Robert Bateman
@robertjbateman.bsky.social
• I post about privacy, data protection, security, AI • Regular updates on big tech shenanigans • Views absolutely represent those of my employer (me) • Consultancy and training services •
Even OpenAI's best models still suck at quoting their training data or external sources.
GPT 4o can be useful to help interpret legal provisions pasted into the chat
Ask it to draw upon anything outside of the chat and it breaks down.
The first quote is wrong and the latter two are just made up.
GPT 4o can be useful to help interpret legal provisions pasted into the chat
Ask it to draw upon anything outside of the chat and it breaks down.
The first quote is wrong and the latter two are just made up.
July 17, 2025 at 1:36 PM
Even OpenAI's best models still suck at quoting their training data or external sources.
GPT 4o can be useful to help interpret legal provisions pasted into the chat
Ask it to draw upon anything outside of the chat and it breaks down.
The first quote is wrong and the latter two are just made up.
GPT 4o can be useful to help interpret legal provisions pasted into the chat
Ask it to draw upon anything outside of the chat and it breaks down.
The first quote is wrong and the latter two are just made up.
Google plans to offer Gemini to US children under 13 without verifiable parental consent (parents can opt out if they use Family Link).
As @epicprivacy.bsky.social notes, this seems like a blatant COPPA violation. I don't think Google would have had the gall to do this when Khan headed the FTC.
As @epicprivacy.bsky.social notes, this seems like a blatant COPPA violation. I don't think Google would have had the gall to do this when Khan headed the FTC.
May 23, 2025 at 9:42 AM
Google plans to offer Gemini to US children under 13 without verifiable parental consent (parents can opt out if they use Family Link).
As @epicprivacy.bsky.social notes, this seems like a blatant COPPA violation. I don't think Google would have had the gall to do this when Khan headed the FTC.
As @epicprivacy.bsky.social notes, this seems like a blatant COPPA violation. I don't think Google would have had the gall to do this when Khan headed the FTC.
Confirmed. My (MANUAL) dash-measurement process reveals that this is an en-dash.
May 22, 2025 at 10:12 AM
Confirmed. My (MANUAL) dash-measurement process reveals that this is an en-dash.
There was an error in the original, here's a corrected version. I left a stray "facilitate" in (e)(1) which has been updated to "replace".
May 9, 2025 at 7:25 PM
There was an error in the original, here's a corrected version. I left a stray "facilitate" in (e)(1) which has been updated to "replace".
California's once pithy (and strict) definition of "automated decisionmaking technology" is on its way to becoming War and Peace.
"Replace or substantially facilitate [humans]" becomes "replace or substantially replace" (?)—and the billable hours will rack up when figuring out all those exemptions.
"Replace or substantially facilitate [humans]" becomes "replace or substantially replace" (?)—and the billable hours will rack up when figuring out all those exemptions.
May 9, 2025 at 7:02 PM
California's once pithy (and strict) definition of "automated decisionmaking technology" is on its way to becoming War and Peace.
"Replace or substantially facilitate [humans]" becomes "replace or substantially replace" (?)—and the billable hours will rack up when figuring out all those exemptions.
"Replace or substantially facilitate [humans]" becomes "replace or substantially replace" (?)—and the billable hours will rack up when figuring out all those exemptions.
Here's a post I wrote back when GPT could barely strong a limerick together.
Note that it is positively *littered* with em-dashes.
Have people forgotten that Large Language Models are trained on stuff *we wrote*?
Note that it is positively *littered* with em-dashes.
Have people forgotten that Large Language Models are trained on stuff *we wrote*?
May 2, 2025 at 8:25 PM
Here's a post I wrote back when GPT could barely strong a limerick together.
Note that it is positively *littered* with em-dashes.
Have people forgotten that Large Language Models are trained on stuff *we wrote*?
Note that it is positively *littered* with em-dashes.
Have people forgotten that Large Language Models are trained on stuff *we wrote*?
May 1, 2025 at 8:36 PM
Surely these functions should be nowhere near each other, rather than combined into a single field...
April 14, 2025 at 4:26 PM
Surely these functions should be nowhere near each other, rather than combined into a single field...
The UK government has more plans for the ICO.
From its recent paper "New approach to ensure regulators and regulation support growth"
www.gov.uk/government/p...
From its recent paper "New approach to ensure regulators and regulation support growth"
www.gov.uk/government/p...
April 11, 2025 at 11:32 AM
The UK government has more plans for the ICO.
From its recent paper "New approach to ensure regulators and regulation support growth"
www.gov.uk/government/p...
From its recent paper "New approach to ensure regulators and regulation support growth"
www.gov.uk/government/p...
EVERY ICO press release says something like, "My message is simple: Comply with the law"
You can ALWAYS extract a simple message from a complex one.
"Comply with the law" means nothing
HOW you comply with the law—eg verifying people's ages, segregating children's data—is very fucking complicated.
You can ALWAYS extract a simple message from a complex one.
"Comply with the law" means nothing
HOW you comply with the law—eg verifying people's ages, segregating children's data—is very fucking complicated.
March 3, 2025 at 10:35 AM
EVERY ICO press release says something like, "My message is simple: Comply with the law"
You can ALWAYS extract a simple message from a complex one.
"Comply with the law" means nothing
HOW you comply with the law—eg verifying people's ages, segregating children's data—is very fucking complicated.
You can ALWAYS extract a simple message from a complex one.
"Comply with the law" means nothing
HOW you comply with the law—eg verifying people's ages, segregating children's data—is very fucking complicated.
You're right it was this one
February 28, 2025 at 4:56 PM
You're right it was this one
Apple pulls end-to-end encryption from UK users following the government's order under the Investigatory Powers Act 2016.
I have seen some bragging about how Meta launched threads here earlier than in the EU (etc) due to our less rigourous regulatory environment.
Here's the other side of the coin
I have seen some bragging about how Meta launched threads here earlier than in the EU (etc) due to our less rigourous regulatory environment.
Here's the other side of the coin
February 21, 2025 at 5:33 PM
Apple pulls end-to-end encryption from UK users following the government's order under the Investigatory Powers Act 2016.
I have seen some bragging about how Meta launched threads here earlier than in the EU (etc) due to our less rigourous regulatory environment.
Here's the other side of the coin
I have seen some bragging about how Meta launched threads here earlier than in the EU (etc) due to our less rigourous regulatory environment.
Here's the other side of the coin
Writing about the state privacy laws that take/took effect JUST THIS YEAR I realised there's really no need for a federal US privacy law. Don't worry about it.
February 13, 2025 at 4:26 PM
Writing about the state privacy laws that take/took effect JUST THIS YEAR I realised there's really no need for a federal US privacy law. Don't worry about it.
I'm fascinated by this story about the UK government demanding access to Apple e2ee iCloud accounts.
This was reportedly a warrant under the Investigatory Powers Act 2016. Neither the content nor the *existence* of such warrants can be made public.
I wonder how many such warrants go unreported.
This was reportedly a warrant under the Investigatory Powers Act 2016. Neither the content nor the *existence* of such warrants can be made public.
I wonder how many such warrants go unreported.
February 8, 2025 at 6:55 PM
I'm fascinated by this story about the UK government demanding access to Apple e2ee iCloud accounts.
This was reportedly a warrant under the Investigatory Powers Act 2016. Neither the content nor the *existence* of such warrants can be made public.
I wonder how many such warrants go unreported.
This was reportedly a warrant under the Investigatory Powers Act 2016. Neither the content nor the *existence* of such warrants can be made public.
I wonder how many such warrants go unreported.
A new proposed amendment to the UK Data (Use and Access) Bill that I cleaned up.
Baroness Kidron proposes "sovereign data assets"—a licensing system for data held by public bodies (I guess primarily the NHS), with preferential access for UK organisations.
Baroness Kidron proposes "sovereign data assets"—a licensing system for data held by public bodies (I guess primarily the NHS), with preferential access for UK organisations.
January 30, 2025 at 10:05 AM
A new proposed amendment to the UK Data (Use and Access) Bill that I cleaned up.
Baroness Kidron proposes "sovereign data assets"—a licensing system for data held by public bodies (I guess primarily the NHS), with preferential access for UK organisations.
Baroness Kidron proposes "sovereign data assets"—a licensing system for data held by public bodies (I guess primarily the NHS), with preferential access for UK organisations.
It's Data Protection Boxing Day and the UK's ICO registration fees have officially gone up.
Not likely to break the bank but I doubt there is much support for this among businesses.
Not likely to break the bank but I doubt there is much support for this among businesses.
January 29, 2025 at 10:32 AM
It's Data Protection Boxing Day and the UK's ICO registration fees have officially gone up.
Not likely to break the bank but I doubt there is much support for this among businesses.
Not likely to break the bank but I doubt there is much support for this among businesses.
Last week's deep and nuanced judgment RTM v Bonne Terre is a fantastic read.
A gambling firm used data about a person's vulnerabilities to target them with marketing—with his "consent".
Here the judge explains how to balance respect for individual autonomy with the commercial benefits of data use.
A gambling firm used data about a person's vulnerabilities to target them with marketing—with his "consent".
Here the judge explains how to balance respect for individual autonomy with the commercial benefits of data use.
January 27, 2025 at 3:03 PM
Last week's deep and nuanced judgment RTM v Bonne Terre is a fantastic read.
A gambling firm used data about a person's vulnerabilities to target them with marketing—with his "consent".
Here the judge explains how to balance respect for individual autonomy with the commercial benefits of data use.
A gambling firm used data about a person's vulnerabilities to target them with marketing—with his "consent".
Here the judge explains how to balance respect for individual autonomy with the commercial benefits of data use.
An AI-"turbocharged" Plan for Change. He's ruined my day by saying that. Terrible.
January 13, 2025 at 10:15 PM
An AI-"turbocharged" Plan for Change. He's ruined my day by saying that. Terrible.
The General Court has an individual €400 after he used the "Log In With Facebook" button on the Commission's website
The court was satisfied that the claimant experienced non-material damages because "he found himself in a position of some uncertainty as regards the processing of his... IP address"
The court was satisfied that the claimant experienced non-material damages because "he found himself in a position of some uncertainty as regards the processing of his... IP address"
January 8, 2025 at 1:54 PM
The General Court has an individual €400 after he used the "Log In With Facebook" button on the Commission's website
The court was satisfied that the claimant experienced non-material damages because "he found himself in a position of some uncertainty as regards the processing of his... IP address"
The court was satisfied that the claimant experienced non-material damages because "he found himself in a position of some uncertainty as regards the processing of his... IP address"
Grammarly's new "Authorship Report" shows "a full replay of your typing and editing process" to share with clients, tutors, editors etc
I understand the need for scrutiny but I would not be comfortable with this
I second-guess myself constantly while writing. I feel the drafting process is private
I understand the need for scrutiny but I would not be comfortable with this
I second-guess myself constantly while writing. I feel the drafting process is private
December 21, 2024 at 11:31 PM
Grammarly's new "Authorship Report" shows "a full replay of your typing and editing process" to share with clients, tutors, editors etc
I understand the need for scrutiny but I would not be comfortable with this
I second-guess myself constantly while writing. I feel the drafting process is private
I understand the need for scrutiny but I would not be comfortable with this
I second-guess myself constantly while writing. I feel the drafting process is private
Deployers trying to satisfy Article 4 of the AI Act by generating AI literacy training via ChatGPT
December 20, 2024 at 5:05 PM
Deployers trying to satisfy Article 4 of the AI Act by generating AI literacy training via ChatGPT
In the latest episode of Google's absurdly convoluted ad privacy saga, the internet Elder God will let its customers to employ fingerprinting from next February
The ICO has penned a heavily caveated but supposedly "clear" response: Businesses do not have "free rein" to fingerprint "as they please".
The ICO has penned a heavily caveated but supposedly "clear" response: Businesses do not have "free rein" to fingerprint "as they please".
December 19, 2024 at 1:51 PM
In the latest episode of Google's absurdly convoluted ad privacy saga, the internet Elder God will let its customers to employ fingerprinting from next February
The ICO has penned a heavily caveated but supposedly "clear" response: Businesses do not have "free rein" to fingerprint "as they please".
The ICO has penned a heavily caveated but supposedly "clear" response: Businesses do not have "free rein" to fingerprint "as they please".
In case you don't have time to read the EDPB opinion on AI training, here's a summary of pretty much every paragraph.
December 18, 2024 at 3:35 PM
In case you don't have time to read the EDPB opinion on AI training, here's a summary of pretty much every paragraph.
Dutch DPA to Netflix:
"Your privacy notice doesn't say how long you'll retain data, only that you'll retain it 'as required or permitted by legislation and regulations.'"
Netflix:
"Your privacy notice says exactly the same thing."
Dutch DPA:
"That's not the point!"
"Your privacy notice doesn't say how long you'll retain data, only that you'll retain it 'as required or permitted by legislation and regulations.'"
Netflix:
"Your privacy notice says exactly the same thing."
Dutch DPA:
"That's not the point!"
December 18, 2024 at 10:56 AM
Dutch DPA to Netflix:
"Your privacy notice doesn't say how long you'll retain data, only that you'll retain it 'as required or permitted by legislation and regulations.'"
Netflix:
"Your privacy notice says exactly the same thing."
Dutch DPA:
"That's not the point!"
"Your privacy notice doesn't say how long you'll retain data, only that you'll retain it 'as required or permitted by legislation and regulations.'"
Netflix:
"Your privacy notice says exactly the same thing."
Dutch DPA:
"That's not the point!"
The GDPR says controllers must name "the recipients or categories of recipients" of personal data, both in privacy notices (Art 13-14) and on request (Art 15).
So which is it?
We have case law on Art 15 (must name specific recipients). The Dutch DPA's Netflix fine says this covers Arts 13-14, too.
So which is it?
We have case law on Art 15 (must name specific recipients). The Dutch DPA's Netflix fine says this covers Arts 13-14, too.
December 18, 2024 at 10:49 AM
The GDPR says controllers must name "the recipients or categories of recipients" of personal data, both in privacy notices (Art 13-14) and on request (Art 15).
So which is it?
We have case law on Art 15 (must name specific recipients). The Dutch DPA's Netflix fine says this covers Arts 13-14, too.
So which is it?
We have case law on Art 15 (must name specific recipients). The Dutch DPA's Netflix fine says this covers Arts 13-14, too.