Indeed. I’ve hit this kind of page like 4 times now in the past few days, so it’s an emerging new piece of hit-and-run garbage that wastes my time. Perhaps it just replaces Cloudflare’s broken CAPTCHA pages, in which case it may not be not adding to the time waste that CF already does.

A “fund” is not an individual stock. A fund is a huge collection of stocks managed by someone else. I have had retirement accounts where I just get tick boxes like: aggressive, conservative, and moderate. If you look at the docs for a mutual fund, typically only their 10 biggest holdings are disclosed. They don’t bother to list the other 500+ holdings.

I would love to specify corporations who I want to blacklist and require funds to be filtered on that, but I have never seen an investment tool that has such a thing. If you find one, please let me know.

This person has the right idea:

https://sopuli.xyz/post/41286109

Of course to get that level of purity means ditching all mutual funds and other managed funds and just picking unmanaged/specific investments. Which he suggests could be a full-time job.

Wait, are they saying that when hosting services

Is “they” me? Hosting services is not an issue because it’s a service, which means the hosting service has a GDPR obligation to express in plain language how data is processed. Code transparency does not matter in that regard.

When a controller pushes closed-source software onto data subjects who are expected to execute it on their own equipment, then the GDPR hole manifests. The controller has no obligation to tell you how your data is processed by their black box software. And worse, they go as far as to contractually block you from studying the code. In this case, your only hope for transparency is to use FOSS instead. And (as you say) that ad hoc privilege is only useful for those who can read code. But at least reviewers can explain in plain language to others what the code does.

If “they” is Google, Google is claiming closed source benefits data protection:

“Walker suggested that American companies could collaborate with European firms to implement measures ensuring data protection. Local management or servers located in Europe to store information are among the options.”

That probably includes anyone with a retirement account. It must require quite some effort to pick funds that exclude Alphabet Inc.

I heard a Canadian org is going after the ESG falsifications stemming from greenwashing. Might have been this radio show where it came up:

https://www.bbc.co.uk/programmes/w3ct6s80

The only Google anything I use is my email for ‘official’

Why is that? Most public services use Microsoft for email, I find.

FWIW, I boycott both; which means I am mostly using postal mail.

Indeed. And as well, even if growth were needed, Google is advocating for US growth at Europe’s expense.

Did you try eating the peppers after the tincture is made? I wonder how effective the alcohol-based extraction is… if there is any residual capsaicin left in the peppers.

Walker argues that the market moves faster than legislation and warns that regulatory friction will only leave European consumers and businesses behind in what he calls “the most competitive technological transition we have ever seen.” … Kent Walker suggested that this initiative would stifle innovation and deny people access to the “best digital tools.”

The irony. Is the EU going to fall for this? Or does the EU realise that copyright is in fact the “regulatory friction” that “stifles innovation”?

According to Google, the idea of replacing current tools with open-source programs would not contribute to economic growth.

Does Europe need growth?

And either way, how does making public service more costly by way of licensing fees increase growth in Europe? The license costs could instead be spent funding more European public workers. That’s growth, no?

Google is advocating for US growth at Europe’s expense.

Walker suggested that American companies could collaborate with European firms to implement measures ensuring data protection.

Closed-source software processes data non-transparently, thus compromising GDPR art.5. It’s also a shitty loophole around the GDPR, because when you run a closed-source app, you are technically the one processing the data.

It’s a hole in the GDPR that FOSS fixes.

The DPA is not limited to fines. A DPA can give advice, issue warnings, and orders. A DPA is unlikely to use a heavy-handed but simultaneously ineffective or inappropriate tool for enforcement. The DPA also has discretion in the amount of the fine. The law at hand w.r.t this thread disempowers the DPA from fines – which would be increasingly important for repeat offenders.

I think it’s far-fetched to suggest that a DPA would ruin or sink a school. But it would be sensible for the penalty limit to be lower for public data controllers if that concern is realistic. There could also be an imposed leniency on 1st time offences.

The alternative that you allude to is holding DPOs personally liable for breaches and non-compliance. Again nice in theory but in practice it means that in most cases you’re holding one person responsible for the actions of someone else.

I doubt it’s legal to hold someone personally liable. I know a bar owner who would do a money grab on his bartender’s paycheck whenever he did something objectionable. I don’t think that was legal, nor would I suggest it.

The main purpose of a legal person is to shield natural persons from lawsuits. The DPA would be fining the public agency as a whole.

The public agency should of course internally attribute the DPO’s failures to the DPO. From there, I doubt it would be legal to do an instant money grab on the DPO. But there are of course legally sound corrective actions. If the DPO is an outside agency, it’s simple to outsource to another provider of DPO services. If it’s a direct employee, they can be sacked or reassigned a different role. They could be given a pay cut in the future, like at their next annual appraisal, at which point they can decide whether to accept the new terms. They could be required to attend training. It’s a management issue.

My org had a high impact breach a couple of months ago.

A breach is not in itself an infringement by a data controller. But if the data controller was negligent in their infosec and not up to GDPR standards which is then attributed to the breach, then the negligence would be an infringement.

wouldn’t teach the DPO a lesson - they’ve done everything the law requires.

Without having the details I can only figure that if the DPO did everything the law requires, then a conviction and penalty has no merit in the 1st place.

And without knowing about your org, I cannot judge whether resources are being sensibly allocated. It sounds like GDPR compliance has an low priority there (which actually makes sense if the org is legally immune to GDPR fines anyway).

Bad public services should be defunded. From there, data subjects benefit from the restructuring, which ensures the GDPR is taken seriously. The incompetent lose. They get shown the door. The people benefit from the money (which does not disappear) going to public services that respect their rights.

There is also deterrance. A DPO for a school who knows they could become responsible for the school losing funding due to their negligence will act more responsibly. The boss of the DPO who also knows a fine is possible will hire a qualified DPO, as opposed to a clown. When a data subject makes a GDPR request, the DPO and school won’t laugh at it (which is what happens now).

Imagine a school gets fined £100k.

It sounds like you have selected a suboptimal amount, by your own admission.

Absolutely nobody benefits from a fine. Everyone loses.

Privacy is a human right. Throwing human rights under the bus harms the data subjects. Data subjects benefit from effective GDPR enforcement. In the EU, such a circumstance harms the whole EU because the protection is not uniform. The GDPR becomes spotty, hit and miss… unreliable.

You know how hard it is to get approved with a new social security number?

Read the title of the linked article. If it happens, it will not be a one by one approval.

1. You cannot comprehend English written by someone whose first language is English.
2. You cannot meaningfully articulate in English why you cannot comprehend it.
3. You don’t know that “therein” is spelled as a single word.

You’re clearly the one struggling with English.

There are literally thousands of governments within the US. The US loves to create new govs. If you cannot grasp that, then you simply will not be able to understand the problem with trying to consider “the gov” as a singular entity in this context. In the very least, you should try to understand that there are 3 branches of government. From there, copious jurisdictions divided by geography and scope of law.

Do a search on “ICE Minnesota” if you want to understand hard and fast how govs in the US can be unaligned.

I am not going to write a whole book right here so you can understand. Go back to school.

Indeed the credit freeze is a simple no-brainer. And it’s not mutually exclusive with any other action. Most people don’t realize credit freezing should be a default way of operating. Particularly in a system where you don’t have control over your data. Banks ToS vaguely say “you agree we can share your data with any credit reporting agency”. They typically don’t even name the credit bureau so you don’t have transparancy or control. Your blunt instrument is the choice to open the bank acct, or not.

The best theoretical option would be to open an asset acct that disallows credit and then does not stick a fucked up credit bureau in the mix. Consumers are not smart enough to demand that and so I don’t believe any bank offers that.

It’s much harder to move, change ssn, etc.

Yes, but it’s not either or. You can make the data stale while also freezing your credit.

I would not call it pointless to fine public administrations. The money from the fine would go from one gov pot of money to another. There are consequences and power plays; winners and losers. Whoever holds the money has the power. The incompetent agency who must beg for an offset may not get it all back. There could be conditions attached it.

Neutering the DPA enables agencies to be sloppy and cavalier.

Who’s they? By “they” you mean government. That’s not an atomic unit. The gov has many govs therein and those govs are not aligned. Read the article.

“A filing summarized on Representative John Larson’s website states that DOGE workers used the third party service Cloudflare in March 2025 in a way that violated Social Security’s own security policies, and that DOGE employees attempted to pass sensitive personal records to an outside advocacy group seeking to overturn election results.”

…

“The Department of Justice has since admitted in another case that earlier statements to the courts about DOGE’s access were inaccurate.”

…

“A press release from the American Federation of State, County and Municipal Employees describes how Justice Department filings acknowledged that individuals’ personal data had been disclosed to third parties using a non-government server, and that DOGE operatives entered Social Security systems without proper authority, bypassing safeguards and putting bank accounts, health records, wage histories, and immigration status at risk.”

So policy violations, inaccurate testimony, and improper authority… clearly some key gov agencies see this as a data breach.

Your option is a collective action. Mine is individual. These are not mutually exclusive. But I cannot do a collective action on my own. I don’t have a guillotine but I can afford airfare out and I don’t need to rely on actions of others to take the individual action.

You must have a lot of confidence in democracy in the US to do right by the people. I’ll leave this quote here:

“In the United States, the political system is a very marginal affair. There are two parties, so-called, but they’re really factions of the same party, the Business Party.”

– Noam Chomsky (1990)

Please read the linked article before commenting. Specifically, the title:

“All U.S. Social Security numbers may need to be changed following a massive breach that is already being investigated as a national threat”

It’s only correct to call this “talking out your ass” if you intend to claim that an act of Congress were impossible.