Message to CEO Stefan Thomas
Saying "we take privacy extremely seriously" is clearly a lie.
248 posts • joined 24 May 2010
"Samsung Ads has the industry’s largest Automatic Content Recognition (ACR) data set: nearly 60% of the U.S. ACR footprint. This unique, proprietary data creates unparalleled insights into consumer behavior in Advanced TV. This report, based on the 2019 Samsung Smart TV Viewer Behavior Study, shares important learnings and key implications for advertisers."
Nope. Nothing to do with NSLs, because they are an individualised legal warrant. Abused, sure...
From https://noyb.eu/en/next-steps-users-faqs :
...companies that fall under a US “mass surveillance” law can no longer use the SCCs . This is because the SCCs cannot override US law.
Transfers to US companies that fall under a US “mass surveillance” law like FISA 702 (also called 50 USC §1881a) are usually illegal. The companies that cannot rely on them are the so-called “electronic communication service providers”. This is a broad term under US law and covers most IT and cloud providers.
Examples of these providers include AT&T, Amazon (AWS), Apple, Cloudflare, Dropbox, Facebook, Google, Microsoft, Verizon Media (known as Oath & Yahoo) or Verizon. The links of each of the companies will take you to their transparency reports that tell you how often they were subject to US government data access requests.
It's also interesting that the R. of I.'s DPC has been working closely with FB to avoid enforcing GDPR on FB. Even after this second judgement. Lots of detail on https://noyb.eu/en
Here's the letter from NOYB to Irish DPC after the DPC's recent prevarication:
EU data cannot be stored in US servers due to GDPR if the US gov can access it without any due process under 50 USC §1881a (FISA 702). Which is true for FB. So SCCs can't be used in this case either, because, again, the US gov can access it freely regardless.
You've not worked much with good sales people either, I suspect. For every commercial (maximum profit oriented) outfit, it's the key to success. Good sales people win business for mediocre products by relationship. Good marketing/business people work with sales to ensure that the market leading products aren't under-priced.
Amazon (AWS) falls under 702 FISA, which means US government has access to the data, so AWS storage is not allowed for EU citizen's data under GDPR.
Since UK has been playing fast and loose with UK patient records to make money, this will be interesting.
Ashley Gorski (ACLU)
Some reporting is suggesting that the SCCs will remain viable mechanisms for any EU-US transfer. Based on the court's analysis of US law, that's simply not the case. DPCs will be required to halt data flows.
Unfortunately surveillance isn't just about catching bad guys (oh, think of the children!), partly because the most successful criminals are protected by the status quo because they are an untouchable part of the fabric. It's about keeping tabs on those challenging the status quo (think whistleblowers), and those protesting the status quo.
This doesn't stop spies spying.
This stops businesses passing private data to others (including governments).
If data is used in a court case, it may matter how the evidence was obtained, partly in the legal admissability sense, partly because the method used to obtain may have to be disclosed... spying orgs don't like that.
Yes. Useful summary here: http://eulawanalysis.blogspot.com/2020/07/you-were-only-supposed-to-blow-bloody.html
"Schrems reformulated his complaint to the Irish Data Protection Commissioner (DPC) about data transfers arguing that the United States does not provide adequate protection as United States law requires Facebook Inc. to make the personal data transferred to it available to certain United States authorities, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) and the data is used in a manner incompatible with the right to private life, and that therefore future transfers by Facebook should be suspended."
Vera Jourová didn't tell the truth. SCCs are not valid where US gov by US law gets to see the traffic. So not Facebook etc. For bank transactions, fine.
"It seems that @VeraJourova is simply ignoring the #CJEU a second time here. The Judgement is clear that you can't just use the SCCs again and there is no "toolbox" to be used when a US company falls under #FISA and alike... "
Biting the hand that feeds IT © 1998–2020