Tag Archives: GDPR

U.S. Privacy Laws Haven’t Reached European Levels…Yet. Ask Marcin P.

There’s privacy, and there’s privacy. And this post, unlike the last one, is set on the other side of the Atlantic.

In October 2025, Interpol issued a red notice for the Chief Executive Officer of currency exchange Cinkciarz after Polish authorities charged him with orchestrating a fraud and money laundering scheme.

In May, United States authorities detained the CEO pending a Polish extradition request.

Naturally, the ongoing affair is being heavily reported in the Polish media…minus one teeny tiny detail.

The CEO’s last name.

Polish publications only identify him as “Marcin P.” due to Polish privacy laws.

The U.S. Marshals Service is under no obligation to comply with these laws, and printed the CEO’s last name in its media release. But on the slight chance that a Polish citizen may be reading the Bredemarket blog, I won’t reprint it here.

But Marcin P. is only a suspect

Of course, Marcin has not been convicted of a crime. But if he is eventually convicted. Polish law WILL allow publication of his last name.

Unless he lodges a request for GDPR “right of erasure,” a right that has been upheld in Luxembourg.

“The case concerns the former president of a trade union organisation from 1985 to 2002, against whom charges were brought for forgery, abuse of trust, fraud and theft. The case involved several million ‘Luxembourg Francs’ (the Euro banknotes were introduced in 2002) and hundreds of victims. The individual had confessed and was sentenced in 2007 for various offences to a prison sentence of six years, with a two-year suspended sentence….

“A TV program was broadcast in 2018, followed by a radio show in 2022. In the meantime, the individual filed a legal request in 2020 to prohibit the media outlet ‘from mentioning the name and publishing the image of the claimant on its TV broadcasts, radio programs, and websites in connection with its activities related to […], under penalty of a fine’….

“[T]he Court of Appeal found that the dissemination of the image and the publication of the name and surname were not necessary to achieve the goal of information.”

To date, I know of no case in the United States in which a convicted criminal’s name has been suppressed.

To date.

Jurisdictional Privacy and Consent

Where are you?

Who are you?

The answers to these questions affect if or how you obtain consent to use one’s personally identifiable information, or PII.

Privacy regulations can change when you cross country or even city lines, and they can also change depending on who you are: an individual, a business, or a government agency.

How?

  • On the other extreme, some entities in some jurisdictions must obtain express written consent. If I am a homeowner in Schaumburg, Illinois, and I use a doorbell camera to identify friends or foes approaching my door, the Biometric Information Privacy Act (BIPA) prohibits me from capturing their biometrics without their consent, and lets them sue me if I do it anyway.

Before you collect PII, check the laws in your jurisdiction first.

Oh, and check the laws in other jurisdictions in case they try to enforce their laws in your jurisdiction.

By the way: if you’re a software or hardware vendor, don’t assume that you bear no responsibility and that only your customer does.

You must educate your customers.

And Bredemarket can help you with my content-proposal-analysis services.

CPA
CPA.

(Told you I’d bring this landing page back.)

Europe is Looking At More Than Just Biometric Testing

A little more detail, courtesy EU Brussels, regarding the policy brief published by the EU Innovation Hub for Internal Security, coordinated by eu-LISA together with the European Commission, Europol and Frontex.

As I noted earlier today, one proposal is for Europe to perform its own independent biometric testing, reducing Europe’s dependence on the American National Institute of Standards and Technology (NIST).

“The second is a centralised evaluation and testing platform connected to that repository, allowing standardised, independent and continuous assessment of biometric technologies, including benchmarking across vendors.”

But if there is a second proposal (European testing) in the cited European biometric policy brief, there must also be a first proposal—one I failed to discuss this morning.

“The first is a common EU biometric data repository containing datasets that comply with European rules, reflect the demographics and use-cases relevant to EU authorities and are stored in a secure environment.”

Makes sense. If you are going to test you need test data. And NIST has no obligation to ensure its test data complies with the General Data Protection Regulation (GDPR). The subjects in NIST test databases rarely provided the “explicit consent” mentioned in GDPR, and the “right to erasure” from a NIST database is…laughable.

Yes, it’s extremely challenging to construct a testing database that complies with GDPR.

And NIST certainly ain’t gonna do it.

Will a European entity construct it?

And if the right to erasure is maintained, how will you maintain historical consistency of test results?

Why Would Europe Perform Its Own Biometric Testing?

I’ve seen two articles about a possible move by Europe to set up a Europe-wide biometric testing agency, bypassing the need for National Institute of Standards and Technology (NIST) biometric testing.

One reason is that a European-controlled testing methodology can incorporate European regulations, such as the General Data Protection Regulation (GDPR).

A second related reason for Europe to bypass NIST biometric testing is that U.S. government agencies, including NIST and the Federal Bureau of Investigation (FBI), naturally place prime importance on American interests.

Remember when the U.S. House of Representatives Select Committee on the Chinese Communist Party complained that the FBI Certified Products List contained Chinese biometric vendors (the Certified Communist Products List)?

  • Wait until they discover all the Chinese companies that participate in NIST testing.
  • And wait until someone in the legislative or executive branches decides that the FBI or NIST shouldn’t list products from other countries deemed unfriendly to the United States. Denmark? Germany? France?

For these reasons, Europe may be compelled to set up its own biometric testing organization.

And so may China.

Who Can Write My Biometric Company’s Product Marketing Content?

Someone who is a biometric product marketing expert.

Someone who has three decades of expertise in biometrics.

I remember ANSI/NIST-CSL 1-1993.

Someone who has worked with fingerprints, faces, irises, voices, DNA, and other biometric modalities.

Some modalities. Butts and tongues not included.

Someone who understands the privacy landscape in Europe (GDPR), Illinois (BIPA), California, and elsewhere.

BIPA is a four-letter word.

Oh…and someone who can write.

A slight exaggeration.

So who can write this stuff?

I know someone. Bredemarket.

Stop losing prospects! Use Bredemarket content for tech marketers

Some great videos


Biometric product marketing expert.
Questions.
Services, process, and pricing.

Declutter and Focus

2025 has been a year of declutterring and focusing.

The declutterring is the hardest. I may still love that long sleeve shirt with holes in the right elbow. (Why always the right elbow? I’m left handed.) But it’s no longer good for me, and I should have gotten rid of it years ago.

Whether it’s a former friend—a great person who went silent and indifferent—or a newsletter from a company that rejected my 2023 job application and only contacted me afterwards because GDPR required it—the time has come to simplify and focus.

Now just a few hundred LinkedIn newsletters and email subscriptions to go.

And to see where I can focus now.

Privacy by John Maus

(AI wildebeest and iguana images from Imagen 3)

Discovered a song about privacy (by John Maus) and had to create a reel that used the song. Note the mDL privacy-preserving features toward the end of the reel.

“Dead bolts and windowed bars

Lowered drapes and screened calls

Headphones on tightly”

https://www.instagram.com/share/_ejtehYyr

Privacy.