"The Pay-or-Okay model adopted across the online news industry and platforms like Facebook and Instagram is “manipulative” and cannot be considered a free choice, a new report from the digital rights group noyb has found.

The report comes as the European Data Protection Board (EDPB), which oversees the implementation of privacy rules in the EU, is considering formal guidelines regarding the use of the model, also known as Consent-or-Pay.

Organizations like noyb, a Vienna, Austria-based non-profit, have long called on regulators to adopt a stricter approach to Pay-or-Okay, which they say violates the bloc’s General Data Protection Regulation (GDPR).

According to the group, Pay-or-Okay does not provide users a genuine choice to refuse tracking, as required by privacy rules, because the alternative is too expensive.

“Right now, users are effectively and unlawfully nudged towards ‘consenting’ to being tracked. The EDPB now has the opportunity to take a clear stance on this issue in its upcoming guidelines,” said Felix Mikolasch, data protection lawyer at noyb."

https://cybernews.com/privacy/pay-or-okay-north-korea/

Brave now blocks Microsoft Recall by default on Windows 11+

Starting in version 1.81, Brave prevents Recall from capturing browser screenshots—protecting users from unintended tracking or data leaks

Brave is the first major browser to take this step, reinforcing its privacy-first stance

@brave

https://brave.com/privacy-updates/35-block-recall/

Proton no longer trusts Switzerland to host its AI infrastructure
Due to proposed mass surveillance laws, Lumo — Proton’s new private AI — will run on servers in Germany & Norway instead

CEO Andy Yen warns the Swiss proposal mirrors “surveillance capitalism” & could make Swiss services less private than Google’s

@protonprivacy

https://www.swissinfo.ch/eng/ai-governance/proton-does-not-trust-switzerland-to-host-its-ai-servers/89727842

they said I could become anything so I became a proponent of enforcing GDPR compliance upon multinationals operating within the EU using all means available to me (up to and including becoming a bus) #gdpr #copilot #dpa #dataprotection #sueeverybody #sysadmin #wtf https://www.edpb.europa.eu/notify-data-breach_en

"If Prime Minister Mark Carney's election was meant to be a rejection of authoritarian trends south of the Canadian border, things are not off to a good start.

That’s Robert Diab’s conclusion given what’s been rolled into Bill C-2, the government’s Strong Borders Act, tabled in June.

While past governments have unsuccessfully attempted to make it easier for police to access Canadians' private data, specifically the subscriber information attached to an internet service provider account or an internet protocol address, he says the current government’s kick at the legal access can is in a league of its own.

“(The provisions) do more to expand the state’s power to access private data in Canada than any law in the past decade,” Diab, a professor of law at Thompson Rivers University, specializing in law and technology, and constitutional rights, wrote in a piece for Tech Policy.

In an interview with National, he says he was surprised by how many new search powers have been rolled into the omnibus bill, how extensive they are and how many are unrelated to border security.

Among the lawful access provisions buried among border security measures, the bill proposes expanding the legal definition of subscriber information. While there’s currently no definition in the Criminal Code, in 2014, the Supreme Court of Canada in R v Spencer defined it as “the name, address, and telephone number” of a customer associated with an internet protocol (IP) address.

Last year, in R v Bykovets, the Court went a bit further, defining subscriber information as “the name, address, and contact information” associated with an individual IP address."

https://www.nationalmagazine.ca/en-ca/articles/law/in-depth/2025/a-big-brother-bill

"The federal government is trying to use Medicaid data to identify and deport immigrants. So EFF and our friends at EPIC and the Protect Democracy Project have filed an amicus brief asking a judge to block this dangerous violation of federal data privacy laws.

Last month, the AP reported that the U.S. Department of Health and Human Services (HHS) had disclosed to the U.S. Department of Homeland Security (DHS) a vast trove of sensitive data obtained from states about people who obtain government-assisted health care. Medicaid is a federal program that funds health insurance for low-income people; it is partially funded and primarily managed by states. Some states, using their own funds, allow enrollment by non-citizens. HHS reportedly disclosed to DHS the Medicaid enrollee data from several of these states, including enrollee names, addresses, immigration status, and claims for health coverage.

In response, California and 19 other states sued HHS and DHS. The states allege, among other things, that these federal agencies violated (1) the data disclosure limits in the Social Security Act, the Privacy Act, and HIPAA, and (2) the notice-and-comment requirements for rulemaking under the Administrative Procedure Act (APA)."

https://www.eff.org/deeplinks/2025/07/eff-court-protect-our-health-data-dhs

I thought 'consent or pay' was effectively unlawful in the EU? I keep seeing it cropping up on websites.

A bold new marketing advice, free of charge for the companies out there: Offer products and services that actually solve people's problems instead of paying those who invade their privacy online!
--
#privacy #DataProtection #marketing #business

IDs at the ready

Age assurance requirements under the UK Online Safety Act kick in this Friday.

UK users will have to hand over their sensitive data to cyber bouncers without being sure they'll protect their privacy.

ORG is calling for these age assurance providers to be regulated

https://www.openrightsgroup.org/press-releases/org-calls-for-age-assurance-industry-to-be-regulated/

I'm so glad somebody is finally writing about this.

#HikVision Thousands of controversial Chinese surveillance cameras installed in public places across Ireland

https://www.thejournal.ie/investigates-hikvision-surveillance-6755381-Jul2025/

via @TheJournal

"When your laptop is infected with infostealing malware, it’s not just hackers that might get your passwords, billing and email addresses, and a list of sites or services you’ve created accounts on, potentially including some embarrassing ones. A private intelligence company run by a young founder is now taking that hacked data from what it says are more than 50 million computers, and reselling it for profit to a wide range of different industries, including debt collectors; couples in divorce proceedings; and even companies looking to poach their rivals’ customers. Essentially, the company is presenting itself as a legitimate, legal business, but is selling the same sort of data that was previously typically sold by anonymous criminals on shady forums or underground channels.

Multiple experts 404 Media spoke to called the practice deeply unethical, and in some cases the use of that data probably illegal. The company is also selling access to a subset of the data to anyone for as little as $50, and 404 Media used it to uncover unsuspecting victims’ addresses.

The activities of the company, called Farnsworth Intelligence, show a dramatic shift in the bevvy of companies that collect and sell access to so-called open source intelligence, or OSINT. Historically, OSINT has included things like public social media profiles or flight data. Now, companies increasingly see data extracted from peoples’ personal or corporate machines and then posted online as fair game not just to use in their own investigations, but to repackage and sell too."

https://www.404media.co/a-startup-is-selling-data-hacked-from-peoples-computers-to-debt-collectors/

Over 3.5 million customer records from Australian global fashion brand #SABO were exposed online containing over 292GB database without any security authentication or encryption.

https://hackread.com/global-fashion-label-sabo-customer-records-leaked