The looming deadline for the EU General Data Protection Plan means that companies have a duty to be extremely clear about what data they're collecting on you and what they're doing with it, and give you a chance to refuse -- they've already had a duty to do this for a very long time under both EU law and California law, but the difference this time around is that the GDPR has large, terrifying teeth: companies that fail to comply can be fined 4% of their annual global turnover. Read the rest

The European Union's General Data Protection Regulation (GDPR) goes into effect this month and will completely overturn the way that businesses gather and circulate data about internet users. Read the rest

Mark Zuckerberg says it doesn't matter how creepy and terrible his company is, because you agreed to let him comprehensively fuck you over from asshole to appetite by clicking "I agree" to a tens of thousands of words' worth of "agreements" spread out across multiple webpages; when questioned about this in Congress, Zuck grudgingly admitted that "I don’t think the average person likely reads that whole document." But as far as Zuck is concerned, it doesn't matter whether you've read it, whether you understand it, whether it can be understood -- you still "agreed." Read the rest

Where is Facebook located? Well, if you're the taxman, Facebook's global HQ is a tiny shed somewhere in Ireland, where Facebook can escape virtually all taxation; but on the other hand, if you're the EU, Facebook is headquartered in America, where the General Data Protection Regulation doesn't apply. Read the rest

Marketing companies frequently "anonymize" their dossiers on internet users using hashes of their email addresses -- rather than the email addresses themselves -- as identifiers in databases that are stored indefinitely, traded, sold, and leaked. Read the rest

The imminent implementation of the EU's General Data Protection Regulation (GDPR) has been hailed as a victory for global privacy advocates; since the regulation severely limits the collection of data on Europeans -- even when they're communicating with non-Europeans -- services like Facebook would risk running afoul of the GDPR if they collected data on anyone in a way that violated EU rules, and since the penalties for violating the GDPR are incredibly draconian, the benefits of such surveillance would surely be outweighed by the risk of getting it wrong. Read the rest

A Reuters/Ipsos poll of 2,237 subjects found that the majority of Americans (59%) "do not trust Facebook to obey US privacy laws." Read the rest

Consumer Reports dragged a bunch of its top-rated smart TVs back into its labs to re-evaluate them, this time checking them for hard-to-evaluate information security risks and defects, which are not normally factored into its ratings. Read the rest

Europe's General Data Protection Regulation kicks in this May, and it enforces a user-first, privacy-centric set of rules for the internet that is totally incompatible with the adtech industry and the ad-supported web in general (though much rides on a potentially humungous loophole). Read the rest

Even the most stringent privacy rules have massive loopholes: they all allow for free distribution of "de-identified" or "anonymized" data that is deemed to be harmless because it has been subjected to some process. Read the rest

The General Data Protection Regulation will be enforced as of May, and once it does, internet companies will no longer be able to collect or share your data unless they give you a clear, simple explanation of how it will be used, and get your consent, along with contact details for named individuals who report directly to the business's senior management. Read the rest

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print. Read the rest

University of Western Australia Law professor Camilla Baasch Andersen has helped businesspeople draft legally binding contracts that take the form of simple comic-strips, arguing that their simplicity not only promotes understanding, but also insulates companies from the risk of courts finding their contracts unenforceable because they were too confusing (an Australian court has forced insurers Suncorp and Allianz to refund AUD60m paid for insurance that was of "little or no value," but which Australians purchased thanks to confusing fine-print that made it hard to assess). Read the rest

Cracked Labs' massive report on online surveillance by corporations dissects all the different ways in which our digital lives are tracked, from the ad-beacons that follow us around the web to the apps that track our physical locations as we move around the world. Read the rest

Back in 2016, the EU passed the General Data Protection Regulation, a far-reaching set of rules to protect the personal information and privacy of Europeans that takes effect this coming May. Read the rest