Gateklons
@gateklons.bsky.social
EU digital policy nerd | data protection & privacy | competition | platform & media regulation | identity | cybersecurity
Focus: consent-or-pay & (messaging) interoperability
https://gateklons.substack.com/
🐘 @gateklons@eupolicy.social
🐦 @gateklons
Focus: consent-or-pay & (messaging) interoperability
https://gateklons.substack.com/
🐘 @gateklons@eupolicy.social
🐦 @gateklons
August 8, 2025 at 8:32 PM
EUR-Lex has finally leveled up and now has an actual working table of contents. It only took decades but good that we finally have this (albeit I imagine only some legal documents)!
August 2, 2025 at 11:07 AM
EUR-Lex has finally leveled up and now has an actual working table of contents. It only took decades but good that we finally have this (albeit I imagine only some legal documents)!
Linked article: help.x.com/en/rules-and...
ID-based verification to be made available in the coming weeks but subscribers that already underwent it should apparently already be treated as adults. Can't find a way to trigger facial age estimation either.
And of course... LOL GDPR compliance
ID-based verification to be made available in the coming weeks but subscribers that already underwent it should apparently already be treated as adults. Can't find a way to trigger facial age estimation either.
And of course... LOL GDPR compliance
July 29, 2025 at 6:50 AM
Linked article: help.x.com/en/rules-and...
ID-based verification to be made available in the coming weeks but subscribers that already underwent it should apparently already be treated as adults. Can't find a way to trigger facial age estimation either.
And of course... LOL GDPR compliance
ID-based verification to be made available in the coming weeks but subscribers that already underwent it should apparently already be treated as adults. Can't find a way to trigger facial age estimation either.
And of course... LOL GDPR compliance
It's starting now in the EU. Seeing this on X. Example in parent tweet to this reply: x.com/ttvcyechlin/...
Previously set DoB (well over 18) doesn't matter.
On the upside, porn was a pull factor on X so perhaps an opportunity for other platforms not participating in this mania to draw in users?
Previously set DoB (well over 18) doesn't matter.
On the upside, porn was a pull factor on X so perhaps an opportunity for other platforms not participating in this mania to draw in users?
July 29, 2025 at 6:50 AM
It's starting now in the EU. Seeing this on X. Example in parent tweet to this reply: x.com/ttvcyechlin/...
Previously set DoB (well over 18) doesn't matter.
On the upside, porn was a pull factor on X so perhaps an opportunity for other platforms not participating in this mania to draw in users?
Previously set DoB (well over 18) doesn't matter.
On the upside, porn was a pull factor on X so perhaps an opportunity for other platforms not participating in this mania to draw in users?
Of course even the strongest US regulation of data brokers is completely inadequate
![RFN: You’ve introduced several data privacy laws in Vermont and have said the lobbying effort to defeat your bills has been intense. Tell me about that.
MP: What I ended up sharing with lawmakers on the call was that there were some personal attacks. There was an ethics complaint threatened [saying that Priestley doesn’t live in her district, which is untrue]. I actually think that the purpose of threatening to file an ethics complaint that I don't live in my district was [meant] to get my address in public, basically in evidence, to be able to doxx me. …
We had [a lobbyist] show up in our cafeteria and she was talking to members of my committee.
RFN: So this is a data broker industry lobbyist?
MP: One of the big ones. The other [lobbying] entity that was getting involved was the automakers’ [lobbying association]. … [The data broker industry association] established a national PAC to fight data broker laws.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:rfyumzgi4zcdgf2dxic6unix/bafkreie3ydz2wxq3ngytz2ljfi5oakxztl3z4xj4eq4uty7yq5ohyj3rl4@jpeg)
July 29, 2025 at 5:49 AM
Of course even the strongest US regulation of data brokers is completely inadequate
I see Bumble sends data to Facebook without any consent whatsoever. I used the Facebook single sign-on (to maintain access after phone number expiration) but that was on another account. Phone numbers, email addresses and other identifiers also completely different. Something strange going on here?
July 20, 2025 at 11:11 PM
I see Bumble sends data to Facebook without any consent whatsoever. I used the Facebook single sign-on (to maintain access after phone number expiration) but that was on another account. Phone numbers, email addresses and other identifiers also completely different. Something strange going on here?
Probably because it's not relevant to their shameless rent collection on NB-ICS.
But it's nice to see the telecoms sector is staying as delusional about this as ever.
Email less secure than SMS? LOL
"If you can't bill it, kill it."
I truly wonder why they've been failing at this for a decade. 🤔
But it's nice to see the telecoms sector is staying as delusional about this as ever.
Email less secure than SMS? LOL
"If you can't bill it, kill it."
I truly wonder why they've been failing at this for a decade. 🤔
July 19, 2025 at 7:07 AM
Probably because it's not relevant to their shameless rent collection on NB-ICS.
But it's nice to see the telecoms sector is staying as delusional about this as ever.
Email less secure than SMS? LOL
"If you can't bill it, kill it."
I truly wonder why they've been failing at this for a decade. 🤔
But it's nice to see the telecoms sector is staying as delusional about this as ever.
Email less secure than SMS? LOL
"If you can't bill it, kill it."
I truly wonder why they've been failing at this for a decade. 🤔
Yes, dear Sir, you have already expressed a preference to not be tracked using the Global Privacy Control signal but we are showing you the cookie banner anyway
Shown on Ars Technica
Shown on Ars Technica
July 8, 2025 at 2:34 PM
Yes, dear Sir, you have already expressed a preference to not be tracked using the Global Privacy Control signal but we are showing you the cookie banner anyway
Shown on Ars Technica
Shown on Ars Technica
integration could potentially be interesting.
And this is what Apple does to would-be interoperators: not touching it with a 100 ft pole.
Some otherwise interesting discussion you should check out if you care about messaging interoperability.
And this is what Apple does to would-be interoperators: not touching it with a 100 ft pole.
Some otherwise interesting discussion you should check out if you care about messaging interoperability.
July 5, 2025 at 8:46 PM
integration could potentially be interesting.
And this is what Apple does to would-be interoperators: not touching it with a 100 ft pole.
Some otherwise interesting discussion you should check out if you care about messaging interoperability.
And this is what Apple does to would-be interoperators: not touching it with a 100 ft pole.
Some otherwise interesting discussion you should check out if you care about messaging interoperability.
I wasn't aware Beeper now supports local Signal and WhatsApp gateways (not sure if limited to Android though) but it's a big breakthrough. So is the ability to have more than one Signal account (something even WhatsApp supports!)
Also this supposed personal CRM (something I already maintain 😂)
Also this supposed personal CRM (something I already maintain 😂)
July 5, 2025 at 8:46 PM
I wasn't aware Beeper now supports local Signal and WhatsApp gateways (not sure if limited to Android though) but it's a big breakthrough. So is the ability to have more than one Signal account (something even WhatsApp supports!)
Also this supposed personal CRM (something I already maintain 😂)
Also this supposed personal CRM (something I already maintain 😂)
investigations, but otherwise it would seem to me that although they must obtain an opinion, they are allowed to depart from it, no? Otherwise it would mean that provisions like Art. 5(2) DMA could be undermined by a captured DPA simply because it took a different view. See recent Meta DMA decision:
July 5, 2025 at 1:27 PM
investigations, but otherwise it would seem to me that although they must obtain an opinion, they are allowed to depart from it, no? Otherwise it would mean that provisions like Art. 5(2) DMA could be undermined by a captured DPA simply because it took a different view. See recent Meta DMA decision:
I'd be very interested to see all their data labeling and how true those engineering hour stats are (especially since I see little to no practical changes).
The consent isn't valid either because it's not purpose-specific.
Google keeps doing unnecessary shit like this.
The consent isn't valid either because it's not purpose-specific.
Google keeps doing unnecessary shit like this.
July 2, 2025 at 6:49 AM
I'd be very interested to see all their data labeling and how true those engineering hour stats are (especially since I see little to no practical changes).
The consent isn't valid either because it's not purpose-specific.
Google keeps doing unnecessary shit like this.
The consent isn't valid either because it's not purpose-specific.
Google keeps doing unnecessary shit like this.
Worse yet, private entities may now access the facial image which can also be processed further. As a bonus: Commission no longer publishes the list of the competent authorities with access to the biometric data.
June 22, 2025 at 10:51 AM
Worse yet, private entities may now access the facial image which can also be processed further. As a bonus: Commission no longer publishes the list of the competent authorities with access to the biometric data.
Article 10(3) now no longer says that the biometric data shall only be kept after the document has been collect, likely so as to not conflict with the possibility MS have left open for themselves to process that data on another legal basis. 90 days now the only apparent limit.
June 22, 2025 at 10:51 AM
Article 10(3) now no longer says that the biometric data shall only be kept after the document has been collect, likely so as to not conflict with the possibility MS have left open for themselves to process that data on another legal basis. 90 days now the only apparent limit.
This time all (except DE because of opt-out) in favor (no abstentions even!).
Parliament was much more divided: howtheyvote.eu/votes/173708
Now with this ugliness in Recital 17 thanks to an unwilling CJEU:
Parliament was much more divided: howtheyvote.eu/votes/173708
Now with this ugliness in Recital 17 thanks to an unwilling CJEU:
June 22, 2025 at 10:51 AM
This time all (except DE because of opt-out) in favor (no abstentions even!).
Parliament was much more divided: howtheyvote.eu/votes/173708
Now with this ugliness in Recital 17 thanks to an unwilling CJEU:
Parliament was much more divided: howtheyvote.eu/votes/173708
Now with this ugliness in Recital 17 thanks to an unwilling CJEU:
Of course, as we already knew, the decision only covers the period before Meta introduced the 'Additional Ads option' which does prevent some data from being used for ad personalization but is still a shitshow otherwise. Missed opportunity to not have included that as well IMO.
June 18, 2025 at 9:39 PM
Of course, as we already knew, the decision only covers the period before Meta introduced the 'Additional Ads option' which does prevent some data from being used for ad personalization but is still a shitshow otherwise. Missed opportunity to not have included that as well IMO.
There's also something in there about Meta's external legal advisors wanting access to the Commission's file which they apparently abused (in Meta's eyes).
The amount of "regulatory dialogue" described in the decision is beyond absurd and unnecessary: Meta's conduct is already illegal on its face.
The amount of "regulatory dialogue" described in the decision is beyond absurd and unnecessary: Meta's conduct is already illegal on its face.
June 18, 2025 at 9:29 PM
There's also something in there about Meta's external legal advisors wanting access to the Commission's file which they apparently abused (in Meta's eyes).
The amount of "regulatory dialogue" described in the decision is beyond absurd and unnecessary: Meta's conduct is already illegal on its face.
The amount of "regulatory dialogue" described in the decision is beyond absurd and unnecessary: Meta's conduct is already illegal on its face.
I would love to hear the legal justification from the EC and EDPB what the legal basis for still processing some data (for minimal ad personalization) would be after the user has already refused consent. Unless "personalised" also covers ReccSys personalization and similar?
June 18, 2025 at 9:09 PM
I would love to hear the legal justification from the EC and EDPB what the legal basis for still processing some data (for minimal ad personalization) would be after the user has already refused consent. Unless "personalised" also covers ReccSys personalization and similar?
The Commission also engaged with consumer orgs, consultancies and industry orgs (including IAB Europe). More data protection focused civil society (EDRi, noyb etc.) for some reason is not on this list.
I hope non-industry stakeholders appropriately trashed the EDPB Opinion
I hope non-industry stakeholders appropriately trashed the EDPB Opinion
June 18, 2025 at 9:01 PM
The Commission also engaged with consumer orgs, consultancies and industry orgs (including IAB Europe). More data protection focused civil society (EDRi, noyb etc.) for some reason is not on this list.
I hope non-industry stakeholders appropriately trashed the EDPB Opinion
I hope non-industry stakeholders appropriately trashed the EDPB Opinion
Going through it now... For starters, I really like that it's stated precisely to what conduct Art. 5(2) DMA applies to.
Moreover, the Commission has actively been engaging with the DPC (which has of course done fuck all on the consent-or-pay front).
Moreover, the Commission has actively been engaging with the DPC (which has of course done fuck all on the consent-or-pay front).
June 18, 2025 at 9:01 PM
Going through it now... For starters, I really like that it's stated precisely to what conduct Art. 5(2) DMA applies to.
Moreover, the Commission has actively been engaging with the DPC (which has of course done fuck all on the consent-or-pay front).
Moreover, the Commission has actively been engaging with the DPC (which has of course done fuck all on the consent-or-pay front).
Gotta give it to the Hungarian winning coalition (in PoliSci terms), they are endlessly legally inventive when it comes to protecting their rule. A break in legal continuity seems like a given if the Hungarian opposition wins next year's parliamentary election.
verfassungsblog.de/hungary-cons...
verfassungsblog.de/hungary-cons...
June 18, 2025 at 6:48 AM
Gotta give it to the Hungarian winning coalition (in PoliSci terms), they are endlessly legally inventive when it comes to protecting their rule. A break in legal continuity seems like a given if the Hungarian opposition wins next year's parliamentary election.
verfassungsblog.de/hungary-cons...
verfassungsblog.de/hungary-cons...
Even with this as a legal protection?
June 17, 2025 at 10:55 AM
Even with this as a legal protection?