On a tangent, I don’t understand how Apple’s App Store allows the Google Photos app to insist on being given access to all photos on your device rather than selected photos to even work (even just to view photos shared elsewhere). Seems like an obvious violation of privacy and terms around not requiring unnecessary permissions. I think the app should be banned until they provide an option to gracefully respect users’ privacy settings rather than holding unrelated features hostage if they don’t get to spy on every photo on your device.

Yes, I am happy I can export my data with google but boy it is annoying to do.

Some companies somehow blatantly get away with not allowing any export at all.

For example, Amazon eero, the overpriced WiFi router that doesn't even work (without phoning back home and having an app installed on your phone). They had an outage like a year ago, and during said outage, all your existing ad blocking stopped working, too, even if you never rebooted during the outage, and even though said blocking is supposed to be performed locally. I think you can't even get the ad blocking unless you or your ISP pays for the special subscription, either. (I imagine the thing could have removed all local ad blocking settings and lists during the time it couldn't confirm you're still a paying customer because their cloud was down?)

Does anyone know how exactly does Amazon get away with not providing data export for their eero product? I haven't seen a Blink or Ring exports, either. The main Amazon dot com does have the export, which has some extensive data you may not think they do collect, but it doesn't cover eero, Blink or Ring.

we are in the upcoming golden age of browser automation

this will stop being a problem

We didn't set out to hide our GDPR requests, we put them behind our Support/Legal button. But we got sued anyway, and we lost.

Now we have to have the "delete my data" and "request my data" as part of our main settings list. Result: flooded with requests. People are clicking the buttons just because they are there. For me it's not a big deal, I automate all the requests. But, I still feel like this went too far.

If you are a California resident you can request a deletion via the state's new DROP platform which is launching next year. That will send the deletion request to every registered data broker in the state who will then have 45 days to comply. Part of that compliance is sending deletion notifications to everyone downstream that they have shared or sold your data to in the past. The penalty for not responding to a DROP request is going to be $200 a day, per request.

Starting in 2028 CA registered data brokers will have to undergo audits to ensure that they have been complying with deletion requests to the fullest extent of the law. Now, maybe only 20% of actual data brokers are registered in California like they are supposed to be, but it's a start.

Shameless plug: I'm building a platform to help the data brokers actually delete the data they are supposed to, provide full auditing and accounting for that process, and automate privacy request handling: forgetmenaut.com

What mugshot extortionists do, is charge you to delete your mugshot, then move it to another domain that they own.

There’s still value in turning the faucet off if you ask me. Especially if you’ve hardened security/privacy practices to better protect yourself moving forward.

I only got really serious about consistently using VPN’s, firewalls, adblockers, and more privacy centered browsers a few years ago. I would say over the last 8 to 12 months I finally started to see it pay off. I still don’t see a lot of ads if ever, and they are wildly off target when I do see them. Using email aliases that I regularly purge has also made a huge difference when it comes to password/info leaks in particular.

Now if I could only get my damn phone number under control… so tired of the endless spam texts

I have used Incogni for a few years now, I was a little worried after the first year things wouldn't be worth the price, but I'm noticing that there are data brokers who will happily remove you but not put you on a block-list, meaning that they will happily ingest your information again if it comes to them, and another request from Incogni will be needed to remove it again.

I'm on the fence about whether that's real value delivered from Incogni, but I do think overall it's working to limit some of the spread of my data.

I have (optery, not deleteme) and I think it's good to use at least once to clear out a buildup of your info out there. I couldn't justify paying for it monthly but if I was a semi-important person it might be worth it, or at least 1 or 2 months out of the year. Many brokers aren't responsive and it takes forever or never actually happens, and stuff definitely creeps back, but from what I can tell there is a heck of a lot less of me out there.

if you live in a eu, a gdpr request can be followed by a request to your id only if there is reasonable doubt that you're faking an identity. Groupon did this and had to stop: https://gdprhub.eu/index.php?title=DPC_(Ireland)_-_Groupon_I...

I don't think there is a mechanism to do that. I think that puts all AI models in breach of the GDPR by default.

I might be wrong but if I'm not that's a serious problem for AI companies.

> I've got a folder where I keep printouts of the recent offenders, and once I get a few weeks of holiday I'll start filing small-claims cases against them.

A rare case of doing God's work at a profit!

Er, you're going to file multiple small claims in the US against (suspected) firms outside the US?

Be prepared to be disappointed. There is 0 evidence/elements of damage in the eyes of the archaic courts in this case, as you have no evidence of being damaged. You may be annoyed, but you're not at psychical or monetary risk due to the actions of another.

I disagree^ with the above, we live in the future where comm-spam is an inherent risk. However, I lost a small claims case where documented over 5 years Mazda put the wrong oil in my car. I found out after pouring through paperwork and seeing the line items/overcharging (22 instances of this.)

Judge dismissed it due to no "damage." 3rd cylinder died a week later.

Don't stop dreaming. Keep fighting.

Exactly, that is what I have been saying for ages.

People think they can delete their messages on say, Discord. I tell them it is not deleted, just marked deleted. The data is still there.

This is the case.

In every aspect of life in which personal data is indexed/transmitted, the point of origin at least is some place you've explicitly indicated approval of this process. IF you walk into walmart, you are granting them the ability to sell your facial data and card metadata to whoever.

No third party is calling your mobile provider to ask them to leak info. They are PAYING the mobile provider to leak them info that we provided express written consent for them to do so. TO avoid these ToS and binding agreements, you would need to live a disconnected agrarian lifestyle. Literally, can't walk into any corporate store.

yay!

This is kind of the case. Under GDPR, the data can only be used for the specific purpose for which is was collected, unless explicit consent is obtained. Terms buried in contracts do not count as consent - a contract has to be clear about the purpose for collecting the data and why it is necessary to fulfil the contract, and using the data for any other purposes is illegal.

> You have to explicitly give others permission to use that data for any purpose

This is already the case. All the contracts and terms of service documents already contain these permission clauses. People don't even read such things.

The funniest contracts are the ones that say "by using this site, you agree to [surveillance capitalism]". People have to navigate the site in order to even read the contract so it's logically equivalent to writing "by reading this contract, you accept it".

People need to start making laws that invalidate these silly documents.

my worry is that the request to delete data requires that you give them data about who you are. And who knows what they will do with that

The biggest downside is that it's probably a waste of your time.

If you reach out to them you're risking validating that the data they already have is somewhat accurate, plus they might demand more information from you.

What do you get back from giving that?