Avatar (Fabio Alessandro Locati|Fale)'s blog

Dal cloud al self-hosting

October 26, 2024 - Milano, IT

Read More

On Out of Office emails

August 26, 2024

This summer, I found myself multiple times reading out-of-office emails. Actually, this is not a new phenomenon: it has happened every summer since I started working. Obviously, it also happens outside the summer, but it is far easier to notice it during the summer.

I think the majority of people should not configure an out-of-office replyer.

By recipient

Many people might write to you and receive an out-of-office email if you have set up an out-of-office replayer. Let’s analyze the various personas that might send you emails and whether the out-of-office message makes sense for them.

Read More

On the nature of the right to privacy

November 28, 2023

In the last month, Meta has started to give their European users a choice between an account for their services paid in data or one paid in Euros. Today, noyb has filed a GDPR complaint against Meta over this behavior. Noyb has very good points to sustain their filing, but I don’t want to delve too much into those since those are very well explained in their press release. I think there is a deeper problem that they quickly touch but do not address directly, which is the interpretation of the kind of right that privacy is.

Read More

EU EDPB vs. Irish DPC vs. Meta Platforms

May 24, 2023

The Irish Data Protection Commission (DPC) has evaluated the legality of Facebook’s (now Meta Platforms) data transfer for over 10 years. In those 10 years, we have seen the Irish DPC trying to avoid ruling on the matter multiple times and the European Data Protection Board (EDPB) forcing them to do it. We now have a final ruling on the matter, which is unfavorable to Meta. In fact, in addition to having to stop the data transfer within 5 months and having to move back all data within 6 months, Meta has to pay a € 1.2 billion fine.

Read More

Google Analytics and EU rules

September 26, 2022

In the last few months, we have witnessed multiple European Data Protection offices weigh on the legitimacy of Google Analytics.

Back in January, I’ve published a post that touched on the topic but was not really about Google Analytics. So, let’s start looking at what happened, why Google Analytics seems to be so interesting for the European Privacy authorities, and finish with some guessing on what could happen in the next few months.

Read More

US services, EU privacy rules

January 25, 2022

In the last few weeks, there has been a lot of talking about Google Analytics and the GDPR. I think most of the comments around it have missed the whole picture.

A little bit of history

Our brief history begins at the end of the ’90s when the EU and the US agreed on the International Safe Harbor Privacy Principles. On the 26th July 2000, the European Commission (EC) formalized it with the Commission Decision 2000/520/EC, where it was defined that data could be freely moved from the EU to the US. The assumption was that the data on US soil would have comparable (or better) protection than the same data on EU soil, and therefore the privacy of European citizens was not at risk. On 6th October 2015, the European Court of Justice (ECJ) invalidated this decision on the basis that in the US laws were authorizing public authorities to have access on a generalized basis to the content of electronic communications, and this was deemed to be “compromising the essence of the fundamental right to respect for private life” (the quote is from the ECJ decision).

Read More

Google and Facebook fined for cookies practices

January 10, 2022

The CNIL, France’s data regulator, fined Meta (Facebook) and Google for violating the GDPR for a total of 210M€. More specifically:

Also, if the companies will not fix the issue within three months, an additional penalty of 100'000€/day will be added.

There are two facts that I think are very interesting about these fines: the reason behind the fines the fines issuer

Read More

GDPR - 3 years later

May 31, 2021

Three years passed from the moment the GDPR become binding law in the European Union. On the one hand, I’m happy that it has already been three years, but on the other hand, I’m impatient to see GDPR fully applied.

Cookies

Cookies are always a hot theme when we talk about GDPR. I still see websites handing out cookies (first and third parties ones) without a cookie banner or to users who have not pressed the “accept” button on the cookie banner. Also, speaking about cookie banners, the majority are not compliant since they often make it hard to refuse cookies or pre-select cookie acceptance. This situation is unfortunate, but we see some movement on this (like the noyb initiative). If those initiatives continue, as I hope, next year, the cookie situation will be much better!

Read More

A website with no cookies

July 19, 2020

Today I did a big update to this website. The goal of today’s update is the removal of Disqus. I have decided to remove Disqus more than a year ago, with the decision to remove all cookies from this website. The plan was to remove both Google Analytics and Disqus since those were the only two reasons this website was distributing cookies. I removed Google Analytics in June 2019, and now I’ve removed Disqus, so this goal has now been achieved.

Read More

GDPR - 2 years later

May 25, 2020

As it is becoming a sort of tradition, here we are, after two years from the enactment of GDPR to see how it performs in the real world.

In our previous yearly check, we analyzed the situation from two points of view: the banners and the fines. Let’s see how those two topics have evolved in the last year.

On the 1st of October 2019, with the judgment in case C-673/17, the European Union Court of Justice clarified that pre-ticketed consent checkboxes are not sufficient since the consent has to be expressed actively by the user. This requirement was clear to me since my initial approaches to the GDPR, since it was clear that this was the only way to respect the Regulation’s spirit. Still, it is very nice to see it stated explicitly by the European Union Court of Justice.

Read More
Older