Cory Doctorow writes
"I Agree" is Dima Yarovinsky's art installation for Visualizing Knowledge 2018,
with printouts of the terms of service for common apps on scrolls of
colored paper, creating a bar chart of the fine print that neither you,
nor anyone else in the history of the world, has ever read.
Earlier, Doctorow explained that the GDPR requires that
Under the new directive, every time a European's personal data is captured or shared, they have to give meaningful consent, after being informed about the purpose of the use with enough clarity that they can predict what will happen to it.
The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers by the EFF's Katarzyna Szymielewicz and Bill Budington describes another effect of the GDPR:
"The whole point of fingerprinting is the ability of the tracking company (data controller) to be able to indirectly identify unique users among the sea of Internet users in order to track them, create their behavioural profiles and, finally, present them with targeted advertising. If the fingerprinting company has identification as its purpose, the Article 29 Working Party (an advisory board comprised of European data protection authorities) decided over ten years ago, regulators should assume that “the controller … will have the means ‘likely reasonably to be used’ to identify the people because “the processing of that information only makes sense if it allows identification of specific individuals.” As the Article 29 Working Party noted, “In fact, to argue that individuals are not identifiable, where the purpose of the processing is precisely to identify them, would be a sheer contradiction in terms.”
Thus, when several information elements are combined (especially unique identifiers such as your set of system fonts) across websites (e.g. for the purposes of behavioral advertising), fingerprinting constitutes the processing of personal data and must comply with GDPR."
"The recent debate over the right to explanation (a right to information about individual decisions made by algorithms) has obscured the significant algorithmic accountability regime established by the GDPR. The GDPR’s provisions on algorithmic accountability, which include a right to explanation, have the potential to be broader, stronger, and deeper than the preceding requirements of the Data Protection Directive." from the abstract of Margot E. Kaminski's The Right to Explanation, Explained.
Post a Comment