2023-11-02
@PrivacyMatters ... I had the same thought on LI — I honestly have no idea how this doesn't completely destroy the whole concept of OSS and LSAs as a concept. I really need to go read the EDPB decision.
IAPP
The EDPB instructs the Irish DPC to ban Meta's use of Facebook and Instagram users' personal data for behavioral ads in EU and EEA countries within two weeks
An unprecedented shakeup in the advertising technology space has arrived in Europe. Changes are coming to adtech's approach …
2022-09-11
@thezedwards The key here is “pseudonymized” FBIDs, which means FB will absolutely be able to match back, and allow advertisers to (via FB) match back users and their behaviors. At best, this stops scraping, which only really cuts into FB's profits. I predict it will do SFA for user privacy.
Meta
Meta unveils Pseudonymized Facebook Identifiers, which combine timestamps and Facebook Identifiers, to make it harder for attackers to scrape unauthorized data
similar to Canary tokens which provide the “canary in the coalmine feature” to alert when there is a problem. The new pFBIDs both protect user privacy BUT ALSO flag advertisers vio...
@thezedwards I suppose my skepticism is high because we've all been burned before. Repeatedly. I hope you're right. I hope that this does protect user privacy (assuming they don't leave an API open to fetch the actual FBID or allow for another CA). Fingers crossed.
Meta
Meta unveils Pseudonymized Facebook Identifiers, which combine timestamps and Facebook Identifiers, to make it harder for attackers to scrape unauthorized data
similar to Canary tokens which provide the “canary in the coalmine feature” to alert when there is a problem. The new pFBIDs both protect user privacy BUT ALSO flag advertisers vio...
@thezedwards I mean, I'm a-ok with shitty data brokers going out of business. I'm just glad we're on the same page that this doesn't really do much for user privacy. It just limits the path exploiters can use. Now they need to pay FB. Or, you know, do another data breach.
Meta
Meta unveils Pseudonymized Facebook Identifiers, which combine timestamps and Facebook Identifiers, to make it harder for attackers to scrape unauthorized data
similar to Canary tokens which provide the “canary in the coalmine feature” to alert when there is a problem. The new pFBIDs both protect user privacy BUT ALSO flag advertisers vio...
2022-09-10
@thezedwards I mean, I'm a-ok with shitty data brokers going out of business. I'm just glad we're on the same page that this doesn't really do much for user privacy. It just limits the path exploiters can use. Now they need to pay FB. Or, you know, do another data breach.
Meta
Meta unveils Pseudonymized Facebook Identifiers, which combine timestamps and Facebook Identifiers, to deter unauthorized data scraping
Takeaways — We changed how we use Facebook Identifiers (FBIDs) after we observed that unauthorized scraping often involves guessing content IDs or using purchased FBIDs.
@thezedwards The key here is “pseudonymized” FBIDs, which means FB will absolutely be able to match back, and allow advertisers to (via FB) match back users and their behaviors. At best, this stops scraping, which only really cuts into FB's profits. I predict it will do SFA for user privacy.
Meta
Meta unveils Pseudonymized Facebook Identifiers, which combine timestamps and Facebook Identifiers, to deter unauthorized data scraping
Takeaways — We changed how we use Facebook Identifiers (FBIDs) after we observed that unauthorized scraping often involves guessing content IDs or using purchased FBIDs.
@thezedwards I suppose my skepticism is high because we've all been burned before. Repeatedly. I hope you're right. I hope that this does protect user privacy (assuming they don't leave an API open to fetch the actual FBID or allow for another CA). Fingers crossed.
Meta
Meta unveils Pseudonymized Facebook Identifiers, which combine timestamps and Facebook Identifiers, to deter unauthorized data scraping
Takeaways — We changed how we use Facebook Identifiers (FBIDs) after we observed that unauthorized scraping often involves guessing content IDs or using purchased FBIDs.
2022-09-06
@PrivacyLawyerD By not checking ages at signup and defaulting to post business info publicly, that's pretty damning.
Politico
Ireland's DPC fines Meta €405M, saying Instagram violated children's privacy under GDPR, the second-highest fine under the law and DPC's third for the company
@PrivacyLawyerD As Daragh mentioned lots of potential failure points here: DP by design and default (Art.25), data accuracy (Art. 5), consent of kids (Art. 8), possibly even a failure to assess risk (Art. 35). Obviously, we'll know more once the decision is released, but this is a huge step.
Politico
Ireland's DPC fines Meta €405M, saying Instagram violated children's privacy under GDPR, the second-highest fine under the law and DPC's third for the company
It begins. I'm looking forward to reading the decision by the @DPCIreland to understand what went wrong and how to prevent this for clients in the future. https://twitter.com/...
Politico
Ireland's DPC fines Meta €405M, saying Instagram violated children's privacy under GDPR, the second-highest fine under the law and DPC's third for the company
@PrivacyLawyerD I think it will be. For one, it involves kids, and second, it was an interesting issue: kids signing up for business accounts without adequate controls in place to verify, and then data getting shared freely. https://www.siliconrepublic.com/ ...
Politico
Ireland's DPC fines Meta €405M, saying Instagram violated children's privacy under GDPR, the second-highest fine under the law and DPC's third for the company
2022-04-29
@RobertJBateman Oh fascinating! That's a much broader threshold than the usual, where you basically have to have the case proven (incl. Damages) before you can bring a suit.
TechCrunch
In a ruling against Meta, the EU's top court affirms that consumer protection agencies can file lawsuits against violations of GDPR laws protecting users' data
2022-03-23
The authors' end statement, that Congress can fix this, is true, but given the state of the US Congress (including the huge bloc of anti-EU Republicans), this will never, ever happen. https://thehill.com/...
The Hill
A SCOTUS ruling making it harder for people to pursue surveillance cases will undercut Biden's US-EU Privacy Shield negotiations, unless Congress steps in now
@PatrickCToomey & I explain: https://thehill.com/...