Here's why everyone in the world just emailed you a new privacy policy

The looming deadline for the EU General Data Protection Plan means that companies have a duty to be extremely clear about what data they're collecting on you and what they're doing with it, and give you a chance to refuse -- they've already had a duty to do this for a very long time under both EU law and California law, but the difference this time around is that the GDPR has large, terrifying teeth: companies that fail to comply can be fined 4% of their annual global turnover. Read the rest

The GDPR might actually create an "attention economy"

The European Union's General Data Protection Regulation (GDPR) goes into effect this month and will completely overturn the way that businesses gather and circulate data about internet users. Read the rest

The world is no longer willing to tolerate the plague of bullshit "agreements"

Mark Zuckerberg says it doesn't matter how creepy and terrible his company is, because you agreed to let him comprehensively fuck you over from asshole to appetite by clicking "I agree" to a tens of thousands of words' worth of "agreements" spread out across multiple webpages; when questioned about this in Congress, Zuck grudgingly admitted that "I don’t think the average person likely reads that whole document." But as far as Zuck is concerned, it doesn't matter whether you've read it, whether you understand it, whether it can be understood -- you still "agreed." Read the rest

Facebook vs regulation: we exist nowhere and everywhere, all at once

Where is Facebook located? Well, if you're the taxman, Facebook's global HQ is a tiny shed somewhere in Ireland, where Facebook can escape virtually all taxation; but on the other hand, if you're the EU, Facebook is headquartered in America, where the General Data Protection Regulation doesn't apply. Read the rest

You can unscramble the hashes of humanity's 5 billion email addresses in ten milliseconds for $0.0069

Marketing companies frequently "anonymize" their dossiers on internet users using hashes of their email addresses -- rather than the email addresses themselves -- as identifiers in databases that are stored indefinitely, traded, sold, and leaked. Read the rest

Zuckerberg: Facebook will not stop spying on Americans to comply with EU privacy law

The imminent implementation of the EU's General Data Protection Regulation (GDPR) has been hailed as a victory for global privacy advocates; since the regulation severely limits the collection of data on Europeans -- even when they're communicating with non-Europeans -- services like Facebook would risk running afoul of the GDPR if they collected data on anyone in a way that violated EU rules, and since the penalties for violating the GDPR are incredibly draconian, the benefits of such surveillance would surely be outweighed by the risk of getting it wrong. Read the rest

Poll: Facebook is the least trusted custodian of private information, majority of Americans do not trust it

A Reuters/Ipsos poll of 2,237 subjects found that the majority of Americans (59%) "do not trust Facebook to obey US privacy laws." Read the rest

Your smart TV is trivial to hack and leaks your personal information like crazy unless you disable all its useful features

Consumer Reports dragged a bunch of its top-rated smart TVs back into its labs to re-evaluate them, this time checking them for hard-to-evaluate information security risks and defects, which are not normally factored into its ratings. Read the rest

The coming EU privacy regulation will end up remaking the world's web

Europe's General Data Protection Regulation kicks in this May, and it enforces a user-first, privacy-centric set of rules for the internet that is totally incompatible with the adtech industry and the ad-supported web in general (though much rides on a potentially humungous loophole). Read the rest

An incredibly important paper on whether data can ever be "anonymized" and how we should handle release of large data-sets

Even the most stringent privacy rules have massive loopholes: they all allow for free distribution of "de-identified" or "anonymized" data that is deemed to be harmless because it has been subjected to some process. Read the rest

Inside big tech's last-minute scramble to comply with Europe's new privacy rules

The General Data Protection Regulation will be enforced as of May, and once it does, internet companies will no longer be able to collect or share your data unless they give you a clear, simple explanation of how it will be used, and get your consent, along with contact details for named individuals who report directly to the business's senior management. Read the rest

NHS okays hospitals and doctors storing patient data on public cloud servers

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

Thanks to "consent" buried deep in sales agreements, car manufacturers are tracking tens of millions of US cars

Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print. Read the rest

Comic-strip contracts, so no one argues they’re too confusing to be enforceable

University of Western Australia Law professor Camilla Baasch Andersen has helped businesspeople draft legally binding contracts that take the form of simple comic-strips, arguing that their simplicity not only promotes understanding, but also insulates companies from the risk of courts finding their contracts unenforceable because they were too confusing (an Australian court has forced insurers Suncorp and Allianz to refund AUD60m paid for insurance that was of "little or no value," but which Australians purchased thanks to confusing fine-print that made it hard to assess). Read the rest

A comprehensive guide to corporate online surveillance in everyday life

Cracked Labs' massive report on online surveillance by corporations dissects all the different ways in which our digital lives are tracked, from the ad-beacons that follow us around the web to the apps that track our physical locations as we move around the world. Read the rest

Complying with the new EU data protection directive requires a top-to-bottom redo of the adtech industry

Back in 2016, the EU passed the General Data Protection Regulation, a far-reaching set of rules to protect the personal information and privacy of Europeans that takes effect this coming May. Read the rest