Buy European

Exclusive: Swedish carmakers push to retain target as Germany lobbies to help its own industry by softening cutoff date

Canada is the first non-EU country to gain access.

cross-posted from: https://blackneon.net/post/71398

The Swiss privacy regulator Privatim has taken steps to ban Microsoft, Amazon, and Google’s American cloud services for government agencies. Data storage within Switzerland offers no protection against American laws, Privatim argues.

There's a lot of talk about the new Chat Control regulation here with many scary statements but few details so I decided to check what's actually in it. Best way to learn about at is to just read it:

https://data.consilium.europa.eu/doc/document/ST-15318-2025-INIT/en/pdf

It's long but not hard to understand. If you don't have the time here's a short summary for you.

First, two points:

1. There's no TLDR. It's a complex legislation and it can't be summarized in two sentences.
2. I will only say what's in the law. I don't care about how you think corporations will break it or conspiracy theories about what's really behind it. Feel free to post them but I will just ignore it.

So, to the point. The goal of the law is to prevent and combat child sexual abuse and it applies to hosting providers and publicly available communication services. At the core of the regulation is risk assessment. Each service will have to asses the risk that it will be used to distribute CSAM or to groom children. The risk is based on things like:

• are there known cases of the service being used for such things
• is there a mechanism to report CSAM by the users
• does it have parent control features
• do kids use it
• can you search for users and identify underage users
• can you send photos and videos using private chats

Once the risk assessment is done providers will have to address the identified risks. They can do this by implementing things like:

• moderation (having proper tools and staffing)
• letting users report child abuse
• letting users control what personal information visible to other users and how other users can contact them
• voluntarily doing things covered by Chat Control 1.0 (so client side message scanning)

If the provider identified that the service can be used for grooming it should implement age verification. The regulation says that age verification "shall be privacy preserving, respecting the principles relating to the processing of personal data, notably the principles of lawfulness, purpose limitation and data minimisation".

Regarding E2EE it clearly states that "the regulation shall not prohibit, make impossible, weaken, circumvent or otherwise undermine cybersecurity measures, in particular encryption, including end-to-end encryption".

So, does it allow all services to require an ID and store all your personal data? No. Can messengers break E2EE and scan all your messages? Also no.

What can happen is that some services will verify your age and store your date of birth. Anything beyond that will still be illegal and protected by GDPR. Providers can keep doing whatever they have been doing under Chat Control 1.0 (which applies since 2021) but E2EE is still protected.

Knowing all that let's think how it will apply to some example services. This is just my best guess but I think those are reasonable assumptions:

Signal: it does not let you search for other users, you don't share any personal information with anyone, strangers can't message you. There's very low risk that it will be used for grooming so it doesn't have to do any age verification. It allows you to share videos, has e2ee and I believe there were known cases of using to share CSAM. Based on that it COULD scan media client side as allowed by Chat Control 1.0 but it's voluntary. It will have to implement tools to report it.

Roblox: users of different ages interacting with each other, known cases of grooming on the platform: it should implement age verification.

Pornhub: low risk of grooming: no age verification. High risk of distributing CSAM: moderation and reporting.

Lemmy: my guess would be it's not used by many kids, instances don't have communities targeting children, it doesn't have tools that let you easily find kids on the platform: low risk of grooming and no age verification necessary. It can be used to publish CSAM and it has happened in the past: it should have proper moderation and reporting functionality and it can scan media and compare it against known CSAM hashes.

That's pretty much it. This is what Chat Control 2.0 is all about.

Speech by Cory Doctorow - meant for Canada, but applies well to Europe.

Cross posted from: https://feddit.uk/post/40232992

european funds recovery initiative Search Search... Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR HOME Related News

Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR Last week we at EFRI wrote about the Digital Omnibus leak and warned that the European Commission was preparing a stealth attack on the GDPR

Since then, two things have happened:

The Commission has now officially published its Digital Omnibus proposal.

noyb (Max Schrems’ organisation) has released a detailed legal analysis and new campaigning material that confirms our worst fears: this is not harmless “simplification”, it is a deregulation package that cuts into the core of the GDPR and ePrivacy.

What noyb has now put on the table

On 19 November 2025, noyb published a new piece with the blunt headline: “Digital Omnibus: EU Commission wants to wreck core GDPR principles”

Here’s a focused summary of the four core points from noyb’s announcement, in plain language:

New GDPR loophole via “pseudonyms” and IDs

The Commission wants to narrow the definition of “personal data” so that much data under pseudonyms or random IDs (ad-tech, data brokers, etc.) might no longer fall under the GDPR.

This would mean a shift from an objective test (“can a person be identified, directly or indirectly?”) to a subjective test (“does this company currently want or claim to be able to identify someone?”).

Therefore, whether the GDPR applies would depend on what a company says about its own capabilities and intentions.

Different companies handling the same dataset could fall inside or outside the GDPR.

For users and authorities, it becomes almost impossible to know ex ante whether the GDPR applies – endless arguments over a company’s “true intentions”.

Schrems’ analogy: it’s like a gun law that only applies if the gun owner admits he can handle the gun and intends to shoot – obviously absurd as a regulatory concept.

arzh-CNnlenfrdeitptrues european funds recovery initiative Search Search... Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR HOME Related News

Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR Last week we at EFRI wrote about the Digital Omnibus leak and warned that the European Commission was preparing a stealth attack on the GDPR

Since then, two things have happened:

The Commission has now officially published its Digital Omnibus proposal.

noyb (Max Schrems’ organisation) has released a detailed legal analysis and new campaigning material that confirms our worst fears: this is not harmless “simplification”, it is a deregulation package that cuts into the core of the GDPR and ePrivacy.

What noyb has now put on the table On 19 November 2025, noyb published a new piece with the blunt headline: “Digital Omnibus: EU Commission wants to wreck core GDPR principles”

Here’s a focused summary of the four core points from noyb’s announcement, in plain language:

New GDPR loophole via “pseudonyms” and IDs The Commission wants to narrow the definition of “personal data” so that much data under pseudonyms or random IDs (ad-tech, data brokers, etc.) might no longer fall under the GDPR.

This would mean a shift from an objective test (“can a person be identified, directly or indirectly?”) to a subjective test (“does this company currently want or claim to be able to identify someone?”).

Therefore, whether the GDPR applies would depend on what a company says about its own capabilities and intentions.

Different companies handling the same dataset could fall inside or outside the GDPR.

For users and authorities, it becomes almost impossible to know ex ante whether the GDPR applies – endless arguments over a company’s “true intentions”.

Schrems’ analogy: it’s like a gun law that only applies if the gun owner admits he can handle the gun and intends to shoot – obviously absurd as a regulatory concept.

Weakening ePrivacy protection for data on your device

Today, Article 5(3) ePrivacy protects against remote access to data on your devices (PCs, smartphones, etc.) – based on the Charter right to the confidentiality of communications.

The Commission now wants to add broad “white-listed” exceptions for access to terminal equipment, including “aggregated statistics” and “security purposes”.

Max Schrems finds the wording of the new rule to be extremely permissive and could effectively allow extensive remote scanning or “searches” of user devices,ces as long as they are framed as minimal “security” or “statistics” operations – undermining the current strong protection against device-level snooping.

Opening the door for AI training on EU personal data (Meta, Google, etc.)

Despite clear public resistance (only a tiny minority wants Meta to use their data for AI), the Commission wants to allow Big Tech to train AI on highly personal data, e.g. 15+ years of social-media history.

Schrems’ core argument:

People were told their data is for “connecting” or advertising – now it is fed into opaque AI models, enabling those systems to infer intimate details and manipulate users.

The main beneficiaries are US Big Tech firms building base models from Europeans’ personal data.

The Commission relies on an opt-out approach, but in practice:

Companies often don’t know which specific users’ data are in a training dataset.

Users don’t know which companies are training on their data.

Realistically, people would need to send thousands of opt-outs per year – impossible.

Schrems calls this opt-out a “fig leaf” to cover fundamentally unlawful processing.

On top of training, the proposal would also privilege the “operation” of AI systems as a legal basis – effectively a wildcard: processing that would be illegal under normal GDPR rules becomes legal if it’s done “for AI”. Resulting in an inversion of normal logic: riskier technology (AI) gets lower, not higher, legal standards.

Cutting user rights back to almost zero – driven by German demands

The starting point for this attack on user rights is a debate in Germany about people using GDPR access rights in employment disputes, for example to prove unpaid overtime. The German government chose to label such use as “abuse” and pushed in Brussels for sharp limits on these rights. The Commission has now taken over this line of argument and proposes to restrict the GDPR access right to situations where it is exercised for “data protection purposes” only.

In practice, this would mean that employees could be refused access to their own working-time records in labour disputes. Journalists and researchers could be blocked from using access rights to obtain internal documents and data that are crucial for investigative work. Consumers who want to challenge and correct wrong credit scores in order to obtain better loan conditions could be told that their request is “not a data-protection purpose” and therefore can be rejected.

This approach directly contradicts both CJEU case law and Article 8(2) of the Charter of Fundamental Rights. The Court has repeatedly confirmed that data-subject rights may be exercised for any purpose, including litigation and gathering evidence against a company. As Max Schrems points out, there is no evidence of widespread abuse of GDPR rights by citizens; what we actually see in practice is widespread non-compliance by companies. Cutting back user rights in this situation shifts the balance even further in favour of controllers and demonstrates how detached the Commission has become from the day-to-day reality of users trying to defend themselves.

EFRI’s take: when Big Tech lobbying becomes lawmaking

For EFRI, the message is clear: the Commission has decided that instead of forcing Big Tech and financial intermediaries to finally comply with the GDPR, it is easier to move the goalposts and rewrite the rules in their favour. The result is a quiet but very real redistribution of power – away from citizens, victims, workers and journalists, and towards those who already control the data and the infrastructure. If this package goes through in anything like its current form, it will confirm that well-organised corporate lobbying can systematically erode even the EU’s flagship fundamental-rights legislation. That makes it all the more important for consumer organisations, victim groups and digital-rights advocates to push back – loudly, publicly and with concrete case stories – before the interests of Big Tech are permanently written into EU law.

I like the higher food standards the union has over Canada, one of the benefits of having more accountability on the government in general.

Cross posted from: https://feddit.uk/post/40205739

I'm posting this to hopefully stop the posts that keep appearing, suggesting that progress has been made to defeat chat control. That's not correct.

The article:

Contrary to headlines suggesting the EU has “backed away” from Chat Control, the negotiating mandate endorsed today by EU ambassadors in a close split vote paves the way for a permanent infrastructure of mass surveillance. Patrick Breyer, digital freedom fighter and expert on the file, warns journalists and the public not to be deceived by the label “voluntary.”

While the Council removed the obligation for scanning, the agreed text creates a toxic legal framework that incentivizes US tech giants to scan private communications indiscriminately, introduces mandatory age checks for all internet users, and threatens to exclude teenagers from digital life.

“The headlines are misleading: Chat Control is not dead, it is just being privatized,” warns Patrick Breyer. **“What the Council endorsed today is a Trojan Horse. By cementing ‘voluntary’ mass scanning, they are legitimizing the warrantless, error-prone mass surveillance of millions of Europeans by US corporations, while simultaneously killing online anonymity through the backdoor of age verification.” ** Continue reading here - https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/

(MENAFN) Finland’s largest retail chain, The S Group, announced Wednesday it will temporarily stop selling products originating from Israel. Speaking to a Finnish broadcaster, the company clarified that select items, including home carbonation devices, will remain available until current stock is depleted. However, the retailer will halt all future purchases of Israeli goods.

In practice, the range of Israeli products has been limited, with The S Group not selling Israeli fruits or vegetables for an extended period.

S Group Chief Sustainability Officer Nina Elomaa said the decision, finalized in September, was influenced by the European Commission’s proposal to suspend the trade-related components of the EU-Israel Association Agreement.

Elomaa added, "The S Group is closely monitoring both the peace negotiations and EU policies and will adjust its decision as needed."

MENAFN20112025000045017169ID1110372864

Continue reading here - https://www.finnishtimes.com/article/868894479-finland-s-top-retailer-s-group-suspends-israeli-product-sales

Tesla's (TSLA) Europe woes are only getting worse.

According to the European Automobile Manufacturers' Association (ACEA), Tesla electric vehicle registrations (a proxy for sales) in Europe fell to just 6,964 units in October, a 48.5% drop compared to a year ago. Meanwhile, total EV registrations in the region, which includes the UK and the European Free Trade Association, rose 32.9% in October, with overall registrations regardless of powertrain up 4.9%.

October's total marks the 10th straight month of declining Tesla sales in Europe. Meanwhile, the overall market share of EVs in the broader European region grew to 16.4%. NasdaqGS - Nasdaq Real Time Price • USD Tesla, Inc. (TSLA) 426.58 +7.18 +(1.71%) At close: November 26 at 4:00:00 PM EST 426.57 -0.01 (-0.00%) After hours: 7:59:59 PM EST Date Close Open High Low

Tesla's sales hangover rolled on in certain key European territories, with the introduction of the revamped Model Y not enough to blunt the effect of rising competition and CEO Elon Musk's deep unpopularity.

October's sales slide follows a rough 2025 for Tesla year to date in broader Europe.

In the first 10 months of the year, Tesla sales dropped 29.6% to 180,688 units, per the ACEA. Conversely, Tesla's overall market share in Europe dropped to 1.6% from 2.4% a year ago.

Meanwhile, Tesla's Chinese competitor BYD (BYDDY), which sells a mix of pure EVs and hybrids, reported sales jumping 207% to 17,470 units sold in Europe. Another major China rival, SAIC, saw sales climb 46% to just under 24,000 vehicles sold.

While weakening sales in a key, EV-centric region should be a concern, it hasn't been a significant issue for Tesla stock.

On Monday, Tesla shares surged nearly 7% after Melius Research tabbed the EV maker a "must own" due to its autonomy efforts and as CEO Elon Musk talked up its chipmaking progress.

Read more: How to avoid the sticker shock on Tesla car insurance The editorial image shows the interior of the new Tesla Model 3 with Full Self-Driving activated. The photograph highlights the advanced autonomous driving system and the innovative design of Tesla's electric vehicles, representing the future of mobility and sustainable transport in Bari, Italy, on September 6, 2025. (Photo by Matteo Della Torre/NurPhoto via Getty Images) The interior of the new Tesla Model 3 with Full Self-Driving activated, highlighting the advanced autonomous driving system and design of Tesla's electric vehicles, in Bari, Italy, on Sept. 6, 2025. (Matteo Della Torre/NurPhoto via Getty Images) · NurPhoto via Getty Images

"One of the reasons we called Tesla a 'must own' in our recent launch — despite all the obvious risks — is that the world is about to change, dramatically," analyst Rob Wertheimer wrote. "Autonomy is coming very soon, and it will change everything about the driving ecosystem.”

The main spark appears to be the latest version of Tesla's full self-driving (FSD) software, which is available in the US and select territories.

While investors own Tesla stock mostly for the AI and autonomous potential, there could be good news from the self-driving front for European buyers.

The Netherlands RDW automotive governing body said it has set up a schedule allowing Tesla to demonstrate in February whether FSD meets requirements but has not approved it yet.

Getting at least one automotive regulator in Europe to approve FSD would be a huge step in the right direction for Tesla and may help staunch the sales slide in the region.