This becomes extremely relevant when you read it in the light of the C-422/24 decision. In that personal data collected via body worn cameras was determined to be "directly obtained". Paragraph 41 from the judgement:

> If it were accepted that Article 14 of the GDPR applies where personal data are collected by means of a body camera, the data subject would not receive any information at the time of collection, even though he or she is the source of those data, which would allow the controller not to provide information to that data subject immediately. Therefore, such an interpretation would carry the risk of the collection of personal data escaping the knowledge of the data subject and giving rise to hidden surveillance practices. Such a consequence would be incompatible with the objective, referred to in the preceding paragraph, of ensuring a high level of protection of the fundamental rights and freedoms of natural persons.

Given this it's very unlikely that PI observing (especially if they record) could be considered to be Article 14 instead of Article 13 type of collection as it's exactly "hidden surveillance practice" that the Court warned about.

Member states do have a right to restrict the Article 13 disclosure obligations via Article 23 restriction, but that requires specific law in the member state & the law itself must fulfill the obligations that Article 23 requires. Article 23(2) essentially forbids leaving everything up to the controller.

And as far as PI in the US goes, actions between stalking and PI "for self" tend to be so similar that I wouldn't necessarily recommend anyone to try it.

Note that PIs are effectively illegal under GDPR by default. They would generally need to provide Article 13 notice, i.e. you would become aware of them unless they were just asking around without actually following you. Member states can make them legal though (via Article 23) and likely in many cases they have done so.

And Spain is not blocking access to Spain's citizens, it's blocking access people in Spain. These could be citizens of other EU members who need to access their government's website for reason or another (e.g. renewing passport) while they visit Spain or reside in Spain.

I don't think there is EU-level "regulation" in this specific thing. However there is something somewhat better: European Convention on Human Rights. It's just that challenging these kind of bans via that route is very slow (similar how slow it is to challenge the laws which go against the Constitution in the US via Supreme Court).

The GP essentially framed overprovisioned solar as solution to anyone who might rely on nuclear without taking in account realities in many countries.

During crisis nations are going to restrict exporting electricity and prioritizing their own residents. Electricity that is generated in Germany is not going to warm up Nordic countries if Germany doesn't let it.

Wires are also susceptible to sabotage, especially undersea ones (which are the current major connection points to Europe).

You sure overprovision factor of 200x is still cheaper? This is when looking at the peak generation. From what I understand solar has about 30-40% capacity factor in summer. Just to panels (I'm not sure about total cost of grid-scale solar) seem to be about $300k per rated 1MW or $750k per 1MW during peak. $150M per 1MW during December. OL3 cost about 11B € for 1.44GW (assuming 90% capacity factor) or 7M € per MW.

Unless there has been some huge overnight exchange rate change 7M € seems much cheaper than $150M. Latter of course would actually be much higher when you factor in rest of the equipment, labor etc. Some numbers I found say that it's probably 5x higher.

One relevant would be Yildirim v. Turkey where court ordered blocking access to all Google sites because there was one that where someone insulted the memory of Atatürk. This was due to request from Telecommunications Directorate. This then caused the appellant's website to get blocked as well.

Another one would be Vladimir Kharitonov v. Russia.

"In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject."

EDPB Guidelines on automated decision making: https://ec.europa.eu/newsroom/article29/items/612053 especially page 25 is relevant

C‑634/21 is also somewhat relevant to understand how courts have applied ADM in general context of credit reporting https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... though it didn't specify what information actually needs to provided for 13(2)(f).

I don't know if it's criminal in any EU country, but it would be something that you could complain to DPA about. Or initiate civil lawsuit against the controller.

Worth noting is that in some cases the camera vendor might also be (joint) controller as they can determine means & purposes of the processing. If they are simply storing the video then it's unlikely, but if they for example use it for AI training that would likely bring them controller territory.

If you are in EU you could try complaining to your local DPA. That certainly sounds like "automated decision which produces legal effects concerning him or her or similarly significantly affects him or her" which is against article 22 of GDPR. Or you could consider suing them directly at least for the refund.

Outside of EU maybe try passing law like GDPR to actually get some rights back.

Unfortunately large majority of parties in Finnish Parliament do not really care about that provision and have passed multiple laws which create exceptions to it. They do it via the proper protocol (which is essentially the same as modifying the Constitution itself) so it's technically legal.

There have been EU laws which get struck down because they violated the Charter (e.g. Data Retention Directive).

Are there even consumer-grade routers that are produced in the USA...?

It already happened via GDPR to some degree. CJEU ruled in December that platforms can qualify as controllers for personal data published in user-generated advertisement. The given reasoning was basically that the platform determined the means and the purposes of the processing.

Due to that they can be liable for article 82 damages.

We will see how much the $100k fee affects things during this H1B lottery round in few weeks.

It contains following:

> (i) Finance and high-risk identity proofing.—No person shall extend credit, originate a loan, open a high-risk financial account, or provide another high-risk financial service based solely on a Social Security number, static identity information, or an uploaded image or copy of a government-issued identity document. A person engaging in such activity shall use multi-factor identity verification reasonably designed to verify both record consistency and claimant control, using less intrusive reasonably reliable methods where available.

> (j) Social Security number not sufficient identity credential.—A Social Security number, taxpayer identifier, or similar identifier shall not by itself be treated as proof of identity for purposes of this Act.

So, to me at least, it sounds like they actually mean "Providers must not use SSN for authentication (including fraud)".

That article does say "HealthEquity Mobile and web experience" so maybe it's just for customers who use both, I only use web.