2 months ago • Created a post

One App – Two Worlds: This Is TikTok in Russia and Ukraine

1260 points • 348 comments

9 months ago • Comments on a post

There are exemptions for academic research and journalism in the GDPR under article 85 [0]. That is why the original news article (that I wrote) clearly mentions right away that the information was collected for a academic project.

[0] https://bookdown.org/fede_caruso/bookdown/the-journalistic-e...

9 months ago • Comments on a post

I don't think that many stores track customers and that a lot of the hype from a couple of years ago never ended up in a successful commercialization of the technology.

(Full disclosure: Author of linked article.)

1 year ago • Comments on a post

More background: The fine is mainly based on the fact that Disqus forgot to enroll Norwegian IP-addresses into their GDPR «privacy mode».

That meant that websites that had enabled a specific setting ("Enable anonymous cookie targeting") in Disqus were tracking Norwegian without informing them. Most of the websites in Norway and elsewhere did not know they were sharing users data through Disqus.

Major sites like the Wirecutter, The Hill, 9to5mac, Breitbart had enabled the setting in 2019. Of the 23 websites I contacted, all 11 that responded told me they were unaware of the tracking and had turned the setting off.

(I wrote the investigative articles in 2019 for the Norwegian public broadcaster NRK.)

A thread in English from then explains most of the findings: https://twitter.com/martingund/status/1207327648093003777

1 year ago • Comments on a post

There are some nuisances on jurisdiction, but if a company tracks users in Europe they may fall under the purview of European data protection authorities.

There are several factors that play in. For example that the data controller offers the delivery of goods in EU Member States, say a plugin like Disqus. It could also be that they have a .eu top level domain.

The Norwegian DPA also writes this in their advanced notice: "Online tracking using cookies and behavioural advertising are explicitly mentioned as activities which constitute monitoring of behaviour in the EDPB Guidelines on the territorial scope of the GDPR."

EDPB: Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) https://edpb.europa.eu/sites/default/files/files/file1/edpb_...

1 year ago • Comments on a post

We part of the European Economic Area (EEA) which is quite close to being a EU member, but without voting rights. Norway voted two times on membership and the compromise was EEA.

1 year ago • Comments on a post

Disqus does not track users from GDPR countries by default. My initial story in December 2019 for the Norwegian broadcaster NRK was a result of Disqus not knowing Norway had the GDPR (we are part of EEA, but not EU).

Users are checked based on IP whether they come from a GDPR country. If GDPR, they will be put in private mode. A user needs to create a profile and consent to sharing for tracking to begin.

Norwegian DPA opened an investigation as a result of our stories and Norwegians are now in private mode by default.

1 year ago • Comments on a post

As a journalist I can tell you that an important portion of what we report comes from sources that divulge proprietary, secret, or classified info.

Journalists don’t give up their sources due to the risks you are highlighting.

Anyway - for a open society to function we need to live in the same factual world and media contribute to that.

1 year ago • Comments on a post

Writer: Samsung Galaxy S7. I guess over 70 apps in navigation, weather, games, prayer apps, or relevant due to listing location companies in privacy policy.

I have not named apps / companies I that were not relevant to this feature. I found other things, but I had to focus on a clear story.

1 year ago • Comments on a post

Turning off ad id in the OS and checking which apps have access to location would do wonders. Would also recommend checking which apps have access to the contact list.

1 year ago • Comments on a post

I hacked the tweet thread together in 15 min so I think the article might be a better (although longer) read.

1 year ago • Comments on a post

(Journalist behind article.) Thank you! I can say that it is not easy to use subject access requests to get information. Without the help of Michael Veale’s template and a lot of grit, I don’t think I would have made it.

Transparency is just a first step, but it is a powerful tool.

1 year ago • Created a post

A Newsroom at the Edge of Autocracy

4 points • 0 comments

2 years ago • Created a post

Garbage Language: Why do corporations speak the way they do?

3 points • 0 comments

2 years ago • Created a post

Grindr data sharing “out of control”

3 points • 0 comments

2 years ago • Created a post

Wirecutter, the Hill, Others Shared Personal Data Through Disqus Without Knowing

4 points • 0 comments

2 years ago • Created a post

Millions of Users Affected by Disqus Data Sharing on Well-Known Websites

6 points • 0 comments

2 years ago • Created a post

Where Are the Months? Mental Images of Circular Time in a Large Online Sample

1 points • 0 comments

3 years ago • Created a post

Hydro CIO on the LockerGoga Cyber Attack

1 points • 0 comments

4 years ago • Created a post

Facebook reported to data protection authorities in seven European countries

3 points • 0 comments