#17 - 20 lessons from the 20th century...
... in order to try and reach the next century... if possible
By the time you open this newsletter the big news of the day is expected to be who won the tariff lottery, who the winners and losers are, what the ripple effects will be, and how much all of this is going to impact us regular EU citizens.
Like you, we're completely saturated with international political news, but we believe this tectonic move by the US Gov will affect every sector — including the purely data-driven one.
To begin with, there’s a massive sanction from the European Commission against Meta that was supposed to be published last week — it was going to be a billion, then lowered so as not to upset Trump, then not published at all… classic.
We’re trying, really, not to give this the spotlight, but we can’t help but mention a thing or two…
The Dorito moment
I’m taking advantage of the upcoming premiere of the brand new season of Black Mirror to highlight where the title of this section comes from: this episode right here. The ending is pretty patronizing, but still…
.- One of DOGE’s most spectacular blunders happened when it ran into the US Social Security databases written in COBOL. Okay, so we’ll just replace them in two months with generative AI. Flawless plan. If I were a US retiree, I’d brace myself with both hands. In this context, I found this article interesting — it explains the strengths of COBOL and why it has stood the test of time… until Musk.
.- This Wired article reflects on how the transatlantic political storm stirred up by the Dorito might boost Europe’s digital sovereignty, especially in a context where data crosses the Atlantic with less protection than a Chinese umbrella (pun intended). But we've already talked about that…
#13 Are we ready for the digital "EUxit"?
An “EUxit digital” earthquake with respect to the USA would make the original Brexit disaster look small... on both sides of the scale.
.- In 2016 — at the beginning of the first “Dorito time” — Timothy Snyder published his book On Tyranny: Twenty Lessons from the Twentieth Century. Well, in his latest Substack, each of those lessons, along with its opening paragraph, is recited by actor John Lithgow in a memorable performance you don’t want to miss.
And one might think that John Lithgow showing up today is somehow relevant. For whatever reason:
This is what crowd-sourced patriotism looks like. Report and deport!
You’re reading ZERO PARTY DATA. The newsletter about current affairs, technopolies, and law by Jorge García Herrero and Darío López Rincón.
In the spare time this newsletter leaves us, we like to solve complicated issues in personal data protection. If you’ve got one of those, give us a little wave. Or contact us by email at jgh(at)jorgegarciaherrero.com
🗞️News from Data world🌍
.- It’s Thursday in Lent, but it’s worth remembering that not everyone practices abstinence. Take the online advertising industry, for example — they never tire of passing its hand over our face:
One. Problems with all those bastards who don’t accept cookies, or even worse, dare to use browsers like Brave that automatically block the damn prompts — you don’t even see the banners, in fact — and skip ads, even on YouTube? Well, for you, frustrated friend in the privacy agency world, for you we bring this news: the IAB Tech Lab is launching the “final solution” for programmatic advertising, promising to give you everything you need from your obstructionist targets — all without leaving the cloud server.
Basically, it’s about tracking users again — just “through the back door.” Don’t get the wrong idea: I mean “from the server where the website you're currently viewing is being served.” Sounds technical? It is. But think of it like this: “when cookie consent goes out the door, the Eye of Sauron, housed in the Server of Mount Doom, peeks in through the window.” The AdExchanger article lays it all out in full technical detail and zero irony — because that’s our job.
Two. And from Google, another gem: if you make the mistake of consenting, its chatbot Gemini could soon get access to your search history. Yes, that one. The one with “how to delete search history.” In a move worthy of that friend who says “I’m just checking what’s in your fridge, I’m not even hungry,” Google’s AI offers you astoundingly low utility in exchange for swallowing your long-term search profile.
The capabilities of the latest ChatGPT update for generating images — beyond the Ghibli controversy — point to a non-trivial issue: anyone can now fake any document (say, a receipt or invoice) in seconds, with a slick, professional finish.
.- €150 million fine for Apple in France for violating competition law with a measure that, let’s admit it, was pretty solid in terms of privacy. Why? Because of this. And the CNIL scoring points thanks to decisions initially requested by french competition authority.
💀Death by Meme🤣
📄Data-heavy documents for coffee-lovers☕️
.- Model contract clauses for regulating the hiring of service providers whose services are fully or partially supported by AI, published by ISMS Forum. Among the authors: Rodrigo López del Barco, Cristina Köhler, and Ramon Baradat.
.- Via Mateusz Kupiec, an interesting fine from the Austrian Data Protection Authority against a photographer who captured images in public spaces, violating the data protection rights of the individuals photographed. Summary here.
.- It’s from last week, but still worth including: the draft decision on connected vehicles opened to public consultation by the CNIL. Back in 2017, they had another, more general document.
.- Decision (EU) 2025/628 of the Commission, dated March 31, 2025, establishing internal rules on informing data subjects and limiting certain rights of data subjects regarding personal data processing by the Commission for purposes of supervision, investigation, enforcement, and monitoring under Regulation (EU) 2022/2065. The title says it all — yet another DSA-related matter.
.- Step-by-step guide from the CCN for installing and securing an LLM locally.
🤖Robots.txt or the AI staff
.- Hungary has crossed the red lines of the AI Regulation. Their feat? Using facial recognition for policing purposes with zero regard for European principles. Euractiv explains it with a mix of seriousness and disbelief, detailing how this automated surveillance has been deployed without transparency, without a clear legal basis, and of course, without notifying the individuals affected. In short: Orwell would be proud.
Thinking this isn’t Hungary’s first questionable move? Yep — they already caught heat from the EDPS for using facial recognition on refugees.
🧷 Useful tools🔧
.- An excellent web resource to raise awareness — in ourselves and others — about the slippery, ambiguous, and highly contextual concept of the "anonymous dataset." Yes, the dataset containing your data may have been anonymized, but the rarer you are as a creature, the easier it is to reidentify you. It even includes a test to measure your level of “uniqueness” in that sense.
.- Via Federico Marengo: a self-assessment tool from the Canadian authority to evaluate how much a data breach might endanger data subjects' rights.
.- On the same topic, here’s a new automated Excel tool from David Rosenthal.
.- An interactive map from the CNIL to check which countries you can transfer personal data to with adequate guarantees. As practically useless as a TIA, but very pretty.
.- The “perfect prompt” according to @gdb, President of OpenAI.
🙄 Da-Tadum Bass!!
.- A lot of people call Elon “Elmo,” but careful — reality is starting to outpace fiction. In his head, the sarcasm must have been spectacular, but wow… the images and the WTF moment really hit different.
.- And then there’s Grok, pulling out some bias (or a very poorly timed error/bug/glitch) to save the boss’s face. Many outlets have shared that the images were from 2002. As for the X editing, we’ll give it a pass — it was a clip with a Soviet flag, and we all know sharing makes you a communist.
Thanks for reading Zero Party Data! Don’t miss next week’s edition!