Privacy

France’s data protection watchdog CNIL on Wednesday fined Google €325 million ($380 million) and fast-fashion retailer Shein €150 million ($175 million) for violating cookie rules. The record penalties target two platforms with tens of millions of French users, marking among the heaviest sanctions the regulator has imposed.

cross-posted from: https://lemy.lol/post/48506189

TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer

cross-posted from: https://lemmy.sdf.org/post/38321143

TikTok was fined 530 million euros ($620 million) in May by the Data Protection Commission over European data transfers to China, though the Chinese social media giant had insisted this data was only accessed remotely.

The DPC on Thursday said it had been informed by TikTok in April that "limited EEA user data had in fact been stored on servers in China," contrary to evidence presented by the company.

The regulator said it had expressed "deep concern" in its previous investigation that "TikTok had submitted inaccurate information".

[...]

cross-posted from: https://piefed.zip/post/131103

Like it or not, artificial intelligence has become part of daily life. Many devices — including electric razors and toothbrushes — have become AI-powered," using machine learning algorithms to track how a person uses the device, how the device is working in real time, and provide feedback. From asking questions to an AI assistant like ChatGPT or Microsoft Copilot to monitoring a daily fitness routine with a smartwatch, many people use an AI system or tool every day.

While AI tools and technologies can make life easier, they also raise important questions about data privacy. These systems often collect large amounts of data, sometimes without people even realizing their data is being collected. The information can then be used to identify personal habits and preferences, and even predict future behaviors by drawing inferences from the aggregated data.

An assistant professor of cybersecurity at West Virginia University, studies how emerging technologies and different types of AI systems manage personal data and how we can build more secure and privacy-preserving systems for the future.

A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

cross-posted from: https://lemmy.bestiver.se/post/441870

Comments

cross-posted from: https://europe.pub/post/1436138

cross-posted from: https://lemm.ee/post/66697931

cross-posted from: https://programming.dev/post/31946686

cross-posted from: https://programming.dev/post/31949654

cross-posted from: https://lemmy.nz/post/23935860

Google warns “passwords are not only painful to maintain, but are also more prone to phishing and often leaked through data breaches.” And that’s the real issue. “It’s important to use tools that automatically secure your account and protect you from scams,” Google tells users, and that means upgrading account security now.

Google says “we want to move beyond passwords altogether, while keeping sign-ins as easy as possible.” That includes social sign ins, but mainly it means passkeys. “Passkeys are phishing-resistant and can log you in simply with the method you use to unlock your device (like your fingerprint or face ID) — no password required.”

This is just one of their excuses, to keep their users inside google's walled-garden

cross-posted from: https://lazysoci.al/post/27786565

cross-posted from: https://lemmy.zip/post/40314191

Just a little bit more privacy invasion. C'mon, juuuust a little.. 'till you no longer notice.

cross-posted from: https://lemm.ee/post/65027473

A: EU / GDPR B: Me C: Cookies D: Meta, Google, and other privacy invading ad companies that do anything to steal our personal data

cross-posted from: https://programming.dev/post/30465777

cross-posted from: https://lemmy.world/post/29777938

More than half of Americans reported receiving at least one scam call per day in 2024. To combat the rise of sophisticated conversational scams that deceive victims over the course of a phone call, we introduced Scam Detection late last year to U.S.-based English-speaking Phone by Google public beta users on Pixel phones.

We use AI models processed on-device to analyze conversations in real-time and warn users of potential scams. If a caller, for example, tries to get you to provide payment via gift cards to complete a delivery, Scam Detection will alert you through audio and haptic notifications and display a warning on your phone that the call may be a scam.

cross-posted from: https://feddit.org/post/12486187

cross-posted from: https://lemmus.org/post/12894810

cross-posted from: https://lemm.ee/post/63592070

Article 1(3) of the General Data Protection Regulation (GDPR) ensures that the free movement of personal data within the European Union (EU) is neither restricted nor prohibited on grounds related to the protection of personal data. This provision primarily targets Member States, which might otherwise be inclined to enact data localisation laws that could impede the free flow of data.

The scope of this free movement is confined to the European Economic Area (EEA), which encompasses all EU Member States along with Iceland, Liechtenstein, and Norway. It is important to note that the status of various special territories associated with EU Member States requires careful consideration, as some are included within the EEA while others are not.

Countries outside the EU/EEA do not enjoy the benefits of the free flow of personal data. The Court of Justice of the European Union (CJEU) has established stringent standards for international data transfers. The free flow of personal data is explicitly limited to the EEA, with rules governing transfers to non-EU/EEA countries, referred to as 'third countries,' detailed in Chapter V of the GDPR.

For instance, when a data controller based in Italy stores personal data with a cloud service provider in Norway, there are no concerns regarding international data flows because the GDPR prohibits restrictions on such flows within the EEA. Conversely, if the Italian data controller utilises a service provider in the UK, an additional legal basis is required to legitimise these data flows.

There is an ongoing debate regarding whether the free flow of personal data solely applies to data transfers between systems located within the EEA or if it also extends to systems outside the EEA that are under the effective control of an EEA-based controller or processor. The European Commission has recently adopted an entity-based approach, focusing on whether the controlling entity falls within the territorial scope outlined in Article 3 of the GDPR, rather than a data-based approach, which would consider whether the data remains physically within the EEA. However, the wording of the GDPR does not appear to support this entity-based approach. Nevertheless, the definition of the GDPR's territorial scope of application is explicitly decoupled from the question of whether the data processing occurs within the Union or not, as stated in Article 3(1).

cross-posted from: https://lemmy.ml/post/29712598

This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.

Transcription (for the visually impaired)

(I tried my best)

The background is an iceberg with 6 levels, denoting 6 different levels of privacy.

The tip of the iceberg is titled "The Brainwashed" with a quote beside it that says "I have nothing to hide". The logos depicted in this section are:

• Instagram
• Apple
• TikTok
• PayPal
• Google Chrome
• CashApp
• WhatsApp
• Samsung
• Steam
• Microsoft Windows
• Ring (Security Camera)
• YouTube
• Amazon
• Discord
• Gmail
• ChatGPT

The surface section of the iceberg is titled "As seen on TV" with a quote beside it that says "This video is sponsored by...". The logos depicted in this section are:

• NordVPN
• Bitdefender
• Incogni
• Malwarebytes
• Opera GX
• ExpressVPN

An underwater section of the iceberg is titled "The Beginner" with a quote beside it that says "I don't like hackers and spying". The logos depicted in this section are:

• Telegram
• Authy
• Brave Browser
• Privacy.com (Virtual Cards)
• DuckDuckGo
• iMessage
• Proton Mail
• AdBlock (Browser Extension)

A lower section of the iceberg is titled "The Privacy Enthusiast" with a quote beside it that says "I have nothing I want to show". The logos depicted in this section are:

• Signal (Messenger)
• Tuta
• addy.io
• Linux
• Bitwarden
• uBlock Origin
• Tor and Tor Browser
• ProtonVPN

An even lower section of the iceberg is titled "The Privacy Activist" with a quote beside it that says "Privacy is a human right". The logos depicted in this section are:

• Monero
• GrapheneOS
• Vanadium (Web Browser)
• KeePassDX
• SimpleX Chat
• Accrescent
• SearXNG
• Aegis Authenticator
• OpenWrt
• Mullvad VPN
• An illustration of physical cash

The lowest portion of the iceberg is titled "The Ghost". There is a quote beside it that has been intentionally redacted. The images depicted in this section are:

• A cancel sign over a mobile phone, symbolizing "no electronics"
• An illustration of a log cabin, symbolizing "living in a log cabin in the woods"
• A picture of gold bars, symbolizing "paying only in gold"
• A picture of a death certificate, symbolizing "faking your own death"
• An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing "hiding ones identity in public"

End of transcription.