Anthropic uses questionable dark patterns to obtain users’ consent to the use of AI data in Claude: https://the-decoder.com/anthropic-uses-a-questionable-dark-pattern-to-obtain-user-consent-for-ai-data-use-in-claude/
#Anthropic #Claude #DataProtection
"Claude’s update relies on a striking pop-up with a large, black "Accept" button. The data sharing toggle is tucked away, switched on by default, and framed positively ("You can help..."). A faint "Not now" button and hard-to-find instructions on changing the setting later complete the manipulative design.
These interface tricks, known as dark patterns, are considered unlawful under the General Data Protection Regulation (GDPR) and by the European Court of Justice when used to obtain consent for data processing. Pre-checked boxes do not count as valid consent under these rules.
The European Data Protection Board (EDPB) has also stressed in its guidelines on deceptive design patterns that consent must be freely given, informed, and unambiguous. Claude’s current design clearly fails to meet these standards, making it likely that Anthropic will soon draw the attention of privacy regulators."
Quando imprecate per il peso del vostro laptop, pensate che nel 1958, 5MB pesavano una tonnellata.
"The truth is actually very straightforward. Ordinary even. And that's even more unsettling.
"It's far more sinister than a hot mic," says Egelman.
There's no credible evidence that your phone runs a secret, always-on microphone to target ads, and there are clear technical and policy reasons why.
Independent researchers have gone looking for covert "listening" and found none, including a definitive 2018 Northeastern University study that has yet to be superseded. What they did catch in a handful of cases were screen recordings or image and video uploads to third parties. Creepy, sure, but not a hot mic.
Laws matter, too. The federal Wiretap Act bans intercepting conversations without consent, and many states (like California) require all parties to consent, stacking civil and even criminal liability on covert, continuous capture. An "always-listening for ads" feature would constantly record non-consenting bystanders and invite massive legal exposure. I know that's not completely reassuring, but that's why it's implausible in practice.
When I run the bar moment by ad-tech veteran Ari Paparo, he doesn't flinch. Paparo helped build the pipes — he founded the Beeswax DSP (acquired by Comcast's FreeWheel) and led product management at AppNexus/DoubleClick — so he's seen exactly how ad targeting really works.
"I'm very confident this is not happening. The phone is not actually listening to you," he says. "I would say that 100% of my colleagues in the advertising world agree with me."
I know that's a tough pill to swallow, but he offers the real and almost boring explanation for why it feels uncanny: People are predictable. "The ads are attempting to guess what you're interested in," he says. "It's all statistics."
Simple version, for the record: Ads follow your behavior. No listening required."
European Commission: Draft Adequacy Decision with #Brazil | Today, the Commission launched the process towards the adoption of a #dataprotection adequacy decision with Brazil. The Commission has determined that Brazil ensures an adequate level of data protection - comparable to that of the EU.
https://commission.europa.eu/document/f5aee532-70bf-41b1-a94a-8e294a528f6a_en
"More than three years ago, noyb had filed a complaint against Google for sending unsolicited advertising emails directly to the inboxes of Gmail users. Contrary to EU law, the company never asked the people concerned for their consent. That's how the competent data protection authority sees it, too: Today, the CNIL has issued a decision siding with noyb – and fined Google €325 million."
https://noyb.eu/en/noyb-win-french-dpa-fines-google-eu325-million-spam-emails-gmail
"Some people in the antitrust world didn't see it that way. Out of a misguided kind of privacy nihilism, they called for Google to be forced to share the data it stole from us, so that potential competitors could tune their search tools on the monopolist's population-scale privacy violations.
And that is what the court has ordered.
As punishment for being convinced of obtaining and maintaining a monopoly, Google will be forced to share sensitive data with lots of other search engines. This will not secure competition for search, but it will certainly democratize human rights violations at scale.
Doubtless there will be loopholes in this data-sharing order. Google will have the right to hold back some of its data (that is, our data) if it is deemed "sensitive." This isn't so much a loophole as is a loopchasm.
(...)
This means that even if you like data-sharing as a remedy, you won't actually get the benefit you were hoping for. Instead, Google competitors will spend the next decade in court, fighting to get Google to comply with this order.
That's the main reason that we force monopolists to break up after they lose antitrust cases. We could put a bunch of conditions on how they operate, but figuring out whether they're adhering to those conditions and punishing them when they don't is expensive, labor-intensive and time consuming. This data-sharing wheeze is easy to do malicious compliance for, and hard to enforce. It is not an "administrable" policy:"
https://pluralistic.net/2025/09/03/unpunishing-process/#fucking-shit-goddammit-fuck
"[I]n the post warning users that the company will call the authorities if they seem like they're going to hurt someone, OpenAI also acknowledged that it is "currently not referring self-harm cases to law enforcement to respect people’s privacy given the uniquely private nature of ChatGPT interactions."
While ChatGPT has in the past proven itself pretty susceptible to so-called jailbreaks that trick it into spitting out instructions to build neurotoxins or step-by-step instructions to kill yourself, this new rule adds an additional layer of confusion. It remains unclear which exact types of chats could result in user conversations being flagged for human review, much less getting referred to police. We've reached out to OpenAI to ask for clarity.
While it's certainly a relief that AI conversations won't result in police wellness checks — which often end up causing more harm to the person in crisis due to most cops' complete lack of training in handling mental health situations — it's also kind of bizarre that OpenAI even mentions privacy, given that it admitted in the same post that it's monitoring user chats and potentially sharing them with the fuzz.
To make the announcement all the weirder, this new rule seems to contradict the company's pro-privacy stance amid its ongoing lawsuit with the New York Times and other publishers as they seek access to troves of ChatGPT logs to determine whether any of their copyrighted data had been used to train its models.
OpenAI has steadfastly rejected the publishers' request on grounds of protecting user privacy and has, more recently, begun trying to limit the amount of user chats it has to give the plaintiffs."
A study reveals 21 popular VPN apps with 700M+ downloads share hidden ties, code, and security flaws 
Some have undisclosed links to Russia & China, raising privacy concerns 
Google Play fails to catch this, risking user trust.
Experts call for stronger vetting and transparency in VPNs 
Chess.com just faced a major data breach affecting 800K users—not from their own systems but through a vulnerable third-party app. How safe is your data when vendors can open the door?
https://thedefendopsdiaries.com/chesscom-data-breach-lessons-in-cybersecurity-and-vendor-management/
#chesscombreach
#cybersecurity
#dataprotection
#vendormanagement
#infosec
# The Court of Justice clarifies the scope of the concept of personal data in the context of a transfer of pseudonymised data to third parties
This is going to take some careful reading.
Case C-413/23 P | EDPS v SRB
https://curia.europa.eu/juris/documents.jsf?num=C-413/23%20P
(Decision not available at time of toot.)
Ransomware Attacks Target 94% of Company Backups | Why Your Cybersecurity May Be Failing
94% of ransomware victims had their backups attacked. 93% of cyber attacks specifically target backup storage. Yet most people aren't even concerned about this.
In this eye-opening teaser from our ITSPmagazine webinar, cybersecurity expert Anthony Cusimano from Object First reveals why most "immutable" backup solutions aren't really immutable at all - and why that could destroy your business.
Ransomware Attacks Target 94% of Company Backups | Why Your Cybersecurity May Be Failing
#ransomwareprotection #cybersecurity #ransomwareattacks #cybersecurityawareness #dataprotection #backupstorage #absoluteimmutability #ObjectFirst #cyberthreats #datarecovery #veeam
France fines Google, Shein record sums over cookie law violations https://www.byteseu.com/1346065/ #CNIL #DataProtection #France #google #InformedConsent #Shein
The EU's General Court upholds the Europe-US data transfer pact.
The court dismissed a challenge by centrist French lawmaker Philippe Latombe, who argued that the EU-US deal did not fully respect the EU's data protection rules.
The EU-US Data Privacy Framework is the bloc's third attempt at a framework to protect European personal data in exchanges with the US – the first two were shot down in court.
# The UK/USA Data Access Agreement, and the Data (Use and Access) Act 2025 partial commencement
Sorry for the world’s least interesting blog post. Read at your own peril.
Ooh, interesting data protection news: the first (as far as I can recall) CJEU challenge to the EU/USA Data Privacy Framework (replacement for safe harbour, then privacy shield) has failed.
(Case T-553/23 | Latombe v Commission)
"noyb has achieved a win against YouTube, the video platform provided by Google. After five and a half years, the Austrian data protection authority (DSB) has finally issued a decision siding with noyb – and ordering YouTube to comply with the complainant’s access request in accordance with Article 15 GDPR. Until now, the company withheld a large amount of data, including information about the purpose of the processing, storage periods, data recipients and the tracking cookies used."
https://noyb.eu/en/noyb-win-youtube-ordered-honour-users-right-access
Recommendation: the podcast ‘Click Here’ by Recorded Future News tells ‘true stories about the people making and breaking our digital world’. Host is the ‘former NPR investigations correspondent Dina Temple-Raston.’
https://podcastindex.org/podcast/223113
Loosely in this same realm is the ‘Firewalls Don't Stop Dragons Podcast’ which has a Mastodon account: @FirewallDragons
Austria orders YouTube to give users access to their data | Nation https://www.byteseu.com/1333464/ #afp #Austria #CivilRightsAndLiberties #ComputerLaw #ComputerNetworks #Cyberspace #DataLaws #DataProtection #DigitalMedia #DigitalRights #GeneralDataProtectionRegulation #InformationGovernance #InformationPrivacy #InformationTechnology #InformationTechnologyManagement #Internet #justice #LAW #Noyb #PoliticsAndTechnology #Privacy #PrivacyLaw #PublicSphere #SocialIssues #WorldWideWeb #YouTube
What to Do After a Data Breach: A Practical Guide for Protecting Your Identity
https://youtu.be/wGfpr7J3TgU #CyberSecurity #DataBreach #IdentityProtection #MultiFactorAuthentication #PasswordSecurity #CreditFreeze #DigitalSecurity #RiskManagement #DataProtection #IdentityTheft
#NoAI 