Sage @sage

0 posts0 participants0 posts today

Replied in thread

**Job Bautista** @job@pleroma.envs.net · Mar 10

@praveen

> The TOS applies to only official binaries from (#)mozilla

This is not true:

"Mozilla grants you a personal, non-exclusive license to install and use the “Executable Code" version of the Firefox web browser, which is the ready-to-run version of Firefox from an authorized source that you can open and use right away."

Debian is an "authorized source", as they use official #Firefox branding and #Mozilla has explicitly approved the distro's usage of their trademarks in the past.

> they have clarified the language

There was no confusion from the community (this is textbook gaslighting by Mozilla). The only good change to the ToU that came was the removal of the AUP from the Firefox terms as well as the explicit disclaiming of ownership over content uploaded via Firefox, but they're not enough. Mozilla Corp still has an unnecessary license over content uploaded via/inputted in Firefox, and the promise to never sell users' data is still withdrawn despite already complying with the #CCPA before the withdrawal.

@tuxmain

**Edwin G.** @EdwinG@mstdn.moimeme.ca · Mar 8

Mar 8

Edwin G. @EdwinG@mstdn.moimeme.ca

Hudson’s Bay Company filed for creditor protection. They plan to restructure the business.

https://www.cbc.ca/news/business/hudsons-bay-creditor-protection-1.7477926
- - -
La Compagnie de la Baie d’Hudson se place sous la loi sur les arrangements avec les créanciers. Ils planifient de restructurer l’entreprise.

https://ici.radio-canada.ca/nouvelle/2146523/baie-hudson-protection-creanciers

CBCHudson's Bay files for creditor protection, intends to restructure | CBC NewsCanada's oldest retailer, Hudson's Bay Co., has filed for creditor protection and intends to restructure the business.

#Canada #CCPA #LACC

**Kote Isaev** @koteisaev@mastodon.online · Feb 13 *

Feb 13 *

Kote Isaev @koteisaev@mastodon.online

Is there any #EU #GDPR #CCPA #Law proposition/article I can reference in discussion about sign up flow, when it goes to providing an option to opt-out from #Marketing department emails about a product, as a default thing (Unchecked by default)?

**LavX News** @lavxnews@mastodon.cloud · Feb 5

Feb 5

LavX News @lavxnews@mastodon.cloud

Introducing Global Privacy Control: A New Era for Data Privacy in Web Development

As the digital landscape evolves, so does the need for robust privacy mechanisms. The Global Privacy Control (GPC) is set to redefine how users manage their data privacy across the web, empowering the...

https://news.lavx.hu/article/introducing-global-privacy-control-a-new-era-for-data-privacy-in-web-development

#news #tech #DataPrivacy

**Eric Goldman** @ericgoldman@techpolicy.social · Dec 11, 2024

Dec 11, 2024

Eric Goldman @ericgoldman@techpolicy.social

ICYMI: the CA Privacy Protection Agency proposed regulations that will cost the California economy billions of dollars and tens of thousands of jobs, but it's OK because entrepreneurs eventually will create billions of dollars and hundreds of thousands of jobs helping companies comply with those regulations #CCPA #CPRA https://cppa.ca.gov/regulations/pdf/ccpa_updates_cyber_risk_admt_ins_notice.pdf

The Agency has made an initial determination that the proposed regulations may have a
significant, statewide adverse economic impact directly affecting business, including the ability
of California businesses to compete with businesses in other states.

**Don Marti** @dmarti@federate.social · Nov 26, 2024

Nov 26, 2024

Don Marti @dmarti@federate.social

The #California #Privacy Protection Agency is #hiring a "Research Technologist - Enforcement Division" to, among other things, "research privacy-related business practices to support investigations and enforcement actions"

(please, one of my followers on here go get this job. So many #CCPA and #CPRA violations out there, this will be a much more rewarding use of your skills than #growthHacking and #darkPatterns)

https://calcareers.ca.gov/CalHrPublic/Jobs/JobPosting.aspx?JobControlId=457993

calcareers.ca.govResearch Technologist - Enforcement Division - Telework OptionLooking to make a difference? Join our strong and mighty workforce. We offer benefits and growth opportunities and impact the lives of millions of Californians.

**Terra Field** @RainofTerra@terra.incognita.net · Aug 13, 2024

Aug 13, 2024

Terra Field @RainofTerra@terra.incognita.net

Weight loss

**Pyrzout** @jos1264@social.skynetcloud.site · Jul 11, 2024

Jul 11, 2024

Pyrzout @jos1264@social.skynetcloud.site

SCOTUS Chevron Ruling May Have Limited Impact on Cybersecurity https://thecyberexpress.com/scotus-chevron-ruling-cybersecurity/ #CybersecurityRegulations #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #FirewallDaily #SupremeCourt #Regulations #CCPA #GDPR

The Cyber Express · Jul 11, 2024SCOTUS Chevron Ruling May Have Little Effect on CybersecurityBy Paul Shread

**Patrick Townsend** @patrick_townsend@infosec.exchange · Jun 17, 2024

Jun 17, 2024

Patrick Townsend @patrick_townsend@infosec.exchange

GDPR and the Right To Be Forgotten (RTBF) and other Rights

A bit of a longer read.

I recently had the opportunity to engage a bit here on Mastodon on the question of data privacy and the EU General Data Protection Regulation (GDPR). I’ve had a chance to think about this a bit more and am providing the following thoughts. This is not a complete analysis of data privacy under GDPR, but I hope it will be helpful for organizations or agencies who fall under this regulation. I appreciate those who commented previously (references below).

First, some disclaimers:
-       I am not a lawyer. I recommend you talk to one if you are developing software that handles private information or are simply storing or sharing private information.
-       I have read the entire GDPR and recitals, but I am not current on recent legal refinements.
-       I have also read other data compliance regulations such as CCPA and at one point I read all of the data privacy regulations of all 50 US states.
-       Why did I do this? My company was subject to GDPR and a number of other privacy regulations and we were selling a data security solution. Our customers had a reasonable expectation that we would help them meet compliance regulations.
-       We developed internal policies and procedures to comply with GDPR.
-       We honored all GDPR requests related to RTBF.
-       We consciously designed systems that supported and enabled GDPR compliance.
-       We invested in and partnered with a blockchain start up and designed and developed for IPFS.

Some definitions might be helpful. GDPR refers to individuals (individual people like you and me) as Data Subjects. The rights granted are granted to individual users and consumers. Organizations that collect private information about Data Subjects are Data Controllers. When we stored information in our CRM we were a Data Controller as defined by GDPR. It takes a bit of reading to get used to these definitions, but they are fairly straightforward.

Context is important when understanding a regulation like GDPR.

I benefited from my time living in and starting a business in Europe (West Germany, in the 1980s). This part of the world had experienced unspeakable horrors during WWII and were living very close to the repression that existed just across the border in eastern Europe. Repressive regimes abuse confidential information and weaponize secrecy in order to exert control over others. My colleagues from Germany, Italy, France, the UK and Poland understood this in a fundamental, human way. I see GDPR as a natural expression of their desire to protect their nations, their communities, their families and themselves. This is why I deeply respect the EU’s right to promulgate these privacy regulations.

Under GDPR the individual becomes the ultimate owner of their private information. There is no implied ability of a Data Controller to override that right (with some exceptions, see below), or to assume that any rights granted to a Data Controller by an individual are permanent and immutable. An individual can give a Data Controller permission to store their private information, and, importantly, an individual can revoke that permission. This is a fundamental difference with how we in the US tend to think of privacy. It is very important to fully grasp this concept if you are planning to do business in the EU.

The Right To Be Forgotten (sometimes called the Right To Deletion) gives the individual the right to ask for their data to be removed from a Data Controller’s system and for that to occur in a timely fashion. But it is only one right defined under GDPR. There are others:
-       Right to opt in or out of data sharing.
-       Right to change data sharing permissions.
-       Right to know with whom data has been shared.
-       Right to correct data.
-       Right to assume data is pseudonymized, usually with encryption.
-       Right to be informed in a timely way of any data beach.

This is not a complete list of the rights and responsibilities conferred under GDPR, but these are probably the most well-known, and probably where many organizations fail to implement proper controls.

Of course, there are exceptions to data privacy rights under GDPR. Some of them are:
-       Legal requirements to retain data (tax history, etc.).
-       Some freedom of information requirements.
-       Some public knowledge aspects.
-       General public health and safety.

Please note that GDPR does not provide an exception to the rules because your technology prevents you from meeting RTBF deletion requests (looking at you, blockchain and IPFS). There is no programming around these requirements and clever developers do not get a magical pass to ignore them.

It is also important to understand that RTBF is still being refined. This is a bubbling pot of legal activity. In my opinion the direction seems to be in favor of protecting Data Subject’s privacy rights and enforcing RTBF.

GDPR applies to the EU countries and to anyone doing business in the EU. There are lots of other privacy regulations that are similar to GDPR. In the US, there is the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act of 2020 (CPRA). The UK, Australia, New Zealand and many other countries also have privacy regulations that are similar in intent. Once you start absorbing the requirements of these regulations you start to think of private information in a new way.

Ok, now for some recommendations:

If you are a software developer creating that killer app and the next big Unicorn, build in GDPR support right from the beginning. We know how difficult it is to “bolt on” security after the fact. It is equally hard to re-engineer applications to meet GDPR. So, get it right from the beginning and avoid some angst as you approach an IPO or a global rollout.

If you are a business and have dreams of scaling your business beyond your local community, think about how you collect, store and share information about individual consumers. It is almost certain you are going to run into some flavor of GDPR at some point and you will want to be prepared. If you are not covered by GDPR, CCPA or other privacy regulations now, you may soon be.

If you are using social media platforms as a part of your marketing strategy (who isn’t ???) be sure you understand how your social media provider meets GDPR. Sharing sensitive data with social media and big data brokers can be a GDPR nightmare. Make sure your social media partner has processes in place to meet GDPR data deletion requests.

It was previously mentioned here that developer tools like git and Gitlab would likely not come under GDPR controls. I think the point was that tools like git and Gitlab are not typically used to collect information on individuals, and I think that is correct. It is not that GDPR exempts developer tools from its compliance scheme (it doesn’t), it is just that it is rare to use developer tools to store a lot of personal information. One caution: be careful about test data that you might store as a part of automated testing routines. Don’t store test data with information about real people! Anonymize or tokenize the data before adding it to git.

What about Web3 technologies?

Web3 technologies like blockchain and IPFS can make it extremely difficult (nearly impossible) to meet GDPR requirements for RTBF. If your application ingests data to blockchains and/or IPFS, or provides a public gateway to allow this type of data ingestion, I would recommend implementing application logic to prevent sensitive personal data from being added. I’ve built blockchain and IPFS applications and there is no effective delete function. If you have to store sensitive data, I would recommend against using these technologies.

Lastly, remember that you will probably need proper legal advice (that is not me!) related to GDPR and other compliance regulations. Governance and compliance are proper components of a business plan and software design process.

Here are some resources that may be helpful:

EU General Data Protection Regulation (lots of resources here):
https://gdpr.eu/
https://gdpr.eu/right-to-be-forgotten/?cn-reloaded=1

EU General Data Protection Regulation recitals:
https://gdpr-info.eu/recitals/

California Consumer Privacy Act:
https://oag.ca.gov/privacy/ccpa

The newer California Privacy Regulation Act (If you enjoy reading legislation – I do!). Not the official site and be aware that CPRA is still undergoing implementation discussion:
https://thecpra.org/

UK Data Protection Law. Good resources here:
https://ico.org.uk/

Acknowledgements and appreciation:

Demi Marie Obenour (@alwayscurious)
Gabriel Svelto (@gabrielesvelto)
Andi McClure (@mcc)
And many others!

#GDPR #CCPA #CPRA #Compliance #Security #BlockChain #IPFS #Software #SoftwareDevelopment #Programming

GDPR.euGeneral Data Protection Regulation (GDPR) Compliance GuidelinesThe EU General Data Protection Regulation went into effect on May 25, 2018, replacing the Data Protection Directive 95/46/EC. Designed to increase data privacy for EU citizens, the regulation levies steep fines on organizations that don’t follow the law.

**Human-centered AI** @hcai@hci.social · May 15, 2024

May 15, 2024

Human-centered AI @hcai@hci.social

New episode of the HCAI podcast! We had the privilege to speak to @j2bryson on governance, policymaking, regional control, and philosophy. You'll find links to the episode below #HCAI #AIAct #DSA #AIGovernance #AIPolicy #GDPR #CCPA #humancenteredartificialintelligence #humancenteredai

https://hcai.se/podcast/24-05-15-hcai-podcast-episode-6-governing-ai-with-joanna-bryson/

Human-centered AI @ GU · May 15, 2024HCAI Podcast Episode 6 - Governing AI with Joanna Bryson | Human-centered AI @ GUThe sixth episode of the HCAI podcast in which we talk about artificial intelligence governance with Joanna Bryson.

Replied in thread

**@infosec_jcp done differently** @infosec_jcp@infosec.exchange · Mar 21, 2024 *

Mar 21, 2024 *

@infosec_jcp done differently @infosec_jcp@infosec.exchange

@Weld

But who would protect Americans and other places FROM proper Privacy Policies of predatory Terms of Service.FROM US.CORPS?

#California #forensics about #MenloPark's 1BootLoopingWay?

Forensics?

#infosec $_list_,of_companies.xlsx?

? #ShrimpJesus? ( #Meta #scamalert )

#NOYBeu #CCPA #CCPR

**ploum** @ploum@mamot.fr · Feb 2, 2024

Feb 2, 2024

ploum @ploum@mamot.fr

Google, Facebook and Microsoft have decided to use all of your communications to train their AI, including social networks and your private emails.

According to Europe #GPDR, California #CCPA and Sealand #ROT13 act, you may opt out.

In order to opt out, copy/paste this message on your profile on social networks and send it to all your mail contacts. On Mastodon, you can also reboost this.

"ARIRE TBAAN TVIR LBH HC - ARIRE TBAAN YRG LBH QBJA"

This has been confirmed by Elon Musk and @aral

Dial Tone, Busy Signal *biiip* @simSalabim@twit.social · Jan 18, 2024

Jan 18, 2024

Dial Tone, Busy Signal *biiip* @simSalabim@twit.social

How might one go about taking advantage of the GDPR or CCPA that don't live in those areas?

If anyone has guides or general information, I would appreciate it. I'm still searching, between cleaning and other chores, but I'm not great at it (or search is broken, whichever).

#GDPR #CCPA #Privacy

**dusoft** @dusoft@fosstodon.org · Dec 29, 2023

Dec 29, 2023

dusoft @dusoft@fosstodon.org

@neil Yep. And contrary to DNT now actually based on laws such as #GDPR or #CCPA.
Supported by Mozilla and others (I have it already turned on, now let's wait for the websites to detect and support it - some preliminary decisions by regulators already exist):
https://globalprivacycontrol.org/

globalprivacycontrol.orgGlobal Privacy Control — Take Control Of Your PrivacyExercise your privacy rights in one step via the “Global Privacy Control” (GPC) signal, a proposed specification backed by over a dozen organizations.

**Don Marti** @dmarti@federate.social · Nov 19, 2023

Nov 19, 2023

Don Marti @dmarti@federate.social

tried a #CCPA #RtK on clearview dot ai -- they have 42 photos of me. Mostly conference speaker headshots and webinar thumbnails but I am in the background of a photo on some guy's travel blog

https://www.clearview.ai/privacy-and-requests

**Don Marti** @dmarti@federate.social · Oct 30, 2023

Oct 30, 2023

Don Marti @dmarti@federate.social

When you were celebrating #GDPR, I studied the #CCPA
Opt-Out Regulations

When you were filing complaints over consent UX I mastered the Right to Delete automation

While you wasted your days at the DPC over cases where the fix was already in, I cultivated the Authorized Agent

And now that the world is on fire and Meta demands surveillance or tribute you have the audacity to come to me for help?

(for real though, hth adapt CCPA opt-out stuff to Article 21 for those in Europe who need it now)

**zceline** @zceline@indieweb.social · Oct 3, 2023 *

Oct 3, 2023 *

zceline @zceline@indieweb.social

Score another tool for #privacy!

Wish there were an easier way to exercise those privacy rights you keep hearing about?

Check out Consumer Reports' Permission Slip tool, launched today on Android (already on iOS)!

https://innovation.consumerreports.org/permission-slip-now-available-on-android/

https://www.permissionslipcr.com/

Screenshot of Consumer Reports 'Permission Slip' app home page. Headline says "One app to take back control of your data", above a QR Code to Download the app for iOS or Android.
Two mobile phones are displayed, showing examples from the app interface. One shows the opt-out tool, the other shows 'Pending Requests' , including status bars for data requests from AMC Theaters, Spokeo, Ticketmaster, Amazon, Home Depot, and Ancestry.

#California #CCPA #PersonalData

**Don Marti** @dmarti@federate.social · Oct 3, 2023

Oct 3, 2023

Don Marti @dmarti@federate.social

#ConsumerReports "Permission Slip" mobile app for #CCPA Authorized Agent opt outs launches today

(part of a privacy "complete breakfast" with #globalPrivacyControl, each one addresses different situations)

https://www.consumerreports.org/electronics/privacy/take-control-of-online-data-with-apps-a5151057853/

Replied in thread

**Ted Tschopp** @TedT@twit.social · Aug 12, 2023 *

Aug 12, 2023 *

Ted Tschopp @TedT@twit.social

@jeff @xdej @SarraceniaWilds @rysiek I live in the San Gabriel Valley and I don’t want to see posts that originate in #SGV I want to see posts about the #San #Gabriel #Valley or #Pasadena or whatever. But getting everything geo located sounds like a #CCPA / #CPRA nightmare. So do you introduce tags outside of hash tags? I agree hashtags are a hack, but everything else seems worse. See #sangabrielvalley hash tags here in this post as to how bad it can get.

**Emory Roane** @emoryr@techpolicy.social · Aug 11, 2023 *

Aug 11, 2023 *

Emory Roane @emoryr@techpolicy.social

Just now remembered that the #california #legislature couldn’t get things together to figure out how to handle employee/employer #workerprivacy exemptions for #CCPA last year, so now employees can exercise #ccpa #privacy rights to the fullest extent as a consumer against their employer — and yet somehow the sky hasn’t fallen yet.

I was definitely told the sky would be falling by now.

Recent searches

Search options

Administered by:

Server stats:

#ccpa