Haaaa noyb… never a dull moment with them.

In Europe that would not be permanently stored but is would be for a while indeed. A few years after the subscription’s validity at least.

Companies are still allowed to store data and not delete it depending on the purpose… Being able to demonstrate that they complied with your request by keeping the associated email would be a fair exemple.

What would be your preferred approach ? I’m on the implementation side of this in a reasonably large company and so far I found the act to be reasonable. It must rely on some interpretation as every piece of such regulation. Same as GDPR for example and yet it’s a very important progress for EU citizens guarantee wise.

Depends on the dimension used. « Shoulds » are meaningless. Let’s not assume everyone is doing shit work, awareness is getting there and people are getting more capable to correctly classify data. Anyway assuming correct classification there are techniques that changes classification enough to allow exportation of data to shit countries.

There’s plenty of techniques to avoid re-identification… aggregation isn’t the only way. Especially considering that aggregation if using a stupid dimension isn’t helping at all…

It’s never been illegal at all, you’re oversimplifying the issue. Plenty of use cases that can use US clouds. Not all data is PII and plenty of use cases perform fine by anonymising their data. Also EU countries aren’t that better than US when it comes to state issued privacy violations; we just don’t do dragnet bullshit (yet) but plenty of requests are served as requested…

I can understand being fine with a nomination that aligns with his personal interests but from there the journey to « party of small people » likely takes a convoluted path.

Your examples are clear indication that you know jack shit about actual police work. Admittedly in civilised countries where there are checks and due process. Cops aren’t getting access freely to comms. A magistrate can depending on circumstances. And there’s plenty of red tape everywhere. Even telco operators will refuse to respond to a request if not absolutely justified. And typically that’s not when timmy sold some shit to his neighbour. Organised crime, murders, rapts… instances of those with actual victims are not threats, they are shits that happen and needs to be sorted.

Lemme be the judge of that… grow a bit and put your argument on the table.

Don’t hesitate to develop…

Call interception, retro and all methods of investigation relying on télécommunications are, and need to remain, a tool available for police forces when the crimes they are investigating are greatly impacting society. Having a prosecutor request those within acceptable limits is a net positive. Not the same as having dragnets spying on everyone in the hope of hitting keywords mind.

But criminality is using more and more complex tools at their disposition and there’s just no way of policing like in medieval times anymore.

They are active in whistleblowing, not privacy leak management…

Nha they publish metadata describing the leaked data. If you’re a data subject concerned by the incident you then request a copy of yr information which requires proper identification.

Why would they share the data itself….

At this point they are somewhat catching up on what traditional banks are doing it seems…

Typically llm are rather ressource intensive - you need beefy hardware to run those at speed. Especially if you intend to train them with your data to improve their relevance. I don’t think mobile phones or run to the mill laptops are going to be enough for any non-trivial implementations. I might be skewed by experiences on non-personal projects though.

How do you anonymise without supervision ? And obfuscation isn’t anonymisation…

They could try to pass it as a legitimate interest but likely it would be struck as being ultimately disfavouring the individual and favouring the business. Probably.

Well then explain me how you propose to apply data subject rights to a llm… you can’t currently un-train those as far as I know. And that’s not touching IP which isn’t exactly the same here and there.

I’m professionally watching what’s happening with this very topic and the current state of the law and related decisions makes everyone in the business cautious at the very least. Doesn’t prevent business to take risks but it’s risk taking indeed.

Yeah that’s not standing in europe… especially for PII…