They are active in whistleblowing, not privacy leak management…

Nha they publish metadata describing the leaked data. If you’re a data subject concerned by the incident you then request a copy of yr information which requires proper identification.

Why would they share the data itself….

Nope. Pas plus que les JO. Je n’ai juste aucune affinité pour ces activités. L’esport un peu mais regarder les autres ca ne me passionne pas tellement.

At this point they are somewhat catching up on what traditional banks are doing it seems…

Typically llm are rather ressource intensive - you need beefy hardware to run those at speed. Especially if you intend to train them with your data to improve their relevance. I don’t think mobile phones or run to the mill laptops are going to be enough for any non-trivial implementations. I might be skewed by experiences on non-personal projects though.

I’m suspecting so. I’m still using it though. You guys know of any nice alternatives ?

Telco. Back then I was internal investigation. 25k employees. Bound to have some bad apples unfortunately. Honestly not weirder than elsewhere.

So do I but with exception of the unfortunate cp that calls for bleaching eyes (and security) one is more sanitary than the other…

I can relate to the guy that had to put that number in. Prolly went along the lines of « can we get some budget to identify our various processing activities and what processors are involved ? »… to what management said « lol no just put the overall numbers in ». And the guy included the kitchen company in there because fuck it.

I haven’t mentioned IT security at all have I?

A lot of businesses (including my current employer) seem to enjoy the integrated ecosystem offered by ms from the office suite to sharepoints to mail indeed with a sprinkle of power bi and the form thingy.

You can replicate all that but it is absolutely not trivial. And the end user also typically will find it less easy to interact with all the pieces.

« Perfectly possible » but at what cost and with what compromises though ? Not specifically looking at Microsoft - the same would apply to similar products. Also a lot of the blame is on the commission itself and the lack of controls over its data - which also has nothing to do with where it’s being processed. Even if you do 100% in EU with open source software you can still fail many of the controls if you don’t track your data, have appropriate documentation to demonstrate it, did the required assessments… and those expectations are what bit them in the ass I think. And likely it will bit a lot of other actors that aren’t putting much effort in the same.

There goes my week and prolly the whole year… I look forward the internal assessment at my job but chances are local authorities will follow on this and the implications are crazy. At first read it puts the bars sooooo high on several principles that basically no existing IT intensive business will have a chance to survive similar audit.

It’s absolutely not based on common law indeed but you can be sure that precedents are still a big thing especially for such regulations… we are watching like awks what’s happening everywhere because we know there will be a lot of consistency both on decisions but also on the topics being pursued.

As long as they process data of European citizens it’s applicable. See all gdpr fines imposed…. Now the execution / collection would be a removed but I could imagine à order to stop processing the data imposed to European instances…

I mean pretty crazy things can happen. See the various adequacy decisions / appeals by Mr Schrems; I cannot give guidance with a life expectancy of more than 1 year given the instability of the application of the regulation.

Not that I’m complaining ; it feeds me :)

Yeaahhhh I don’t know about that… likely all instances are processors. And the on he subscribe to would be controller. Somewhat because to my knowledge no one really decides of particular treatment of the user data (it’s all rather communist architecturally). So maybe every instance would be join controller…

And in the end up to the (join) controller to cascade the request. That’s part of why it’s a thing of beauty to watch it happen on the feddiverse 😅

Sometimes establishing a precedent with a weaker party is a good strategy though. It even went as far as litigating known parties for piracy issues. Anything is fair game to some actors.

Thought for GDPR most actors are legit and the actions have merits. Shoutout to Mr Schrems for example.

Technically he must still comply especially with data subject rights / request for deletion.

Now I wonder how that would work in practice, considering the underlying technology which is akin to what I manage (telco / isp) and where a lot of principles are still vague to implement.

Like when we get request to delete personal data sometimes some has been transmitted by nature of the service and a lot of actors have legitimate interest in processing / keeping the data for a while.

But generally it’s not about the content of a transmission but more the attached metadata used for billing and such.

Anyway it’s very interesting to watch, preferably from a distance.

Haaaa yeah the kindle. Both loved and hated in my case. Love the form factor, allowing me to indulge in new books. Hate it because I don’t get new physical books anymore. Not that I have any room left for books; that’s the reason I bought the kindle in the first place…

Also like it’s the only source of vulnerabilities… in addition a lot of the trendy python libs are developed in C; do we also ditch those?

Let’s assume that the dude requested for a deletion of his account (specifically - not all his data) of the basis of gdpr and the execution of his data subject rights; that doesn’t exclude the possibility for reddit to keep his contact details for specific purposes based on the legitimate interest of reddit. Or at least they could play with the argument.