Service announcement: I regularly lie to data gathering platforms like FB. So any message from FB telling you it’s my birthday today can be safely ignored. It’s not. They wanted to check my age when I created the account. They don’t need a day and month for that, and for that matter any year before 2000 will do. I lied to FB. You should too.

For those of you sending birthday wishes: thank you, I appreciate hearing from you. It’s good to know you

This is a very interesting article to read. A small French adtech company Vectaury has been ordered to stop using and delete the personal data of tens of millions of Europeans, as it cannot show proper consent as required under the GDPR. Of interest here is that Vectaury tried to show consent using a branche wide template by IAB. A French judge has ruled this is not enough. This is an early sign that as Doc Searls says GDPR is able to, though at the speed of legal proceedings, put a stake through the heart of ad-tech. Provided enforcement goes forward.

A month after the verdict, Vectaury’s website still proudly claims that they’re GDPR compliant because they use the concept of a ‘consent management provider’. Yet that is exactly what has now been ruled as not enough to show actual consent.

This Twitter thread by NYT’s Robin Berjon about the case is also interesting.

Does the New York Times see the irony? This article talks about how US Congress should look much less at the privacy terms of big tech, and more at the actual business practices.

Yet it calls upon me to disable my ad blocker. The ad blocker that blocks 28 ads in a single article, all served by a Google advertisement tracker. One which one of my browsers flags as working the same way as cross site scripting attacks work.

If as you say adverts are at the core of your business model, making journalism possible, why do you outsource it?
I’m ok with advertising New York Times, but not with adtech. There’s a marked difference between the two. It’s adtech, not advertising, that does the things you write about, like “how companies can use our data to invisibly shunt us in directions” that don’t benefit us. And adtech is the reason that, as you the say, the “problem is unfettered data exploitation and its potential deleterious consequences.” I’m ok with a newspaper running their own ads. I’m not ok with the New York Times behaving like a Trojan horse, pretending to be a newspaper but actually being a vehicle for, your own words, the “surveillance economy”.

Until then my ad blocker stays.


My browser blocking 28 ads (see the address bar) on a single article, all from 1 Google ad tracker.

Some links I thought worth reading the past few days

To celebrate the launch of the GDPR last week Friday, Jaap-Henk Hoekman released his ‘little blue book’ (pdf)’ on Privacy Design Strategies (with a CC-BY-NC license). Hoekman is an associate professor with the Digital Security group of the ICS department at the Radboud University.

I heard him speak a few months ago at a Tech Solidarity meet-up, and enjoyed his insights and pragmatic approaches (PDF slides here).

Data protection by design (together with a ‘state of the art’ requirement) forms the forward looking part of the GDPR where the minimum requirements are always evolving. The GDPR is designed to have a rising floor that way.
The little blue book has an easy to understand outline, which cuts up doing privacy by design into 8 strategies, each accompanied by a number of tactics, that can all be used in parallel.

Those 8 strategies (shown in the image above) are divided into 2 groups, data oriented strategies and process oriented strategies.

Data oriented strategies:
Minimise (tactics: Select, Exclude, Strip, Destroy)
Separate (tactics: Isolate, Distribute)
Abstract (tactics: Summarise, Group, Perturb)
Hide (tactics: Restrict, Obfuscate, Dissociate, Mix)

Process oriented strategies:
Inform (tactics: Supply, Explain, Notify)
Control (tactics: Consent, Choose, Update, Retract)
Enforce (tactics: Create, Maintain, Uphold)
Demonstrate (tactics: Record, Audit, Report)

All come with examples and the final chapters provide suggestions how to apply them in an organisation.