"In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject."
C‑634/21 is also somewhat relevant to understand how courts have applied ADM in general context of credit reporting https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... though it didn't specify what information actually needs to provided for 13(2)(f).
Private cameras pointing to street can be lawful under GDPR, but in that case they are GDPR controller. That then requires them fulfill bunch of obligations which they probably aren't, e.g. giving proper Article 13 notice.
I don't know if it's criminal in any EU country, but it would be something that you could complain to DPA about. Or initiate civil lawsuit against the controller.
Worth noting is that in some cases the camera vendor might also be (joint) controller as they can determine means & purposes of the processing. If they are simply storing the video then it's unlikely, but if they for example use it for AI training that would likely bring them controller territory.
If you are in EU you could try complaining to your local DPA. That certainly sounds like "automated decision which produces legal effects concerning him or her or similarly significantly affects him or her" which is against article 22 of GDPR. Or you could consider suing them directly at least for the refund.
Outside of EU maybe try passing law like GDPR to actually get some rights back.
Secrecy of correspondence doesn't necessarily only apply to physical letters as far as Constitutions go. In Finnish constitution it is defined as "The secrecy of correspondence, telephony and other confidential communications is inviolable" meaning it also applies to any internet message.
Unfortunately large majority of parties in Finnish Parliament do not really care about that provision and have passed multiple laws which create exceptions to it. They do it via the proper protocol (which is essentially the same as modifying the Constitution itself) so it's technically legal.
From my understanding Charter of Fundamental Rights of the European Union is somewhat similar to US Constitution & amendments. Both do still allow government to restrict the freedoms granted by those in some situations though I do think the US Constitution does tend to set higher bar on the interference.
There have been EU laws which get struck down because they violated the Charter (e.g. Data Retention Directive).
Hopefully even if the worst comes to pass and the EU ends up enacting this law there are still the courts on the EU level and then the national governments and courts in countries where this type of surveillance is illegal can still decide to do whatever the want (i.e. national constitutions general take precedence over EU treaty obligations)
> As outlined below, today’s action does not impact a consumer’s continued use of routers they previously acquired. Nor does it prevent retailers from continuing to sell, import, or market router models approved previously through the FCC’s equipment authorization process. By operation of the FCC’s Covered List rules, the restrictions imposed today apply to new device models.
I’m sure plenty of US factories are capable of importing boxes that look like routers but are actually just switches (because the router firmware is missing) and re-flashing them here…
Qualcomm is a US company right? I've worked on a few WiFi router devices and their chips are pretty popular in that segment. But WiFi is not a priority for Qualcomm (in fact they actively sabotage it for their more profitable 5G segment), and software is even less of a priority. So you had "parsing 802.11 TLVs in the kernel with obvious stack overflows" quality code drops.
(Which is why it's a bit ironic I saw the Google Fiber guy post on X about how they always had TPM^TM "security" in their routers; thats cool, but the drivers you used still made them "general purpose computing over the air" devices)
Doesn't matter where they're headquartered if they use foreign-made components. I don't think there's a robust enough supply chain of domestic materials available (nor cheap enough labor) to feasibly stop using foreign-made components.
> In conjunction with original software development, Island is designed and assembled in the USA to improve security and enable tighter quality control throughout the entire production process. The code for Island routers has only been loaded internally at Island HQ in the U.S; customer support is also managed directly in our U.S. Headquarters.
But the fact that a company can manufacture consumer(ish) routers in Latvia means it's very practical that another company could manufacture consumer routers in the US.
Usually the argument is that X can't be made in the US because China's so good at it that the US could never compete, so we shouldn't even try. But if a company with 367 employees in a country with the population of a medium-size metro area can do it, it proves that argument is bunk.
> But the fact that a company can manufacture consumer(ish) routers in Latvia means it's very practical that another company could manufacture consumer routers in the US.
Assembling them in Latvia, or the US, from internationally sourced components isn't a solution to anything.
> Usually the argument is that X can't be made in the US because China's so good at it that the US could never compete, so we shouldn't even try. But if a company with 367 employees in a country with the population of a medium-size metro area can do it, it proves that argument is bunk.
Unless Latvia is a much better environment for this kind of industry than the US is.
> Assembling them in Latvia, or the US, from internationally sourced components isn't a solution to anything.
I disagree. It's the first step. I mean, how did China do it? They started with assembly and low-value manufacturing and worked their way up the value chain. The US still had fabs. Once you get assembly reshored, start pushing to to reshore components (which are mostly chips, and pretty soon the equipment is mostly domestic.
> Unless Latvia is a much better environment for this kind of industry than the US is.
In what way?
Even if the US is utterly terrible for this kind of industry, we're talking about a small-medium sized tech company. It seems extremely doable.
> Another more plausible scenario is countries simply start repealing safe harbor laws.
It already happened via GDPR to some degree. CJEU ruled in December that platforms can qualify as controllers for personal data published in user-generated advertisement. The given reasoning was basically that the platform determined the means and the purposes of the processing.
Due to that they can be liable for article 82 damages.
As far as I understand the $100k fee applies only to consulate issued H1Bs. L1 -> H1B path (via AOS) is possible without fee. (Recent) US university graduates can also use similar path from what I understand.
We will see how much the $100k fee affects things during this H1B lottery round in few weeks.
> Only about 70 employers have paid a $100,000 Trump fee on H-1B workers from outside the US since it was imposed through a September White House proclamation, a government attorney said Thursday.
> (i) Finance and high-risk identity proofing.—No person shall extend credit, originate a loan, open a high-risk financial account, or provide another high-risk financial service based solely on a Social Security number, static identity information, or an uploaded image or copy of a government-issued identity document. A person engaging in such activity shall use multi-factor identity verification reasonably designed to verify both record consistency and claimant control, using less intrusive reasonably reliable methods where available.
> (j) Social Security number not sufficient identity credential.—A Social Security number, taxpayer identifier, or similar identifier shall not by itself be treated as proof of identity for purposes of this Act.
So, to me at least, it sounds like they actually mean "Providers must not use SSN for authentication (including fraud)".
That's weird, I can login to my HealthEquity account (which contains HSA) without any issues and I don't have passkey setup. I confirmed it just now just in case.
That article does say "HealthEquity Mobile and web experience" so maybe it's just for customers who use both, I only use web.
"In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject."
EDPB Guidelines on automated decision making: https://ec.europa.eu/newsroom/article29/items/612053 especially page 25 is relevant
C‑634/21 is also somewhat relevant to understand how courts have applied ADM in general context of credit reporting https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... though it didn't specify what information actually needs to provided for 13(2)(f).
reply