Amazon has been fined 746 million Euro by the Luxembourg DPA (where Amazon’s EU activities reside). In its response Amazon shows it isn’t willing to publicly acknowledge to even understand the EU data protection rules.

There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed., said an Amazon spokesperson according to Techcrunch.

Those facts are of course undisputed because a data breach or exposure of data to third parties is not a prerequisite for being in breach of GDPR rules. Using the data yourself in ways that aren’t allowed is plenty reason in itself for fines the size of a few percentage points of your global yearly turnover. In Amazon’s case the fine isn’t even a third of a percentage point of their turnover, so about a day’s worth of turnover for them: they’re being let-off pretty lightly actually compared to what is possible under the GDPR.

How Amazon uses the data it collects, not any breach or somesuch, is the actual reason for the complaint by La Quadrature du Net (PDF) filed with the Luxembourg DPA: the complaint “alleges that Amazon manipulates customers for commercial means by choosing what advertising and information they receive.” (emphasis mine)

The complaint and the ruling are laying bare the key fact Amazon and other tech companies aren’t willing to publicly comment upon: adtech in general is in breach of the GDPR.

There are a range of other complaints along these lines being processed by various DPA’s in the EU, though for some of those it will be a long wait as e.g. the Irish DPA is working at a snail’s pace w.r.t. complaints against Apple and Facebook. (The slow speed of the Irish DPA is itself now the subject of a complaint.)

Meanwhile two new European laws have been proposed that don’t chime with the current modus operandi of Amazon et al, the Digital Markets Act and the Digital Services Act, which both contain still bigger potential fines than the GDPR for non-compliance w.r.t. e.g. interoperability, service-neutrality, and transparency and accountability measures. And of course there are the European anti-trust charges against Amazon as well.

Amazon will of course appeal, but it can only ever be an attempt to gaslight and gloss over the fundamental conflict between adtech and GDPR. Let’s hope the Luxembourg DPA continues to see through that.

In the past few weeks I came across several links to ‘Nitter’, each on different domains. Nitter, it turns out, is a web front-end to see Twitter without Twitter being able to track you.

It shows you public Twitter pages, after stripping out tracking and JavaScript etc. You can’t login through it, or see the things that depend on your own Twitter account (like DM’s and private lists), nor post through it. It is merely a way to see the Twitter site while wearing surgical gloves.

Twitter has been fighting third party apps for its services because it threatens their tracking and advertising, so they want to keep you inside their walled garden. Which is why they closely guard who and what has access to their API. Nitter doesn’t use the API, so Twitter doesn’t have their hands on the off-switch.

This is useful for seeing some of the things others link to, like the increasingly annoying habit of tweets being added to ‘journalism’. (“Politician x said something and Twitter wasn’t having it”)

It is also very useful that it provides RSS feeds for all Twitter content (users, #, and search terms).

You can run your own instance, and there are browser plugins that redirect any Twitter link you follow to a Nitter link replacement.

For now I found a Dutch instance (on this list), and will see if adding some RSS feeds through them is workable.


My public Twitter profile seen through Nitter

Stephen Downes makes a good point. As ‘content consumers’ we correctly have the expectation that paying for something does not mean reduced advertising. In no medium is that actually the case, so the web isn’t and won’t be different. The issue of adverts on the web isn’t about ads per se. It’s about ad tech, which needs to die. It’s about web ad intermediaries too, who currently ensure there’s no link between me seeing an ad, the site I’m seeing it on knowing it’s there, and the actual money going to that site. There should however be such a link between the adverts shown on a site and the site knowing that, and the money flowing as direct as possible between advertiser and site. Advert intermediaries (deemed necessary because of their ad tech expertise) purposefully make the connection between me and the medium opaque to all but the advert intermediary. The problem with web ads isn’t ads.

Bookmarked Facebook says it may quit Europe over ban on sharing data with US (The Guardian)
Facebook has warned that it may pull out of Europe if the Irish data protection commissioner enforces a ban on sharing data with the US, after a landmark ruling by the European court of justice found in July that there were insufficient safeguards against snooping by US intelligence agencies.

Never issue a threat you’re not really willing to follow up on… FB says it might stop servicing EU citizens because it isn’t allowed to transfer their data to US servers over data protection concerns. To me it would seem good news if the FB data-kraken would withdraw its tentacles. It is also an open admission that they can’t provide their service if it is not tied to adtech and the rage-fed algorithmic timeline built on detailed data collection. Call it, I’d say.

As LinkedIn has sold Slideshare to Scribd (Slideshare’s more evil twin), and the practical handover happening on September 24th, I am preparing to close down my Slideshare account. As part of that I’m downloading my material on Slideshare. The first step is getting a CSV file from them that lists all the download URLs for my slides. It also provides some statistics with those download links, so for archiving purposes I’m adding some of those stats here.

My usage of Slideshare was always intended for two things: 1) have a way to embed my presentations in my blog and for others to view them, 2) have a place that can store those files, 3) allows others to download those files. Those last two reasons were way more of an issue to solve when I started using Slideshare in 2006. Hosting packages back then were generally too small to also host presentations, both in terms of bandwidth and storage. The first reason still is an issue: having a decent viewer to show these files on a website.

My first Slideshare was in December 2006, my last November 2019, so thirteen years exactly. I uploaded 132 presentations so about 10 per year on average, but in reality it was much less spread out:

2006 1
2007 6
2008 13
2009 17
2010 32
2011 24
2012 14
2013 10
2014 6
2015 0
2016 1
2017 1
2018 3
2019 4

The peak years were 2008 through 2013, which coincide with becoming self-employed and doing a lot of awareness raising for open data. From 2014 most of my presentations were for my company, and I posted much less under my own account. (I also will need to download the material from my company’s accounts before the 24th as well).

My 2 most downloaded presentations form an interesting combination:

  • My 2008 presentation at Reboot in Copenhagen (332), that I remember very much (and that I recently converted into Notions)
  • A 2010 presentation on FabLabs (259) that I gave to an engineering company (says the description) for an internal workshop, but I have no immediate recollection of doing that. (Checking my 2010 calendar just now I do remember, seeing the client’s name)

The total views for my 132 presentations were 292708 (2217 on average)
The three most viewed presentations were:

  • My 2010 Lift Marseille, France, talk about FabLabs, 11338 views
  • My 2010 brief remarks on private sector open data during Open Data Week in Nantes, France, 8242 views
  • My talk at PolitCamp Graz, Austria in 2008, the event where I got interested in open data, but this one was about social media use w.r.t. political communication, 8009 views

The three presentations that were mostly viewed in embeds were:

  • My 2010 Lift Marseille, France, talk about FabLabs again, 7157 views in embeds, or about half of total views
  • My 2013 opening keynote for a software company’s European customer event, 3285 embed views
  • My 2012 workshop on open data as policy instrument, at the Dutch national open data conference, 3055 embed views

Given that Slideshare for me was about allowing downloads, and providing embeds, let’s look at those totals. Thirteen years with 132 uploaded presentations come out at 2286 downloads and 51633 embedded views. It’s not nothing obviously, but one can wonder if it is something worthwile enough to allow thirteen years of third party tracking.

Bookmarked Only 9% of visitors give GDPR consent to be tracked (markosaric.com)
Privacy regulations such as the GDPR say that you need to seek permission from your website visitors before tracking them. Most GDPR consent banner implementations are deliberately engineered to be difficult to use and are full of dark patterns that are illegal according to the law..... If you implement a proper GDPR consent banner, a vast majority of visitors will most probably decline to give you consent. 91% to be exact out of 19,000 visitors in my study.

GDPR and adtech tracking cannot be reconciled, a point the bookmark below shows once more: 91% will not provide consent when given a clear unambiguous choice. GDPR enforcement needs a boost. So that adtech may die.

Marko Saric points to various options available to adtech users: targeted ads for consenting visitors only, showing ads just based on the page visited (as he says, “Google made their first billions that way“), use GDPR compliant statistics tools, and switch to more ethical monetisation methods. A likely result of publishers trying to get consent without offering a clear way to not opt-in (it’s not about opting-out, GDPR requires informed and unforced consent through opt-in, no consent is the default and may not impact service), while most websurfers don’t want to share their data, will mean blanket solutions like ad and tracker blocking by browsers as default. As Saric says most advertisers are very aware that visitors don’t want to be tracked, they might just be waiting to be actively stopped by GDPR enforcement and the cash stops coming in (FB e.g. has some $6 billion reasons every single month to continue tracking you).

(ht Peter O’Shaughnessy)