Favorited EDPB Urgent Binding Decision on processing of personal data for behavioural advertising by Meta by EDPB

This is very good news. The European Data Protection Board, at the request of the Norwegian DPA, has issued a binding decision instructing the Irish DPA and banning the processing of personal data for behavioural targeting by Meta. Meta must cease processing data within two weeks. Norway already concluded a few years ago that adtech is mostly illegal, but European cases based on the 2018 GDPR moved through the system at a glacial pace, in part because of a co-opted and dysfunctional Irish Data Protection Board. Meta’s ‘pay for privacy‘ ploy is also torpedoed with this decision. This is grounds for celebration, even if this will likely lead to legal challenges first. And it is grounds for congratulations to NOYB and Max Schrems whose complaints filed the first minute the GDPR enforcement started in 2018 kicked of the process of which this is a result.

…take, within two weeks, final measures regarding Meta Ireland Limited (Meta IE) and to impose a ban on the processing of personal data for behavioural advertising on the legal bases of contract and legitimate interest across the entire European Economic Area (EEA).

European Data Protection Board

I and my team at The Green Land are looking for a self-hosted version of event organisation tools like MeetUp.com or Eventbrite. Both for small scale events as part of projects, such as meet-ups of citizen scientists, as well as for ourselves, such as small gatherings we organise around AI ethics with our professional peer network.

We don’t want to use Meetup.com or things like Eventbrite because we don’t want personal data to be handed over to US based entities, nor require the participants to do so just because they want to attend a local event. We also notice a strong hesitancy amongst participants of events when it is needed to create yet another account on yet another service just to let us know they will be joining us for something.

Nevertheless we do want an easy way to announce events, track registrations, and have a place to share material before, during and afterwards. And I know that events are hard in terms of discovery, because although there are a plethora of events, for most participants as well as event organisers they’re incidents (years ago I came across a blogpost describing this Events Paradox well.). Additionally, for us as professionals it is usually more logical to host our own events than find one that fits our needs.
So we need a way to announce events where we can assure participants there’s no need to hand over personal information, and where material can be shared.

There seem to be two FOSS offerings in this space. Mobilizon by Framasoft and Gettogether. In the past weeks my colleague S and I tried to test Mobilizon.

Mobilizon is ActivityPub based, and there’s a Yunohost version which I installed on our VPS early last month. Mobilizon promises several strong points:

  • Fully self-hosted, and able to federate with other instances. There aren’t many visible instances out there, but one NGO we frequently encounter in our network does run its own instance.
  • you can maintain different profiles in your account, so that for different parts of your life you can subscribe to events, without e.g. your historical re-enactment events showing up amongst your professional events in a public profile.
  • People can register for an event without needing an account or profile (using e-mail confirmation)

Working with Mobilizon turned out less than ideal at a very basic level. Accounts couldn’t log in after creation. As an administrator I could not force password resets for users (that couldn’t log in anymore). Not being able to do user admin (other than suspending accounts) seems to be a deliberate design choice.
I still had access through my Yunohost admin account, but after an update yesterday of the Mobilizon app that stopped working too. So now both instance admins were locked out. Existing documentation wasn’t much help in understanding what exactly is going on.

I also came across an announcement dat Framasoft intends to shift development resources away from Mobilizon by the end of the year, and thusfar there’s little momentum in the developer community to pick up where they intend to leave off.

For now I have uninstalled Mobilizon. I will reach out to the mentioned NGO to hear how their experiences are. And will look at the other tool, although no Yunohost version of it exists.

I’m open te hear about other alternatives that might be good to try.

Oh great, LinkedIn! Of course I want you to ‘suggest’ postings in my timeline concerning conspiracy delusions about the fires in Hawaii, a disfigured street cat ‘nevertheless’ feeding its young and thus commended for its nurturing instincts (is animal ableism a separate category in your data model?), an autoplaying video of a woman removing mobiles from her family’s hands at the dinner table in a very funny (hahaha!) way, and something about a leopard. Enshittification ftw! I unfollowed every one on my contact list two years ago just for you to have more space to play Facebook and TikTok all by yourself. And I am also very pleased you always make me set the timeline to ‘most recent’ and then put it back to ‘most relevant’ (I do wonder about LinkedIn’s definition of ‘relevant’) so I don’t miss any of your suggestions. I think I need to use a different way of going to LinkedIn to find the details of someone in my network than the default /feed LinkedIn steers you to. I’ll add the direct path to the network search page as bookmark. And continuously strengthen my personal notes-as-rolodex.

Such a great day for the Digital Services Act to come into effect for ‘VLOPS’ like LinkedIn!

It had been expected, Tweetdeck is now no longer available to me to follow Twitter topics and lists. Tweetdeck is only available to paying Twitter accounts. Earlier today it still worked for me as a non-paying account, now no longer. It went web-only a year ago before Twitter’s transition of ownership. Last month it became clear Tweetdeck would be limited to paying accounts. With Tweetdeck gone the last remaining shred of utility of Twitter for me dissolved.

Twitter’s new management seems to want to limit the use of Tweetdeck to paying users only.

For many years, at least since the algorithm decided the timeline, I’ve used Tweetdeck as circumvention and as my interface to Twitter. It’s how I search for specific topics, follow some accounts, lists, tags etc. I had until recently some 70 columns in my Tweetdeck. Last year Tweetdeck became web only, and I suspected it wouldn’t be a net positive for my Twitter usage. It wasn’t. Mostly because it split up my different Twitter accounts over multiple tweetdeck set-ups where there used to be 1, and then made it harder to easily switch between accounts for posting and interacting. This last week it became mostly impossible to see any tweets when not logged in (which I never do on mobile).

All in all it looks like it’s time to discard Twitter fully. I haven’t posted in my accounts the last months, but kept the accounts if for nothing else than place holders. If even accessing Twitter is hobbled, then it’s finally time to let it go. One more platform that lives shorter than my own site.

Back in 2008 in presentations I used to share this list of what I shared online in which channel. Almost all of that is gone or disfunctional, where it used to be an integral part of my online interactions with my network.


A 2008 overview of social tools I used at that time. Slide from my 2008 talk at Politcamp Graz on networked life and work. Most of those tools no longer exist or I no longer use. Except for this blog.

I see lots of potential for social software still, and even again, just not social media.

[Update 2023/07/05: I have deleted all my topic oriented Twitter accounts and a few legacy ones, as well as my public main account (ton_zylstra). My private one (tonzylstra), I may keep for a while longer, unused though it is.]

Bookmarked 1.2 billion euro fine for Facebook as a result of EDPB binding decision (by European Data Protection Board)

Finally a complaint against Facebook w.r.t. the GDPR has been judged by the Irish Data Protection Authority. This after the EDPB instructed the Irish DPA to do so in a binding decision (PDF) in April. The Irish DPA has been extremely slow in cases against big tech companies, to the point where they became co-opted by Facebook in trying to convince the other European DPA’s to fundamentally undermine the GDPR. The fine is still mild compared to what was possible, but still the largest in the GDPR’s history at 1.2 billion Euro. Facebook is also instructed to bring their operations in line with the GDPR, e.g. by ensuring data from EU based users is only stored and processed in the EU. This as there is no current way of ensuring GDPR compliance if any data gets transferred to the USA in the absence of an adequacy agreement between the EU and the US government.

A predictable response by FB is a threat to withdraw from the EU market. This would be welcome imo in cleaning up public discourse and battling disinformation, but is very unlikely to happen. The EU is Meta’s biggest market after their home market the US. I’d rather see FB finally realise that their current adtech models are not possible under the GDPR and find a way of using the GDPR like it is meant to: a quality assurance tool, under which you can do almost anything, provided you arrange what needs to be arranged up front and during your business operation.

This fine … was imposed for Meta’s transfers of personal data to the U.S. on the basis of standard contractual clauses (SCCs) since 16 July 2020. Furthermore, Meta has been ordered to bring its data transfers into compliance with the GDPR.

EDPB