news post

SOMI Newsletter - February 19th, 2022

This is the newsletter for February 2022 from the Foundation for Market Information Research to its relations, including the participants in its actions, its sympathizers, and app users.

calender Feb Fri 18 2022

SOMI Update: App Monetization

At SOMI, we provide tools to help European consumers exercise their General Data Protection Regulation ("GDPR") rights and regain control of their personal data. The SOMI app simplifies this process; it also allows us to take action on behalf of our users against companies that violate consumer privacy rights.

In this newsletter we would like to share the new updates in our app with you.

The SOMI app offers multiple functionalities that make it easy for users to exercise their GDPR rights. These services include:

  • - Requests for access to the personal data from all Data Processing Entities ("DPE") in the European Union ("EU").

  • - Requests to partially or completely remove data from the EU-wide DPE databases.

  • - Investigate whether DPE's are GDPR compliant, with the possibility, where necessary, to file a complaint about this with the relevant Data Protection Authority ("DPA") (the relevant national authority(s)).

  • - Participating in collective lawsuits against DPEs when the European Legislation (the General Data Protection Regulation or GDPR), are not or insufficiently complied with, with the possibility to also claim financial compensation where applicable.

  • - Investigating whether the personal data of the app user has been involved in a data hack or breach, and which data was stolen by criminals.

Since the launch of the SOMI app in October 2020, we have offered you all these services for free. However, due to the large amount of data requests that are now coming into us from all over the EU, it is becoming increasingly difficult to continue to offer all of our services for free. From now on, we are introducing a cost-effective system of credits, or tokens, which makes it possible to receive compensation for the services that SOMI offers you via the app. This guarantees that we can continue to provide our services to you and that we can also continue to follow up with new campaigns and app functionalities.

How does the Token work?

HT is the name we have given to the credits or tokens that can be purchased to buy services in the SOMI app. HT tokens can now be purchased via your personal login account at my.somi.nl.

In addition, every registered user can also earn HT credits by contributing to the development of our app and help building databases via the app. Credits can already be earned by subscribing to the newsletter or leaving a review in the Appstore or Play Store.

The next step is that our app users can earn credits with our crowd-resourcing campaigns, i.e. making an audience contribution to our GDPR actions. Examples include reporting data breaches that you have encountered or updating our databases about DPEs and the (contact) details of their Data Protection Officers ("DPOs").

The purchased and earned HTs can be spent on your GDPR rights, which you can exercise via the SOMI app:

  • Collect personal data (requesting your personal data from a company or institution),

  • Collect & Investigate (as above, but also checking on GDPR compliance and compliance with the relevant DPE's own privacy terms),

  • Collect & Erase personal data (requesting and storing your own personal data, with the simultaneous request to that DPE to remove that data from the database of that organization itself).

A data leak check can also be done;

  • - Have your personal data been involved in a data leak and which data was involved.


These actions can be purchased separately or in a bundle. In order to facilitate all these options, your personal user environment has been expanded online and via the app with an overview of your token


With the income generated from the tokens, we hope to be able to help citizens further, without having to sell users' data to unknown and anonymous organizations, as is the case with revenue models based on the placement and sale of advertisements.

SOMI operates on a not-for-profit basis and is a non-profit foundation for public benefit. It is our intention to further expand this app in the coming years, so that consumers can become and remain in control of their own personal data. App users can then manage and exploit their own personal data.

SOMI is committed to help European citizens to regain full control over their own personal data. The  complete possession of one's own personal data (and the minors for whom European residents bear responsibility) is, in our view, an absolute autonomy of the individual.



News

Update on SOMI's action against Palantir Technologies

In November 2020, SOMI started a collective action against Palantir Technologies. A collective data request has been submitted to the company on behalf of all participants in the action. In October 2021, Palantir directly emailed these participants inquiring about their relationship with Palantir. Palantir claims that - apart from the information collected due to the SOMI data request - it does not collect any personal data from this group of people.

In addition, on November 8th, 2021, SOMI received a response from Palantir to our complaint [February 26th, 2021] in which Palantir indicates that it is a data processor and that individuals should directly contact the relevant data controllers for whom they have concerns about the collection and processing of their personal data by Palantir. 

You can the the complaint letter from SOMI here and the letter from Palantir here.

Somi does not agree with Palantir's actions and views. Unfortunately, the number of participants in this action is currently too low to collectively take further actions. So we would like to close this case for now. We will continue to keep an eye on Palantir.


Update on our complaint against TikTok

In January 2021, SOMI filed a complaint against TikTok with the Dutch Data Protection Authority ("AP"). You can view the complaint letter complaint here. According to the AP, it has transferred the results of much of its investigation to the Irish Supervisory Authority ("DPC") because TikTok's headquarters were moved to/located in Dublin during the AP investigation.

On February 17th, 2022, SOMI received a progress message from the DPC. You can read DPC's letter here. In this message, the DPC states that it has launched a (formal) investigation into, among other things, the concerns expressed by SOMI in its complaint. The AP will therefore closely monitor the progress of this DPC investigation.



SOMI in the media

On February 16th, the NRC mentioned about our TikTok action in an article by Stefan Vermeulen.

Read more


"A cookie from your own dough"

The Interactive Advertising Bureau ('IAB') has received a taste of its own medicine from the Belgian privacy watchdog (De Gegevensbeschermingsautoriteit, 'GBA'). The Transparency and Consent Framework ('TCF') is not privacy compliant. In the words of the GBA itself: the GBA is restoring order in the online advertising industry.

The TCF is a widely used tool for the online advertising market, especially the Real Time Bidding process. The GBA has fined IAB Europe 250,000 euros and has given the company two months (from February 2nd, 2022) to submit an action plan to become compliant.

Where did it go wrong? Firstly, the GBA sees IAB as a controller, and secondly, the basis for a crucial part of the processing of personal data by IAB is shaky.

Read more

This article was published on February 17th, 2022 on AG Connect (in Dutch). Written by Menno Weij, member of the Supervisory Board of SOMI.