jm + cookies   8

Formal GDPR complaint against IAB Europe’s “cookie wall” and GDPR consent guidance
Fantastic :) A formal complaint has been filed with the Irish Data Protection Commission against IAB Europe, the tracking industry’s primary lobbying organization:
Tracking and cookie walls:

Visitors to IAB Europe’s website, www.iabeurope.eu, are confronted with a “cookie wall” that forces them to accept tracking by Google, Facebook, and others, which may then monitor them. Dr. Ryan has complained to the Irish Data Protection Commission that this is a breach of the GDPR, which protects people in Europe from being forced to accept processing for their data for any purpose other than the provision of the requested service.

“One should not be forced to accept web-wide profiling by unknown companies as a condition of access to a website”, said Dr Johnny Ryan of Brave. “This would be like Facebook preventing you from accessing the Newsfeed until you have clicked a button permitting it to share your data with Cambridge Analytica.”

Simon McGarr of McGarr Solicitors, who has worked on data protection cases for Digital Rights Ireland, represents Dr Ryan in his complaint. Mr McGarr said “Where companies rely on consent to process people’s data it is critical that this is more than a box ticking exercise. For consent to be valid, it must be freely given, informed, specific and unambiguous. There’s nothing intrinsically good or bad in cookie technology – what matters is ensuring it’s applied in a way which respects individuals’ rights.”


Challenging IAB Europe’s industry guidance on the GDPR:

The complaint to the Irish Data Protection Commission will also test IAB Europe’s GDPR guidance to the online advertising industry. IAB Europe has put itself forward as a primary designer of the online tracking industry’s data protection notices. It has told major media organizations, tracking companies, and advertising technology companies that they can sidestep the GDPR, and rely instead on the ePrivacy Directive, which IAB Europe has interpreted as more lax in protecting personal data.

IAB Europe has widely promoted the notion that access to a website or app can be made conditional on consent for data processing that is not necessary for the requested service to be delivered, despite the clear requirements of the GDPR, and statements from several national data protection authorities, that say otherwise.

“This complaint will make it plain that the media and advertising industry should not rely on IAB Europe for GDPR guidance”, said Dr Ryan.
dpc  ireland  brave  iab-europe  iab  cookies  tracking  gdpr  law  eu 
19 days ago by jm
Operation Socialist: How GCHQ Spies Hacked Belgium’s Largest Telco
Chilling.
GCHQ maintains a huge repository named MUTANT BROTH that stores billions of these intercepted cookies, which it uses to correlate with IP addresses to determine the identity of a person. GCHQ refers to cookies internally as “target detection identifiers.”
privacy  gchq  surveillance  belgacom  regin  uk  spying  belgium  isps  cookies  malware 
december 2014 by jm
"Macaroons" for fine-grained secure database access
Macaroons are an excellent fit for NoSQL data storage for several reasons. First, they enable an application developer to enforce security policies at very fine granularity, per object. Gone are the clunky security policies based on the IP address of the client, or the per-table access controls of RDBMSs that force you to split up your data across many tables. Second, macaroons ensure that a client compromise does not lead to loss of the entire database. Third, macaroons are very flexible and expressive, able to incorporate information from external systems and third-party databases into authorization decisions. Finally, macaroons scale well and are incredibly efficient, because they avoid public-key cryptography and instead rely solely on fast hash functions.
security  macaroons  cookies  databases  nosql  case-studies  storage  authorization  hyperdex 
november 2014 by jm
Vodafone UK, Verizon add mandatory device-tracking token on all web requests
'Verizon Wireless is monitoring users' mobile internet traffic, using a token slapped onto web requests, to facilitate targeted advertising even if a user has opted out.

The unique identifier token header (UIDH) was launched two years ago, and has caused an uproar in tech circles after it was re-discovered Thursday by Electronic Frontier Foundation staffer Jacob Hoffman-Andrews.

The Relevant Mobile Advertising program, under which the UIDH was used, allowed a restaurant to advertised to locals only or for retail websites to promote to previous visitors, according to Verizon Wireless.'
uidh  verizon  vodafone  privacy  tracking  http  cookies  advertising 
october 2014 by jm
Network Advertising Initiative: Opt-Out of Behavioural Advertising
'developed for the express purpose of allowing consumers to "opt out" of the behavioral advertising delivered by our member companies' -- opt out of the top 50 or so ad programs with a couple of clicks, via Jordan Sissel. great stuff
ads  advertising  browser  cookies  via:jordansissel  google  marketing  opt-out  privacy  tracking  web  behavioral  from delicious
june 2010 by jm
John Graham-Cumming: What's wrong with Flash Cookies?
Macromedia created a "parallel" cookie infrastructure, which is not cleared/controlled by browser cookie controls. Heinous! I had no idea. Checking mine, it was full of ad-tracking crap
cookies  flash  privacy  crapware  ads  from delicious
june 2010 by jm
FastMail and sessions
a clever HTTP session-management trick (via Tony Finch)
via:fanf  web  http  sessions  cookies  fastmail  from delicious
march 2010 by jm

Copy this bookmark:



description:


tags: