the fact that Apple and Google are both lobbying hard against the EU's Digital Markets Act (DMA) gives me the sense that it's working as intended#apple #google #DMA #EU

@ansuz I’m afraid to wait and see..

The base idea of the DMA is nice but the EU being the EU they always backe things into laws that aren’t fully cooked and it takes the years you mention just to realise that and maybe amend / fix things (not including the GDPR, that one was actually nicely done).

It’s scary to think that the same people are on a happy course to kick-off ChatControl and feel great about it
:(

@ansuz the notification provider isn’t able to decrypt your messages - that’s the catch. The messenger on your device can decrypt the message and send a local notification for you which normally none else can access 😅

As for the consent - yeah that’s the grey area here.. Notifications is a core service but access to that data shouldn’t be allowed to anyone really.
But it’s hard to say if all of the messages you get would classify as personal data (think things like WhatsApp news broadcasts) but generally they can’t be classified either without scanning the content and then we spin in a nasty circle 😐

The DMA has its good ideas - no arguing on that- but certain areas still feel problematic / not completely thought through (like scope of application.. gatekeepers are obligated, non gatekeepers aren’t.. why not apply it equally to all businesses that provide comparable services or technologies?)

@ansuz so lets say I use an e2ee encrypted messenger and the provider of that messenger thus cannot read or decrypt my messages.

They could under that clause request realtime access to data generated by the platform core service used for push notifications / device notifications for their app - which are generally displayed to me unencrypted and tada, e2ee and at the same time readable plaintext for the provider of the messenger?

I know that’ll imply a certain degree of bad intent from the provider but reading over article 9 it also sounds entirely within the realm of things you’d be allowed to do unless you anyone can prove that all notifications would classify as personally identifiable data that needs my permission to collect and process?

/cc @ainmosni

@ansuz the fact that any bigger company can now request access to your previously private data and call it a DMA access request (and get it granted almost all the time) gives me the sense that no one in the EU council has thought it through..

/cc @ainmosni