To Max!
Long data privacy notices aren't foolproof, Euro watchdog tells Meta
Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed documents from a case in which Meta was fined €390 million ($414 million). The documents have been released by noyb, the privacy law …
COMMENTS
-
Friday 13th January 2023 20:28 GMT pashingsmumpkins
Client states of data whorehousers be like
So it's no secret that the Irish govt have a lot to lose in terms of Zuck's financial footprint in the country, therefore is it a surprise that there has been a fair amount of, let's say, 'friction', in bringing the wanton abuse of personal information to account...?
-
Monday 16th January 2023 15:48 GMT Mike 137
Surprise, surprise!
"Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law"
The actual requirements are set out in Articles 13 and 14 of the GDPR, and they're very clear and simple. The essential function of these Articles is to ensure that a data subject has enough information about processing to [a] identify whether their wider human rights are being abused by the processing and [b] exercise their statutory rights under the legislation to gain redress.
Unfortunately, these two Articles not specific as to the presentation of the required information, which allows malefactors to obfuscate said presentation to avoid getting held to account for illicit processing.
I spent considerable effort in the early days of the GDPR developing a standard presentational framework for the required information that would fulfil the data controllers' obligations to data subjects, and it actually made "privacy notices" shorter, clearer, more consistent and easier to create (if one was playing fair anyway). However, here in the UK anyway, nobody including the regulator was interested. Consequently, practically every privacy notice is grossly non-compliant with the Regulation, in that it fails to assist the data subject in exercising their rights.
Very sadly, both regulators and independent activist bodies ignore this gross functional non-compliance, concentrating instead on comparatively minor issues such as length or wording. Until the law is [a] actively policed and [b] interpreted by the regulators for enforcement in terms of its intent as opposed to merely its literal expression, nothing will change for the better, but there are indeed signals both from the UK and Europe of moves to weaken its protections rather than enforce them properly.