#data-minimization — Public Fediverse posts

A clear take on why less data brings more trust, more value, and more power to teams. #privacyfirst #dataminimization #ethicaltech #digitaltrust #securitybydesign #dataethics #cxothoughts #techleaders
https://www.linkedin.com/pulse/data-purpose-power-privacy-first-world-sanjay-k-mohindroo--f03fc

Do not collect the data that you do not need.

Do not collect the data
that you do not need.

Do not collect
the data
that you
do not
need
.

#DataMinimization #Privacy #DigitalRights

Do not collect the data that you do not need.

Do not collect the data
that you do not need.

Do not collect
the data
that you
do not
need
.

#DataMinimization #Privacy #DigitalRights

GM Faces $12.75M Penalty for Illicit Driver Data Sales

General Motors has been hit with a record $12.75 million penalty for selling California drivers' data without their consent, despite promising to protect their privacy. This landmark case marks a major victory for data protection, with California's Attorney General Rob Bonta leading the charge.

https://osintsights.com/gm-faces-1275m-penalty-for-illicit-driver-data-sales?utm_source=mastodon&utm_medium=social

#CaliforniaConsumerPrivacyAct #DataMinimization #GeneralMotors #Onstar #SmartDriver

Data minimization is not just a privacy principle.

It is a trust control.

If an app’s mission is to deliver official updates and public information, every nonessential data touch becomes a governance question.

Not “can we collect this?”
“Why do we need it at all?”

#CyberSecurity #Privacy #Governance #DataMinimization

No funnels. No paywalls. No permission required. wzrdgang.com #wzrdgang #dataminimization

Policy shift with technical implications.
The European Parliament endorsed an opinion proposing:
• Social media ban under 13
• Parental consent under 16
• Privacy-preserving age assurance mechanisms
• Expanded regulation under the Digital Fairness Act

Security and engineering considerations:
Zero-knowledge proof-based age verification?
On-device age estimation vs centralized ID checks?

Data minimization vs compliance logging requirements?

AI-driven manipulation detection standards?
Age verification at EU scale introduces non-trivial architectural challenges - particularly around privacy-by-design and cross-border enforcement.

From a security architecture perspective:
Can platforms implement robust age controls without increasing identity exposure risks?
Engage below.

Source: https://therecord.media/eu-lawmakers-propose-youth-under-16-social-media-parental-consent

Follow @technadu for cybersecurity, AI governance, and digital compliance analysis.
Repost to inform the security community.

#Infosec #AgeVerification #PrivacyEngineering #DigitalPolicy #EURegulation #AIgovernance #PlatformSecurity #DataMinimization #CyberCompliance #OnlineSafety

02:21 VOIDCAST: data minimization: we keep it light. #replynever #dataminimization

Collect what you need. Delete what you don't. Respect privacy by default.
That's how you build trust that lasts.
#DataMinimization #PrivacyByDesign #BusinessEthics

If you collect it, someone at some point will come to exploit it.

#Privacy #DataMinimization

If you collect it, someone at some point will come to exploit it.

#Privacy #DataMinimization

Take only what you need. Leave no digital footprints. 👻

#GhostMode #DataMinimization #PrivacyFirst #DigitalHygiene

Take only what you need. Leave no digital footprints. 👻

#GhostMode #DataMinimization #PrivacyFirst #DigitalHygiene

My advice to everyone: always retain as much data as possible never, ever overshare, and always compartmentalize¹. 🔒🧩 #PrivacyTips #DontOvershare #Compartmentalize #DataMinimization

1 In information security, compartmentalization limits access to sensitive data to only those with a "need to know," dividing information into isolated segments to minimize breach impact. If one compartment is compromised—say, by an insider or cyberattack—attackers can't easily access others, reducing overall risk

My advice to everyone: always retain as much data as possible never, ever overshare, and always compartmentalize¹. 🔒🧩 #PrivacyTips #DontOvershare #Compartmentalize #DataMinimization

1 In information security, compartmentalization limits access to sensitive data to only those with a "need to know," dividing information into isolated segments to minimize breach impact. If one compartment is compromised—say, by an insider or cyberattack—attackers can't easily access others, reducing overall risk

📝 WhatsApp, metadata and privacy: when the problem is not the content but the context

Two studies reveal WhatsApp metadata vulnerabilities: 3.5 billion accounts enumerated and device fingerprinting. Analysis of risks and open source alternatives such as XMPP and Matrix.

🔗 https://www.nicfab.eu/en/posts/whatsapp-metadata-privacy/

#PrivacyByDesign #DataMinimization #DataProtection #DigitalRights #BugBounty

📝 WhatsApp, metadata and privacy: when the problem is not the content but the context

Two studies reveal WhatsApp metadata vulnerabilities: 3.5 billion accounts enumerated and device fingerprinting. Analysis of risks and open source alternatives such as XMPP and Matrix.

🔗 https://www.nicfab.eu/en/posts/whatsapp-metadata-privacy/

#PrivacyByDesign #DataMinimization #DataProtection #DigitalRights #BugBounty

A clear take on why less data brings more trust, more value, and more power to teams. #privacyfirst #dataminimization #ethicaltech #digitaltrust #securitybydesign #dataethics #cxothoughts #techleaders
https://www.linkedin.com/pulse/data-purpose-power-privacy-first-world-sanjay-k-mohindroo--f03fc

Privacy First, Security Always: The Only Sane Default

“Privacy first, security always” is either a real principle or it is marketing wallpaper.

People can smell the difference now. Not because everyone became a cryptography nerd overnight, but because the consequences turned personal. Accounts get drained. Identities get cloned. A harmless preference turns into a predictive profile. Then a company calls it “personalization” and expects gratitude.

I keep coming back to a simple line: if a system cannot respect boundaries, it does not deserve trust.

The quiet theft is not the breach. It is the business model

Security failures arrive with sirens. Privacy failures arrive with a checkbox.

Teams hide the most invasive defaults behind consent banners, vague policies, and settings buried three menus deep. That is why privacy first has to be architectural. If your product needs intimate data to function, the relationship starts compromised and every debate becomes about permission instead of necessity.

A practical test helps.

Picture your product landing on the desk of a skeptical customer who has already been burned. They ask one question: “Why do you need this data?”

A hand-wavy answer like “we might use it later” reveals the truth. You are not building a service. You are building a warehouse.

Privacy first means you design so the system does not need to know everything about someone in order to work.

Security always is not paranoia. It is respect for entropy

Security is not a feature you bolt on. Security is the discipline you practice.

Most compromises are not clever or dramatic. Routine mistakes create them: misconfigurations, over-permissioned accounts, leaked secrets, and unpatched dependencies.

Permissions sprawl until nobody can map them. Teams ship misconfigurations. Secrets leak because nobody rotates them. Dependencies drag risk into your product like barnacles. Backups fail the one day you need them. Logs exist but never tell a story.

Security always means you assume failure will happen and you engineer the impact down to something survivable.

That mindset can sound pessimistic. In reality, it respects entropy. Systems decay, incentives shift, and people make mistakes. Entropy does not care about your roadmap.

The practical blueprint: collect less, separate, prove

I like frameworks when they sharpen thinking and do not become religious scrolls. The simplest operating model I trust looks like this.

1) Collect less

Collect only what you can defend in one sentence to a skeptical user. Not to your lawyer. To your user.

Reduce identity where you can. Prefer short-lived identifiers over permanent ones. Process locally whenever it makes sense.

A privacy-first system does not brag about protecting your data. It quietly replies, “we never stored it.”

2) Separate what you must store

Treat data like it can explode, because it can.

Separate identifiers, content, metadata, and billing. Force access through clear boundaries. Encrypt sensitive fields at rest. Keep administrative power narrow and observable.

Isolation is also cultural. Engineers should not casually browse production data. A company that must “look inside” to operate has built a fragile machine.

3) Prove what you did

Logging is not glamorous. Auditability is not optional.

Teams earn trust when they can show what happened, who accessed what, and why. If you cannot prove access, you do not control access.

This is where “security always” stops being a vibe and becomes engineering.

Where AI changes the stakes

AI increases the temptation to repurpose data. More data looks like more capability.

That logic has a shadow.

Once the data exists, incentives attack it from every angle. Governments demand it. Attackers leak it. Brokers sell it. Lawyers subpoena it. Insiders misuse it. Product teams pull it into models because it feels convenient.

The old scandal playbook that turned personal information into political influence taught a brutal lesson. People do not hate being measured. People hate being manipulated.

Privacy first, security always refuses to build manipulation pipelines by accident.

The surveillance trade is a false bargain

Leaders keep offering societies the same deal: give up a little privacy for a little security.

The pitch sounds reasonable until you watch the pattern. Privacy leaves first. The promised security rarely arrives.

Real security looks boring in practice. Patching, least privilege, planning for failure, and building systems that do not collapse when one component breaks define it.

Mass surveillance does not deliver security. It delivers power.

That matters if you care about liberal values, because agency needs a private interior. People who feel watched do not explore ideas. They perform. When performance replaces honesty, innovation dies quietly.

What “privacy first, security always” looks like in real products

It looks like choices that feel slightly harder in the short term and far cheaper in the long term.

• End-to-end encryption where it actually matters, especially for private content.
• Local-first or edge-first intelligence where feasible, so insights do not require central hoarding.
• Clear data lifecycles: expiration by default, deletion that is real, retention that is justified.
• User agency that is not performative: export, revoke, rotate, and leave.
• Transparency that is specific: what is collected, why, where it goes, and how long it stays.

Open source helps here, not as ideology, but as visibility. Opaque systems force trust to become faith. Visible systems let trust return to engineering.

Shift: trust is becoming a business strategy again

For years, growth came easiest to the companies that treated people as data sources. That era is wearing out, because distrust is becoming expensive.

Customers ask better questions now. Teams tire of cleaning up preventable incidents. Regulators tighten expectations around data usage, especially when AI enters the picture. Investors learn that “move fast” turns expensive when you pay for the mess.

The economics stay simple: trust costs less to build early than to buy back later.

A line I like has stuck with me.

“You don’t need to drive the car to influence the journey. Speak clearly, and the driver might begin to listen. Place a sign on the roadside, and someone behind you will see it. Offer a compass, and you guide even without steering.”

Privacy first, security always is one of those signposts.

A society that shrugs at surveillance becomes a society that cannot breathe. A company that shrugs at security becomes a company that cannot be trusted. The two failures reinforce each other.

“Privacy first, security always” is the design stance that says: we do not need to own people to serve them.

Build systems that deserve users.

Call to action

If you build products, pick one system this week and run a simple trust audit.

Ask:

• What personal data do we collect that we could remove?
• What do we keep longer than we can justify?
• Who can access sensitive data today, and how do we prove it?
• Which dependency or vendor would hurt us most if it failed?
• What would we tell users within 24 hours of a breach?

If you find a gap, fix one thing. Small repairs compound.

If this resonates, share the post with someone who ships software, and leave a comment with the hardest privacy or security tradeoff you are facing right now. I read them and I will reply.

Key Takeaways

• Privacy first means designing systems that respect user boundaries and don’t require excessive data.
• Security always involves assuming failures will happen and engineering to minimize their impact.
• The practical blueprint consists of collecting less data, separating necessary data, and proving access to it.
• Privacy first, security always discourages manipulation and builds trust between users and companies.
• Companies that prioritize trust will thrive as users demand better data practices and transparency.

Privacy First, Security Always: The Only Sane Default

“Privacy first, security always” is either a real principle or it is marketing wallpaper.

People can smell the difference now. Not because everyone became a cryptography nerd overnight, but because the consequences turned personal. Accounts get drained. Identities get cloned. A harmless preference turns into a predictive profile. Then a company calls it “personalization” and expects gratitude.

I keep coming back to a simple line: if a system cannot respect boundaries, it does not deserve trust.

The quiet theft is not the breach. It is the business model

Security failures arrive with sirens. Privacy failures arrive with a checkbox.

Teams hide the most invasive defaults behind consent banners, vague policies, and settings buried three menus deep. That is why privacy first has to be architectural. If your product needs intimate data to function, the relationship starts compromised and every debate becomes about permission instead of necessity.

A practical test helps.

Picture your product landing on the desk of a skeptical customer who has already been burned. They ask one question: “Why do you need this data?”

A hand-wavy answer like “we might use it later” reveals the truth. You are not building a service. You are building a warehouse.

Privacy first means you design so the system does not need to know everything about someone in order to work.

Security always is not paranoia. It is respect for entropy

Security is not a feature you bolt on. Security is the discipline you practice.

Most compromises are not clever or dramatic. Routine mistakes create them: misconfigurations, over-permissioned accounts, leaked secrets, and unpatched dependencies.

Permissions sprawl until nobody can map them. Teams ship misconfigurations. Secrets leak because nobody rotates them. Dependencies drag risk into your product like barnacles. Backups fail the one day you need them. Logs exist but never tell a story.

Security always means you assume failure will happen and you engineer the impact down to something survivable.

That mindset can sound pessimistic. In reality, it respects entropy. Systems decay, incentives shift, and people make mistakes. Entropy does not care about your roadmap.

The practical blueprint: collect less, separate, prove

I like frameworks when they sharpen thinking and do not become religious scrolls. The simplest operating model I trust looks like this.

1) Collect less

Collect only what you can defend in one sentence to a skeptical user. Not to your lawyer. To your user.

Reduce identity where you can. Prefer short-lived identifiers over permanent ones. Process locally whenever it makes sense.

A privacy-first system does not brag about protecting your data. It quietly replies, “we never stored it.”

2) Separate what you must store

Treat data like it can explode, because it can.

Separate identifiers, content, metadata, and billing. Force access through clear boundaries. Encrypt sensitive fields at rest. Keep administrative power narrow and observable.

Isolation is also cultural. Engineers should not casually browse production data. A company that must “look inside” to operate has built a fragile machine.

3) Prove what you did

Logging is not glamorous. Auditability is not optional.

Teams earn trust when they can show what happened, who accessed what, and why. If you cannot prove access, you do not control access.

This is where “security always” stops being a vibe and becomes engineering.

Where AI changes the stakes

AI increases the temptation to repurpose data. More data looks like more capability.

That logic has a shadow.

Once the data exists, incentives attack it from every angle. Governments demand it. Attackers leak it. Brokers sell it. Lawyers subpoena it. Insiders misuse it. Product teams pull it into models because it feels convenient.

The old scandal playbook that turned personal information into political influence taught a brutal lesson. People do not hate being measured. People hate being manipulated.

Privacy first, security always refuses to build manipulation pipelines by accident.

The surveillance trade is a false bargain

Leaders keep offering societies the same deal: give up a little privacy for a little security.

The pitch sounds reasonable until you watch the pattern. Privacy leaves first. The promised security rarely arrives.

Real security looks boring in practice. Patching, least privilege, planning for failure, and building systems that do not collapse when one component breaks define it.

Mass surveillance does not deliver security. It delivers power.

That matters if you care about liberal values, because agency needs a private interior. People who feel watched do not explore ideas. They perform. When performance replaces honesty, innovation dies quietly.

What “privacy first, security always” looks like in real products

It looks like choices that feel slightly harder in the short term and far cheaper in the long term.

• End-to-end encryption where it actually matters, especially for private content.
• Local-first or edge-first intelligence where feasible, so insights do not require central hoarding.
• Clear data lifecycles: expiration by default, deletion that is real, retention that is justified.
• User agency that is not performative: export, revoke, rotate, and leave.
• Transparency that is specific: what is collected, why, where it goes, and how long it stays.

Open source helps here, not as ideology, but as visibility. Opaque systems force trust to become faith. Visible systems let trust return to engineering.

Shift: trust is becoming a business strategy again

For years, growth came easiest to the companies that treated people as data sources. That era is wearing out, because distrust is becoming expensive.

Customers ask better questions now. Teams tire of cleaning up preventable incidents. Regulators tighten expectations around data usage, especially when AI enters the picture. Investors learn that “move fast” turns expensive when you pay for the mess.

The economics stay simple: trust costs less to build early than to buy back later.

A line I like has stuck with me.

“You don’t need to drive the car to influence the journey. Speak clearly, and the driver might begin to listen. Place a sign on the roadside, and someone behind you will see it. Offer a compass, and you guide even without steering.”

Privacy first, security always is one of those signposts.

A society that shrugs at surveillance becomes a society that cannot breathe. A company that shrugs at security becomes a company that cannot be trusted. The two failures reinforce each other.

“Privacy first, security always” is the design stance that says: we do not need to own people to serve them.

Build systems that deserve users.

Call to action

If you build products, pick one system this week and run a simple trust audit.

Ask:

• What personal data do we collect that we could remove?
• What do we keep longer than we can justify?
• Who can access sensitive data today, and how do we prove it?
• Which dependency or vendor would hurt us most if it failed?
• What would we tell users within 24 hours of a breach?

If you find a gap, fix one thing. Small repairs compound.

If this resonates, share the post with someone who ships software, and leave a comment with the hardest privacy or security tradeoff you are facing right now. I read them and I will reply.

Key Takeaways

• Privacy first means designing systems that respect user boundaries and don’t require excessive data.
• Security always involves assuming failures will happen and engineering to minimize their impact.
• The practical blueprint consists of collecting less data, separating necessary data, and proving access to it.
• Privacy first, security always discourages manipulation and builds trust between users and companies.
• Companies that prioritize trust will thrive as users demand better data practices and transparency.

New Privacy Guides video 🎞️🪪
by @jw:

Age Verification represents an incredible threat to our privacy.

Not only Age Verification doesn't protect the children, but this could mean the end of protective pseudonymity for everyone if implemented widely.

Watch this excellent video created by Jordan here on PeerTube (based on my article on the same topic): https://neat.tube/w/aR4toTWJpcBZamUdQQpGRu

#PrivacyGuides #Privacy #AgeVerification #DataMinimization #Pseudonymity #PeerTube

New Privacy Guides video 🎞️🪪
by @jw:

Age Verification represents an incredible threat to our privacy.

Not only Age Verification doesn't protect the children, but this could mean the end of protective pseudonymity for everyone if implemented widely.

Watch this excellent video created by Jordan here on PeerTube (based on my article on the same topic): https://neat.tube/w/aR4toTWJpcBZamUdQQpGRu

#PrivacyGuides #Privacy #AgeVerification #DataMinimization #Pseudonymity #PeerTube

In case you are falsely feeling protected outside of Europe:

Chat Control doesn't just concern Europeans. It concerns all of us.

These kind of regulations will come for all of us, everywhere, if we do not ALL push against it everywhere.

If you do not understand how this is all intertwined, I invite you to read more privacy news and in-depth analysis. Because we must all support each other's privacy fights.

Privacy is a human right 💚

Fight for a better world, together ✊🌍

#ChatControl #AgeVerification #DataMinimization #HumanRights #DigitalRights #Privacy #Encryption #E2EE #RootForE2EE 🎉

In case you are falsely feeling protected outside of Europe:

Chat Control doesn't just concern Europeans. It concerns all of us.

These kind of regulations will come for all of us, everywhere, if we do not ALL push against it everywhere.

If you do not understand how this is all intertwined, I invite you to read more privacy news and in-depth analysis. Because we must all support each other's privacy fights.

Privacy is a human right 💚

Fight for a better world, together ✊🌍

#ChatControl #AgeVerification #DataMinimization #HumanRights #DigitalRights #Privacy #Encryption #E2EE #RootForE2EE 🎉

If you store the data of others:

1) you are responsible for protecting it,

2) you are responsible for determining if harm could be caused if this data leaked,

3) and you are responsible for deleting it properly once you do not need to retain it anymore, especially if it could cause harm.

This is a moral obligation and, in many circumstances, can also be a legal one.

#Privacy #DataMinimization #DataDeletion

If you store the data of others:

1) you are responsible for protecting it,

2) you are responsible for determining if harm could be caused if this data leaked,

3) and you are responsible for deleting it properly once you do not need to retain it anymore, especially if it could cause harm.

This is a moral obligation and, in many circumstances, can also be a legal one.

#Privacy #DataMinimization #DataDeletion

First, they'll ask for your official IDs to confirm your age and identity.

This will create a large treasure trove
of sensitive data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then, they'll claim your official ID is
unreliable, because it was stolen so many times, and demand you share your biometric data.

They will collect your face scan,
your palm scan, and even your iris scan (no exaggeration, these are all already being collected by some companies for identification). They will claim it's super safe.

This will create a large treasure trove
of sensitive biometric data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then what? Rinse and escalate.

You will have lost control of not just your corporate social media accounts by participating to this, but to any data capable of validating your identity, to your privacy rights, to the protections you could use online to stay safe.

We don't have to wait that it escalates.

We can, and must, push back and say No now. Start to say No now.

#Privacy #Biometrics #DataMinimization #AgeVerification

First, they'll ask for your official IDs to confirm your age and identity.

This will create a large treasure trove
of sensitive data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then, they'll claim your official ID is
unreliable, because it was stolen so many times, and demand you share your biometric data.

They will collect your face scan,
your palm scan, and even your iris scan (no exaggeration, these are all already being collected by some companies for identification). They will claim it's super safe.

This will create a large treasure trove
of sensitive biometric data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then what? Rinse and escalate.

You will have lost control of not just your corporate social media accounts by participating to this, but to any data capable of validating your identity, to your privacy rights, to the protections you could use online to stay safe.

We don't have to wait that it escalates.

We can, and must, push back and say No now. Start to say No now.

#Privacy #Biometrics #DataMinimization #AgeVerification

3️⃣ ACCESS CONTROLS & DATA MINIMIZATION:

Only authorized personnel can access your data—and even then, only the minimal information needed to provide our service.

#DataMinimization #SecurityBestPractices

It's #DataProtectionDay again, and the same applies to all theme days: We need them to generate attention for problems.

We would therefore like to remind you that it is often not even necessary to establish a personal reference in order to work with data. That is why we are appealing to you today to think critically: Am I really implementing #DataMinimization consistently in my organization?

#PreachingToTheChoir #GDPR

It's #DataProtectionDay again, and the same applies to all theme days: We need them to generate attention for problems.

We would therefore like to remind you that it is often not even necessary to establish a personal reference in order to work with data. That is why we are appealing to you today to think critically: Am I really implementing #DataMinimization consistently in my organization?

#PreachingToTheChoir #GDPR

@Wuzzy well that's not #Datensparsamkeit, is it? #dataMinimization

Tiny Privacy Tip for Organizations 🔘🔒:

1. If you are not absolutely required to be able to contact people by phone, do not make a phone number field mandatory in your forms ☎️🚫

2. If you are not absolutely required to be able to mail/ship something, or visit someone in-person, do not make a home address field mandatory in your forms 📪🚫

3. Do not make mandatory (or even request) any data in a form that you do not *absolutely require* to fulfill the purpose of this form 🚫

4. If you use a third-party vendor for your forms, make sure to remove any piece of data you do not actually absolutely need to collect. If you can't, select a different vendor that will allow you to 🔒👍

Yes, this mandatory by law.

#TinyPrivacyTip #Privacy #DataMinimization

Tiny Privacy Tip for Organizations 🔘🔒:

1. If you are not absolutely required to be able to contact people by phone, do not make a phone number field mandatory in your forms ☎️🚫

2. If you are not absolutely required to be able to mail/ship something, or visit someone in-person, do not make a home address field mandatory in your forms 📪🚫

3. Do not make mandatory (or even request) any data in a form that you do not *absolutely require* to fulfill the purpose of this form 🚫

4. If you use a third-party vendor for your forms, make sure to remove any piece of data you do not actually absolutely need to collect. If you can't, select a different vendor that will allow you to 🔒👍

Yes, this mandatory by law.

#TinyPrivacyTip #Privacy #DataMinimization

People who use social media other than Mastodon :twitter: :facebook: :meta: :

If you are still using some [BigCorpSocial™️] social media account(s),
I highly recommend maintaining a good data privacy hygiene on there. Especially because of all the data collected from these platforms, most recently, infamously, for scanning all your posts to feed For-Profit-AI-Machine™️

One important step to improve your data hygiene is to delete the older posts that are no longer useful to you (you can do this automatically on Mastodon by the way) :nes_fire:

Many [BigCorpSocial™️] have rendered this task more difficult recently by removing features previously provided to third-party developers.

BUT there is a fantastic desktop app developed by @micahflee coming up for this with a workaround! :awesome:

Semiphemeral! :birdsite:✨

Semiphemeral will make it possible for you to delete your older posts from your [BigCorpSocial™️] accounts, according to your preferences.

I don't often recommend tools like this,
but this one is a great one:

Privacy by Design ✅
From a trustworthy source ✅
Top practices for data minimization ✅
Runs locally ✅

I highly recommend it to anyone with social media accounts outside of the Fediverse.

Read on the latest developments here: https://semiphemeral.com/x-steaming-toxic-trashpit-semiphemeral-cant-come-soon-enough/

Subscribe to get updates: https://semiphemeral.com/x-steaming-toxic-trashpit-semiphemeral-cant-come-soon-enough/#/portal/signup

Donate so it gets ready faster! :rainbowdance: https://semiphemeral.com/donate/

Follow Semiphemeral on Mastodon: @semiphemeral

#Privacy #DataMinimization #DataDeletion #Semiphemeral #Twitter #X

People who use social media other than Mastodon :twitter: :facebook: :meta: :

If you are still using some [BigCorpSocial™️] social media account(s),
I highly recommend maintaining a good data privacy hygiene on there. Especially because of all the data collected from these platforms, most recently, infamously, for scanning all your posts to feed For-Profit-AI-Machine™️

One important step to improve your data hygiene is to delete the older posts that are no longer useful to you (you can do this automatically on Mastodon by the way) :nes_fire:

Many [BigCorpSocial™️] have rendered this task more difficult recently by removing features previously provided to third-party developers.

BUT there is a fantastic desktop app developed by @micahflee coming up for this with a workaround! :awesome:

Semiphemeral! :birdsite:✨

Semiphemeral will make it possible for you to delete your older posts from your [BigCorpSocial™️] accounts, according to your preferences.

I don't often recommend tools like this,
but this one is a great one:

Privacy by Design ✅
From a trustworthy source ✅
Top practices for data minimization ✅
Runs locally ✅

I highly recommend it to anyone with social media accounts outside of the Fediverse.

Read on the latest developments here: https://semiphemeral.com/x-steaming-toxic-trashpit-semiphemeral-cant-come-soon-enough/

Subscribe to get updates: https://semiphemeral.com/x-steaming-toxic-trashpit-semiphemeral-cant-come-soon-enough/#/portal/signup

Donate so it gets ready faster! :rainbowdance: https://semiphemeral.com/donate/

Follow Semiphemeral on Mastodon: @semiphemeral

#Privacy #DataMinimization #DataDeletion #Semiphemeral #Twitter #X

Choose the bird that you want to see in the world 💙

Twitter? :twitter:👎

@semiphemeral ? :birdsite:👍

#Privacy #DataMinimization #PrivacyByDesign #Twitter #X

Choose the bird that you want to see in the world 💙

Twitter? :twitter:👎

@semiphemeral ? :birdsite:👍

#Privacy #DataMinimization #PrivacyByDesign #Twitter #X

.@CenDemTech’s @ericnull in IAPP explaining how important #DataMinimization requirements are for privacy legislation. https://iapp.org/news/a/a-view-from-dc-privacy-law-flirts-with-its-ban-it-era

.@CenDemTech’s @ericnull in IAPP explaining how important #DataMinimization requirements are for privacy legislation. https://iapp.org/news/a/a-view-from-dc-privacy-law-flirts-with-its-ban-it-era

Exciting Privacy News! 🔒:birdsite:

If you, like me, are a
big fan of deleting you own data online when you do not need it anymore to reduce your digital prints,

I highly recommend following this amazing project: https://semiphemeral.com/like-a-phoenix-semiphemeral-will-rise-from-the-ashes/

Semiphemeral once helped me immensely while deleting my 24,000 tweets to prepare my Twitter-Exit :nes_fire:

I am extremely pleased to read this tool will not only be brought back by its creator @micahflee but will also have incredible new features!

All built with a privacy-first mindset ✨

Thank you Micah! I can't wait to see Semiphemeral fly again.

Subscribe here to get news of its development and release: https://semiphemeral.com/#/portal/signup 👀

#PrivacyNews #Privacy #PrivacyByDesign #DataMinimization #Semiphemeral

Exciting Privacy News! 🔒:birdsite:

If you, like me, are a
big fan of deleting you own data online when you do not need it anymore to reduce your digital prints,

I highly recommend following this amazing project: https://semiphemeral.com/like-a-phoenix-semiphemeral-will-rise-from-the-ashes/

Semiphemeral once helped me immensely while deleting my 24,000 tweets to prepare my Twitter-Exit :nes_fire:

I am extremely pleased to read this tool will not only be brought back by its creator @micahflee but will also have incredible new features!

All built with a privacy-first mindset ✨

Thank you Micah! I can't wait to see Semiphemeral fly again.

Subscribe here to get news of its development and release: https://semiphemeral.com/#/portal/signup 👀

#PrivacyNews #Privacy #PrivacyByDesign #DataMinimization #Semiphemeral

Microsoft’s advertising company Xandr accused of violating GDPR

https://stackdiary.com/microsofts-advertising-company-xandr-accused-of-violating-gdpr/

#GDPR #Privacy #DataProtection #Xandr #Microsoft #Advertising #Compliance #RTB #DataBreach #PrivacyViolation #UserRights #DataPrivacy #Noyb #Italy #TechNews #DataSecurity #AdTech #Regulation #Legal #UserData #Investigation #PersonalData #Transparency #SensitiveData #DataMinimization #DataAccuracy #GDPRCompliance #PrivacyLaw #DigitalRights #DataControl

Microsoft’s advertising company Xandr accused of violating GDPR

https://stackdiary.com/microsofts-advertising-company-xandr-accused-of-violating-gdpr/

#GDPR #Privacy #DataProtection #Xandr #Microsoft #Advertising #Compliance #RTB #DataBreach #PrivacyViolation #UserRights #DataPrivacy #Noyb #Italy #TechNews #DataSecurity #AdTech #Regulation #Legal #UserData #Investigation #PersonalData #Transparency #SensitiveData #DataMinimization #DataAccuracy #GDPRCompliance #PrivacyLaw #DigitalRights #DataControl

Gentle Privacy and Security Reminder
for Organizations 🔒🗑:

One of the easiest way for your organization to not have data stolen in a data breach, is simply to not have this data.

One of the easiest way to save your organization future headaches and costs is to simply delete thoroughly the data you do not need anymore as soon as you do not need it anymore.

Whenever possible, it's even better to not collect it at all in the first place.

You might need to retain some data of course, but when an incident occurs, you will greatly reduce the harm, damage, and cost if you keep only the minimum data required.

You cannot be held accountable for the data you simply do not have.

Keep this in mind! ✔️✨

#TinyPrivacyTip #Privacy #DataMinimization #DataDeletion

Gentle Privacy and Security Reminder
for Organizations 🔒🗑:

One of the easiest way for your organization to not have data stolen in a data breach, is simply to not have this data.

One of the easiest way to save your organization future headaches and costs is to simply delete thoroughly the data you do not need anymore as soon as you do not need it anymore.

Whenever possible, it's even better to not collect it at all in the first place.

You might need to retain some data of course, but when an incident occurs, you will greatly reduce the harm, damage, and cost if you keep only the minimum data required.

You cannot be held accountable for the data you simply do not have.

Keep this in mind! ✔️✨

#TinyPrivacyTip #Privacy #DataMinimization #DataDeletion

Tiny Privacy Tip for Application Developers 🔒✨

Every piece of data you
collect on others with your application becomes a liability to you.

You are responsible for
safeguarding and keeping track of every single piece of personal data you collect.

This is a heavy responsibility.

Especially if you collect and store a lot of data.

A much easier approach is to collect only what is absolutely necessary and delete it thoroughly as soon as it is not necessary to keep it anymore. You will save yourself so many headaches adopting this practice right from the start in your software development.

Remember: You can't be liable for the data you simply never had.
This is the easiest path for you,
and the safest path for your users.

#TinyPrivacyTip #Privacy #DataMinimization

Tiny Privacy Tip for Application Developers 🔒✨

Every piece of data you
collect on others with your application becomes a liability to you.

You are responsible for
safeguarding and keeping track of every single piece of personal data you collect.

This is a heavy responsibility.

Especially if you collect and store a lot of data.

A much easier approach is to collect only what is absolutely necessary and delete it thoroughly as soon as it is not necessary to keep it anymore. You will save yourself so many headaches adopting this practice right from the start in your software development.

Remember: You can't be liable for the data you simply never had.
This is the easiest path for you,
and the safest path for your users.

#TinyPrivacyTip #Privacy #DataMinimization

CDT’s @ericnull in @therecord_media discussing the need for #DataMinimization requirements amidst a digital landscape that is becoming increasingly vulnerable to privacy harms.
https://therecord.media/lawmakers-set-sights-on-data-minimization-with-new-bills

CDT’s @ericnull in @therecord_media discussing the need for #DataMinimization requirements amidst a digital landscape that is becoming increasingly vulnerable to privacy harms.
https://therecord.media/lawmakers-set-sights-on-data-minimization-with-new-bills

CDT recently filed comments to FTC regarding #COPPA. Some of our proposed suggestions include: strong #DataMinimization requirements, updated #consent mechanisms, & adoption of educational exception to parental consent w/ several important changes: https://cdt.org/insights/cdt-files-comments-with-ftc-in-response-to-coppa-updates/

CDT recently filed comments to FTC regarding #COPPA. Some of our proposed suggestions include: strong #DataMinimization requirements, updated #consent mechanisms, & adoption of educational exception to parental consent w/ several important changes: https://cdt.org/insights/cdt-files-comments-with-ftc-in-response-to-coppa-updates/

A dieci anni di distanza hanno ridotto il numero di #impronte #digitali richieste per il rilascio del #passaporto italiano da sei dita a due: #DataMinimization in marcia!
#PA #sorveglianza #frontiere #datificazione #MobilitàInternazionale

ICYMI: CDT’s @ericnull blogs about #privacy reform at the state level and the importance of #DataMinimization which was featured in this weeks
IAPP newsletter 👏👏👏 https://iapp.org/news/a/op-ed-state-privacy-laws-must-include-data-minimization/

ICYMI: CDT’s @ericnull blogs about #privacy reform at the state level and the importance of #DataMinimization which was featured in this weeks
IAPP newsletter 👏👏👏 https://iapp.org/news/a/op-ed-state-privacy-laws-must-include-data-minimization/

I have a data security shortcut
to share with you:

If sensitive users information
is not kept in the database,
it cannot be leaked in a data breach.

Do not collect
what you do not need ⛔​

Delete all data
you do not need anymore
as soon as you
do not need it anymore :nes_fire:​

#Privacy #PrivacyByDesign #DataMinimization

Do not require a phone number
in a form if it is not mandatory that you can reach this person by phone.

It is unnecessary.

It is not secure.

It endangers their sensitive data for no reason whatsoever.

#Privacy #DataMinimization 🔒

Google has announced forthcoming improvements to #DataMinimization and control over location history for users of Google Maps.

CDT welcomes these changes, which address our recommendations to protect users’ security and #privacy:

https://blog.google/products/maps/updates-to-location-history-and-new-controls-coming-soon-to-maps/ #LocationData