Then, a couple of months later, I get spam from a seller trying to get me to buy knockoff designer handbags, or a Nigerian prince trying to secret his fortune away, or something else odious.

But look -- the email was sent to the address "crappytire@example.net"!

Now I know, with absolute certainty, that this spammer got my address, directly or indirectly, from Crappy Tire. Maybe they sold their mailing list far and wide. Maybe their systems were hacked and every customer's email was exfiltrated.

I can now take action. If I think they sold my address, I can write a nastygram referencing their privacy policy or Canada's PIPEDA act, or Europe's GDPR, or whatever. If I think my address was stolen from their systems, I can report the security incident to them, or publicize it so others know it may have happened to them.

And most importantly, I can disable that email address. Just refuse all mail sent to it. It's no longer of use to spammers or crooks. If I ever deal with Crappy Tire again, I give them a new unique address.

Anyway, that's a lot of backstory. I use this technique extensively. I have caught many, many companies selling/renting their mailing lists in violation of their own policies. I have caught many others that have been hacked, and they didn't even know it.

So what's the thing that happens to me occasionally regarding this?

2/x

The Data Bill strips back your right to human review of automated decisions that have life-changing impacts.

It flips the script, forcing you to prove a mistake has been made when AI gets it wrong – the scales of justice further imbalanced.

Sign our petition

https://you.38degrees.org.uk/petitions/ai-says-no-tell-keir-starmer-that-people-not-machines-should-oversee-life-changing-decisions

Even the limitation on automated decision-making using 'special category data' could be sidestepped by relying on the loophole of 'authorised by law' in the UK Data Bill.

The letter warns that "police will be able to conduct ADM without limitation and to conduct ADM involving sensitive data with very few limitations."

Automated decisions could be made in policing "on the basis of their socioeconomic status, regional or postcode data, inferred emotions, or even regional accents."

The UK Data Bill puts marginalised groups at risk of opaque and unfair automated decisions that replicate inherent biases in the data.

The UK Data Use and Access Bill strips away your right to not be subjected to life-changing decisions made solely by AI, apart from where special category data is used.

But, as the letter says, "there are many contexts in which non-special category personal data acts as a proxy for protected characteristics."

Any changes to how Political Parties use our data must be properly scrutinised by the UK Parliament.

The UK Data Use and Access Bill must be amended, so a statutory instrument to create a recognised legitimate interest for sharing personal data can’t be applied to Political Parties.

Read more

https://www.openrightsgroup.org/press-releases/democracy-groups-warn-of-threat-henry-viii-powers-pose-to-future-election-integrity/

“A few months before the General Election, Lucy Powell MP, now the Leader of the House, talked of Labour’s commitment to “doing legislation better”, with “better planning, better drafting and better scrutiny”.

The Henry VIII powers contained in the Bill mean the DUA Bill [UK] fails to deliver on those commitments. It must be amended so that it does.”

Tom Brake – Director of Unlock Democracy.

“Political Parties are stuck in an arms race as to how they can use data to reach and influence potential voters in order to win elections.

It’s therefore vital that there are clear and fair rules for how Political Parties are allowed to use our data."

@JamesBaker – ORG Programme Manager on Henry VIII powers in the UK Data Use and Access Bill.

If changes were made before an election, there may be insufficient time for the Information Commissioner's Office or Electoral Commission to issue guidance to Political Parties on any new ‘recognised legitimate interest’ basis to process voter data for election purposes.

This could undermine the integrity of a UK General Election.

The UK Data Use and Access Bill gives the Secretary of State discretion to determine and vary the conditions under which personal data can be processed

These changes could be timed to the advantage of the governing Party over its opponents

Read our letter https://www.openrightsgroup.org/publications/joint-letter-henry-viii-powers-in-data-use-and-access-bill-could-undermine-election-integrity/

@ueeu about #Spotify an interesting summary(in German but I am sure you can translate it): https://die-flaschenpost.de/2024/12/22/warum-spotify-fuer-piraten-ein-no-go-sein-sollte