mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2026-03-11 08:54:41 +00:00
Second grammar & spelling pass (pt. 1)
This commit is contained in:
parent
1351935d7b
commit
1e60b9d149
9 changed files with 138 additions and 111 deletions
|
|
@ -1,20 +1,20 @@
|
|||
---
|
||||
title: Beware of Privacy Snake Oil
|
||||
description: In your privacy advocacy, it's important to recommend tools that are reliable to protect yours and other people's privacy. Learn how to evaluate privacy claims.
|
||||
description: In your privacy advocacy, it's important to recommend tools that reliably protect your and other people's privacy. Learn how to evaluate privacy claims.
|
||||
icon: fontawesome/solid/skull-crossbones
|
||||
cover: activism/banner-toolbox-tip-snakeoil.webp
|
||||
---
|
||||
In your privacy advocacy, it's essential to use and recommend tools that are reliable to protect privacy. For this, you need to **investigate and remain highly skeptical** of any dangerous or unproven marketing claims.
|
||||
In your privacy advocacy, it's essential to use and recommend tools that *reliably* protect privacy. For this, you need to **investigate and remain highly skeptical** of any dangerous or unproven marketing claims.
|
||||
|
||||
Here's how to evaluate privacy claims, and recommend tools that are trustworthy:
|
||||
|
||||
## Why is there so much privacy snake oil?
|
||||
|
||||
Regrettably, it's quite common to see businesses using privacy promises only as a marketing strategy to reassure understandingly concerned users. But many aren't genuinely doing the work to make these promises come true.
|
||||
Regrettably, it's quite common to see businesses using privacy promises as a mere marketing strategy to reassure understandingly concerned users. But many aren't genuinely doing the work to make these promises come true.
|
||||
|
||||
Many businesses want to have their cake and eat it too, by attracting users with false promises of privacy all the while exploiting their data for profit. Other times, failure to meet privacy promises simply comes from incompetence or negligence.
|
||||
Many businesses want to have their cake and eat it too, by attracting users with false promises of privacy while exploiting their data for profit all the while. Other times, failure to meet privacy promises simply comes from incompetence or negligence.
|
||||
|
||||
Misleadingly, or fraudulently, presenting a product, service, or organization as being responsible and trustworthy with data privacy when it isn't is called [privacy washing](https://www.privacyguides.org/articles/2025/08/20/privacy-washing-is-a-dirty-business/).
|
||||
Misleadingly, or fraudulently, presenting a product, service, or organization as being responsible and trustworthy with data privacy when it isn't is called "[privacy washing](https://www.privacyguides.org/articles/2025/08/20/privacy-washing-is-a-dirty-business/)."
|
||||
|
||||
There are many things you can learn to become more resistant to privacy washing, and become better at using and recommending genuinely privacy-preserving technologies.
|
||||
|
||||
|
|
@ -46,7 +46,7 @@ Here are some red flags you should always keep in mind when evaluating a privacy
|
|||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- [**Conflict of interest**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#conflict-of-interest): Is the source telling you this product is trustworthy independent of the company or parent-company that owns this product?
|
||||
- [**Conflict of interest**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#conflict-of-interest): Is the source that is telling you this product is trustworthy independent of the company or parent-company that owns this product?
|
||||
|
||||
- [**Biased reviews**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#fake-reviews): Is the review recommending this product truly independent, or has it received sponsorship money? Was the review AI-generated?
|
||||
|
||||
|
|
@ -54,25 +54,25 @@ Here are some red flags you should always keep in mind when evaluating a privacy
|
|||
|
||||
- [**Buzzword language**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#buzzword-language): Is the advertising and description of the product using a lot of privacy buzzwords like "military-grade encryption" or "AI-powered"?
|
||||
|
||||
- [**Unsupported claims**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#checkbox-compliance-and-copy-paste-policies): Are the claims supported by documentation and detailed descriptions? It's not enough to write "end-to-end encrypted." This claim should be supported by a detailed account of *how* the data is end-to-end encrypted, and using which protocols and algorithms.
|
||||
- [**Unsupported claims**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#checkbox-compliance-and-copy-paste-policies): Are the product's claims supported by documentation and detailed descriptions? It's not enough to write "end-to-end encrypted." This claim should be supported by a detailed account of *how* the data is end-to-end encrypted, including which protocols and algorithms it is using.
|
||||
|
||||
- [**Unrealistic claims**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#unverifiable-and-unrealistic-promises): Are the privacy claims being made realistic? Nothing can be 100% private or 100% secure. A trustworthy product will give you reasonable warnings about its limitations.
|
||||
|
||||
- [**Lack of deletion process**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#flawed-or-absent-process-for-data-deletion): Is this product or service offering a clear process to delete user's data upon request? How much and how quickly could you delete your data if you wanted to stop using this service tomorrow?
|
||||
- [**Lack of deletion process**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#flawed-or-absent-process-for-data-deletion): Does this product or service offer a clear process to delete your data upon request? How much of your data can you delete, and how quickly can you delete it if you wanted to stop using this service tomorrow?
|
||||
|
||||
- [**Untested technologies**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#new-and-untested-technologies): Has this technology been tested by experts before? Are there any external actors who have verified its claims?
|
||||
- [**Untested technologies**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#new-and-untested-technologies): Has this technology been tested by experts before? Are there any *external* parties who have verified its claims?
|
||||
|
||||
- [**Bad reputation**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#critics-from-experts): What are privacy and security experts saying about this product or organization? Was the product or organization subjected to multiple critics from privacy experts? Was the organization impacted by important data breaches?
|
||||
- [**Bad reputation**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#critics-from-experts): What are privacy and security experts saying about this product or organization? Was the product or organization subjected to multiple critiques from privacy experts? Has the organization ever been impacted by major data breaches?
|
||||
|
||||
</div>
|
||||
|
||||
## How to trust privacy tools and services
|
||||
|
||||
You should never trust a product, service, or organization at 100%. Additionally, your trust should always be revocable, and you should revoke it as soon as new information warrants it. Even privacy professional sources that you trust might not always be up-to-date.
|
||||
You should never *completely* trust a product, service, or organization. Additionally, your trust should always be revocable, and you should revoke it when new information comes to light that warrants it. Even privacy professional sources that you trust might not always be up-to-date.
|
||||
|
||||
Things can change quickly in the tech world, and we must all be prepared to revoke our trust and adapt quickly when required.
|
||||
|
||||
That being said, here are some green flags you can keep in mind when evaluating a privacy tool, service, or organization:
|
||||
With that in mind, here are some green flags you can keep in mind when evaluating a privacy tool, service, or organization:
|
||||
|
||||
<style>
|
||||
.emoji-list-b ul {
|
||||
|
|
@ -108,16 +108,16 @@ That being said, here are some green flags you can keep in mind when evaluating
|
|||
|
||||
- [**Availability**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#availability): Could you easily contact this organization if you needed to? Can you find an email address dedicated to privacy requests and questions? Can you find where the organization is located? Would you have access to at least two different ways to contact it?
|
||||
|
||||
- [**Expert recommendation**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#expert-advice): Is this product recommended by independent privacy experts and digital rights nonprofit organizations?
|
||||
- [**Expert recommendation**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#expert-advice): Is this product recommended by independent privacy experts and nonprofit digital rights organizations?
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Tool recommendations vetted by our community (Privacy Guides)](../../tools.md)
|
||||
- [Tool recommendations vetted by our community (*Privacy Guides*)](../../tools.md)
|
||||
|
||||
- [Extensive guide on how to evaluate better privacy tools and organizations (Privacy Guides)](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/)
|
||||
- [Extensive guide on how to evaluate better privacy tools and organizations (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/)
|
||||
|
||||
- [Privacy washing is a dirty business (Privacy Guides)](https://www.privacyguides.org/articles/2025/08/20/privacy-washing-is-a-dirty-business/)
|
||||
- [Privacy washing is a dirty business (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/08/20/privacy-washing-is-a-dirty-business/)
|
||||
|
||||
- [Understanding encryption and end-to-end encryption (Privacy Guides video)](https://www.privacyguides.org/videos/2025/04/03/is-your-data-really-safe-understanding-encryption/)
|
||||
- [Understanding encryption and end-to-end encryption (*Privacy Guides* video)](https://www.privacyguides.org/videos/2025/04/03/is-your-data-really-safe-understanding-encryption/)
|
||||
|
|
|
|||
|
|
@ -4,13 +4,15 @@ description: To give actionable privacy advices, it's essential to consider ever
|
|||
icon: fontawesome/solid/users-between-lines
|
||||
cover: activism/banner-toolbox-tip-everyone.webp
|
||||
---
|
||||
Everyone has different needs, and everyone faces different dangers when their personal data gets exposed. To give actionable privacy advices and recommendations, it's essential to **keep in mind everyone's situation**. There isn't a one-size-fits-all approach when it comes to data privacy.
|
||||
Everyone has different needs, and everyone faces different dangers when their personal data gets exposed.
|
||||
|
||||
To give actionable privacy advices and recommendations, it's essential to **keep in mind everyone's situation**. There isn't a one-size-fits-all approach when it comes to data privacy.
|
||||
|
||||
Here's how you can get better at evaluating each person's unique [*threat model*](../../basics/threat-modeling.md):
|
||||
|
||||
## What is a threat model?
|
||||
|
||||
We regularly use the term "threat model" in cybersecurity and data privacy. This might sound obscure at first if you haven't seen it before, but it's quite simple. It simply means an evaluation of what is dangerous for a certain person (or entity) in a given situation, and what should be prioritized.
|
||||
We regularly use the term "threat model" in cybersecurity and data privacy. This might sound obscure at first if you haven't seen it before, but it's quite simple: A threat model is an evaluation of what is dangerous for a certain person (or entity) in a given situation, and what protective measures should be prioritized.
|
||||
|
||||
For example, if you leave near the equator, polar bears might not be an important threat to your safety. However, if you live in Nunavut, it may be important to get information on how to prevent a polar bear attack.
|
||||
|
||||
|
|
@ -58,16 +60,16 @@ Ask, rinse, and repeat for each type of information. The answers to these questi
|
|||
|
||||
## Respect people's choices when it comes to their own privacy, even if they are different from yours
|
||||
|
||||
When trying to advise others on data privacy, it's easy to get carried away and forget that other people might have different needs and threat models from ours.
|
||||
When advising others on data privacy, it's easy to get carried away and forget that other people might have different threat models from our own.
|
||||
|
||||
Once we have provided the information to somebody who might need it, it's important to take a step back and respect their choices. If someone understands well the risks, and decides that sharing this information *about themselves* is an acceptable level of risk to them, we cannot (and shouldn't try) to force them in using the same level of protection we have adopted ourselves, if they don't want to.
|
||||
Once we have provided the information to somebody who might need it, it's important to take a step back and respect their choices. If someone understands the risks, and decides that sharing this information *about themselves* is an acceptable level of risk to them, we cannot (and shouldn't try) to force them in using the same level of protection we have adopted ourselves, if they don't want to.
|
||||
|
||||
Of course, this might be a different story if their decision also affects the data of others. But if it only concerns their own data, the choice is theirs.
|
||||
|
||||
To be a good privacy advocate is to provide information and support when needed. But ultimately, privacy is to decide what one is comfortable sharing about themselves or not. We can only choose this for ourselves, not for others.
|
||||
To be a good privacy advocate is to provide information and support when needed. But ultimately, privacy is about deciding what one is comfortable sharing about themselves or not. We can only choose this for ourselves, not for others.
|
||||
|
||||
## More resources
|
||||
|
||||
- [More detailed information on threat modeling (Privacy Guides)](../../basics/threat-modeling.md)
|
||||
- [More detailed information on threat modeling (*Privacy Guides*)](../../basics/threat-modeling.md)
|
||||
|
||||
- [Examples of common threats (Privacy Guides)](../../basics/common-threats.md)
|
||||
- [Examples of common threats (*Privacy Guides*)](../../basics/common-threats.md)
|
||||
|
|
|
|||
|
|
@ -4,19 +4,19 @@ description: When we think about privacy, we often focus on technical individual
|
|||
icon: fontawesome/solid/users-rays
|
||||
cover: activism/banner-toolbox-tip-expand.webp
|
||||
---
|
||||
When we think about our privacy, we often focus on the technical tools we can use to protect it. While this is indeed an important part of it, it's crucial not to lose sight of how regulations and invasive practices can impact us collectively.
|
||||
When we think about our privacy, we often focus on the technical tools we can use to protect it. While this is an important *component*, it's crucial not to lose sight of how regulations and invasive practices impact us collectively.
|
||||
|
||||
Here's what to keep in mind to **expand your perspective on data privacy** beyond individual solutions:
|
||||
|
||||
## The danger of focusing only on individual solutions
|
||||
|
||||
While it might feel easier to focus on our own needs, nobody lives in a vacuum. Even if you were able to somehow protect all the data you have custody of, there is a lot of data about you that isn't under your control, and a lot of data about others that can impact you.
|
||||
While it might feel easier to focus on our own needs, nobody lives in a vacuum. Even if you were able to somehow protect all the data you have custody of, there is a lot of data about you that isn't under your control, and a lot of data about *others* that impact you.
|
||||
|
||||
Moreover, it's important to consider others in different situations. For example, even if everyone who has access to a Virtual Private Network (VPN) service can stay protected from an issue, what about all the others? It's neither practical nor realistic to expect that *everyone* would be able to circumvent a problem by using a VPN.
|
||||
Moreover, it's important to consider others in different situations. For example, even if everyone who has access to a [VPN](../../vpn.md) service can stay protected from a particular issue, what about all the others? It's neither practical nor realistic to expect that *everyone* would be able to circumvent a problem by using a VPN.
|
||||
|
||||
While in some cases we might want to discuss immediate individual solutions in order to mitigate some harm, we must also attack the root cause of the problem.
|
||||
|
||||
If we only think of individual solutions when a corporation exploits our data, or a government adopts a privacy-invasive regulation, we risk letting our guard down by giving up the fight early. This makes the problem harder to fight later on, and results in more harm to our communities, and eventually to ourselves as well.
|
||||
If we only think of *individual* solutions when a corporation exploits our data, or a government adopts a privacy-invasive regulation, we risk letting our guard down by giving up the fight early. This makes the problem harder to fight later on, and results in more harm to our communities, and eventually to ourselves as well.
|
||||
|
||||
## Things to keep in mind when a privacy issue arises
|
||||
|
||||
|
|
@ -38,11 +38,10 @@ Here are a few questions you can ask yourself whenever a new privacy issue arise
|
|||
|
||||
## More resources
|
||||
|
||||
- [Why you should also care about other people's privacy (Privacy Guides)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
|
||||
- [Why you should also care about other people's privacy (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
|
||||
|
||||
- [Why privacy might be a safety matter for many (Privacy Guides)](https://www.privacyguides.org/articles/2025/03/25/privacy-means-safety/)
|
||||
- [Why privacy might be a safety matter for many (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/25/privacy-means-safety/)
|
||||
|
||||
- [Encryption must not be outlawed for our privacy tools to work (Privacy Guides)](https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/)
|
||||
- [Encryption must not be outlawed for our privacy tools to work (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/)
|
||||
|
||||
- [Dangerous regulation proposals like Chat Control could impact everyone without many individual solutions (Privacy Guides
|
||||
article)](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/)
|
||||
- [Dangerous regulation proposals like Chat Control could impact everyone without many individual solutions (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/)
|
||||
|
|
|
|||
|
|
@ -10,15 +10,15 @@ Here's how you can **minimize your presence on commercial social media**, and sl
|
|||
|
||||
## Why it's important to move away
|
||||
|
||||
Moving away from large commercial platforms can be a complex process, but it's a very important one nevertheless.
|
||||
Moving away from large commercial platforms can be a complex process, but it's a very important one nonetheless.
|
||||
|
||||
[Reducing our dependence on Big Tech](tip-migrate-outside-the-surveillance-ecosystem.md), including for social media platforms, is essential in our fight for better privacy rights.
|
||||
|
||||
Not only this allows us to stop feeding a surveillance machine that grows increasingly hungrier for users' data every month, but it gives us an opportunity to build much more resilient communities, and support platforms that aren't devouring users' privacy.
|
||||
Not only this allows us to stop feeding a surveillance machine that grows ever hungry for data every month, but it gives us an opportunity to build much more resilient communities, and support platforms that aren't devouring peoples' privacy.
|
||||
|
||||
Many are reluctant to quit commercial social media, despite the many issues that have only become worse in the past few years. It's not always easy to leave a place that feels like home and rebuild elsewhere. However, ==when the house is on fire, it's time to leave.==
|
||||
|
||||
The more we produce content, and the more we engage with our community on these privacy-invasive platforms, the more we contribute to sustain these predatory corporations thriving on making money at the expense of our followers' data.
|
||||
The more we produce content, and the more we engage with our community on these privacy-invasive platforms, the more we contribute to sustain these predatory corporations making money and thriving at the expense of our followers' data.
|
||||
|
||||
It's a responsibility for any privacy advocates to stay true to their values, and minimize their presence on exploitive platforms as much as feasible.
|
||||
|
||||
|
|
@ -26,9 +26,9 @@ It's a responsibility for any privacy advocates to stay true to their values, an
|
|||
|
||||
Here are a few things you can start doing to reduce your contribution to Big Tech social media. This is presented on an escalating scale. Go as far as realistically possible for your situation:
|
||||
|
||||
1. Create an account that mirrors your regular posts on a [privacy-respectful platform](#embracing-privacy-respectful-alternatives), and announce it prominently on your commercial social media accounts.
|
||||
1. Create an account that mirrors your regular posts on a [privacy-respecting platform](#embracing-privacy-respectful-alternatives), and announce it prominently on your commercial social media accounts.
|
||||
|
||||
2. Regularly post on your commercial social media that you don't support this platform and encourage your followers to meet you on your new privacy-respectful social network instead.
|
||||
2. Regularly post on your commercial social media that you don't support this platform and encourage your followers to meet you on your new privacy-respecting social network instead.
|
||||
|
||||
3. Use your commercial social media profile pictures and banners to advertise your new social network account (this will help fight potential Big Tech [censorship](https://gizmodo.com/elon-musk-twitter-ban-mastodon-1849903839) of text posts promoting competitors).
|
||||
|
||||
|
|
@ -36,7 +36,7 @@ Here are a few things you can start doing to reduce your contribution to Big Tec
|
|||
|
||||
5. If this makes sense for your situation, after backing up your data, start deleting older content from your commercial social media profiles (you can use a tool like [Cyd](https://docs.cyd.social/docs/intro/) to help you with deletion).
|
||||
|
||||
6. Gradually decrease your posting activity on commercial social media, and increase your presence and engagement with your new social network account on a privacy-respectful platform.
|
||||
6. Gradually decrease your posting activity on commercial social media, and increase your presence and engagement with your new social network account on a privacy-respecting platform.
|
||||
|
||||
7. Stop posting on your commercial social media account entirely. Only keep a pinned post and profile description with your new social network account information, and encourage your followers to meet you there.
|
||||
|
||||
|
|
@ -48,7 +48,7 @@ Perhaps you are already convinced to leave exploitive social media platforms for
|
|||
|
||||
One such network is the [**Fediverse**](https://en.wikipedia.org/wiki/Fediverse), a decentralized collection of interconnected applications and servers that can communicate with each other.
|
||||
|
||||
The Fediverse was built from a desire for social connection, and not from a greed to make profits. ==This is a fundamental difference that leads to substantial benefits.== Most servers that are part of the Fediverse network are hosted by volunteers who simply want to support their communities.
|
||||
The Fediverse was built from a desire for social connection, not from greed for profits. ==This is a fundamental difference that leads to substantial benefits.== Most servers that are part of the Fediverse network are hosted by volunteers who simply want to support their communities.
|
||||
|
||||
There are many applications that can connect to the Fediverse, the most famous probably being the microblogging platform [Mastodon](https://joinmastodon.org/). But you could also choose to join an app more similar to Instagram with [Pixelfed](https://pixelfed.org/), or more similar to YouTube with [PeerTube](https://joinpeertube.org/). They all connect together!
|
||||
|
||||
|
|
@ -66,15 +66,15 @@ Here are some resources to help you learn more about this social network, and it
|
|||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- [Learn why the Fediverse is a better alternative (Elena Rossini video)](https://blog.elenarossini.com/fediverse-video/)
|
||||
- [Learn why the Fediverse is a better alternative (*Elena Rossini* video)](https://blog.elenarossini.com/fediverse-video/)
|
||||
|
||||
- [What is the Fediverse and how it's interconnected (Stefan Bohacek project)](https://jointhefediverse.net)
|
||||
- [What is the Fediverse and how it's interconnected (*Stefan Bohacek* project)](https://jointhefediverse.net)
|
||||
|
||||
- [Social network recommendations (Privacy Guides)](../../social-networks.md)
|
||||
- [Social network recommendations (*Privacy Guides*)](../../social-networks.md)
|
||||
|
||||
- [Privacy and security on Mastodon (Privacy Guides)](https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/)
|
||||
- [Privacy and security on Mastodon (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/)
|
||||
|
||||
- [How to create a Mastodon account (Doc Pop guide)](https://docpop.org/2025/02/how-to-get-started-with-mastodon/)
|
||||
- [How to create a Mastodon account (*Doc Pop*)](https://docpop.org/2025/02/how-to-get-started-with-mastodon/)
|
||||
|
||||
</div>
|
||||
|
||||
|
|
@ -92,7 +92,7 @@ This is the best way to build a community that is truly resilient, and billionai
|
|||
|
||||
### Wikimedia has its own Mastodon instance!
|
||||
|
||||
As an example of an organization self-hosting its Mastodon account, the [Wikimedia Foundation](https://wikimediafoundation.org/) (the nonprofit organization hosting Wikipedia) has its [own](https://meta.wikimedia.org/wiki/Wikimedia.Social) Mastodon server at [wikimedia.social](https://wikimedia.social/about).
|
||||
As an example of an organization self-hosting its Mastodon account, the [Wikimedia Foundation](https://wikimediafoundation.org/) (the nonprofit organization hosting *Wikipedia*) has its [own](https://meta.wikimedia.org/wiki/Wikimedia.Social) Mastodon server at [wikimedia.social](https://wikimedia.social/about).
|
||||
|
||||
From their [Wikimedia's Mastodon account](https://wikimedia.social/@wikimediafoundation) on this server, you can see that the organization's official website is listed in green. This verifies the account's authenticity by linking together the website address with the Mastodon account. It's easy to do, and entirely free.
|
||||
|
||||
|
|
@ -100,18 +100,18 @@ You can also see this page is visible to anyone, regardless of if they have a Ma
|
|||
|
||||
Additionally, this allows you to keep full control over your profile page, regardless of social media ownership, or censorship. This is how you can build a truly resilient community for your privacy advocacy work.
|
||||
|
||||
Privacy Guides does this too, of course! You can [follow Privacy Guides](https://mastodon.neat.computer/@privacyguides) from our own self-hosted Mastodon server 💛
|
||||
Privacy Guides does this too, of course! You can [follow *Privacy Guides*](https://mastodon.neat.computer/@privacyguides) from our own self-hosted Mastodon server 💛
|
||||
|
||||
## More resources
|
||||
|
||||
- [Official Mastodon website](https://joinmastodon.org/)
|
||||
|
||||
- [List of curated smaller Fediverse servers (Fedi Garden)](https://fedi.garden/)
|
||||
- [List of curated smaller Fediverse servers (*Fedi Garden*)](https://fedi.garden/)
|
||||
|
||||
- [Find answers to all your questions about Mastodon and the Fediverse (Fedi Tips)](https://fedi.tips/)
|
||||
- [Find answers to all your questions about Mastodon and the Fediverse (*Fedi Tips*)](https://fedi.tips/)
|
||||
|
||||
- [Tutorial to optimize privacy and security on a Mastodon account (Privacy Guides)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/)
|
||||
- [Tutorial to optimize privacy and security on a Mastodon account (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/)
|
||||
|
||||
- [Organizations: Tutorial to verify your Mastodon account (Privacy Guides)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/#verifying-yourself-and-others)
|
||||
- [Organizations: Tutorial to verify your Mastodon account (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/#verifying-yourself-and-others)
|
||||
|
||||
- [Organizations and Writers: Tutorial to attribute your articles to your Mastodon account, including when others share links on the network (Privacy Guides)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/#author-attribution-for-journalists-and-writers)
|
||||
- [Organizations and Writers: Tutorial to attribute your articles to your Mastodon account, including when others share links on the network (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/#author-attribution-for-journalists-and-writers)
|
||||
|
|
|
|||
|
|
@ -10,15 +10,17 @@ Here's how to get better at **considering the whole landscape**:
|
|||
|
||||
## The technology
|
||||
|
||||
Evidently, technology plays a crucial role in how we protect our digital information. Most people are already familiar with the tools and services we can use to better protect our privacy, and ways technology can endanger our privacy rights. Technologies like encryption, for example, are essential in our connected world.
|
||||
Technology plays a crucial role in how we protect our digital information. Most people are already familiar with the [tools and services](../../tools.md) we can use to better protect our privacy, and the ways technology can endanger our privacy rights. Technologies like encryption, for example, are essential in our connected world.
|
||||
|
||||
But if we only consider the technological aspect, it will not be enough to defend our privacy rights. When we only think and talk about technical solutions, we are missing the bigger picture, and with it, the bigger solutions as well.
|
||||
|
||||
## The legislative
|
||||
|
||||
While technologies can protect our data in several ways, it becomes almost irrelevant when regulations make these technologies illegal. Of course, some people will always be willing to use protective technologies even once they're deemed illegal by their governments, but most will not. When our protections are getting outlawed, we all lose.
|
||||
While technologies can protect our data in several ways, it becomes almost irrelevant when regulations make these technologies illegal.
|
||||
|
||||
Sadly, this is an overlooked area for many privacy activists. This often contributes in making our community reacts too little and too late when privacy-invasive laws are proposed.
|
||||
Of course, some people will always be willing to use protective technologies even once they're deemed illegal by their governments, but most will not. When our protections are outlawed, we all lose.
|
||||
|
||||
Sadly, this is an overlooked area for many privacy activists. This often contributes to making our community react too little and too late when privacy-invasive laws are proposed.
|
||||
|
||||
If we want to fight for privacy rights, we must take a much stronger and louder approach against intrusive regulation proposals, as soon as we are made aware of them. Because unfortunately, bad legislations *do* have the power to limit access to the technologies and methodologies we need to stay safe.
|
||||
|
||||
|
|
@ -36,23 +38,23 @@ Here are a few examples:
|
|||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- [**Bad Internet Bills**](https://www.privacyguides.org/videos/2025/12/16/taylor-lorenz-on-kosa-the-screen-act-and-repealing-section-230/) have been proposed in 2025 to undermine the privacy of all Americans, and everyone around the world using American technologies.
|
||||
- [**Bad Internet Bills**](https://www.privacyguides.org/videos/2025/12/16/taylor-lorenz-on-kosa-the-screen-act-and-repealing-section-230/) have been proposed in 2025 to undermine the privacy of all Americans, and everyone around the world using American technology.
|
||||
|
||||
- [**Chat Control**](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/) proposals have been an ongoing issue since 2021.
|
||||
|
||||
- [**Age Verification**](https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/) regulations and proposals are growing around the world at an exponential rate.
|
||||
|
||||
- [**Data Brokers**](https://www.privacyguides.org/videos/2025/10/28/data-brokers-know-everything-about-you/) are incessantly exploiting our data due to weak regulations.
|
||||
- [**Data Brokers**](../../data-broker-removals.md) are incessantly exploiting our data due to weak regulations.
|
||||
|
||||
- [**Funding cuts**](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/) from new regulations have frequently impacted negatively the organizations and privacy tools we rely on.
|
||||
|
||||
- [**Attacks on encryption**](https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/) have been carried on by [multiple](https://www.privacyguides.org/articles/2025/02/28/uk-forced-apple-to-remove-adp/) governments around the world, [*for decades*](https://www.privacyguides.org/videos/2025/05/08/when-code-became-a-weapon/).
|
||||
- [**Attacks on encryption**](https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/) have been carried out by [multiple](https://www.privacyguides.org/articles/2025/02/28/uk-forced-apple-to-remove-adp/) governments around the world, [for *decades*](https://www.privacyguides.org/videos/2025/05/08/when-code-became-a-weapon/).
|
||||
|
||||
</div>
|
||||
|
||||
## The culture
|
||||
|
||||
While considering the tools we use and the laws that should protect us, we shouldn't neglect the impact that our *culture* has over privacy rights.
|
||||
While considering the tools we use and the laws that should protect us, we shouldn't neglect the impact that our *culture* has on privacy rights.
|
||||
|
||||
Unfortunately, society seems to be going in the wrong direction about this lately. As privacy activists, we have a lot of work to do to improve our culture surrounding data privacy.
|
||||
|
||||
|
|
@ -60,38 +62,38 @@ In the past few decades, technology has changed the way we interact with each ot
|
|||
|
||||
Only a couple of decades ago, it was incredibly rare to be unknowingly filmed by a stranger while wandering in public spaces. If that happened, it was likely a television channel covering some event, a closed-circuit security camera, or a criminal offense. Unless the recording was broadcasted by national television, it was unlikely this footage of ourselves would become available for the whole world to see.
|
||||
|
||||
Today, pretty much everyone on the planet has the power to film strangers and share the footage with the whole world in an instant. But sadly, very few people on the planet take the responsibility that comes with this power seriously enough. We must change that.
|
||||
Today, pretty much everyone on the planet has the power to film strangers and share the footage with the whole world in an instant. But sadly, very few people take the responsibility that comes with this power seriously enough. We must change that.
|
||||
|
||||
We must work together to develop and promote a culture of consent around data collection, both for organizations and individuals.
|
||||
|
||||
Here are a few practices to improve our culture surrounding data privacy that you can adopt yourself, and help promote in your advocacy work:
|
||||
|
||||
- [x] Never publishing photos or information about children online.
|
||||
- [x] Never publish photos or information about children online.
|
||||
|
||||
- [x] Not posting picture of others online without their prior explicit consent.
|
||||
- [x] Don't post pictures of others online without their explicit consent.
|
||||
|
||||
- [x] If posting photos that include others cannot be avoided, then blurring the faces of identifiable nonconsensual people before publication.
|
||||
- [x] If posting photos that include others cannot be avoided, blur the faces of non-consenting people before publication.
|
||||
|
||||
- [x] Blurring any visible vehicles license plates before publishing photos.
|
||||
- [x] Blur any visible vehicle license plates before publishing photos.
|
||||
|
||||
- [x] Avoiding taking screenshots of other people's posts without their consent (as this prevent them from exercising their right to delete).
|
||||
- [x] Avoid taking screenshots of other people's posts without their consent (as this prevents them from exercising their right to delete).
|
||||
|
||||
- [x] Never sharing the location or contact information of someone without their prior explicit consent.
|
||||
- [x] Never share the location or contact information of someone without their explicit consent.
|
||||
|
||||
- [x] Blocking access to external applications from accessing the contact information of others (e.g. Not allowing the Facebook app to access your contacts).
|
||||
- [x] Block external applications from accessing the contact information of others (e.g. don't allow the Facebook app to access your contacts).
|
||||
|
||||
- [x] Being mindful of how one's computer or phone stores and records other people's information. Never allowing applications that scan content with potential information about others, such as AI note-takers, AI assistants, or applications like Microsoft's Recall.
|
||||
- [x] Be mindful of how one's computer or phone stores and records other people's information. Never use an application that scans content with potential information about others, such as AI note-takers, AI assistants, or applications like Microsoft's Recall.
|
||||
|
||||
- [x] Never sharing the files of others with a third-party person or application without their prior permission.
|
||||
- [x] Never share the files of others with a third-party person or application without their prior permission.
|
||||
|
||||
- [x] Physically and visibly unplugging any smart devices equipped with a microphone or camera at home before any guesses enter. If this isn't possible for some reason, then informing the guesses about these devices *before* they enter the home, and *before* the device collects any information about them.
|
||||
- [x] Unplug smart devices equipped with a microphone or camera at home before any guests enter. If this isn't possible for some reason, then informing your guests about these devices *before* they enter your home, and *before* the device collects any information about them.
|
||||
|
||||
- [x] Never using devices such as Meta's Ray-Ban glasses, or other devices equipped with a microphone and/or camera that might record others without their consent.
|
||||
- [x] Never use devices like Meta's Ray-Ban glasses, i.e. devices equipped with a microphone and/or camera that might record others without their consent.
|
||||
|
||||
## More resources
|
||||
|
||||
- **Technology:** [Privacy tools and technology recommendations (Privacy Guides)](https://www.privacyguides.org/en/tools/)
|
||||
- **Technology:** [Privacy tools and technology recommendations (*Privacy Guides*)](https://www.privacyguides.org/en/tools/)
|
||||
|
||||
- **Legislative:** [How governments and laws shape our digital lives (Privacy Guides)](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/)
|
||||
- **Legislative:** [How governments and laws shape our digital lives (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/)
|
||||
|
||||
- **Culture:** [Why protecting the data of other is our responsibility (Privacy Guides)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
|
||||
- **Culture:** [Why protecting the data of other is our responsibility (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
|
||||
|
|
|
|||
|
|
@ -17,17 +17,25 @@ For most privacy regulations, legal protections will be applicable to **data sub
|
|||
<div class="admonition info inline end" markdown>
|
||||
<p class="admonition-title">What is a data subject?</p>
|
||||
|
||||
Different laws might use different terms for this. Sometimes, a regulation might simply refer to a *person*, an *individual*, a *consumer*, a *patient*, or a *customer*. Other times, the equivalent expression used will be a *data subject*. A data subject is simply anyone from whom personal information is collected by an organization. Data subject will be used as an umbrella term on this page.
|
||||
Different laws might use different terms for this. Sometimes, a regulation might simply refer to a *person*, an *individual*, a *consumer*, a *patient*, or a *customer*.
|
||||
|
||||
Other times, the equivalent expression used will be a *data subject*.
|
||||
|
||||
A data subject is simply anyone from whom personal information is collected by an organization. **Data subject** will be used as an umbrella term on this page.
|
||||
|
||||
</div>
|
||||
|
||||
Contrary to what many believe, it's generally *your* local regulations that protect you, regardless of where the organization collecting your personal data is located (in addition, organizations are also subjected to their own local regulations).
|
||||
|
||||
Organizations that meet the data subject's local privacy law criteria are legally bound to comply with the laws of each region or country where their data subjects are residing (i.e. where they are conducting business). There are a lot of nuances and regional variations to this, but in general you should focus on *where* the data subject is residing.
|
||||
Organizations that meet the data subject's local privacy law criteria are legally bound to comply with the laws of each region or country where their data subjects are residing (i.e. where they are conducting business).
|
||||
|
||||
There are a lot of nuances and regional variations to this, but in general you should focus on *where* the data subject is residing.
|
||||
|
||||
## Finding your local regulations
|
||||
|
||||
If your jurisdiction is protected by one or more privacy laws, it should be relatively easy to find this information online. Privacy Guides will soon publish a tool facilitating this task. In the meantime, you can simply use a [trustworthy search engine](../../search-engines.md) and look for keywords with your location (be specific about country + states/provinces/region) and "privacy laws" or "data protection regulations."
|
||||
If your jurisdiction is protected by one or more privacy laws, it should be relatively easy to find this information online. *Privacy Guides* will soon publish a tool facilitating this task.
|
||||
|
||||
In the meantime, you can simply use a [trustworthy search engine](../../search-engines.md) and look for keywords with your location (be specific about country + states/provinces/region) and "privacy laws" or "data protection regulations."
|
||||
|
||||
Always make sure to find a result that is from an official government source.
|
||||
|
||||
|
|
@ -80,6 +88,6 @@ Once you've found the official governmental documentation describing the data pr
|
|||
|
||||
## More resources
|
||||
|
||||
- [Map of data protection and privacy legislation worldwide (UN Trade and Development)](https://unctad.org/page/data-protection-and-privacy-legislation-worldwide)
|
||||
- [Map of data protection and privacy legislation worldwide (*UN Trade and Development*)](https://unctad.org/page/data-protection-and-privacy-legislation-worldwide)
|
||||
|
||||
- [The future of privacy: How governments shape your digital life (Privacy Guides)](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/)
|
||||
- [The future of privacy: How governments shape your digital life (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/)
|
||||
|
|
|
|||
|
|
@ -4,17 +4,21 @@ description: The battle for privacy rights is difficult, and its defenders are s
|
|||
icon: fontawesome/solid/hand-holding-hand
|
||||
cover: activism/banner-toolbox-tip-lift.webp
|
||||
---
|
||||
At times, it might feel like the privacy community is niche and isolated. The battle for privacy rights is difficult, and its defenders are scattered and spread out all around the world. This is why it's essential that we **support and uplift each other**, every time we can.
|
||||
At times, it might feel like the privacy community is niche and isolated.
|
||||
|
||||
The battle for privacy rights is difficult, and its defenders are scattered and spread out all around the world. This is why it's essential that we **support and uplift each other**, every time we can.
|
||||
|
||||
Here's how you can lift your allies up, and help to grow the movement:
|
||||
|
||||
## Your allies share your goals
|
||||
|
||||
It's easy to get lost in our own niche advocacy, and lose track of what others in our community are working on. Nevertheless, if we want to [**build a movement**](tip-start-alliances-not-wars.md) (and to succeed, we must), we need all the help we can get, from every person and organization sharing our values.
|
||||
It's easy to get lost in our own niche advocacy, and lose track of what others in our community are working on.
|
||||
|
||||
Nevertheless, if we want to [**build a movement**](tip-start-alliances-not-wars.md) (and to succeed, we must) we need all the help we can get, from every person and organization sharing our values.
|
||||
|
||||
- [x] Whenever you see an organization with a campaign compatible with your mission, lift them up!
|
||||
|
||||
- [x] Even if you are an organization yourself, lift them up too!
|
||||
- [x] Even if you are an organization yourself, lift others up too!
|
||||
|
||||
- [x] Even if you are also working on a similar project, lift them up with you!
|
||||
|
||||
|
|
@ -56,6 +60,6 @@ There are infinite ways to lift your allies up. Here are some ideas to get you s
|
|||
|
||||
## More resources
|
||||
|
||||
- [Bits of Freedom & Privacy Guides partnering announcement (Privacy Guides)](https://www.privacyguides.org/posts/2025/10/08/privacy-guides-bits-of-freedom-partnering-to-enhance-fixjeprivacy-nl/)
|
||||
- [Bits of Freedom & Privacy Guides partnership announcement (*Privacy Guides*)](https://www.privacyguides.org/posts/2025/10/08/privacy-guides-bits-of-freedom-partnering-to-enhance-fixjeprivacy-nl/)
|
||||
|
||||
- [Tor Project's allies lifting up Tor together (YouTube short video)](https://www.youtube.com/shorts/-hFNMlsePsc)
|
||||
- [The Tor Project's allies uplifting Tor together (*Tor Project* short video)](https://www.youtube.com/shorts/-hFNMlsePsc)
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ Here's a list of alternative solutions you can start adopting to improve data pr
|
|||
|
||||
<div class="emoji-list-b" markdown>
|
||||
|
||||
- **[Messaging communication](../../real-time-communication.md):** Move your text message communication, audio calls, and video calls to a secure messenger like Signal. Enable features like Signal's username option and disappearing messages.
|
||||
- **[Messaging communication](../../real-time-communication.md):** Move your text message communication, audio calls, and video calls to a secure messenger like Signal. Enable features like Signal's username option, and disappearing messages.
|
||||
|
||||
- **Sensitive messaging communication:** If your threat model requires a peer-to-peer solution that doesn't need a phone number and transits over the [Tor network](https://www.privacyguides.org/articles/2025/04/30/in-praise-of-tor/), you might want to use an application such as [Cwtch](https://docs.cwtch.im/) or [Briar](../../real-time-communication.md/#briar).
|
||||
|
||||
|
|
@ -84,7 +84,9 @@ Here's a list of alternative solutions you can start adopting to improve data pr
|
|||
|
||||
If you use your own custom domain name for email addresses, let the people you communicate with know what your service provider is.
|
||||
|
||||
That way, they will know that if they use a compatible service provider, they might benefit from end-to-end encryption protections for the content of their communications with you without requiring any additional steps. For example, this is the case when emailing from a Proton Mail account to another Proton Mail account, or from a Tuta Mail account to another Tuta Mail account.
|
||||
That way, they will know that if they use a compatible service provider, they might benefit from end-to-end encryption protections for the content of their communications with you without requiring any additional steps.
|
||||
|
||||
For example, this is the case when emailing from a Proton Mail account to another Proton Mail account, or from a Tuta Mail account to another Tuta Mail account.
|
||||
|
||||
</section>
|
||||
|
||||
|
|
@ -94,7 +96,7 @@ Here's a list of alternative solutions you can start adopting to improve data pr
|
|||
|
||||
- **Surveys:** Stop using products such as Google Forms to poll your community. Instead, choose a privacy-focused alternative such as [CryptPad Form](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/#form) or [Framaforms](https://framaforms.org/abc/en/).
|
||||
|
||||
- **[Online calendar](../../calendar.md):** Your online calendar can be an important source of sensitive data. Moreover, you might store other's people data in it, or use it to share event links with collaborators. It's essential to make sure to use a privacy-protective solution for online and collaborative calendars.
|
||||
- **[Online calendar](../../calendar.md):** Your online calendar can be an important source of sensitive data. Moreover, you might store other's people data in it, or use it to share event links with collaborators. It's essential to make sure to use a privacy-protecting solution for online and collaborative calendars.
|
||||
|
||||
- **Groups and events:** When organizing groups or events, be careful to choose platforms that are privacy-respectful and don't require participants to register personal information. Keep in mind that if you only use Facebook groups, you are contributing to people staying on a privacy-invasive platform. If you only use a closed Meetup group, you are demanding people create an account and share their sensitive data in order to join. Instead, use privacy-respectful platforms such as [Mobilizon](https://mobilizon.org/) or [LAUTI](https://lauti.org/) for groups and events, [Discourse](https://www.discourse.org/) for forums, or simply use your own website to advertise in-person events.
|
||||
|
||||
|
|
@ -104,7 +106,7 @@ Here's a list of alternative solutions you can start adopting to improve data pr
|
|||
|
||||
- **Usage of AI:** Be extremely careful if you are using AI platforms. Most current mainstream AI products will send at least some data or metadata to the company's remote server. This can create many privacy issues, ranging from mild to severe. Never use these products to upload data about another person without their *prior explicit consent*. Ideally, refrain from using any AI tools in your advocacy work entirely.
|
||||
|
||||
- **Candidates data:** If your organization hires people, be mindful of how you handle candidates' data. Try to select privacy-respectful solutions such as email communication instead of using commercial platforms that might share candidates' data with third-parties. Only request the minimum information required from applicants, and always delete all data you are no longer required to keep, as soon as you don't need it anymore.
|
||||
- **Candidates data:** If your organization hires people, be mindful of how you handle candidates' data. Try to select privacy-respecting solutions such as email communication instead of using commercial platforms that might share candidates' data with third-parties. Only request the minimum information required from applicants, and always delete all data you are no longer required to keep as soon as you don't need it anymore.
|
||||
|
||||
- **Availability:** Make sure you or your organization is reachable outside the Big Tech ecosystem. If your organization only has a Facebook page, then people without a Facebook account cannot reach out to you. The same is true for other commercial social media. Instead, try to rely on a website you control yourself, or a social network page you can host yourself.
|
||||
|
||||
|
|
@ -118,10 +120,10 @@ Here's a list of alternative solutions you can start adopting to improve data pr
|
|||
|
||||
## More resources
|
||||
|
||||
- [Alternatives to Big Tech that have been vetted by our community (Privacy Guides)](../../tools.md)
|
||||
- [Alternatives to Big Tech that have been vetted by our community (*Privacy Guides*)](../../tools.md)
|
||||
|
||||
- [Privacy-respecting European tech alternatives (Privacy Guides)](https://www.privacyguides.org/articles/2025/03/19/private-european-alternatives/)
|
||||
- [Privacy-respecting European tech alternatives (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/19/private-european-alternatives/)
|
||||
|
||||
- [Helpful articles and tips to migrate out of Big Tech (The Opt Out Project)](https://www.optoutproject.net/)
|
||||
- [Helpful articles and tips to migrate out of Big Tech (*The Opt Out Project*)](https://www.optoutproject.net/)
|
||||
|
||||
- [More advices on how to improve your privacy if you are just getting started (Privacy Guides)](https://www.privacyguides.org/articles/2025/07/24/privacy-is-like-broccoli/#tools-and-services-you-can-start-using)
|
||||
- [More advices on how to improve your privacy if you are just getting started (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/24/privacy-is-like-broccoli/#tools-and-services-you-can-start-using)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ This tip cannot cover each regulation individually. There will be variations for
|
|||
|
||||
## Why reporting violations matters
|
||||
|
||||
For many if not most privacy regulations, there isn't a mechanism to systematically audit every single organization collecting data from people located in its jurisdiction.
|
||||
For many (if not most) privacy regulations, there isn't a mechanism to systematically audit every single organization collecting data from people located in its jurisdiction.
|
||||
|
||||
Unless the enforcing authority decides to investigate an especially important abuse, the process often relies on individual complaints reporting violations of [**data subject**](tip-know-your-privacy-laws.md#where-is-the-data-subject) rights in order to trigger an investigation.
|
||||
|
||||
|
|
@ -30,11 +30,13 @@ If you believe that your privacy rights have been violated by an organization, i
|
|||
|
||||
Again, different laws might use different terms for this, depending on the region. For example, in Canada the enforcing authority for a privacy law is often called a *Privacy Commissioner*. In Europe, the term used is a *Data Protection Authority*. In the state of California in the United States, the entity responsible for enforcing the California Consumer Privacy Act (CCPA) is the *California Privacy Protection Agency*.
|
||||
|
||||
This text will use *Data Protection Authority* or *DPA* as an umbrella term to refer to any authorities mandated to enforce a privacy regulation.
|
||||
This text will use **Data Protection Authority** or **DPA** as an umbrella term to refer to any authorities mandated to enforce a privacy regulation.
|
||||
|
||||
</div>
|
||||
|
||||
Reporting even small violations can help improve privacy rights not only for yourself but for everyone else as well. Often, reporting is simple and can make a big difference down the line, especially in number.
|
||||
Reporting even small violations can help improve privacy rights not only for yourself but for everyone else as well.
|
||||
|
||||
Often, reporting is simple and can make a big difference down the line, especially in number.
|
||||
|
||||
Once an organization is ordered to bring corrective changes or is sanctioned for malpractice by a DPA, this can have many beneficial effects at the individual and collective level:
|
||||
|
||||
|
|
@ -50,17 +52,17 @@ Once an organization is ordered to bring corrective changes or is sanctioned for
|
|||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- A delinquent organization might be mandated by law to correct the problem. For example, a company without a clear privacy policy might get ordered to publish one.
|
||||
- A delinquent organization might be mandated by law to correct the problem. For example, a company without a clear privacy policy might be ordered to publish one.
|
||||
|
||||
- You might be able to get personal data that you were unable to delete before finally deleted with the help of your DPA (and similarly for access requests).
|
||||
|
||||
- An abusive organization might get banned from operating in your country entirely.
|
||||
- An abusive organization might be banned from operating in your country entirely.
|
||||
|
||||
- Individual complaints can create a legal precedent that could speed up enforcement for similar violations in the future.
|
||||
|
||||
- Strong sanctions that are made public can send a powerful warning to other organizations to avoid making the same mistakes, and adopt corrective measures preventively.
|
||||
- Strong sanctions that are made public can send a powerful warning to other organizations to avoid making the same mistakes, and adopt corrective privacy-protective measures preventively.
|
||||
|
||||
- Cases and sanctions that are publicized can inform the public about potential problems, and potential solutions.
|
||||
- Cases and sanctions that are publicized can notify the public about potential problems, and potential solutions.
|
||||
|
||||
- If a DPA receives multiple complaints targeting a single organization, they might decide to launch a larger investigation and order the organization to improve its privacy practices more broadly.
|
||||
|
||||
|
|
@ -68,29 +70,33 @@ Once an organization is ordered to bring corrective changes or is sanctioned for
|
|||
|
||||
## When you can report a violation
|
||||
|
||||
You can **submit a complaint** anytime your local privacy rights have been violated by an organization required to comply with the law, and that you weren't able to resolve the issue on your own.
|
||||
You can **submit a complaint** any time your local privacy rights have been violated by an organization required to comply with the law, and you weren't able to resolve the issue on your own.
|
||||
|
||||
To report a privacy law violation, first ask yourself these questions:
|
||||
|
||||
- [x] Following the criteria described in your local privacy regulation, is this organization obligated to comply with this law?
|
||||
- [x] Following the criteria described in your local privacy regulation, is the organization obligated to comply with this law?
|
||||
|
||||
- [x] Is the information affected considered *personal information* under the law?
|
||||
- [x] Is your affected information considered *personal information* under the law?
|
||||
|
||||
- [x] Which article(s) of the law has been breached by the organization?
|
||||
- [x] Which article(s) of the law has the organization breached?
|
||||
|
||||
In case of doubt, never hesitate to send any questions you have to your local DPA.
|
||||
When in doubt, never hesitate to send any questions you have to your local DPA.
|
||||
|
||||
People working at your local DPA are the best specialists to contact to get the correct information specific to your local privacy protections.
|
||||
The people working at your local DPA are the best specialists to contact to get the most accurate information specific to your local privacy protections.
|
||||
|
||||
## How to report a violation
|
||||
|
||||
Most regulations will have a clear process to submit an official complaint. Once you've found the official documentation for your local privacy law(s), read through it to find who is responsible for enforcing the law (who is your DPA), and what the complaint process is.
|
||||
Most regulations will have a clear process to submit an official complaint.
|
||||
|
||||
Once you've found the official documentation for your local privacy law(s), read through it to find who is responsible for enforcing the law (who is your DPA), and what the complaint process is.
|
||||
|
||||
Before submitting a complaint, you may want to:
|
||||
|
||||
### 1. Document everything you can
|
||||
|
||||
Try to collect as much information as possible to support your case. Save copies of your email communication with the organization, take screenshots of the organization's chatbot replies to you, print to PDF the organization's privacy policy, etc.
|
||||
Try to collect as much information as possible to support your case.
|
||||
|
||||
Save copies of your email communication with the organization, take screenshots of the organization's chatbot replies to you, print to PDF the organization's privacy policy, etc.
|
||||
|
||||
### 2. Try contacting the organization directly
|
||||
|
||||
|
|
@ -102,7 +108,7 @@ This is applicable for any other data subject rights.
|
|||
|
||||
### 3. File an official complaint with your Data Protection Authority
|
||||
|
||||
On the website of your local privacy law's DPA, you should be able to find either a form to submit a complaint or an email address you can contact with the details.
|
||||
On the website of your local DPA, you should be able to find either a form to submit a complaint or an email address you can contact with the details.
|
||||
|
||||
When sending an official complaint, make sure to:
|
||||
|
||||
|
|
@ -124,9 +130,13 @@ When sending an official complaint, make sure to:
|
|||
|
||||
- Have a precise summary of the privacy violation and the steps you have taken so far to try resolving the issue.
|
||||
|
||||
- Be mindful of the information you share in your complaint. This information could get shared with the organization you are complaining against, or even partially published later on. Read the DPA's privacy policy about complaint information, and do not hesitate to ask your DPA questions from an anonymous email address beforehand if needed.
|
||||
- Be mindful of the information you share in your complaint.
|
||||
|
||||
- Be ready to share additional evidences if your DPA requests it. This might include screenshots of the infraction, email communication with the delinquent organization, link to the organization's privacy policy, or any other evidences related to your case.
|
||||
This information could get shared with the organization you are complaining against, or even partially published later on. Read the DPA's privacy policy about complaint information, and do not hesitate to ask your DPA questions from an anonymous email address beforehand if needed.
|
||||
|
||||
- Be ready to share additional evidences if your DPA requests it.
|
||||
|
||||
This might include screenshots of the infraction, email communication with the delinquent organization, link to the organization's privacy policy, or any other evidences related to your case.
|
||||
|
||||
</div>
|
||||
|
||||
|
|
@ -144,7 +154,7 @@ When sending an official complaint, make sure to:
|
|||
|
||||
<div class="emoji-list-c" markdown>
|
||||
|
||||
- [European Union Member States Data Protection Authorities - List and Map (EDPB)](https://www.edpb.europa.eu/about-edpb/about-edpb/members_en)
|
||||
- [European Union Member States Data Protection Authorities - List and Map (*EDPB*)](https://www.edpb.europa.eu/about-edpb/about-edpb/members_en)
|
||||
|
||||
</div>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue