The Background Sync API (alternatively, periodic) enables web apps to defer tasks until the user has a stable connection. It may be useful for apps processing data offline. It introduces curious capabilities in web platforms, so it's important to understand the security and privacy footprint. Here I explore Read More
We are at a historical moment where countries are introducing regulations of content distributed online and via social media. In Europe, such regulation is the Digital Services Act (DSA), which is still in its early phases, and we are yet to see its full impact and enforcement in action. Content Read More
The big day arrived. The UK Competition and Markets Authority (CMA) finally agreed for Google to phase out third-party cookies. That's terrific because it improves user welfare. Furthermore, no grace period was requested. Google could do it even today. The catch? Only on iOS, Apple's operating Read More
The Digital Markets Act is one of the least understood EU technology laws, yet it has tangible impacts—both positive and negative—on the technology landscape. We’ll use the opportunity to study an interesting and real-world case. It concerns the practice of Chrome preloading its web browser extension so Read More
There’s no question that disinformation, propaganda, and manipulation threaten the election process. The increased transition of societies to online interactions induces those vulnerabilities. Technical developments like generative AI content and the ability to reach wide audiences only help in the creation of digital propaganda. Fortunately, we are not exactly Read More
Data protection (GDPR) complaint against unlawful data processing by OpenAI's GPT. Infringement of data protection principles and data protection by design. Read More
This is an accompanying post about the contents of my LL.M. dissertation devoted to Protected Audience API. The initial post, considering privacy and data protection, is here. This post is devoted to aspects of competition, an important element of the debate around the phasing out of third-party cookies, and Read More
Data protection assessment of Privacy Sandbox's Protected Audience API. It can be deployed and designed in compliance with GDPR. Read More
Some time ago I wrote about “how GDPR fines work”, be calculated, including what technical aspects may be considered during such a calculation, the article is here, and it is quite a case study. It’s still good and all, but this time, finally, EU data protection authorities agreed on Read More
Privacy and data protection assessment of the eID Regulation. This assessment is prepared in response to a request by the LIBE Secretariat in the name of the MEP Cristian Terhes (rapporteur of eID file; requested on 19.01.2022). The focus of this assessment is data protection and privacy. Although Read More
Europe is continuing its fight against mechanised political influence, propaganda, disinformation. Package restricting the use of targeted political ads is the new chapter. In this note, I critically analyse the proposals. This analysis will also help to understand what might lie ahead for non-political ads in the future. It’s Read More
Artificial Intelligence and AI Governance are hot topics in this decade. European Union has a pretty ambitious attempt to regulate AI (project here). In this post, I have a look at the proposal through the technical lens, including paying attention to cybersecurity and privacy. The goal of the regulation is Read More
European Union showcased its new aims for cybersecurity (“strategy”), along with the new proposal for directives regulating cybersecurity, critical infrastructure, and end-to-end encryption. The strategy goes first. Strategic EU focus on cybersecurity? The strategy contains several interesting points, for example: European DNS European DNS resolver system. This point is critical Read More
Technology platforms create technologies with significant impacts on nations, governments, and societies. This impact is increasing, reaching new heights. Many feel that the rules of the game are unclear, insufficient, or non-existent. Without rules, one only wonders who would set out the road to the future. In other words, does Read More
In the past, I analyzed some more interesting EU regulations relating to privacy or cybersecurity, as well as some national cybersecurity strategies. This post is about a the proposal for a regulation just unveiled by the European Council. The primary focus of the regulation is the cyber resilience of the Read More
Privacy Shield provided for simple grounds for transferring data from the European Union to the USA. The news of invalidation of Privacy Shield as a result of the verdict of the European Court of Justice (ECJ) has now settled. It’s a matter of law, and the associated decision contains Read More
Recently the US has conducted a process modeled over Eisenhower-era Red-Teaming designed to figure out how to tackle the Cold War era risks posed by Soviet Union. Just applied to cybersecurity. Sounds exciting if not fuzzy? The report is now released and it is an extremely interesting strategic assessment. It Read More
In 2009, as people grew concerned over the pervasiveness of web tracking, the idea of adding Do Not Track (DNT) to browsers gained traction across the web. By enabling the setting, the browser attaches “DNT: 1” to a web request, effectively telling the site that user does not wish to Read More
Today, disinformation is a broad problem touching national, international, and cyber security policies, as well as domains such as social sciences and technology, including technical cybersecurity and privacy. Different tactics are used by state and non-state actors, both internal and external. Various protective measures can deliver different outcomes, for the Read More
The world is rapidly upgrading data privacy regulations. In that regard, European Union is admittedly at the forefront, with its General Data Protection Regulation. It somewhat permeates outside, spreading the good P-rays (privacy rays). India is a very importan country, the largest democracy in the world. So it is not Read More
One of the most discussed and often introduced as controversial additions of the General Data Protection Regulations are the high fines. Maximum fines of €10.000.000 (or 2% annual worldwide turnover) or €20.000.000 (or 4%) are definitely significant. They could cripple an entire company. But can or Read More
I’m tracking all the things related to ePrivacy Regulation and also take an active part in the related work for a while now. What is ePrivacy? In a nutshell, ePrivacy is a regulation aiming to further protect privacy in electronic communication. Think of it as a specialized GDPR. Indeed, Read More
Currently, it is the key question of cybersecurity and privacy strategic policy. The European Union is going through an overhaul of its privacy and cybersecurity regulatory frameworks. New regulations appear with remarkable frequency. Let’s mention merely the three: NIS Directive (“common level of network and information security“), General Data Read More
The “technology” in “technology policy” should have a real meaning - there are signs it’s actually happening. With the growing involvement and engagement of people versed in technology, good concepts are reaching decision-makers. In this short note I highlight the 3 interesting items currently on plate in Europe. They Read More
The work on ePrivacy continues and enters a hot period. I’m interested in it from the very beginning, I’m also actively involved in these works, also as a stakeholder. The draft proposal with amendments is now public. Being involved in those works, I’m impressed how good suggestions Read More