Google accused of secretly feeding personal data to advertisers

https://www.irishtimes.com/business/technology/google-accused-of-secretly-feeding-personal-data-to-advertisers-1.4007629

https://www.ft.com/content/e3e1697e-ce57-11e9-99a4-b5ded7a7fe3f

https://brave.com/google-gdpr-workaround/


#NoGoogle #Surveillance #data #gdpr #google #why

MetaX Worked With Hundreds of People to Visit Global Publishers’ Sites to Reverse Engineer Google’s Cookie_Push GDPR Workaround (aka ‘Push Pages’) & the OpenX Push Page Workaround

MetaX is proud to provide additional important context to the research released today from Brave and featured in the Financial Times, focusing on a GDPR workaround built by Google known as “cookie_push” (aka “Push Pages”). Our intention is not to single any one company out, but rather inform the community on these ongoing data issues.

The data released by Brave and reported in the Financial Times article showed that Google deployed a new data syncing architecture prior to GDPR – the details released by Brave include numerous written explanations of the process, and also a chart showing the cookie data flow that our team helped with. https://www.ft.com/content/e3e1697e-ce57-11e9-99a4-b5ded7a7fe3f

💡 How Google’s RTB and Push Pages allow hundreds of DSPs to tie their tracking profiles about people together (View the full chart)
https://brave.com/wp-content/uploads/sequence.pdf

https://metax.io/metax-report-google-workaround-openx-workaround/

#Google #Brave #DeleteGoogle #tracking #rtb #dsp #GDPR #advertisers #advertising #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

The Politics of Datafication : The influence of lobbyists on the EU’s data protection reform and its consequences for the legitimacy of the General Data Protection Regulation

This study explores how one of the most talked about regulations in the internet policy domain was drafted. The General Data Protection Regulation (GDPR) has been widely regarded as one of the most lobbied pieces of legislation in the history of the European Union (EU). This raises two questions: What policy alternatives were put forth by the EU institutions in the course of the GDPR’s legislative process, and how did they correspond to the ideas, issues and frames promoted by interest representatives?

What does the influence of organized interests and stakeholders in GDPR decision-making reveal about the democratic legitimacy of the process? Drawing on new institutionalism, this research traces the evolution of the GDPR, comparing the different EU institutions’ iterations of the new law with the positions of interest representatives, and simultaneously situating the GDPR in the history of data protection policy.
The results reveal that business groups dominated the public consultations prior to the Commission’s draft proposal, but the Commission’s approach was more closely aligned with the positions of civil society. Members of the European Parliament were, on the contrary, highly susceptible to the influence of business interests, until public salience of information privacy increased owing to Edward Snowden’s revelations of governmental mass surveillance by the National Security Agency. These revelations made it possible for policy entrepreneurs to push for stronger rules on data protection.

👉🏼 Read more:
https://helda.helsinki.fi/handle/10138/305981

#lobby #influencer #EU #DataProtection #datafication #GDPR #regulation #surveillance #Snowden #NSA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

UK Google users could lose EU GDPR data protections

Brexit prompts firm to move data and user accounts of British users from EU to USA

https://www.theguardian.com/technology/2020/feb/20/uk-google-users-to-lose-eu-gdpr-data-protections-brexit


#google #gdpr #uk #usa

Noyb files complaint against Google under GDPR, saying Android Advertising ID can be tracked

Every phone has an Android Advertising ID and it can be used to track your phone’s actions – and tied back to your identity. A privacy advocacy group called Noyb – European Center for Digital Rights has filed a legal complaint with the Austrian Data Protection Agency against Google under Europe’s GDPR law. Noyb stands for None of Your Business – and that’s exactly how activists feel about the use of the Android Advertising ID to track Android users. Noyb was started by Austrian privacy activist Max Schrems who has filed privacy cases against Google and Facebook in the past and is deservedly highly celebrated in the privacy community.

‼️ Noyb’s privacy lawyer, Stefano Rossetti succinctly summed up the problem:

“In essence, you buy a new Android phone, but by adding a tracking ID they ship you a tracking device.”

How the Android Advertising ID violates the GDPR
This Android Advertising ID is on by default and does not allow users to opt-out. If you choose not to be targeted by “interest-based ads” that still doesn’t get rid of the Android Advertising ID. Even if it did, that still wouldn’t be a GDPR compliant for Google to go about this. To be compliant under the GDPR, Google is supposed to get opt-in user consent before setting up any sort of tracking ID. Right now, all users can do is have Google change their advertising ID – which may hinder the ability of third party apps to track your Android device, but doesn’t do anything to stop Google from tracking you with the Android Advertising ID.

👉🏼 Read more:
https://www.privateinternetaccess.com/blog/noyb-files-complaint-against-google-under-gdpr-saying-android-advertising-id-can-be-tracked/

#android #google #DeleteGoogle #GDPR #advertising #id #tracking #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Top EU data protection agency under pressure to act against Internet giants as GDPR turns 2 years old

A few weeks ago, this blog noted that there were questions hanging over the GDPR, not least the fact that no major fines had been issued against top Internet companies. The GDPR has just passed the two-year mark, and many have taken the opportunity to weigh in on this issue. For example, the data protection agency in Ireland, which would be responsible for issuing fines against the main online players, has just written a post on its GDPR enforcement plans. It says that the country’s Data Protection Commissioner (DPC) has submitted a draft decision about a Twitter data breach to the other data protection authorities in the EU, as it is required to do under the GDPR. This means a public statement on the case should follow fairly soon.

Perhaps more interesting are some other cases involving well-known Internet names. One concerns WhatsApp, and how information about its users is shared with Facebook, which bought WhatsApp for $19 billion in 2014. Three others are cases brought by the privacy expert Max Schrems, discussed on this blog two years ago. Schrems says that top Internet services like Facebook, WhatsApp and Instagram are guilty of “forced consent”. This is the practice of offering two basic choices to users of an online service: agree to be tracked for the purposes of serving up ads, or be thrown off the service. It’s a crucially important issue, since many Web sites adopt the same approach. If the DPC rules against it, the impact on the digital sector in the EU would be huge.

👉🏼 Read more:
https://www.privateinternetaccess.com/blog/top-eu-data-protection-agency-under-pressure-to-act-against-internet-giants-as-gdpr-turns-2-years-old/

#eu #GDPR #DPC #data #protection
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Ireland, Luxembourg Need More Muscle to Police Tech Giants, EU Report Says

BRUSSELS (Reuters) - Ireland and Luxembourg, European headquarters to Google, Facebook, Twitter and Amazon, need a substantial boost in resources to deal with data breaches by U.S. tech giants, a European Union report said.

The report by the European Commission, seen by Reuters, sought to assess the effectiveness of the EU's landmark data privacy rules known as the General Data Protection Regulation (GDPR) adopted in 2018.

GDPR requires companies to seek people's consent before using their personal data or face steep fines. European Vice President for Values and Transparency Vera Jourova has previously lauded the rules as a compass to guide the EU into the digital age.

https://www.usnews.com/news/technology/articles/2020-06-23/ireland-luxembourg-need-more-muscle-to-police-tech-giants-eu-report-says

#EU #europe #gdpr

Why Trump’s administration is going after the GDPR

U.S. officials are ramping up criticism of Europe’s flagship privacy law, which they say protects cybercriminals.

U.S. troops being yanked out of Germany. A brewing trade war over digital tax. Now add this to the list of issues dividing Europe and the United States: a looming clash over privacy.

As the EU touts the “success” of its flagship privacy law, the General Data Protection Regulation (GDPR), Donald Trump’s administration is ramping up attacks on a system it says provides cover to cybercriminals and threatens public health.

In an interview with POLITICO, U.S. Deputy Assistant Secretary of State for Cyber Rob Strayer said he is raising concerns about the GDPR with counterparts in Brussels and EU capitals as a “top diplomatic issue.”

https://www.politico.com/news/2020/06/29/trump-administration-gdpr-345254

#eu #us #gdpr #privacy

Oracle and Salesforce hit with GDPR class action lawsuits over cookie tracking consent

The use of third party cookies for ad tracking and targeting by data broker giants Oracle and Salesforce is the focus of class action style litigation announced today in the UK and the Netherlands.

The suits will argue that mass surveillance of Internet users to carry out real-time bidding ad auctions cannot possibly be compatible with strict EU laws around consent to process personal data.

The litigants believe the collective claims could exceed €10BN, should they eventually prevail in their arguments — though such legal actions can take several years to work their way through the courts.

https://techcrunch.com/2020/08/14/oracle-and-salesforce-hit-with-gdpr-class-action-lawsuits-over-cookie-tracking-consent/

#EU #Europe #Oracle #SalesForce #GDPR

Don’t trust Cloudflare with your personal data

It has been over a year since I cancelled my Cloudflare account. They keep emailing me and haven’t taken me off their marketing lists despite repeated requests. Their CTO told me he would investigate, but nothing changed. Their Data Protection Office hasn’t respond to my requests.

Cloudflare do not appear to respect the GDPR.

I’ve escalated this to the highest levels of Cloudflare, but they just don’t seem to be able to take any action. This is concerning.

👀 👉🏼 https://shkspr.mobi/blog/2020/09/dont-trust-cloudflare-with-your-personal-data/

#cloudflare #personal #data #gdpr #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

GDPR Enforcement Tracker

This website contains a list and overview of fines and penalties which data protection authorities within the EU have imposed under the EU General Data Protection Regulation (GDPR, DSGVO). Our aim is to keep this list as up-to-date as possible. Since not all fines are made public, this list can of course never be complete, which is why we appreciate any indication of further GDPR fines and penalties.

👀 👉🏼 https://www.enforcementtracker.com/

#gdpr #enforcement #tracker
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Data protection activist Max Schrems: Google illegally tracks Android users

Facebook watchdog Max Schrems is taking on Google. He has filed a complaint in France accusing Google of massive violations of the GDPR - specifically, tracking via advertising ID.

Austrian privacy activist Max Schrems has filed a complaint against Google in France with his privacy association Noyb, alleging that the U.S. tech giant is illegally tracking the use of Android smartphones without the consent of their users. He bases his accusation on the unique advertising ID that every Android smartphone carries.

Accusation: Google's advertising ID allows tracking without consent

These IDs allow Google and its advertisers to track the surfing behavior of Android users in order to target them with suitable advertising. Apple has very similar technology with its Identifier for Advertisers (IDFA).

In the complaint filed Wednesday with France's data protection authority, Schrems accuses the tech giant of conducting "illegal operations" that violate EU data protection laws when creating and storing the advertising ID. In particular, he arguably sees the requirement for prior consent violated.

Schrems is calling on the data protection authorities to launch an investigation against Google. This should reveal Google's tracking practices and ultimately force the company to behave in a DSGVO-compliant manner. In addition, Schrems is calling for the imposition of hefty fines in the event that the authority finds evidence of misconduct.

"Trail of powder" allows detailed tracking

‼️ "These hidden identifiers on your phone allow Google and third parties to track users without their consent," Schrems' privacy lawyer Stefano Rossetti tells the Financial Times, adding, "It's like having a powder on your hands that leaves a trail of everything you do on your phone - from whether you swiped right or left to what song you were listening to."

Google has not yet commented on the allegations. Apple has just impressively proven that Schrems' concerns are not without substance by wanting to make the use of the advertising ID subject to consent in the upcoming iOS update.

(Paywall) https://www.ft.com/content/4617cc99-3ed2-49e1-b97f-db4f1b45b5db

https://t3n.de/news/google-trackt-android-1371162/#%E2%80%9ESpur_aus_Puder%E2%80%9C_erlaubt_detailliertes_Tracking

#dataprotection #android #advertising #id #user #tracking #illegal #gdpr #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Strategic autonomy in danger: European Tech companies warn of lowering data protection levels in the EU.

The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.

Today we are sending an open letter to the European Commission together with #Boxcryptor, #Cryptomator, mail.de, #Mailfence, #Praxonomy, and #Tresorit to draw attention to the dangers of undermining encryption and people's privacy. Mass surveillance will not stop terrorism or child sexual abuse.

Joint open letter for right to privacy

In the course of the initiative "Fighting child sexual abuse: detection, removal, and reporting of illegal content", the European Union plans to abolish the digital privacy of correspondence. In order to automatically detect illegal content, all private chat messages are to be screened in the future. This should also apply to content that has so far been protected with strong end-to-end encryption. If this initiative is implemented according to the current plan it would enormously damage our European ideals and the indisputable foundations of our democracy, namely freedom of expression and the protection of privacy (see EDRi letter). The initiative would also severely harm Europe’s strategic autonomy and thus EU-based companies.

Europe as a global technology leader is respected internationally for its high level of data protection, notably due to the exemplary effect of the GDPR. In an internationally very competitive market, European companies are in first position when it comes to data protection. The EU initiative could now endanger this unique selling point of European IT companies.

https://tutanota.com/blog/posts/european-autonomy-in-danger/

#tutanota #surveillance #gdpr #eu #encryption #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

#GDPR enforcer rules that IAB #Europe's consent #popups are unlawful

https://www.iccl.ie/news/gdpr-enforcer-rules-that-iab-europes-consent-popups-are-unlawful/

Meta threatens to withdraw Facebook and Instagram from the European market if EU user data cannot be processed in the U.S.

Facebook's parent company, Meta, is reportedly considering leaving the European market if the company is not allowed to process EU users' data in the United States. This consideration was included in a document that the social network has sent to the American stock exchange regulator, SEC.

https://www.side-line.com/meta-threatens-to-pull-facebook-and-instagram-from-the-european-market-what-does-this-mean-for-the-music-industry/

https://archive.is/kv0Ew

#fb #eu #gdpr

Project INVICTUS: Inside the UK's Human Rights Busting Campaign to Spy on Refugees – Mint Press

The “full potential” could, Prevail declared, only be harnessed via a “GDPR exemption of some kind, as it is indiscriminate, passive collection against the general population.” By collecting targets’ Media Access Control (MAC) addresses, the company would be able to follow a “breadcrumb trail” of residual data they left while traveling through North West Europe.

This was achievable by conducting a “war drive” along those routes – identifying every vulnerable wireless network in these areas using a moving vehicle. Prevail noted such activity “would breach current permissions.” Indeed, the entire conspiracy constitutes an extraordinary infringement of British and European data protection standards and laws


#IMSIcatcher #IMSI #snooping #surveillance #wifi #wireless #EU #refugees #UK #GDPR
#PassiveDataCollection #Invictus #ProjectInvictus