Robert Bateman

@RobertJBateman
466 Followers
406 Following
30 Posts
When on the internet, I mostly talk and write about data protection.
Robert BatemanJan 18, 2023

Five US state #privacy laws take effect this year.

They all apply slightly differently.

Colorado's will catch a lot of businesses out. Utah's doesn't apply to small businesses at all.

For whatever reason, I put all the different applicability rules on one chart.

Confusing?

Show threadRobert BatemanJan 6, 2023

All other decisions involved Meta's legal basis for processing—fundamental to its business model.

The DPC might have been more reluctant to find fault in this area.

And thus the fines in these cases were initially lower (and later increased at the behest of the EDPB).

Just a hunch. It's more complicated than this.

There is a lot of reasoning justifying each decision. Some is fine, some I find pretty odd.

(And to be clear, I'm not "taking sides" here)

(2/2)

Robert BatemanJan 6, 2023

The EDPB has forced the DPC to rewrite its decisions against Meta in all but one case: the €265m Facebook fine from November.

The EDPB agreed with the DPC on this decision and level of fine.

How did the DPC manage to "get it right" in this case?

Nov 2022 was a data breach fine.

The issues were mostly around data protection by design and by default—not Meta's legal basis for processing.

I suspect the DPC felt comfortable imposing corrective actions in this area (1/2)

https://dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-in-facebook-data-scraping-inquiry

Data Protection Commission

The Data Protection Commission (DPC) has today announced the conclusion to an inquiry into Meta Platforms Ireland Limited (MPIL), data controller of the “Facebook” social media network, imposing a fine of €265 million and a range of corrective measures.

Data Protection Commission
Show threadRobert BatemanJan 5, 2023

The DPC alleges that this investigation would be "problematic in jurisdictional terms" and would go against the #GDPR "cooperation and consistency" process, which seeks to resolve disputes between data protection authorities.

The DPC would presumably be bringing an action for annulment before under the annulment procedure per Article 263 TFEU

Assuming that the DPC characterises this direction accurately, is the EDPB allowed to direct a DPA to start a fresh investigation? I haven’t decided yet

Robert BatemanJan 5, 2023

It looks like the Irish Data Protection Commission (DPC) will be challenging fellow regulators from the European Data Protection Board (EDPB) in court over what it claims is an "overreach" of powers.

The DPC has a history of disputes with the EDPB and claims that the board has exceeded its authority by directing the DPC to conduct an "open-ended and speculative" investigation into Facebook and Instagram's processing operations.

More details in my post from yesterday

https://www.grcworldforums.com/uk/irish-dpc-to-challenge-fellow-regulators-in-court-over-problematic-direction/7887.article

Irish DPC to Challenge Fellow Regulators in Court Over ‘Problematic’ Direction

The Irish Data Protection Commission (DPC) released details of investigations into two Meta companies on Wednesday, which will change the way the companies target ads. The decisions conclude complaints that were first lodged in May 2018. But the decisions against Meta are arguably not the most interesting part of the ...

GRC World Forums
Robert BatemanDec 19, 2022

If you're wondering about Musk's recent policy changes, like:

• Will #Twitter Blue users be allowed to link to Mastodon?

• Does posting info about people at sports games constitute "doxxing"?

• Are the rules retroactive?

...I guarantee you have thought about this harder than he has

Robert BatemanDec 18, 2022

Looking at the biggest #GDPR fines of 2022

It seems that of the top 8:

Meta has 3
Clearview has 4
Google has 1

#Meta has:

Insta (€405m, Sep)
Facebook (€265m, Oct)
Facebook (€17m, Mar)

Am I getting this right?

Robert BatemanDec 2, 2022

I asked ChatGPT, a new OpenAI chatbot, to write me a poem about "a stressed data protection officer struggling to deal with international data transfers under the GDPR."

I then suggested my own version, and it provided another in response.

The results are pretty interesting. Some slightly off rhymes, and it doesn't quite scan (unlike my masterpiece).

Also, the first poem assumed the DPO was a "he". I used "she" in my response, and the AI switched to "she" in its reply.

Robert BatemanNov 28, 2022

Breaking: DPC fines Meta €265 million for failing to prevent scraping between May 2018 and Sept 2019.

Another fine against a Meta co focusing on "data protection by design and default", following the recent Instagram fine that raised similar concerns.

#gdpr #meta

https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-in-facebook-data-scraping-inquiry

Data Protection Commission

The Data Protection Commission (DPC) has today announced the conclusion to an inquiry into Meta Platforms Ireland Limited (MPIL), data controller of the “Facebook” social media network, imposing a fine of €265 million and a range of corrective measures.

Data Protection Commission
Robert BatemanNov 20, 2022
Arvind NarayananNov 4, 2022

Algorithms aren't the enemy. Chronological feeds don't scale and the signal-to-noise ratio will plummet if this ever gets popular. The real problems with today's algorithmic feeds are non-transparency, lack of choice, and optimizing for engagement instead of healthy discourse.

Open-source is a perfect opportunity to fix all this. Have there been any efforts to create a Mastodon instance with a (community governed) ranking algorithm? Is that technically feasible? Or is the idea simply anathema?