“Register your prepaid and get free calls/Internet transfer/win a car” – you can hear from Polish telecom operators, as a reminder and encouragement that all pre-paid SIM cards have to be registered by 1st of February 2017. One could almost think that this is just nicely coordinated campaign of leading telecoms, aimed at collecting a bit more data about their clients in exchange for a bonus. Nothing new under the sun in the data-driven world? Well, not exactly. A real stake in this data collection effort is to increase control over all users of telecommunication networks in Poland, with particular focus on foreigners. The demand for more data, this time, came not from the market but directly from the policing arm of the state.

On 22 June, Polish president signed a new anti-terrorism law. The law contains measures that are inconsistent with the Polish Constitution and with the European Convention on Human Rights. The list of controversies is long: foreigners’ phone calls might be wire-tapped without a court order, and police might collect their fingerprints, biometric photos and DNA if their identity is “doubtful”. Online content might be blocked, citizens' freedom of assembly limited, and secret services are given free access to all public databases.

“We don’t have to manipulate our customers or exploit their vulnerabilities to scale up” – European entrepreneurs and social organizations appeal to the MEPs to put an end to invasive and privacy-hostile practices related to surveillance-based advertising and thus open the market to ethical and innovative online ads, which respect users’ rights and their choices. On the opposite bench – the Big Tech lobby fights for the status quo to remain – despite the well-documented social and individual harms caused by the current ads ecosystem.

Following a number of complaints filed in 2018 and 2019, including by Panoptykon and Bits of Freedom, and coordinated by the Irish Council for Civil Liberties, the Belgian Data Protection Authority has found that the consent system developed and managed by the adtech industry body IAB Europe, and used by many websites in the EU, is illegal under the GDPR.