how the average user with little knowledge of the GDPR will react to being asked so many questions regarding consent. Will they be confused? Probably at first. It will be up to each business to create a consent form that is easy to understand, while being at the same time comprehensive and informative
    1. Explicit Form (where the purpose of the sign-up mechanism is unequivocal). So for example, in a scenario where your site has a pop-up window that invites users to sign up to your newsletter using a clear phrase such as: “Subscribe to our newsletter for access to discount vouchers and product updates!“, the affirmative action that the user performs by typing in their email address would be considered valid consent.
    1. This scope effectively covers almost all companies and, therefore, means that the GDPR can apply to you whether your organization is based in the EU or not.
    2. An entity not established in the EU offers goods or services (even if the offer is for free) to people in the EU. The entity can be government agencies, private/public companies, individuals and non-profits;
    3. Determining your law of reference Generally, the laws of a particular region apply if: You base your operations there; or You use processing services or servers based in the region; or Your service targets users from that region This effectively means that regional regulations may apply to you and/or your business whether you’re located in the region or not. For that reason, it’s always advisable that you approach your data processing activities with the strictest applicable regulations in mind.
    1. This scope effectively covers almost all companies and, therefore, means that the GDPR can apply to you whether your organization is based in the EU or not. As a matter of fact, this PwC survey showed that the GDPR is a top data protection priority for up to 92 percent of U.S. companies surveyed.
  21. Apr 2020
    1. “In the end, GDPR is all about consent and it’s an approach to privacy that is very European,” said Kagan. “That’s not a mistake. It’s a values statement.”
    2. Kagan said, “a lot of things that are said about what GDPR is doing are myths. There are tons of misconceptions.”As a result, regulators have had to spend a great deal of time undoing myths, explaining the law’s broad language and providing guidance
    3. I still feel like unless there is a very significant increase in staffing, they are probably going to have to pick and choose the enforcement actions that they bring,
    4. The data protection authorities have other tools as well, which might be even costlier than fines, Kagan said.In some cases, EU regulators can tell companies, “You have 90 days to rectify the thing you are doing wrong with the data, or after 90 days you cannot use the data.” Sometimes, even the big fines won’t make or break them, but the data will if it is a core component of their business.
    5. Europe’s sweeping privacy rule was supposed to change the internet, but so far it’s mostly created frustration for users, companies, and regulators
    1. the French CNIL has reminded that consent has to be given at the time of data collection, has to be specific, and cannot be passed to another controller through a contractual relationship; it could not be bundled.
  22. Mar 2020
    1. Despite some of the concerns outlined above and the more dramatic claims about the impact of GDPR on businesses, it will only be bad for those companies that buy and trade in user data, or those companies that consistently fail to protect personal data.
    2. The GDPR is a sea change and requires companies to go much further than they have in the past under the old framework. Principles like data minimization, what constitutes valid consent, and when a business can claim a legitimate interest in someone's personal data provide serious challenges to U.S. businesses.
    3. That outcome, in fact, is why the General Data Protection Regulation has been introduced. GDPR is being billed by the EU as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new standards in the wake of the recent Facebook data harvesting scandal.
    4. “Europeans' privacy will be better protected and companies benefit from a single set of rules across the EU.”
    5. In Europe, access to the Los Angeles Times was blocked and those who tried to access it were offered a screen with a notice which simply read: "Unfortunately, our website is currently unavailable in most European countries.
    1. The Cookie Law does not require that records of consent be kept but instead indicates that you should be able to prove that consent occurred (even if that consent has been withdrawn). The simple way to do this would be to use a cookie management solution that employs a prior blocking mechanism as under such circumstances, cookie installing scripts will only be run after consent is attained. In this way, the very fact that scripts were run may be used as sufficient proof of consent.
    2. When you think about data law and privacy legislations, cookies easily come to mind as they’re directly related to both. This often leads to the common misconception that the Cookie Law (ePrivacy directive) has been repealed by the General Data Protection Regulation (GDPR), which in fact, it has not. Instead, you can instead think of the ePrivacy Directive and GDPR as working together and complementing each other, where, in the case of cookies, the ePrivacy generally takes precedence.
    3. To further illustrate this point, imagine that the ability to run cookies is a room, the cookie management solution is the door and the consent is the act of rotating the door handle; you can only enter through the door into the room if the door handle is rotated (the act of giving consent). In this example, if you’ve entered the room it can only be because the door handle was rotated and, therefore, your presence in the room is sufficient proof of this fact.
    1. Users have the right to access their personal data and information about how their personal data is being processed. If the user requests it, data controllers must provide an overview of the categories of data being processed, a copy of the actual data and details about the processing. The details should include the purpose, how the data was acquired and with whom it was shared.
    2. Another EU law worth mentioning here is the ePrivacy Directive (also known as the Cookie Law). This law still applies as it has not been repealed by the GDPR. In future, the ePrivacy Directive will be replaced by the ePrivacy Regulation and as such, will work alongside the GDPR; the upcoming regulation is expected to still uphold the same values as the directive.
    1. It's so frustrating how grey this all is at the moment - I'd imagine most sites still wont be compliant come May 25th.
    2. Had a read through a few of the linked articles above... Wow. Messy, headache inducing stuff, and still so much vagueness.
    1. If a website/app collects personal data, the Data Owner must inform users of this fact by way of a privacy policy. All that is required to trigger this obligation is the presence of a simple contact form, Google Analytics, a cookie or even a social widget; if you’re processing any kind of personal data, you definitely need one.
    1. A single consent form is useful when consent is requested for a single purpose. Here: analytics

      This seems like an important distinction:  Probably (?) you can only use a simple Agree/Disagree consent request if you only have a single purpose/category that you are obtaining consent for.

      As soon as your site has multiple categories to need consent, then you must allow individual consent/refusal of consent for each individual category/purpose.

      This is alluded to just a little bit further on:

      Consent should also be granular; users must be allowed to selectively decide what types of tracking, analytics and other activities their data can be used for.

    2. Asking for consent when processing users’ personal data is one of the most important duties imposed on website owners by the GDPR.
    3. Regardless of where an organization is based (in the EU or otherwise), its website must meet regulatory obligations when processing EU/EEA citizens’ data or the business will face financial penalties.
    4. the introduction of the EU’s General Data-Protection Regulation (GDPR) has significantly impacted the way websites and business collect, store and use both types of cookies. For one, the GDPR includes cookies in its definition of personal data, which refers to any piece of data or information that can identify a visitor.
    1. Are cookies governed by the GDPR? Cookie usage and it’s related consent acquisition are not governed by the GDPR, they are instead governed by the ePrivacy Directive (Cookie Law) which in future will be repealed by the up-coming ePrivacy Regulation.
    2. If your website installs any non-technical cookies, e.g. via script like Google Analytics or via a Facebook share button
    3. If your website can be visited by European users
    1. illustrates the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems
    2. small portion of sites (~7%) entirely ignore responses to cookie pop-ups and track users regardless of response.
    3. “meet the minimal requirements that we set based on European law” — which they define as being “if it has no optional boxes pre-ticked, if rejection is as easy as acceptance, and if consent is explicit.”
    4. All of which means — per EU law — it should be equally easy for website visitors to choose not to be tracked as to agree to their personal data being processed.
    5. majority of the current implementations of cookie notices offer no meaningful choice to Europe’s Internet users — even though EU law requires one
    6. “Popular CMP implementation wizards still allow their clients to choose implied consent, even when they have already indicated the CMP should check whether the visitor’s IP is within the geographical scope of the EU, which should be mutually exclusive,” they note, arguing that: “This raises significant questions over adherence with the concept of data protection by design in the GDPR.”
    1. If your agreement with Google incorporates this policy, or you otherwise use a Google product that incorporates this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area along with the UK. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement.
    1. GDPR introduces a list of data subjects’ rights that should be obeyed by both data processors and data collectors. The list includes: Right of access by the data subject (Section 2, Article 15). Right to rectification (Section 3, Art 16). Right to object to processing (Section 4, Art 21). Right to erasure, also known as ‘right to be forgotten’ (Section 3, Art 17). Right to restrict processing (Section 3, Art 18). Right to data portability (Section 3, Art 20).
    1. In order to obtain freely given consent, it must be given on a voluntary basis. The element “free” implies a real choice by the data subject. Any element of inappropriate pressure or influence which could affect the outcome of that choice renders the consent invalid.
    1. Legitimate Interest may be used for marketing purposes as long as it has a minimal impact on a data subject’s privacy and it is likely the data subject will not object to the processing or be surprised by it.
    1. You still have to use a Cookie Notice, if you’re planning to collect data that can identify an individual within the EU, or
    1. Google Analytics created an option to remove the last octet (the last group of 3 numbers) from your visitor’s IP-address. This is called ‘IP Anonymization‘. Although this isn’t complete anonymization, the GDPR demands you use this option if you want to use Analytics without prior consent from your visitors. Some countris (e.g. Germany) demand this setting to be enabled at all times.
    1. However, we recognise there are some differing opinions as well as practical considerations around the use of partial cookie walls and we will be seeking further submissions and opinions on this point from interested parties.
    2. Start working towards compliance now - undertake a cookie audit, document your decisions, and you will have nothing to fear.
    3. While we recognise that analytics can provide you with useful information, they are not part of the functionality that the user requests when they use your online service – for example, if you didn’t have analytics running, the user could still be able to access your service. This is why analytics cookies aren’t strictly necessary and so require consent.
    4. PECR always requires consent for non-essential cookies, such as those used for the purposes of marketing and advertising. Legitimate interests cannot be relied upon for these cookies.
    1. “The GDPR is very good as a piece of paper; it’s almost perfect. But it hasn’t been enforced,” he said.
    2. There’s not even a consensus on whether or not cookie alerts are compliant with European law. In May, the Dutch data protection agency said these disclosures do not actually comply with GDPR because they’re basically a price of entry to a website.
    3. Most companies are throwing cookie alerts at you because they figure it’s better to be safe than sorry When the GDPR came into effect, companies all over the globe — not just in Europe — scrambled to comply and started to enact privacy changes for all of their users everywhere. That included the cookie pop-ups. “Everybody just decided to be better safe than sorry and throw up a banner — with everybody acknowledging it doesn’t accomplish a whole lot,” said Joseph Jerome, former policy counsel for the Privacy & Data Project at the Center for Democracy & Technology, a privacy-focused nonprofit.
    1. Consent is one of six lawful grounds for processing data. It may be arguable that anti-spam measures such as reCaptcha can fall under "legitimate interests" (ie you don't need to ask for consent)
    1. If you’re not a legal professional, getting your website or app to be compliant with international privacy laws can be tedious and difficult.
    1. Very few solutions include all of the GDPR required features like: 1) Enabled prior consent. 2) Clear and specific information about data types and purpose of the cookies. 3) Full documentation of all given consents. 4) The possibility for users to reject superfluous cookies and still use the website. 5) The possibility that users can withdraw their consent whenever they want. Cookie solutions that don’t have those features are not GDPR compliant.
    2. It is required by the GDPR as you must document cookies and online tracking at anytime and you must be able to show that documentation to both your users and the EU.
    1. For instance, a strict interpretation of the law would require publishers to get opt-in consent by individual vendor, rather than an 'Accept All' pop-up prompt. The approach that publishers and ad tech vendor are taking is that a mass opt-in button - with an option to dive deeper and toggle consent by vendor - follows the "spirit of the law". This stance is increasingly coming under fire, though, especially as seen by a new study by researchers at UCL, MIT, and Aarhus University.
    2. Another value-add of CMP tech is that it can sniff the user's location and show the prompt just to EU residents. This helps to comply with the law while not intruding on non-EU user experiences.
    3. haven’t consent tools been around for a while? Sort of! Ever since May 2011, when the EU Cookie Directive went into effect, most EU sites have added cookie notification bars to the top or bottom of their pages. This prompted many third-party solutions to pop-up, including WordPress plug-ins and the leading tool from Silktide. These tools are still around, and many sites continue to use them under the GDPR. However, these solutions were built for the older law, and the GDPR is much more specific about requiring explicit opt-in consent. Most of those older tools don't provide this, nor do they integrate with downstream ad partners, paving the way for the more sophisticated CMPs.
    1. Note that the scope of personal data is truly broad, which makes processing complex and tricky. So, even though, for instance, you employ anonymization in Google Analytics to get rid of all information that falls under this category, you’re still in a catch-22 situation. This is because GA stores a visitor online identifier in a cookie, and under the GDPR that file constitutes a piece of personal data. That means you still need to obtain consent from visitors to process their data.
    1. we make it easy to implement using our Consent by Geolocation feature that auto-identifies the location of the website visitor and applies the correct consent notice and behavior based on the visitor’s current location. For example, simply add PreferenceChoice Cookie Consent and Website Scanning to your website, and the functionality of your consent notice will automatically update to display a CCPA-compliant consent notice to a visitor in Los Angeles, and a consent notice in compliance with ePrivacy and GDPR to a visitor in London.
    1. Do I need a CMP? Short answer: Probably yes. Long answer: If your company is based in the EEA (European Economic Area) or if you are dealing with customers/visitors from this area and show them advertising, it is very likely that you will collect and/or process personal data such as IP-addresses. Therefore, according to GDPR, you need to make sure that the visitor is informed and you need to ask the user for consent. In order to do this you will need a CMP.
    1. To be fully compliant with GDPR, you would also need to enable Show Reject All Button setting.
    2. Consent Model. In the case of GDPR, you must choose the Opt-in. This means that you cannot start tracking people before the consent was given.
    3. if you are using some tools/scripts on your website that are used to identify individuals and their data is processed by you or 3rd parties), that can be done only when a person gives consent
    1. Further, as Logic Hop integrates with third party tools you’re already using such as Drip, ConvertKit, Facebook ads, UTM codes, and more, you may not need to store the data Logic Hop generates to use the plugin how you want. You may even be able to generate all the personalizations you need in real time, with nothing stored!

      I don't like how GDPR encourages more and more to be done on-the-fly on the client-side so that you don't have to send it to the server and accidentally have it saved somewhere.


      Geolocation, using IP address (geolocation is never stored).

    2. If data storage is off, the data listed above is temporarily available for the current session, but nothing is stored. When the visitor leaves your website, no data is stored.

      What does "When the visitor leaves your website" mean exactly? What if they never leave the site and just leave the tab open indefinitely? Isn't the data stored somewhere in the meantime?

    1. You need to provide the ability for users to look at cookies individually, so they need to be listed (and that can be quite a lot of work in major systems). You’re allowed to define some cookies as “necessary for the correct functioning of this product”, usually cookies that store session related data. After all, if a user opts out of those, they can’t meaningfully use the web site, or that part of the site.But you have to be honest about it. You can’t, for example, define marketing or analytic cookies as necessary, and you have to allow users to opt out from them. Those don’t stop the site from functioning, it just reduces the data you can collect about site use.
    1. Why would a company want to have one system for people in France, Germany, and Italy and a separate one for people everywhere else?
    2. “It’s strange to say, ‘Yeah, we’re going to respect the privacy of Europeans more than all other human beings all over the world,’”
    1. Is that enough to be GDPR compliant? No. My understanding is that to be compliant you would wait to initialize the analytics until after you had received the user's explicit consent. Even then you would need to be able to turn off analytics again if the user later revoked their consent.
    1. almost any compliance expert will tell you that a lot of the GDPR is written vaguely and will need to be litigated. And that’s 100% accurate. But err on the side of caution until the courts can provide more clarity.
    1. Absolutely not! There is no GDPR cookie rule. That is a total myth.
    2. if the cookie is installed by your own site, then the consumer can decide ON THEIR OWN BROWSER, if they want to send it. Cookies are a data signal YOU ARE SENDING FROM YOUR OWN COMPUTER. If you don’t want to voluntarily submit a cookie, just turn it off.
  23. Nov 2019
    1. Clear affirmative action means someone must take deliberate action to opt in, even if this is not expressed as an opt-in box. For example, other affirmative opt-in methods might include signing a consent statement, oral confirmation, a binary choice presented with equal prominence, or switching technical settings away from the default. The key point is that all consent must be opt-in consent – there is no such thing as ‘opt-out consent’. Failure to opt out is not consent. You may not rely on silence, inactivity, default settings, pre-ticked boxes or your general terms and conditions, or seek to take advantage of inertia, inattention or default bias in any other way.

      On opt in vs opt out in GDPR.

    1. Although the GDPR doesn’t specifically ban opt-out consent, the Information Commissioner’s Office (ICO) says that opt-out options “are essentially the same as pre-ticked boxes, which are banned”.

      On opt in vs opt out in GDPR.

  24. Oct 2019
  25. May 2019
    1. Unsurprisingly living up to its reputation, Facebook refuses to comply with my GDPR Subject Access Requests in an appropriate manner.

      Facebook never has cared about privacy of individuals. This is highly interesting.

  26. Sep 2018
    1. E' altresì necessario accellerare la creazione di una struttura di certificazione del software nazionale che consenta di usufruire di tecnici che possano testare i software creati per la PA e assicurarne la conformità alle regole AGID e al GDPR (privacy by design). In tale ambito la capacità nazionale è attualmente molto limitata.

  27. May 2018
  28. Apr 2018
    1. A purpose that is vague or general, such as for instance ‘Improving users’ experience’, ‘marketing purposes’, or ‘future research’ will – without further detail – usually not meet the criteria of being ‘specific’”.[

      I see a lot of cookie notices that give vague reasons like "improving user experience". Specifically disallowed by GDPR?

    2. The GDPR permits the opt-out approach when the purposes that the companies want to use the data for are “compatible” with the original purpose for which personal data were shared by users.[6] In addition to the opt-out notice, users also have to be told of their right to object at any time to the use of their data for direct marketing.[7]

      GDPR can allow opt out rather than opt in.

    1. The alternative, of a regulatory patchwork, would make it harder for the West to amass a shared stock of AI training data to rival China’s.

      Fascinating geopolitical suggestion here: Trans-Atlantic GDPR-like rules as the NATO of data privacy to effectively allow "the West" to compete against the People's Republic of China in the development of artificial intelligence.

  29. Feb 2018
    1. The extraterritorial nature of these two frameworks — they protect the privacy rights of people in Europe regardless of where their data is collected — means that they will become the de facto standard for privacy around the world.

      I'm not totally clear on how would be enforced yet, but jeepers

    2. Your privacy testing procedures should predict the ways unauthorized users would access actual data on your system. Would a suspicious search for user data, or an alteration to a record, be logged as a security vulnerability? Is data stored in login cookies? Could someone gain access to data by intentionally triggering an error?

      This sounds a lot like threat modelling.

    3. The European term “personal data” differs from the American term “personally identifiable information.” The latter pertains to a much more limited set of information than the European model. It also does not see information as contextual, whereas the European framework emphasizes the risks inherent in data aggregation.

      Important distinction. This is a useful article

  30. Jan 2018
    1. No more retention scams that allow online signups but demand users phone a call centre to delete their accounts.

      Holy caw, this covers opt-out after subscriptions too? Eeeenteresting...

    1. L’article 15 complète l’article 40 de la loi du 6 janvier 1978 pour utiliser la marge de manœuvre prévue à l’article 23 du règlement relatif à la limitation de certains droits des personnes concernées. Cet article prévoit la possibilité pour le droit national de limiter, par la voie de mesures législatives, la portée des obligations et des droits des personnes concernées (droit à l’information droit d’accès, droit de rectification, droit à l’effacement, droit à la portabilité, droit d’opposition, etc.), lorsqu’une telle limitation respecte l’essence des libertés et droits fondamentaux et qu’elle constitue une mesure nécessaire et proportionnée dans une société démocratique pour garantir certains objectifs (sécurité nationale, défense nationale, sécurité publique, prévention et la détection d’infractions pénales, protection de l’indépendance de la justice et des procédures judiciaires, objectifs importants d’intérêt public général de l’Union ou d’un État membre,…). Le considérant 41 du règlement précise à cet égard qu’« une mesure législative » au sens de cet article, « ne signifie pas nécessairement que l’adoption d’un acte législatif par un parlement est exigée, sans préjudice des obligations prévues en vertu de l’ordre constitutionnel de l’État membre concerné ».


    1. The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for US companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 2 % of worldwide turnover.

      This appears to be the source for the quote. If you search the web for the quote, though, it seems most often to be attributed to Wikipedia itself.