Facebook faces fresh criticism over ad targeting of sensitive interests

Is Facebook trampling over laws that govern the processing of sensitive categories of personal data by failing to ask people for their explicit permission before it induces sensitive inferences about their sex life, religion or political notions? Or is the company merely treading uncomfortably and unethically close to the line of the law?

An investigation by the Guardian and the Danish Broadcasting Corporation has found that Facebook’s platform lets advertisers to target users based on interests related to political notions, sexuality and religion — all categories that are marked out as sensitive datum under current European data protection law.

And indeed under the incoming GDPR, which will apply across the bloc from May 25.

The joint investigation discovered Facebook’s platform had built sensitive inferences about users — letting advertisers to target people based on inferred interests including communism, social democrats, Hinduism and Christianity. All of which would be classed as sensitive personal data under EU rules.

And while the platform offers some constraints on how advertisers can target people against sensitive interests — not letting advertisers to exclude users based on a specific sensitive interest, for example( Facebook having previously run into trouble in the US for enabling discrimination via ethnic affinity-based targeting) — such controls are beside the point if you take the view that Facebook is legally required to ask for a user’s explicit consent to processing this kind of sensitive data up front, before making any inferences about a person.

Indeed, it’s very unlikely that any ad platform can put people into pails with sensitive labels like’ interested in social democrat issues’ or’ likes communist pages’ or’ attends gay events’ without asking them to let it do so first.

And Facebook is not asking first.

Facebook argues otherwise, of course — claiming that the information it meets about people’s affinities/ interests, even when they necessitate sensitive categories of information such as sexuality and religion, is not personal data.

In a reply statement to the media investigation, a Facebook spokesperson told us 😛 TAGEND

Like other Internet companies, Facebook depicts ads based on topics we suppose people might be interested in, but without utilizing sensitive personal data. This means that someone could have an ad interest listed as’ Gay Pride’ because they have liked a Pride associated Page or clicked a Pride ad, but it does not reflect any personal characteristics such as gender or sexuality. People are able to manage their Ad Preference tool, which clearly explains how advertising works on Facebook and provides a route to tell us if you want to see ads based on specific interests or not. When interests are removed, we show people the list of removed interests so that they have a record they can access, but these interests are no longer used for ads. Our advertising conducted in accordance with relevant EU law and, like other companies, we are preparing for the GDPR to ensure we are compliant when it comes into force.

Expect Facebook’s argument to be tested in the courts — likely in the very near future.

As we’ve said before, the GDPR suits are coming for the company, thanks to beefed up enforcement of EU privacy regulations, with the regulation providing for penalties as large as 4% of a company’s global turnover.

Facebook is not the only online people profiler, of course, but it’s a prime target for strategic litigation both because of its massive size and reaching( and the resulting power over web users flowing from a dominant position in an attention-dominating category ), but also on account of its nose-thumbing posture to compliance with EU regulations thus far.

The company has faced a number of challenges and sanctions under existing EU privacy law — though for its operations outside the US it typically refuses to recognize any legal jurisdiction except corporate-friendly Ireland, where its international HQ is based.

And, from what we’ve seen in so far, Facebook’s response to GDPR’ conformity’ is no new leaf. Rather it looks like privacy-hostile business as usual; a continued attempt to leveraging its size and power to force a self-serving interpretation of the law — bending rules to fit its existing business procedures, rather than reconfiguring those processes to comply with the law.

The GDPR is one of the reasons why Facebook’s ad microtargeting empire is facing greater scrutiny now, with only weeks to go before civil society organizations are able to take advantage of fresh a chance for strategic litigation allowed by the regulation.

” I’m a big fan of the GDPR. I genuinely believe that it gives us — as the court in Strasbourg would say — effective and practical redress ,” statute prof Mireille Hildebrandt tells us.” If we go and do it, of course. So we need a lot of public litigation, a lot of court cases to induce the GDPR work but … I think there are more people moving into this.

” The GDPR made a market for these sort of law firms — and I think that’s excellent .”

But it’s not the only reason. Another reason why Facebook’s handling of personal data is attracting attention is the result of tenacious press investigations into how one controversial political consultancy, Cambridge Analytica, was able to gain such freewheeling access to Facebook users’ data — as a result of Facebook’s lax platform policies around data access — for, in that instance, political ad targeting purposes.

All of which eventually blew up into a major global privacy cyclone, this March, though criticism of Facebook’s privacy-hostile platform policies dates back more than a decade at this stage.

The Cambridge Analytica scandal at least brought Facebook CEO and founder Mark Zuckerberg in front of US lawmakers, facing questions about the extent of the personal information it gatherings; what controls it offers users over their data; and how he thinks Internet companies should be regulated, to name a few.( Pro tip for politicians: You don’t need to ask companies how they’d like to be regulated .)

The Facebook founder has also ultimately agreed to meet EU lawmakers — though UK lawmakers’ calls have been dismissed.

Zuckerberg should expect to be questioned very closely in Brussels about how his platform is impacting European’s fundamental rights.

Sensitive personal data wants explicit consent

Facebook deduces affinities linked to individual users by collecting and processing interest signals their web activity generates, such as likes on Facebook Pages or what people look at when they’re browsing outside Facebook — off-site intel it meets via an extensive network of social plug-ins and tracking pixels embedded on third party websites.( According to datum released by Facebook to the UK parliament the coming week, during merely one week of April this year its Like button appeared on 8.4 M websites; the Share button appeared on 931,000 websites; and its tracking Pixels were running on 2.2 M websites .)

But here’s the thing: Both the current and the incoming EU legal framework for data protection situates the bar for consent to processing so-called special category data equally high — at “explicit” consent.

What that entails in practice is Facebook needs to seek and protected separate permissions from users( such as via a dedicated pop-up) for collecting and processing this type of sensitive data.

The alternative is for it to rely on another special condition for processing this type of sensitive data. However the other conditions are pretty tightly drawn — relating to things like the public interest; or the vital interests of a data subject; or for purposes of” preventive or occupational medication “.

None of which would appear to apply if, as Facebook is, you’re processing people’s sensitive personal information merely to target them with ads.

Ahead of GDPR, Facebook has started asking users who have chosen to display political opinions and/ or sexuality information on their profiles to explicitly consent to that data being public.

Though even there its any measures were problematic, as it offers users a take it or leave it style’ option’ — saying they either remove the info solely or leave it and therefore agree that Facebook can use it to target them with ads.

Yet EU law also requires that permission be freely given. It cannot be conditional on the provision of a service.

So Facebook’s bundling of service provisions and permission will also likely face legal challenges, as we’ve written before.

” They’ve tangled the use of their network for socialising with the profiling of users for advertising. Those are separate purposes. You can’t tangle them like they are doing in the GDPR ,” says Michael Veale, a technology policy researcher at University College London, emphasizing that GDPR allows for a third option that Facebook isn’t offering users: Letting them to keep sensitive data on their profile but that data not be used for targeted advertising.

” Facebook, I believe, is quite afraid of this third alternative ,” he continues.” It goes back to the Congressional hearing: Zuckerberg said a lot that you can choose which of your friends every post can be shared with, through a little in-line button. But there’s no option there that tells’ do not share this with Facebook for the purposes of analysis ‘.”

Returning to how the company synthesizes sensitive personal affinities from Facebook users’ Likes and wider webs browsing activity, Veale highlights the fact that EU law also does not recognise the kind of distinction Facebook is seeking to draw — i.e. between inferred affinities and personal data — and thus to try to redraw the law in its favor.

” Facebook say that the data is not correct, or self-declared, and therefore these provisions do not apply. Data does not have to be correct or accurate to be personal data under European law, and trigger increased protection. Indeed, that’s why there is a’ right to rectification’ — because incorrect data is not the exception but the norm ,” he tells us.

” At the crux of Facebook’s challenge is that they are inferring what is arguably “special category” data( Article 9, GDPR) from non-special category data. In European statute, this data includes race, sexuality, data related to health, biometric the necessary data for the purposes of identification, and political opinions. One of the first things to note is that European law does not govern collect and use as distinct activities: Both are considered processing.

” The pan-European group of data protection regulators have recently confirmed in guidance that when you deduce special category data, it is as if you collected it. For this to be lawful, this is necessary a special reason, which for most companies is restricted to separate, explicit permission. This will be often different than the lawful basis for processing the personal data you used for inference, which might well be’ legitimate interests ‘, which didn’t necessitate permission. That’s ruled out if you’re processing one of these special categories .”

” The regulators even specifically dedicate Facebook like inference as an example of extrapolating special category data, so there is little wiggle room here ,” he adds, pointing to an example used by regulators of a study that combined Facebook Like data with” restriction survey information” — and from which it was found that researchers could accurately predict a male user’s sexual orientation 88% of the time; a user’s ethnic origin 95% of the time; and whether a user was Christian or Muslim 82% of the time.

Which underlines why these rules exist — given the clear risk of violates to human rights if big data platforms can merely suck up sensitive personal data automatically, as a background process.

The overarching aim of GDPR is to give consumers greater control over their personal data not only to help people defend their rights but to promote greater trust in online services — and for that trust to be a mechanism for greasing the wheels of digital business. Which is pretty much the opposite approach to sucking up everything in the background and hoping your users don’t realize what you’re doing.

Veale also points out that under current EU law even an opinion on someone is their personal data …( per this Article 29 Working Party guidance, emphasis ours ):

From the point of view of the nature of the information, the concept of personal data includes any sort of statements about a person. It covers “objective” datum, such as the presence of a certain substance in one’s blood. It also includes “subjective” datum, sentiments or appraisals . This latter sort of statements make up a significant share of personal data processing in sectors such as banking, for the assessment of the reliability of borrowers (” Titius is a dependable borrower “), in insurance (” Titius is not expected to die soon “) or in employment (” Titius is a good worker and merits promotion “).

We set that specific point to Facebook — but at the time of writing we’re still waiting for a answer.( Nor would Facebook offer a public response to several other questions we asked around what it’s doing here, preferring to limit its comment to the statement at the top of this post .)

Veale adds that the WP29 guidance has been upheld in recent CJEU suits such as Nowak — which he tells emphasized that, for example, annotations on the side of an exam script are personal data.

He’s clear about what Facebook should be doing to comply with the law:” They should be asking for individuals’ explicit, separate consent for them to extrapolate data including race, sexuality, health or political sentiments. If people say no, they should be able to continue using Facebook as normal without these inferences being built on the back-end .”

” They need to tell individuals about what they are doing clearly and in plain language ,” he adds.” Political opinions are just as protected here, and this is perhaps more interesting than race or sexuality .”

” They certainly should face legal challenges for the purposes of the GDPR ,” concurs Paul Bernal, senior lecturer in law at the University of East Anglia, who is also critical of how Facebook is processing sensitive personal information.” The affinity notion seems to be a fairly transparent attempt to avoid legal challenges, and one that ought to fail. The topic is whether the regulators have the intestines to build the point: It undermines a quite significant part of Facebook’s approach .”

” I suppose the reason they’re pushing this is that they think they’ll get away with it, partly because they think they’ve persuaded people that the problem is Cambridge Analytica, as rogues, rather than Facebook, as enablers and advocates. We need to be very clear about this: Cambridge Analytica are the symptom, Facebook is the disease ,” he adds.

” I should also say, I guess the differences between’ targeting’ being OK and’ excluding’ not being OK is also mostly Facebook playing games, and trying to have their cake and eat it. It simply invites gaming of the systems really .”

Facebook claims its core product is social media, rather than data-mining people to operate a highly lucrative microtargeted ad platform.

But if that’s true why then is it tangling its core social functions with its ad-targeting apparatus — and telling people they can’t have a social service unless they agree to interest-based advertising?

It could support a service with other types of advertising, which don’t depend on background surveillance that erodes users’ fundamental rights. But it’s opting not to offer that. All you can’ select’ is all or nothing. Not much of a choice.

Facebook telling people that if they want to opt out of its ad targeting they must delete their account is neither a road to obtain meaningful( and therefore lawful) permission — nor a very compelling approach to counter criticism that its real business is farming people.

The issues at stake here for Facebook, and for the shadowy background data-mining and brokering of the online ad targeting industry as a whole, are clearly much greater than any one data misuse scandal or any one category of sensitive data. But Facebook’s decision to retain people’s sensitive personal data for ad targeting without asking for consent up-front is a telling sign of something gone very wrong indeed.

If Facebook doesn’t feel confident asking its users whether what it’s doing with their personal data is okay or not, maybe it shouldn’t be doing it in the first place.

At very least it’s a failing of ethics. Even if the final judgement on Facebook’s self-serving interpretation of EU privacy rules will have to wait for the courts to decide.

Make sure to visit: CapGeneration.com

Advertisements

How to save your privacy from the Internets clutches

Another week, another massive privacy scandal. When it’s not Facebook admitting it allowed data on as many as 87 million users to be sucked out by a developer on its platform who sold it to a political consultancy working for the Trump campaign, or dating app Grindr’ fessing up to sharing its users’ HIV status with third party A/ B testers, some other ugly facet of the tech industry’s love affair with tracking everything its users do slides into view.

Suddenly, Android users discover to their horror that Google’s mobile platform tells the company where they are all the time — thanks to baked-in location tracking bundled with Google services like Maps and Photos. Or Amazon Echo users realise Jeff Bezos’ ecommerce empire has amassed audio recordings of every single interaction they’ve had with their cute little smart speaker.

The problem, as ever with the tech industry’s teeny-weeny greyscaled legalise, is that the people it refers to as “users” aren’t genuinely consenting to having their information sucked into the cloud for goodness knows what. Because they haven’t been given a clear picture of what agreeing to share their data will really mean .

Instead one or two select features, with a mote of user benefit, tend to be presented at the point of sign on — to socially engineer’ consent ‘. Then the company can walk away with a defacto license to perpetually harvest that person’s data by claiming that a consent box was once ticked.

A great instance of that is Facebook’s Nearby Friends. The feature lets you share your position with your friends so — and here’s that shiny promise — you can more easily hang out with them. But do you know anyone who is actively utilizing this feature? Yet millions of people started sharing their exact locating with Facebook for a feature that’s now buried and largely unused. Meanwhile Facebook is actively use your location to track your offline habits in order to be allowed to make money targeting you with adverts.

Terms& Conditions are the biggest lie in the tech industry, as we’ve written before.( And more recently: It was not permission, it was hiding .)

Senator Kennedy of Louisiana also made the point succinctly to Facebook founder Mark Zuckerberg this week, telling him to his face: “Your user agreement sucks .” We couldn’t agree more.

Happily disingenuous T& Cs are on borrowed period — at the least for European tech users, thanks to a new European Union data protection framework that will come into force next month. The GDPR tightens permission requirements — mandating clear and accurate information be provided to users at the point of sign on. Data collection is also more tightly tied to specific function.

From next month, holding onto personal data without a very good reason to do so will be far more risky — because GDPR is also backed up with a regime of supersized fines that are intended to construct privacy regulations much harder to ignore.

Of course U.S. tech users can’t bank on benefiting from European privacy regulations. And while there are now growing calls in the country for legislation to protect people’s data — in a bid to steer off the next democracy-denting Cambridge Analytica scandal, at very least — any such process will take a lot of political will.

It surely will not happen overnight. And you can expect tech giants to fight tooth and nail against laws being drafted and passed — as indeed Facebook, Google and others lobbied ferociously to try to get GDPR watered down.

Facebook has already revealed it will not be universally applying the European regulation — which entails people in North America are likely to get a degree of lower privacy than Facebook users everywhere else in the world. Which doesn’t precisely sound fair.

When it comes to privacy, some of you may think you have nothing to hide. But that’s a straw man. It’s especially hard to defend this line of believing now that big tech companies have attracted so much soft power they can influence elections, inflame conflicts and divide people in general. It’s time to think about the bigger impact to new technologies on the fabric of society, and not just your personal case.

Shifting the balance

So what can Internet users do right now to stop tech giants, advertisers and unknown entities tracking everything you do online — and trying to join the dots of your digital activity to paint a picture of whom they think you are? At least, everything short of moving to Europe, where privacy is a fundamental right.

There are some practical steps you can take to limit day-to-day online privacy dangers by reducing third party access to your information and shielding more of your digital activity from prying eyes.

Not all these measures are appropriate for every person. It’s up to you to determine how much effort you want( or need) to put in to shield your privacy.

You may be happy to share a certain amount of personal data in exchange for access to a certain service, for example. But even then it’s unlikely that the full trade-off has been made clear to you. So it’s worth asking yourself if you’re genuinely getting a good deal.

Once people’s eyes are opened to the fine-grained detail and depth of personal information being harvested, even some very seasoned tech users have reacted with shock — saying they had no idea, for example, that Facebook Messenger was continuously uploading their phone book and logging their calls and SMS metadata.

This is one of the reasons why the U.K.’s information commissioner has been calling for increased transparency about how and why data flows. Because for far too long tech savvy entities have been able to apply privacy hostile actions in the dark. And it hasn’t really been possible for the average person to know what’s being done with their information. Or even what data they are giving up when they click’ I agree’.

Why does an A/ B testing firm wished to know a person’s HIV status? Why does a social network app need continuous access to your call history? Why should an ad giant be able to continuously pin your motions on a map?

Are you really getting so much value from an app that you’re happy for the company behind it and anyone else they partner with to know everywhere you go, everyone you talk to, the stuff you like and look at — even to have a pretty good idea what you’re thinking?

Every data misuse scandal glistens a bit more light on some very murky practises — which will hopefully produce momentum for regulation a modification to sterilize data handling processes and strengthen people’ privacy by spotlighting trade-offs that have zero justification.

With some endeavor — and good online security practises( which we’re taking as a devoted for the purposes of such articles, but one quick tip: Enable 2FA everywhere you can) — you can also make it harder for the web’s lurking watchers to dine out on your data.

Just don’t expect the lengths you have to go to protect your privacy to feel fair or just — the horrible truth is this fight sucks.

But whatever you do, don’t give up.

How to hide on the internet

Action : Tape over all your webcams
Who is this for : Everyone — even Mark Zuckerberg!
How difficult is it : Easy peasy lemon squeezy
Tell me more : You can get fancy removable stickers for this purpose( noyb has some nice ones ). Or you can go DIY and use a little bit of masking tape — on your laptop, your smartphone, even your smart Tv … If your job requires you to be on camera, such as for some conference calls, and you want to look a bit more pro you can buy a webcam encompas. Sadly locking down privacy is rarely this easy .

Action : Install HTTPS Everywhere
Who is this for : Everyone — severely do it
How difficult is it : Mild effort
Tell me more : Many websites offer encryption. With HTTPS, people running the network between your device and the server hosting the website you’re browsing can’t see your petitions and your internet traffic. But some websites still load unencrypted pages by default( HTTP ), which also causes a security risk. The EFF has developed a browser extension that makes sure that you access all websites that offer HTTPS utilizing … HTTPS .

Action : Use tracker blockers
Who is this for : Everyone — except people who like being ad-stalked online
How difficult is it : Mild effort
Tell me more : Trackers refers to a whole category of privacy-hostile technologies designed to follow and record what web users are doing as they move from site to site, and even across different devices. Trackers come in a range of sorts these days. And there are some fairly sophisticated ways of being tracked( some definitely harder to thwart than others ). But to combat trackers being deployed on popular websites — which are probably also building the pages slower to load than they otherwise would be — there’s now a range of decent, user-friendly tracker blockers to choose from. Pro-privacy search engine DuckDuckGo recently added a tracker blocker to their browser extensions, for example. Disconnect.me is also a popular extension to block trackers from third-party websites. Firefox also has a built-in tracker blocker, which is now enabled by default in the mobile apps. If you’re curious and want to see the list of trackers on popular website, you can also install Kimetrak to understand that it’s a widespread issue .

Action: Use an ad blocker
Who is this for : Everyone who can support the moral burden
How difficult is it : Fairly easy these days but you might be locked out of the content on some news websites as a result
Tell me more : If you’ve tried using a tracker blocker, you may have noticed that many ads have been blocked in the process. That’s because most ads load from third-party servers that track you across multiple sites. So if you want to go one step further and block all ads, you should install an ad blocker. Some browsers like Opera come with an ad blocker. Otherwise, we recommend uBlock Origin on macOS, Windows, Linux and Android. 1Blocker is a solid alternative on iOS.
But let’s be honest, TechCrunch attains some fund with online ads. If 100% of web users install an ad blocker many websites you know and love would just go bankrupt. While your individual selection won’t have a material impact on the bottom line, consider whitelisting the sites you like. And if you’re angry at how many trackers your favorite news site is running try emailing them to ask( politely) if they can at least reduce the number of trackers they use .

Action : Make a private search engine your default
Who is this for : Most people
How difficult is it : A bit of endeavor because your search results might become slightly less relevant
Tell me more: Google likely knows more about you than even Facebook does, thanks to the things you tell it when you type queries into its search engine. Though that’s just the tip of how it tracks you — if you use Android it will keep running tabs on everywhere you go unless you opt out of location services. It also has its tracking infrastructure embedded on three-quarters of the top million websites. So chances are it’s following what you’re browsing online — unless you also take steps to lock down your browsing( see below ).
But one major route to limit what Google knows about you is to switch to using an alternative search engine when you need to look something up on the Internet. This isn’t as hard as it used to be as there are some pretty decent alternatives now — such as DuckDuckGo which Apple will let you set as the default browser on iOS — or Qwant for French-speaking users. German users to be able to check out Cliqz. You will also need to remember to be careful about any voice deputies “youre using” as they often default to employing Google to appear stuff up on the web .

Action : Use private browser conferences
Who is this for : Most people
How difficult is it : Not at all if you understand what a private conference is
Tell me more : All browsers on desktop and mobile now let you open a private window. While this can be a powerful tool, it is often misconstrue. By default, private sessions don’t induce you more invisible — you’ll get tracked from one tab to another. But private conferences let you start with a clean slate. Every hour you close your private conference, all your cookies are erased. It’s like you vanish from everyone’s radar. You can then reopen another private session and feign that nobody knows who you are. That’s why using a private conference for weeks or months doesn’t do much, but short private conferences can be helpful .

Action : Use multiple browsers and/ or browser containers
Who is this for : People who don’t want to stop using social media entirely
How difficult is it : Some effort to not get in a muddle
Tell me more : Using different browsers for different online activities can be a good way of separating portions of your browsing activity. You could, for example, use one browser on your desktop computer for your online banking, say, and a different browser for your social networking or ecommerce activity. Taking this approach further, you could use different mobile devices when you want to access different apps. The phase of dividing your browsing across different browsers/ devices is to try to make it harder to link all your online activity to you. That said, lots of adtech endeavour has been put into developing cross-device tracking techniques — so it’s not clear that fragmenting your browsing sessions will successful beat all the trackers.
In a similar vein, in 2016 Mozilla added specific features to its Firefox browser that’s intended to help web users segregate online identities within the same browser — called multi container extensions. This approach gives users some control but it does not stop their browser being fingerprinted and all their web activity in it linked and tracked. It may help reduce some cookie-based tracking, though .
Last month Mozilla also updated the receptacle feature to add one that specifically isolates a Facebook user’s identity from the rest of the web. This limits how Facebook can track a user’s non-Facebook web browsing — which yes Facebook does do, whatever Zuckerberg tried to claim in Congress — so again it’s a way to reduce what the social network giant knows about you.( Though it should also be noted that clicking on any Facebook social plug-ins you encounter on other websites will still send Facebook your personal data .)

Action : Get acquainted with Tor
Who is this for : Activists, people with high risks attached to being tracked online, committed privacy advocates who want to help grow the Tor network
How difficult is it : Patience is needed to use Tor. Also some effort to ensure you don’t accidentally do something that compromises your anonymity
Tell me more : For the most robust sort of anonymous web browsing there’s Tor. Tor’s onion network runs by encrypting and routing your Internet traffic haphazardly through a series of relay servers to make it harder to connect a specific device with a specific online destination. This does mean it’s definitely not the fastest sort of web browsing around. Some sites can also to continue efforts to block Tor users so the Internet experience you get when browsing in this route may suffer. But it’s the best chance of truly preserving your online anonymity. You’ll need to download the relevant Tor browser bundle to utilize it. It’s pretty straightforward to install and get going. But expect very frequent security updates which will also slacken you down .

Action: Switching to another DNS
Who is this for : People who don’t trust their ISP
How difficult is it : Moderately
Tell me more : When you type an address in the address bar( such as techcrunch.com ), your device asks a Domain Name Server to translate that address into an IP address( a unique combination of numbers and dots ). By default, your ISP or your mobile carrier operates a DNS for their users. It means that they can see all your web history. Big telecom companies are going to take advantage of that to ramp up their ad endeavours. By default, your DNS query is also unencrypted and can be intercepted by people running the network. Some governments also ask telecom companies to block some websites on their DNS servers — some countries block Facebook for censorship reasons, others block The Pirate Bay for online piracy reasons .
You can configure each of your device to use another public DNS. But don’t utilize Google’s public DNS! It’s an ad company, so they truly want to see your web history. Both Quad9 and Cloudflare’s 1. 1.1.1 have strong privacy policies. But Quad9 is a not-for-profit organization, so it’s easier to trust them .

Action : Disable locating services
Who is this for : Anyone who feels uncomfortable with the idea of being kept under surveillance
How difficult is it : A bit of attempt discovering and changing puts, and a bit of commitment to stay on top of any’ updates’ to privacy policies which might try to revive location tracking. You also need to be prepared to accept some reduction in the utility and/ or convenience of the service because it won’t be able to automatically customize what it shows you based on your location
Tell me more : The tech industry is especially keen to keep tabs on where its users are at any given moment. And thanks to the smash hit success of smartphones with embedded sensors it’s never been easier to pervasively track where people are running — and therefore to deduce what they’re doing. For ad targeting intents locating data is highly valuable of course. But it’s also enormously intrusive. Did you just visit a certain type of health clinic? Were you carrying your telephone loaded with location-sucking apps? Why then it’s trivially easy for the likes of Google and Facebook to connect your identity to that trip — and connect all that intel to their ad networks. And if the social network’s platform isn’t adequately “locked down” — as Zuckerberg would put it — your private datum might leak and end up elsewhere. It could even get passed around between all sorts of unknown entities — as the up to 87M Facebook profiles in the Cambridge Analytica scandal appear to have been.( Whistleblower Chris Wylie has said that Facebook data-set went “everywhere” .)
There are other potential risks too. Insurance premiums being assessed based on covertly collected data inputs. Companies that work for government agencies use social media info to try to remove benefits or even have people deported. Location data can also influence the types of adverts you watch or don’t consider. And on that front there’s a risk of discrimination if specific types of ads — jobs or housing, for example — don’t get served to you because you happen to be a person of colouring, say, or a Muslim. Excluding certain protected groups of people from adverts can be illegal — but that hasn’t stopped it happening multiple times on Facebook’s platform. And locating can be a key signal that underpins this kind of prejudicial discrimination .
Even the prices you are offered online can depend on what is being inferred about you via your motions. The bottom line is that everyone’s personal data is being made to carry a lot of baggage these days — and the majority of members of the time it’s almost impossible to figure out exactly what that unasked for luggage might necessitate when you consent to letting a specific app or service track where you go .
Pervasive tracking of locating at very least dangers putting you at a disadvantage as a consumer. Surely if you live somewhere without a proper regulatory framework for privacy. It’s also worth bearing in mind how lax tech giants can be where locating privacy is concerned — whether it’s Uber’s infamous ‘god view’ tool or Snapchat leaking schoolkids’ location or Strava accidentally exposing the locations of military basis. Their record is pretty terrible .
If you really can’t be bothered to go and hunt down and switch off every location defining one fairly crude action you can take is to buy a faraday enclosure carry case — Silent Pocket makes an extensive line of carry lawsuits with embedded wireless shielding tech, for instance — which you can pop your smartphone into when you’re on the move to isolate it from the network. Of course once you take it out it will instantaneously reconnect and locating data is likely to be passed again so this is not going to do very much on its own. Nixing location tracking in the sets is much more effective .

Action : Approach VPNs with extreme caution
Who is this for : All web users — unless free Internet access is not available in your country
How difficult is it : No additional effort
Tell me more : While there may be periods when “youre feeling” tempted to sign up and use a VPN service — tell, to try to circumvent geoblocks so you can stream video content that’s not otherwise available in your country — if you do this you should assume that the service provider will at very least be recording everything you’re doing online. They may choose to sell that info or even steal your identity. Many of them promise you perfect privacy and great terms of service. But you can never is well known if they’re actually doing what they say. So the rule of thumb about all VPNs is: Assume zero privacy — and avoid if at all possible. Facebook even has its own VPN — which it’s been aggressively pushing to users of its main app by badging it as a security service, with the friendly-sounding name’ Protect’. In reality the company wants you to use this so it can way what other apps you’re utilizing — for its own business intelligence intents. So a more accurate name for this’ service’ would be:’ Protect Facebook’s stranglehold on the social web’ .

Action : Build your own VPN server
Who is this for : Developers
How difficult is it : You need to be comfortable with the Terminal
Tell me more : The only VPN server you can trust is the one you construct yourself! In that case, VPN servers can be a great tool if you’re on a network you don’t trust( a hotel, a meeting or an office ). We recommend using Algo VPN and a hosting provider you trust .

Action : Take care with third-party keyboard apps
Who is this for : All touchscreen device users
How difficult is it : No additional effort
Tell me more : Keyboard apps are a potential privacy minefield given that, if you permit cloud-enabled features, they can be in a position to suck out all the information you’re typing into your device — from passwords to credit card numbers to the private contents of your messages. That’s not to say that all third-party keyboards are keylogging everything you type. But the risk is there — so you need to be very careful about what you choose to use. Security is also key. Last year, sensitive personal data from 31 M+ users of one third-party keyboard, AI.type, leaked online after the company had failed to properly secure its database server, as one illustrative instance of the potential risks .
Google knows how powerful keyboards can be as a data-sucker — which is why it got into the third-party keyboard game, outing its own Gboard keyboard app first for Apple’s iOS in 2016 and later bringing it to Android. If you use Gboard you should know you are handing the adtech giant another firehose of your private datum — though it claims that merely search queries and “usage statistics” are sent by Gboard to Google( The privacy policy further specifies: “Anything you type other than your searches, like passwords or chats with friends, isn’t sent. Saved terms on your device aren’t sent.” ). So if you believe that Gboard is not literally a keylogger. But it is watching what you search for and how you use your phone.
Also worth remembering: Data will still be passed by Gboard to Google if you’re utilizing an e2e encrypted messenger like Signal. So third party keyboards can erode the protection afforded by robust e2e encryption — so again: Be very careful what you use .

Action : Use end-to-end encrypted messengers
Who is this for : Everyone who can
How difficult is it : Mild effort unless all your friends are using other messaging apps
Tell me more : Choosing friends based on their choice of messaging app isn’t a great alternative so real world network impacts can often work against privacy. Indeed, Facebook uses the fuzzy impressions you have about your friends to manipulate Messenger users to consent to continuously uploading their phone contacts, by suggesting you have to if you want to talk to your contacts.( Which is, by the by, solely bogus .)
But if everything your friends use a messaging app that does not have end-to-end encryption opportunities are you’ll feel forced to use that same non-privacy-safe app too. Dedicated that the other alternative is to exclude yourself from the digital chattering of your friend group. Which would clearly suck.
Facebook-owned WhatsApp does at the least have end-to-end encryption — and is widely used( certainly internationally ). Though you still need to be careful to opt out of any privacy-eroding terms the company tries to push. In summertime 2016, for example, a major T& Cs change sought to link WhatsApp users’ accounts with their Facebook profiles( and thus with all the data Facebook holds on them) — as well as sharing sensitive stuff like your last insured status, your address volume, your BFFs in Whatsapp and all sorts of metadata with Zuck’s’ family’ of companies. Thankfully most of this privacy-hostile data sharing has been suspended in Europe, after Facebook got in trouble with local data protection bureaux.

Action : Use end-to-end encryption if “youre using” cloud storage
Who is this for : Dedicated privacy practitioners, anyone worried about third party accessing their stuff
How difficult is it : Some endeavour, especially if you have lots of content stored in another service that you need to migrate
Tell me more : Dropbox IPO’d last month — and the markets signalled their approval of its business. But someone who doesn’t approve of the cloud storage giant is Edward Snowden — who in 2014 advised: “Get rid of Dropbox”, arguing the company is hostile to privacy. The problem is that Dropbox does not offer zero access encryption — because it retains encryption keys, meaning it can technically decrypt and read the data you store with it if it decides it needs to or is served with a warrant .
Cloud storage alternatives that do offer local encryption with no access to the encryption keys are available, such as Spideroak. And if you’re looking for a cloud backup service, Backblaze also offers the option to let you manage the encryption key. Another workaround if you do still want to use a service like Dropbox is to locally encrypt the stuff you want to store before you upload it — use another third party service such as Boxcryptor .

Action : Use an end-to-end encrypted email service
Who is this for : Anyone who wants to be sure their email isn’t being data mined
How difficult is it : Some effort — largely around migrating data and/ or contacts from another email service
Tell me more : In the middle of last year Google eventually announced it would no longer be data-mining the emails inside its Gmail free email service.( For a little perspective on how long it took to give up data-mining your emails, Gmail launched all the way back in 2004.) The company likely feels it has more than enough alternative data points feeding its user profiling at this point. Plus data-mining email with the rise of end-to-end encrypted messaging apps risks pushing the company over the’ creepy line’ it’s been so keen to avoid to try to stave off the kind of privacy backlash currently engulfing Facebook .
So does it mean that Gmail is now 100% privacy safe? No, because the service is not end-to-end encrypted. But there are now some great webmail clients that do offer robust end-to-end encryption — most notably the Swiss service Protonmail. Really it’s never been easier to access a reliable, user-friendly, pro-privacy email service. If you want to go one step further, you should set up PGP encryption keys and share them with your contacts. This is a lot more difficult though .

Action : Choose iOS over Android
Who is this for : Mainstream customers, Apple fans
How difficult is it : Depends on the person. Apple hardware is generally more expensive so there’s a cost premium
Tell me more : No connected technology is 100% privacy safe but Apple’s hardware-focused business model means the company’s devices are not engineered to try to harvest user data by default. Apple does also invest in developing pro-privacy technologies. Whereas there’s no getting around the fact Android-maker Google is an adtech giant whose revenues depend on profiling users in order to target web users with adverts. Basically the company needs to suck your data to make a fat gain. That’s why Google asks you to share all your web and app activity and place history if you want to use Google Assistant, for instance .
Android is a most open platform than iOS, though, and it’s possible to configure it in many different ways — some of which can be more locked down as regards privacy than others( the Android Open Source Project can be customized and used without Google services as default preloads, for example ). But doing that kind of configuration is not going to be within reach of the average person. So iOS is the obvious choice for mainstream customers .

Action : Delete your social media accounts
Who is this for : Committed privacy devotees, anyone with public sharing
How difficult is it : Some endeavor — mostly feeling like you’re going to miss out. But third party services can sometimes require a Facebook login( a workaround for that would be to create a dummy Facebook account purely for login purposes — employing a name and email you don’t use for anything else, and not connecting it to your usual mobile phone number or adding anyone you actually know IRL)
Tell me more : Deleting Facebook clearly isn’t for everyone. But ask yourself how much “youre using” it these days anyway? You might find yourself realise it’s not really that central to what you do on the Internet after all. The center of gravity in social networking has changed away from mass public sharing into more tightly curated friend groups anyway, thanks to the popularity of messaging apps .
But of course Facebook owns Messenger, Instagram and WhatsApp too. So ducking out of its surveillance dragnet entirely is especially hard. Ideally you would also need to run tracker blockers( see above) as the company ways non-Facebook users around the Internet via the pixels it has embedded on lots of popular websites .
While getting rid of your social media accounts is not a privacy panacea, removing yourself from mainstream social network platforms at least reduces the risk of a chunk of your personal info being scraped and used without your say so. Though it’s still not absolutely guaranteed that when you delete an account the company in question will faithfully remove all your information from their servers — or indeed from the servers of any third party they shared your data with .
If you really can’t bring yourself to ditch Facebook( et al) solely, at least dive into the defines and make sure you lock down as much access to your data as you can — including checking which apps have been connected to your account and removing any that aren’t relevant or useful to you anymore .

Action : Say no to always-on voice deputies
Who is this for : Anyone who values privacy more than gimmickry
How difficult is it : No real effort
Tell me more : There’s a rash of smart speaker voice deputies on store shelves these days, marketed in such a way that suggests they’re a whole lot smarter and more useful than they actually are. In reality they’re most likely to be used for playing music( albeit, audio quality can be very poor) or as very expensive egg timers.
Something else the PR for gadgets like Amazon’s( many) Echos or Google Home doesn’t mention is the massive privacy trade off involved with installing an always-on listening device inside your home. Essentially these devices function by streaming whatever you ask to the cloud and will typically store records of things you’ve said in perpetuity on the companies’ servers. Some do offer a delete alternative for stored audio but you would have to stay on top of deleting your data as long as you keep using the device. So it’s a tediously Sisyphean chore. Smart speakers have also been caught listening to and recording things their owner didn’t actually want them to — because they got activated by collision. Or when someone on the TV utilized the trigger word .
The privacy risks around smart speakers are clearly very large indeed. Not least because this type of personal data is of obvious and inevitable interest to law enforcement departments. So ask yourself whether that fake fart dispenser gizmo you’re giggling about is really worth the trade off of inviting all sorts of foreigners to snoop on the goings on inside your home .

Action : Block some network requests
Who is this for : Paranoid people
How difficult is it : Need to be tech savvy
Tell me more : On macOS, you can install something called Little Snitch to get an alert every time an app tries to talk with a server. You can approve or reject each request and create rules. If you don’t want Microsoft Word to talk with Microsoft’s servers all the time for instance, it’s a good answer — but is not really user friendly .

Action : Use a privacy-focused operating system
Who is this for : Edward Snowden
How difficult is it : Need to be tech savvy
Tell me more : If you really wishes to lock everything down, you should consider using Tails as your desktop operating system. It’s a Linux distribution that leaves no tracing by default, uses the Tor network for all network requests by default. But it’s not exactly user friendly, and it’s quite complicated to install on a USB drive. One for those whose menace model really is’ bleeding edge’ .

Action : Write to your political reps to demand stronger privacy laws
Who is this for : Anyone who cares about privacy, and especially Internet users in North America right now
How difficult is it : A bit of effort
Tell me more : There appears to be bipartisan appetite among U.S. lawmakers to bring in some kind of regulation for Internet companies. And with new tougher regulations coming in in Europe next month it’s an especially opportune moment to push for change in the U.S. where web users are facing reduced standards vs international users after May 25. So it’s a great time to write to your reps reminding them you’re far more interested in your privacy being protected than Facebook winning some kind of surveillance arms race with the Chinese. Tell them it’s past period for the U.S. to draft laws that prioritize the protection of personal data .

Action : Throw away all your connected devices — and opt your friends wisely
Who is this for : Fugitives and whistleblowers
How difficult is it : Privacy doesn’t get harder than this
Tell me more : Last month the former Catalan president, Carles Puigdemont — who, in October, dodged arrest by the Spanish authorities by fleeing to Brussels after the region’s abortive attempt to declare independence — was arrested by German police, after crossing the border from Denmark in a auto. Spanish intelligence agents had reportedly tracked his movements via the GPS on the mobile device of one or more of his friends. The vehicle had also been fitted with a tracker. Trusting anything not to snitch on you is a massive risk if your menace model is this high. The problem is you also need trustworthy friends to help you stay ahead of the surveillance dragnet that’s out to get you .

Action : Ditch the Internet solely
Who is this for : Fugitives and whistleblowers
How difficult is it : Privacy doesn’t get harder than this
Tell me more: Public administrations can ask you to do pretty much everything online these days — and even if it’s not mandatory to use their Internet service it can be incentivized in various ways. The direction of traveling for government services is clearly digital. So eschewing the Internet solely is get harder and harder to do .
One wild card option — that’s still not a full Internet alternative( yet) — is to use a different type of network that’s being engineered with privacy in intellect. The experimental, decentralized MaidSafe network fits that bill. This majorly ambitious project has already clocked up a decade’s worth of R& D on the founders’ mission to rethink digital connectivity without compromising privacy and security by doing away with servers — and decentralizing and encrypting everything. It’s a fascinating project. Just sadly not yet a fully-fledged Internet alternative .

Make sure to visit: CapGeneration.com

Google loses landmark ‘right to be forgotten’ case

Businessman wins legal action to force removal of search results about past conviction

A businessman has won his legal action to remove search results about war criminals conviction in a landmark” right to be forgotten” occurrence that could have wide-ranging repercussions.

The ruling was make use of Mr Justice Warby in London on Friday. The magistrate repudiated a similar claim brought by a second industrialist who was jailed for a more serious offence.

The claimant who lost, referred to only as NT1 for legal reasons, was convicted of conspiracy to account falsely in the late 1990 s; the claimant who won, known as NT2, was convicted more than 10 years ago of conspiracy to intercept communications. NT1 was jailed for four years, while NT2 was jailed for six months.

Granting an appeal in the case of NT1, the judge added:” It is quite likely that there will be more claims of this kind, and the fact that NT2 has succeeded is likely to reinforce that .”

Both men demanded that Google remove search results mentioning the cases for which they were convicted. These include links to web pages published by a national newspaper and other media. Google refused their request and the men took the company to the high court.

The decision in NT2′ s favour could have implications for other convicted crooks and those who want embarrassing narratives about them erased from the web. Warby ruled out any injuries payment, however.

Explaining his decision, the judge said NT1 continued to mislead the public, whereas NT2 had shown repentance. He also took into account the submission that NT2′ s conviction did not fear actions taken by him in relation to” consumers, clients or investors”, but rather in relation to the intrusion of privacy of third parties.

” There is not[ a] plausible suggestion … that there is a risk that this wrongdoing will be repeated by the claimant. The datum is of scant if any apparent relevance to any record-keeping activities that he seems likely to engage in ,” the magistrate added.

He said his key conclusion in its relationship with NT2′ s claim was that” the crime and punishment information has become out of date, irrelevant and of no sufficient legitimate interest to users of Google search to justify its continued availability “.

In the case of NT1, however, the judge was scathing about the claimant’s stance since leaving prison.” He has not accepted his remorse, has misled the public and this court, and depicts no compunction over any of these matters ,” he said.

” He remains in business, and the information serves the purpose of minimising the risk that he will continue to misinform, as he has in the past. Delisting would not erase the information from the record wholly, but it would make it much harder to find .”

In 2014 the European court of justice( ECJ) ruled that “irrelevant” and outdated data should be erased on request. Since then, Google has received requests to remove at the least 2.4 m connections from search results. Search engine firms can repudiate applications if they believe the public interest in accessing the information outweighs a right to privacy.

At a high court hearing in February, Hugh Tomlinson QC, representing NT1, told the high court that the visibility of the articles on the search engine caused” distress and upset” to his client.

Tomlinson, who is also chairman of the press regulation campaign group Hacked Off, told the court the businessman was not a public figure and now made a living from commercial lending and funding a property developer.

” Before anyone gratifies a new person these days they Google them ,” Tomlinson told. He added that many people engaged in misdeeds when they were young and if the misdeeds were constantly brought to the attention of others then they would permanently have a negative effect.

NT1′ s sentence was now expend, Tomlinson continued, and the law was designed to allow for the rehabilitation of wrongdoers so they could go on to lead normal lives.

But Antony White QC, representing Google, argued the ECJ’s” right to be forgotten” ruling was ” not a right to rewrite history or … tailor your past if that’s what this claimant would like to use it for “.

White said the business malpractice that gave rise to NT1′ s sentence was ” serious and sustained “.

NT2, in a separate hearing, also argued that his conviction was legally spent and he therefore had a right to be forgotten. Google defied taking down search results linking to articles including reports on his financial affairs, his conviction and interviews given by him several years later containing his account of the circumstances surrounding his conviction.

A Google spokesperson said:” We work hard to comply with the right to be forgotten, but we take great care not to remove search results that are in the public interest and will defend the public’s right to access lawful info. We are pleased that the court recognised our efforts in this area, and we will respect the judgments they have built in this case .”

Make sure to visit: CapGeneration.com

A radical proposal to keep your personal data safe | Richard Stallman

The surveillance imposed on us today is worse than in the Soviet Union, tells president of the Free Software Foundation, Richard Stallman

Journalists have been asking me whether the revulsion against the misuse of Facebook data could be a turning point for the campaign to regain privacy. That could happen, if the public induces its campaign broader and deeper.

Broader, entailing extending to all surveillance systems , not only Facebook. Deeper, meaning to advance from regulating the use of data to regulating the accumulation of data. Because surveillance is so pervasive, restoring privacy is inevitably a big change, and requires powerful measures.

The surveillance imposed on us today far outstrips that of the Soviet Union. For freedom and democracy’s sake, we need to eliminate most of it. There are so many ways to use data to hurt people that the only safe database is the one that was never collected. Thus, instead of the EU’s approach of mainly governing how personal data may be used( in its General Data Protection Regulation or GDPR ), I propose a law to stop systems from collecting personal data.

The robust style to do that, the style that can’t be set aside at the whim of a government, is to require systems to be built so as not to collect data about a person. The basic principle is that a system must be designed not to collect certain data, if its basic function can be carried out without that data.

Data about who travels where is particularly sensitive, because it is an ideal basis for repressing any chosen target. We can take the London develops and buses as a case for study.

The Transport for London digital pay card system centrally records the journeys any given Oyster or bank card has paid for. When a passenger feeds the card digitally, the organizations of the system associates the card with the passenger’s identity. This adds up to complete surveillance.

I expect the transport system can justify this practice under the GDPR’s regulations. My proposal, by contrast, would require the system to stop tracking who runs where. The card’s basic function is to pay for transport. That can be done without centralising that data, so the transport system would have to stop doing so. When it accepts digital pays, it is appropriate to do so through an anonymous pay system.

Frills on the system, such as the feature of letting a passenger review the listing of past journeys, are not part of the basic function, so they can’t justify incorporating any additional surveillance.

These additional services could be offered separately to users who request them. Even better, users could use their own personal systems to privately track their own journeys.

Black cabs demonstrate that a system for hiring vehicles with drivers does not need to identify passengers. Hence such systems should not be allowed to identify passengers; they should be required to accept privacy-respecting cash from passengers without ever trying to identify them.

However, convenient digital payment systems can also protect passengers’ anonymity and privacy. We have already developed one: GNU Taler. It is designed to be anonymous for the payer, but payees are always identified. We designed it that way so as not to facilitate tax dodging. All digital pay systems should be required to defend anonymity utilizing this or a similar method.

What about security? Such systems in areas where the public are acknowledged must be designed so they cannot track people. Video cameras should make a local recording that can be checked for the next few weeks if international crimes pass, but should not allow remote viewing without physical collection of the recording. Biometric systems should be designed so they are recognise people on a court-ordered list of suspects, to respect the privacy rights of the rest of us. An unjust nation is more dangerous than terrorism, and too much security encourages an unjust state.

The EU’s GDPR regulations are well-meaning, but do not run very far. It will not deliver much privacy, because its rules are too lax. They permit collecting any data if it is somehow useful to the system, and it is easy to come up with a way to make any particular data useful for something.

The GDPR stimulates much of requiring users( in some cases) to give consent for the collection of their data, but that doesn’t do much good. System designers had now become expert at manufacturing permission( to repurpose Noam Chomsky’s phrase ). Most users consent to a site’s words without reading them; a company that required users to trade their first-born infant got permission from plenty of users. Then again, when a system is crucial for modern life, like buses and trains, users ignore the terms because refusal of consent is too painful to consider.

To restore privacy, we must stop surveillance before it even asks for consent.

Finally, don’t forget the software in your own computer. If it is the non-free software of Apple, Google or Microsoft, it spies on you regularly. That’s because it is controlled by a company that won’t hesitate to spy on you. Companies tend to lose their scruples when that is profitable. By contrast, free( libre) software is controlled by its users. That user community keeps the software honest.

* Richard Stallman is president of the Free Software Foundation, which launched the development of a free/ libre operating system GNU

Copyright 2018 Richard Stallman. Released under Creative Commons NoDerivatives License 4.0

Make sure to visit: CapGeneration.com

Tim Cook hits Facebook again over privacy concerns

Tim Cook took a transgres from criticizing Facebookon Tuesday to present the next step in Apple’s big education schemes. But the CEO is back at it. Sitting down with MSNBC and Recode at a town hall event, Cook was once again requested information about consumer privacy following the completion of fallout over Facebook’s Cambridge Analytica quagmire.

Cook interviews that while he believed self-regulation is best in the case of these tech giants, “I think we’re beyond that.” Asked what he would do, were he in Zuckerberg’s position, he added, simply, “I wouldn’t be in this situation.”

The executive has never shied away from blaming Facebook, of course. In 2015, he indirectly blamed the approach of internet companies like Google and Facebook, stating “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s incorrect. And it’s not the kind of company that Apple wants to be.”

Just this weekend, he echoed that statement, with a more direct jab at Facebook, in accordance with the Cambridge Analytica revelations, telling the audience at a conference in China, “The ability of anyone to know what you’ve been browsing about for years, who your contacts are, who their contacts are, things you like and detest and every intimate detailed descriptions of their own lives — from my own point of view it shouldn’t exist.”

Cook echoed those statements onstage this week, adding, “The truth is, we could make a ton of fund if we monetized our client — if our client was our product. We’ve elected not to do that.”

The company reflected that sentiment in an updated privacy policy posted back in January, explaining that,

Apple believes privacy is a fundamental human right, so every Apple product is designed to:

Use on-device processing wherever possible

Limit the collect and use of data

Provide transparency and control over your information

Build on a strong foundation of security

Facebook makes its privacy, data downloading and deletion settings easier to find

With Facebook facing a wave of public backlash over how it has handled user data over the years — a backlash that was kicked off two weeks ago with the revelation that data analytics firm Cambridge Analytica had worked on targeted electoral campaign employing personal and private Facebook data — the company today announced a new situated of changes to help users find and change their privacy defines, as well as download and delete whatever data has been collected through Facebook’s network of social media services.

To be clear, many of these settings and features already existed in Facebook, but now Facebook is attaining them significantly clearer for the average user to detect and use. It’s possible that Facebook would have had to do a lot of this work anyway in light of the new GDPR requirements that are coming into place in Europe.

What today’s changes do not do is provide any indications that Facebook plans to do anything different in terms of what information it’s gathering and using to run its service, and its bigger, profitable business.( Indeed, even upcoming a modification to its terms of service, which will include more clarity on Facebook’s data policy, will contain no changes in it, the company says:” These updates are about transparency- not about gaining new rights to collect, use, or share data ,” writes Erin Egan, Facebook’s chief privacy officer .)

We’ve seen a lot of people already downloading their Facebook data in the last week or so( without today’s update ), and the impression you get is that they are generally arriving away shocked by the amount of information that had been amassed through Facebook’s various apps across web and mobile. That in itself — combined with more scrutiny from regulators over how data is collected, utilized, and shared, and bigger changes that Facebook is inducing in terms of how it works with third-party apps that connect into the Facebook platform( which CEO Mark Zuckberg announced last week) — will hopefully lead to more meaningful changes on that front.

For the time being, however, the main idea here is that if you choose to stay and use Facebook, caveat emptor, and proceed armed with more control. Facebook highlights several areas where changes are being put in place 😛 TAGEND

User controls. Facebook said that it has redesigned its situates menu for mobile, consolidating all of the primary controls on one screen. This is already a significant change, given that previously they were spread across 20: a gating factor that would have meant it was hard to find what you were trying to change, or perhaps leading many to give up altogether. It’s also inducing it clear what can and cannot be shared with apps, specifically:” We’ve also cleaned up outdated settings so it’s clear what information can and can’t be shared with apps ,” writes Egan. The fact that it seems there were some out of date parts in the menus highlights that this might not have been Facebook’s biggest priority up to now. Privacy shortcuts. For those who don’t want to dive into their sets, Facebook said it is also going to put in a new item into its menu, immediately linking users to privacy defines. Privacy Shortcuts, Facebook said, will come by way of a few taps and will let people add in two-factor authentication; composite access to what you’ve shared via Facebook with the option of deleting if you choose; controls for your ad decideds, which will also include an explanation of how ads work on Facebook for those who might want to know more; and a link to help you control what and how you share on the site — that is, the define of” populace, friends merely, and friends of friends .” Again, that control has been in place for years already at Facebook, but many don’t know how to access it, or what it entails. Putting it a bit more front and center might change that. Downloading and deleting Facebook data. The objective here is to make it easier for people to do both if they want. Access Your Information will be a secure connect that people can use to collect this, and it will make it easier for people to do both. Will the ease and openness make it less likely that users will decide to leave Facebook wholly? That remains to be seen.

Cambridge Analytica parent company had access to secret MoD information

Defence ministry praised SCL for developing it devoted to psychological warfare group, papers show

SCL, Cambridge Analytica’s parent company, had access to secret UK information and was singled out for kudo by the UK Ministry of Defence for the training it provided to a psychological operations warfare group, according to documents released by MPs.

An endorsement from an official at the 15 UK Psychological Operations Group dated January 2012 concluded that they would” have no hesitation in inviting SCL to tender for further contracts of this nature “.

The document also noted that SCL was permitted to have” routine access to secret information” and delivered a training program that included a” categorized case study from current operations in Helmand” in Afghanistan.

The official British note of approval are members of more than 100 pages of documents handed over to the digital, media, culture and sport select committee by Cambridge Analytica whistleblower Christopher Wylie earlier the coming week, following an oral hearing that lasted nearly four hours.

Another of the documents released by the MPs is a confidential legal memo dated July 2014, which says it was sent to Steve Bannon, the former Trump adviser and Breitbart CEO, and Rebekah Mercer, the daughter of Trump backer and hedge fund billionaire Robert Mercer. It was also sent to Alexander Nix, the CEO of Cambridge Analytica.

The author’s name and firm is redacted, but the memoranda discusses how far Cambridge Analytica and its executives could participate in US elections, given that donations and contributions by foreign nationals are banned.

Cambridge Analytica hit the headlines after it was revealed that data had been harvested for it from 50 m Facebook profiles without the users’ permission.

The document notes that the company, formed in June 2014, could participate as a vendor to new technologies as long as Nix, a Briton, was ” recused from the substantive management of any such clients involved in US elections “.

At the parliamentary hearing on Tuesday, Wylie noted that Vote Leave had expended PS2. 7m with a digital marketing firm called AggregateIQ, and said it had previously undisclosed links to Cambridge Analytica/ SCL.

The documents released include:

* A brochure promising to create US electoral campaign tools in 2014 that was ” prepared for SCL elections by AggregateIQ Data Services” at a cost of more than $500,000 employing” modelling data” from SCL to target 100 million or more Americans.

* A services agreement between AggregateIQ and SCL to support that work, listing a schedule of monthly payments, although the document released is not signed.

* A separate contract for run dated November 2013, in which AggregateIQ agrees to work for SCL Elections UK, and which is signed by company AggregateIQ’s chief executive, Zack Massingham, and its chief technology policeman, Jeff Silvester, to work on a political campaign in Trinidad and Tobago.

Wylie had told MPs it was striking that Vote Leave and three other pro-Brexit groups- BeLeave, which targeted students; Veterans for Britain, and Northern Ireland’s Democratic Unionist party- all used the services of AggregateIQ to help target voters online. He accused the leave campaign of “cheating” to win the referendum because Vote Leave donated PS625, 000 to BeLeave, which in turn expended the money on AggregateIQ. The donation permitted Vote Leave to stay within its PS7m legal limit.

AggregateIQ has denied it is linked to Cambridge Analytica. Silvester told the Hour Colonist:” AggregateIQ has never been, and is not a part of, Cambridge Analytica or[ its mother firm] SCL. AggregateIQ has never entered into a contract with Cambridge Analytica .”

However, Wylie told MPs on Tuesday that the corporate structures were designed to be confusing and guarantees to regulators could not always keep up with what was going on.

Make sure to visit: CapGeneration.com

Beware the smart toaster: 18 tips for surviving the surveillance age

Weve gone a long way since the web was just a fun place to share cat gifs now its a place mostly dedicated to finding and selling your personal info. Heres what you need to know in this new era

On the internet, the adage runs , nobody knows you’re a puppy. That joke is merely 15 years old, but seems as if it is from an entirely different era. Once upon a day the internet was associated with anonymity; today it is synonymous with surveillance. Not merely do modern technology companies know full well you’re not a dog( not even an extremely precocious poodle ), they know whether you own a dog and what sort of dog it is. And, based on your preferred category of canine, they can go a long way to inferring- and influencing – your political views.

Just over a week ago, the Observer transgressed a tale about how Facebook had failed to protect the personal information of tens of millions of its users. The revelations sparked a #DeleteFacebook motion and some people downloaded their Facebook data before removing themselves from the social network. During this process, many of these users were shocked to consider just how much intel about them the internet behemoth had accumulated. If “youre using” Facebook apps on Android, for example- and, even unknowingly, dedicated it permission- it seems the company has been collecting your call and text data for years.

It’s not me, it’s you! So Facebook protested, following the completion of widespread anger about its data-collection practises. You acquiesced to our opaque privacy policies. You agreed to let us mine and monetise the minutiae of your existence. Why are you so upset?

Facebook’s surprise at our outrage is not unreasonable. For years, technology companies have faced very little scrutiny as they mushroomed in sizing and power. Ultimately, however, the tide is turning. We seem to have reached a watershed moment when it comes to public attitudes towards the use of our private datum. We are more aware of a consequence of our online behaviour than ever before.

Awareness of our digital footprint is one thing, but what are we to do about it? In the wake of the Facebook revelations, it’s clear that we can’t all keep clicking as usual if we value our privacy or our republic. It’s still comparatively early in the internet era and we are all still figuring it out as we go along. However, best practises when it comes to security and online etiquette are starting to emerge. Here’s a guide to some of the new rules of the internet.

1. Download all the information Google has on you

You may well have downloaded your Facebook data already; it has become something of a trend in recent days. Now take a look at what Google has on you. Run to Google’s “Takeout” tool and download your data from the multiple Google products “youre supposed to” use, such as Gmail, Maps, Search and Drive. You’ll get sent a few enormous files that contain information about everything from the YouTube videos you have watched, your search history, your place history and so on. Once you’ve seen just how much information about you is in the cloud, you may want to go about deleting it. I highly recommend deleting your Google Maps history, for a start, unless you are particularly eager to have a detailed online record of everywhere you have ever been. You may also want to stop Google from tracking your place history. Sign in to Google, open Maps, then click on “timeline” in the menu. At the bottom, there’s an option to manage your place history.

2. Try not to let your smart toaster take down the internet .

These days you can buy a “smart” version of just about anything. There are connected toasters, which let you personalise your toast puts and advise your phone when your breakfast is ready. There are Bluetooth-enabled forks, which vibrate when you are eating too quickly. There are internet-connected umbrellas, which alert you if it looks like it’s going to rainfall. There are even smart tampons, which let you monitor your flow.

Not merely are most of these contraptions unnecessary and expensive, most of them have shoddy security and are a liability. In 2016, for example, hackers created a zombie army of internet-connected devicesand used them to take down most areas of the internet, including sites such as Netflix, Facebook, Spotify and the Guardian. So think twice about whether you really need to buy that fancy connected contraption. There’s enough to worry about today without having to wonder if your toaster is plotting against you.

3. Ensure your AirDrop decideds are dick-pic-proof

If you are an iPhone user, turn off your AirDrop function while in a public place or limit it to contacts. This stops strangers on the train from sending you unsolicited dick pics via AirDrop, which is a thing that actually happens because of course it does.

4. Secure your old Yahoo account

You may have an old email account “youve never” use any more and can’t be bothered to delete. That email account is a treasure trove of personal information just waiting to be hacked; indeed, if it’s a Yahoo account it was hacked in 2013. You don’t need inevitably to delete your old account but you should secure it. Change the password and turn on two-step verification. Make sure you’ve disconnected any linked services( such as cloud storage) in your settings.

5. 1234 is not an acceptable password

Nor is “password”. Nor is “monkey”- which, for some reason, is one of the most popular passwords there is. The more secure passwords are very long ones, so start thinking in terms of “passphrases” instead of password. For example, “nomonkeyisnotagoodpassword” would take a computer 128 undecillion years to crack.

6. Check if you have been pwned

“Pwned” is internet-speak for, among other things, having your email account compromised in a data breach. It’s a good idea to check this regularly. Simply go to haveibeenpwned.com, enter your email address, and the website will let you know if and when your details have been compromised so you can take appropriate action such as changing your password.

7. Be aware of personalised pricing

We’re all familiar with dynamic pricing- the vexing route in which airline ticket prices fluctuate according to supply and demand. Increasingly, however, we’re insuring the rise of” personalised pricing “~ ATAGEND, as retailers analyse our data to gauge how much we’re likely to pay and charge us accordingly. Uber, for example, knows that you’re more likely to pay surge pricing if your telephone battery is about to die– although they assert not to have acted on the information collected. And Staples has displayed different costs to clients based on their location. It’s hard to know just how widespread personalised pricing is as retailers are understandably discreet about it. However, you should assume that it’s happening. So, before making a big purchase online you might want to see if use a different device or utilizing the incognito or private mode in your browser has any effect on the price. There are also tools you can download that let you spoof your place. It’s the modern equivalent of haggling.

8. Say hi to the NSA guy spying on you via your webcam

Even scares need a little social interaction.

9. Turn off notifications for anything that’s not another person speaking immediately to you

Sometimes this will be easy: is it a single-player game? It doesn’t need notifications at all. You can find out if you’ve got more gems, or extra energy- or whatever other fake currency the game hopes you are able to am worried about- in your own time , not when it wants to drive your involvement. Other times, this will be harder. Instagram’s rubbish-” a famous puppy simply posted a picture that received 12 likes”- can be turned off, but you’ll have to dig down in the puts to find it. Are there exceptions? Sure. The odd breaking news alert never hurt anyone, and maybe you really do want to let Duolingo prod you to practise your Spanish. But if you would be annoyed by a robot calling you up to tell you something, why are you letting it interrupt your thought process in another way?

10. Never put your kids on the public internet

Maybe it’s fine to upload pics to a shared( private) photo album, or mention their day in a group DM. But if it’s public, Google can find it. And if Google can find it, it’s never going away. How are you going to tell your child in 16 years’ time that they can’t get a drivers’ licence because Daddy set a high-res photo of their iris online when they were two and now they trip-up alarms from here to Mars?

11. Leave your phone in your pocket or face down on the table when you’re with friends

Unless you want to signal, repeatedly and obviously:” I would rather be hanging with someone else than you .”

12. Sometimes it’s worth merely wiping everything and starting over

Your phone, your tweets, your Facebook account: all of these things are temporary. They will pass. Free yourself from an preoccupation with digital hoarding. If you wipe your telephone every year, you learn which apps you need and which are just sitting in the background hoovering up data. If you wipe your Facebook account every year, you learn which friends you actually like and which are just hanging on to your social life like a barnacle.

13. An Echo is penalty , but don’t put a camera in your bedroom

Do we really need to break this one down?

14. Have as many social-media-free days in the week as you have alcohol-free days

This can be zero if you want, but know that we’re judging you.

15. Retrain your brain to focus

Save up your longreads use Instapaper or Pocket and read them without distraction. Don’t dip in and out of that 4,000 -word article on turtles: read it in one run. Or maybe even try a volume!

16. Don’t let the algorithms pick what you do

You are not a robot, you are a human being, and exercising your own free will is the greatest strength you have. When that YouTube video ends, don’t watch the next one that autoplays. When you pick up your phone in the morning, don’t simply click on the narratives at the top of Apple News or Google Now. Exercise selection! Workout liberty! Exercise humanity!

17. Do what you want with your data, but guard your friends’ info with their own lives

Yes, you should think twice before granting that fun app you downloaded access to your place or your photo library. Do you trust it not to do weird things with your images? Do you know it won’t track your every motion? But ultimately, those are your decisions, and they are for you to make. But your friends’ data isn’t yours, it’s theirs, and you are a trusted custodian. Don’t think twice before authorising access to your address book, or your friends’ profiles: guess five or six periods, and then don’t do it.

18. Finally, remember your privacy is worth protecting

You might not have anything to hide( except your embarrassing Netflix history) but that doesn’t mean you should be blase about your privacy. Increasingly, our inner lives are being reduced to a series of data points; every little thing we do is for sale. As we’re starting to see, this nonstop surveillance changes us. It influences the things we buy and the ideas we buy into. Being more mindful of our online behaviour, then, isn’t just important when it comes to protecting our datum, it’s essential to protecting our individuality.

Make sure to visit: CapGeneration.com

The Facebook breach makes it clear: data must be regulated

Companies use our personal information to enrich themselves. Regulation of this practice is long overdue tell Roger McNamee, an early Facebook investor, and Sandy Parakilis, who worked at the company in 2011 -1 2

The Observer reported on Saturday that Cambridge Analytica acquired 50 m Facebook profiles from a researcher in 2014. This appears to have been among the most consequential data violates in history, with an impact that may rival the breach of fiscal records from Equifax.

There are many problematic facets to this. It seems the information was harvested by a researcher who collected data not only on the 270,000 or so users who Facebook said took his survey but also on their friends, who knew nothing about the survey results, and then passed it to Cambridge Analytica in violation of Facebook’s terms of service. There are questions now over whether the data was destroyed.

Facebook waited more than two years before revealing what the Observer described as” unprecedented data harvesting “.

Facebook did not notify the affected users, as may be required by its 2011 consent decree with the Federal Trade Commission( FTC ).

Cambridge Analytica appears to have use the profiles to develop techniques for influencing voters.

The company has denied wrongdoing, saying ” no data from[ the researcher] was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign “. But there are questions over whether the Trump campaign appears nonetheless to have gained an advantage in the election from the data.

The Observer report contradicts Cambridge Analytica’s chief executive, who said the company did not have Facebook data. Facebook waited more than two years after they discovered the breach before suspending Cambridge Analytica from its platform. The New York Times reported that at least some of the data is still available on the internet.

Cambridge Analytica has denied inappropriate use of Facebook user profiles, but a former employee who is now a whistleblower has emphatically contradicted that claim.

Facebook currently has 2.1 bn active users, 1.4 bn of whom use the site every day. As a social networking platform, it enables people to share ideas, photos and life events with friends, which collectively gives Facebook the highest-resolution image of every user of any media company, with an emphasis on emotions.

For advertisers, Facebook is exceptional for its ability to target more than half of all the people in every originate market and the power it gives to advertisers. On Facebook, advertisers can buy the equivalent of the Super Bowl audience- or any other audience- any day of the year.

Five years ago, researchers hypothesized that Facebook algorithms could be used to predict things like product and political predilections from merely a handful of “likes”. Those researchers were concerned about the specific characteristics implications, in part because the default Facebook setting for likes was ” public “.

Cambridge Analytica thought it could transform US politics by exploiting that insight.

With the 2016 election cycle fast approaching, Cambridge Analytica did not have time to create its own custom profiles. So it went to researcher Aleksandr Kogan, who made a Facebook app that paid users to take a personality test.

There were problems with this arrangement. First, Kogan did not given permission from Facebook to use the data he gathered for commercial intents, which best characterizes his Cambridge Analytica relationship. Second, the app not only harvested user profile data- which could be compared with the results of the personality exam- but also the user profile data of each exam taker’s friends , none of whom were notified.

Was any of this illegal? Facebook may be liable for a data violate, which may create legal problems under country law. The us attorney general of Massachusetts has announced an investigation. Cambridge Analytica may face charges that it broke US electoral laws by utilizing people who were neither US citizens nor green card holders on a US presidential election campaign. Both may be subject to action by the FTC. Or perhaps not.

We live in a world of big data, where companies get rich off our personal information with few constraints and almost no supervising. Companies offer us free applications that are convenient, useful and fun in exchange for perpetual rights to the data they can harvest from our actions online( and sometimes offline ).

The big data companies are opaque to consumers and regulators alike, so few people understand the risks and companies can often hide data breaches for a very long time. US law provides very little privacy protection, leaving customers with little or no recourse when they are harmed.

It is past time that the US recognize that data is too important to be unregulated. Equifax has yet to face significant repercussions, despite losing control of the financial data supplied by most adult Americans. Is that appropriate? Will Facebook face repercussions for the data it lost to Cambridge Analytica? Will Cambridge Analytica or the Trump campaign be held to account?

Roger McNamee was an early investor in Facebook and a mentor to founder Mark Zuckerberg. Sandy Parakilas was an operations director at Facebook in 2011 and 2012, and was responsible for privacy and policy issues on Facebook Platform.

Facebooks tracking of non-users ruled illegal again

Another blow for Facebook in Europe: Magistrates in Belgium have once again ruled the company transgressed privacy statutes by deploying technology such as cookies and social plug-ins to track internet users across the web.

Facebook utilizes data it collects in this way to sell targeted ad.

The social media giant failed to make it sufficiently clear how people’s digital activity was being used, the court ruled.

Facebook faces fines of up to EUR1 00 million (~$ 124 million ), at a rate of EUR2 50,000 per day, if it fails to comply with the court ruling to stop tracking Belgians’ web browsing habits. It must also destroy any illegally obtained data, the court said.

Facebook expressed disappointment at the judgement and said it will appeal.

“The cookies and pixels we use are industry standard technologies and enable hundreds of thousands of businesses to grow their businesses and reach customers across the EU, ” said Facebook’s VP of public policy for EMEA, Richard Allan, in a statement. “We require any business that uses our technologies to provide clear notice to end-users, and we give people the right to opt-out of having data collected on sites and apps off Facebook being used for ads.”

The privacy lawsuit dates back to 2015 when the Belgium privacy watchdog brought a civil suit against Facebook for its near invisible tracking of non-users via social plug-ins and the like. This followed an investigation by the agency that culminated in a highly critical report touching on many areas of Facebook’s data handling practices.

The same year, after failing to obtain adequate responses to its concerns, the Belgian Privacy Commission decided to take Facebook to tribunal over one of them: How it deploys tracking cookies and social plug-ins on third-party websites to track the internet activity of users and non-users.

Following its usual playbook for European privacy challenges, Facebook first tried to argue the Belgian DPA had no jurisdiction over its European business, which is headquartered in Ireland. But local magistrates disagreed.

Subsequently, Belgian courts have twice ruled that Facebook’s use of cookies contravenes European privacy laws. If Facebook keeps appealing, the occurrence could end up going all the way to Europe’s supreme court, the CJEU.

The crux of the questions here is the permeating background surveillance of internet activity for digital ad targeting intents which is enabled by a vast network of embedded and at times entirely invisible tracking technologies — and, specifically in this lawsuit, whether Facebook and the network of partner companies feeding data into its ad targeting systems have obtained adequate permission from their users to be so surveilled when they’re not actually use Facebook.

“Facebook collects information about us all when we surf the Internet, ” explains the Belgian privacy watchdog, referring to findings from its earlier investigation of Facebook’s use of tracking technologies.To this end, Facebook utilizes various technologies, such as the famous’ cookies’ or the’ social plug-ins’( for example, the’ Like’ or’ Share’ buttons) or the’ pixels’ that are invisible to the naked eye. It uses them on its website but also and especially on the websites of third parties. Thus, the survey reveals that even if you have never entered the Facebook domain, Facebook is still able to follow your browsing behaviour without you knowing it, let alone, without you wanting it, thanks to these invisible pixels that Facebook has placed on more than 10,000 other sites.”

Facebook asserts its use of cookie tracking is transparent and argues the technology benefits Facebook users by letting it show them more relevant content.( Presumably, it would argue non-Facebook users “benefit” from being indicated ads targeted at their interests .) “Over recent years we have worked hard to help people is how we use cookies to maintain Facebook secure and show them relevant content. We’ve constructed squads of people who focus on the protection of privacy — from engineers to designers — and tools that give people choice and control, ” told Allan in his response statement to the court ruling.

But given that some of these trackers are literally invisible, coupled with the at times dubious quality of “consents” being gathered — say, for example, if there’s merely a pre-ticked opt-in at the lower end of a lengthy and opaque set of T& Cs that actively discourage the user from reading and understanding what data supplied by theirs is being gathered and why — there are some serious questions over the sustainability of this type of “pervasive background surveillance” adtech in the face of successful legal challenges and growing consumer antipathy of ads that stalk them around the internet( which has in turn fueled growth of ad-blocking technologies ).

Facebook will face a similar complaint in a suit in Austria, filed by privacy campaigner and lawyer Max Schrems, for example. In January Schrems prevailed against Facebook’s attempts to stall the lawsuit after Europe’s top tribunal threw out the company’s claim that his campaigning activities cancelled out his individual consumer rights.( Though the CJEU’s decision did not allow Schrems to seek a class action style lawsuit against Facebook as he had originally hoped .)

Europe also has a major update to its data protection laws coming in May, “ve called the” GDPR, which beefs up the enforcement of privacy rights by introducing a new system of penalties for data protection violations that they are able scale as high as 4 percent of a company’s global turnover.

Essentially, GDPR means that ignoring the European Union’s fundamental right to privacy — by relying on the fact that few customers have historically bothered to take companies to tribunal over legal violations they may not even realize are occur — is going to get a lot more risky in just a few months’ time.( On that front, Schrems has crowdfunded a not-for-profit to pursue strategic privacy litigation once GDPR is in place — so start stockpiling the popcorn .)

It’s also worth noting that GDPR strengthens the EU’s consent requirements for processing personal data — so it’s certainly not going to be easier for Facebook to obtain consents for this type of background tracking under the new framework.( The still being formulated ePrivacy Regulation is also relevant to cookie permission, and aims to streamline the rules across the EU .)

And indeed, such tracking will necessarily become far more visible to web users, who may then be a lot less inclined to agree to being ad-stalked almost everywhere they go online chiefly for Facebook’s fiscal benefit.

The rise of tools offering tracker blocking offers another route for irate consumers to thwart online mass surveillance by ad targeting giants.

“We are preparing for the new General Data Protection Regulation with our result regulator the Irish Data Protection Commissioner. We’ll comply with this new law, just as we’ve complied with existing data protection statute in Europe, ” added Facebook’s Allan.

It’s still not fully clear how Facebook will comply with GDPR — though it’s announced a new global privacy situates hub is coming. It’s also running a series of data protection workshops in Europe this year, aimed at small and medium businesses — presumably to try to ensure its advertisers don’t find themselves shut out of GDPR Compliance City and on the hook for major privacy legal liabilities themselves, come May 25.

Of course Facebook’s ad business not only relies on people’s web browsing habits to fuel its targeting systems, it relies on advertisers liberally pumping dollars in. Which is another reason consumer trust is so vital. Yet Facebook is facing myriad challenges on that front these days.

In a statement on its website, the Belgium Privacy Commission said it was pleased with the ruling.

“We are of course very satisfied that the court has fully followed our position. For the moment, Facebook is conducting a major advertising campaign where it shares its attachment to privacy. We hope he will put this commitment into practice, ” it told.

Make sure to visit: CapGeneration.com