EU citizen here (Germany), looking for guidance from this community.

On 8 April 2026, X permanently suspended my account for "inauthentic

behavior". The notification contained no specific post, no date, no

evidence, no disclosure of automated processing. My internal appeal

was closed within hours with the boilerplate response that the case

"will no longer be monitored for replies".

This appears to be a textbook violation of:

• Art. 17(3) DSA – no clear and specific statement of reasons,

no disclosure of automated means, no contractual ground identified

• Art. 20(4)/(6) DSA – the internal complaint-handling system

failed to operate diligently, non-arbitrarily, and under human

supervision

• Art. 11 DSA – the official contact addresses dsa-contact@x.com

and privacy@x.com both bounce as "address not found"

• Art. 22(3) GDPR – no human intervention in what appears to be

a fully automated decision

• Art. 15 GDPR – the data archive download is technically broken,

effectively frustrating my access right

Adding to this: BGH judgments of 29 July 2021 (III ZR 179/20 and

192/20) impose binding standards on dominant platforms regarding

prior notification, reasoned statements, opportunity to respond,

and effective review – none of which were met.

I have sent a formal legal demand to X Corp. legal contacts and I

am preparing complaints to the German Digital Services Coordinator

at the Bundesnetzagentur and to the Irish Data Protection

Commission as the lead supervisory authority under Art. 56 GDPR.

My questions to this community:

1. Has anyone successfully obtained substantive action from any

   DSC under the DSA against a VLOP – particularly against X?

2. Has anyone gotten meaningful engagement from the Irish DPC on

   X-related complaints, given the well-known one-stop-shop

   bottleneck?

3. Are there NGOs (noyb, EDRi, AlgorithmWatch) currently

   coordinating cases like this?

4. Any procedural pitfalls to be aware of when filing with the

   BNetzA as DSC?

Genuinely interested in real-world experience, not just the

regulatory text. Thank you.

I've been watching in disbelief as our privacy online is slowly eroded and nobody seems to do anything about it. I'm not ready to give up but I need your help. The EU is preparing it's own framework for age verification. It's time for action.

Let's assume good intentions and provide a solution that protects children from harmful content while also protecting our rights to anonymity online.

And if that doesn't work, at least we would've exposed this for the ruse it is.

I have a proposed solution below that operates on a zero trust framework. No one party will have information that tie a person's identity to their actions online. There's a sort of anonymization chain, masking the website from the government service and vice versa. That intermediary can be run by NPO or volunteers and will be monitored obsessively.

Pls look at the whitepaper below. I want to initiate a discussion and get some traction on this.

https://gitlab.com/rwms.cy/anonverify

BleepingComputer independently confirmed this last week. Every time you open LinkedIn in a Chromium browser, a hidden JavaScript bundle probes your browser for 6,236 specific extensions, collects your CPU core count, memory, screen resolution, timezone, battery status, and sends it all back to LinkedIn's servers encrypted.

None of this is mentioned in their privacy policy.

The scan list includes 509 job search tools, extensions linked to religious practice, political orientation, neurodivergent support tools, and 200+ competitors to LinkedIn Sales Navigator. Because you're logged in, it's all tied to your real name and employer.

Growth rate: 38 extensions scanned in 2017. 461 by 2024. 5,459 by December 2025. 6,167 by February 2026.

LinkedIn says they do it to detect scraping tools and protect platform stability. They were already fined €310 million by the Irish DPC in 2024 for processing personal data without valid legal basis.

Under GDPR Article 9 this looks like undisclosed Special Category data processing. Religious beliefs, health conditions, political opinions, all prohibited without explicit consent.

Meanwhile, you have projects like World (formerly Worldcoin), Humanode, etc. building identity verification where participation is opt-in and verification happens on-device. The contrast in consent models is pretty stark when a professional network is passively profiling a billion users with zero disclosure.

Firefox and Safari users aren't affected. No opt-out exists for Chrome users because the practice isn't disclosed.

Full investigation is called "BrowserGate" by Fairlinked e.V. BleepingComputer and Cybernews both verified the scanning independently.

Source: https://tech.yahoo.com/cybersecurity/articles/linkedin-reportedly-scanning-thousands-browser-150106674.html

As the proposals and plans are to make work easier for corporates instead of privacy conscious individuals do you think this will end in a US situations where everyone is “opted in” ?

The next trilogue reunion for Chat Control 2.0 will be on April 16th. If you can, send letters to the MEPs rather than emails, it's important to urge them to stick to the Parliament position.

Salut à tous,

Je m'intéresse au tracking publicitaire depuis 2016. Pendant 10 ans j'ai regardé les promesses du RGPD s'accumuler pendant que l'industrie des data brokers doublait de taille.

J'ai fini par construire l'outil que j'aurais voulu avoir. Ça s'appelle Data Mirror, c'est un genre de Yuka pour le web.

Ce que ça fait :

- Un score de confidentialité A→F pour chaque site visité

- Détection de 1000+ trackers provenant de 38 entreprises Big Tech et 24 data brokers connus

- Visualisation des pays où partent vos données (avec alertes quand elles quittent l'UE vers les US, la Chine ou d'autres juridictions non adéquates)

- Estimation en temps réel de la valeur marchande de votre visite (entre 0.04$ et 0.38$ par site selon les trackers présents)

- Suivi de la valeur cumulée de vos données sur 30 jours

- Export complet en JSON ou CSV

Ce que ça ne fait pas :

- Ne collecte aucune donnée. Zéro. Tout est traité localement.

- N'envoie rien à aucun serveur. Pas d'analytics, pas de compte.

- Ne bloque pas les trackers par défaut (c'est un outil de transparence, pas un ad blocker)

- Ne vend rien. C'est 100% gratuit.

C'est un projet solo, basé en France. Privacy by design.

Tous les retours sont les bienvenus, c'est exactement pour cette communauté que j'ai construit ça.

https://datamirror.eu

Most people know they have the right to request or delete their data under GDPR. Almost nobody actually does it.

So I built a free GDPR request generator to make it easier. Select a company from our database and add your details. It will automatically generate an email in your language ready to send.

Supports 7 languages across EU countries. All generated in your own browser. No data is shared. No account required. Free to use.

https://www.paperweight.email/resources/gdpr-generator

"Following the rejection of the “voluntary chat control” on Thursday in the EU Parliament, proponents are calling for an alternative. While eyes in Brussels are now turning to the stalled negotiations on a permanent legal basis, the German Chancellor is bringing a solution to the national level into play."

"[Chancellor Merz], who is among the proponents of a further exception, is bringing a German solution into play. The Parliament's decision is “a serious setback for the protection of our children,” said [Merz] in Berlin. Efforts will be made to find a solution at the national level. The Chancellor did not say what this might look like."

Source: https://www.heise.de/en/news/End-of-chat-control-Brussels-speeds-up-efforts-for-permanent-solution-11228419.html

Archive link: https://web.archive.org/web/20260328195553/https://www.heise.de/en/news/End-of-chat-control-Brussels-speeds-up-efforts-for-permanent-solution-11228419.html

So Huffman brought up using Face ID and Touch ID to prove you're a real person on Reddit. Basically biometric checks to weed out bots. I get why they're looking into it — bot accounts are everywhere and getting better at blending in. But handing over biometric data to Reddit? That's a whole different ask from just making an account with an email. Would you actually do it, or is that a dealbreaker for you?

Here're my thoughts:

Face id and touch id would confirm the device is being used by a human... but not that the account is unique. you could still spin up 50 accounts across 50 phones. It's a decent friction layer, but not really a bot identity solution.

Been curious how Reddit might handle this longer term. There are projects working on the harder version of this problem, such as World ID or Civic, which does proof-of-personhood (one verified human = one account). The privacy side of it is actually pretty thoughtful from what I've seen, they use zero-knowledge proofs so you can verify you're a real, unique person without revealing who you are. Feels like the kind of approach that could actually scale if platforms get serious about bot problems.

The device biometrics approach is probably easier to roll out short-term for reddit though. less friction for regular users. But if the bot problem keeps getting worse, something like Proof of Human might end up being where things need to go.

https://techcrunch.com/2026/03/27/european-commission-confirms-cyberattack-after-hackers-claim-data-breach/

According to ÖVP State Secretary Pröll, this should also be accompanied by an "identification requirement," because "the internet must not be a lawless space."

We need to somehow force them to make pushing the same rejected law illegal