 How does the reminder work? Do you get a notification? And does it also work on the phone? Maybe you wanna answer that one? It's on. So for whatever resource that you wanna set a reminder on, it works slightly different depending on what app it is. If it's a mail, then it's moved to a snooze mail folder, I guess, and then it comes back into your inbox when it's the time to be reminded, I think. And for talk and files, you get a notification for when you need to be reminded. I am not entirely sure if it's available on the clients, actually, so maybe one of the engineers can. No, it is. It is? I mean, it's a push notification. It'll show up on your desktop. Oh yeah, exactly. It shows on your phone. Yeah, it's a notification, so it definitely shows up. Yeah, exactly. We have a question over there. Yeah. Just a second. Yeah, about transparency when using AI. It's a very important value for us, and I was asking if when you generate an email answer via AI, via the assistant, is it made transparent for the recipient? So is it visible like this answer is generated with help of AI or something? Why do you give me the microphone? Why do I give the hot questions to you? Yeah, that's a fascinating topic. So at the moment, it's just a normal text. We don't really mark that, but there is actually discussions in the industry how to mark automated AI generated images and texts. And if there's some kind of standard, we'll definitely support it, but I'm not really aware of anything. I mean, we could automatically add, at the end, this was generated by AI, but the user wouldn't have the opportunity to delete it, so it's not really guaranteed. But I really like the question. We should talk about that. Yeah. All right, more hard questions. So let me, Bert, there's switching mics here, but I have another one here as well. So the question I got here, why did we focus? Why did you focus on the healthy melting culture as a theme for this release? Why not? I mean, I don't know. I mean, I don't know the background of the person who asked the question, but I mean, for most of us here, I think it's pretty obvious. If you do this remote work thing that you do with NextCloud and you work many, many hours, then I think we all have these problems. And I think software, like good software should make us productive and less stressed, right? Doing more with less worry. And that's what we want on your chief. Yeah, absolutely. I mean, there are a ton of people struggling with mental health and software should help not make it worse with notifications all the time. And I think these things of setting your working hours and then do not disturb outside of the working hours is such a basic thing. And if you look, it's kind of the opposite direction of what Big Tech is doing because they're adding all kinds of spying features to the software so you know your boss can constantly look how many hours you were staring at the screen and stuff, which I think is just insane. And so we try actually to do the opposite and help your mental health rather than adding more pressure to the existing pressure. Thank you. Guys, before I put out my question to you guys, this is absolutely amazing what you did. It's mind blowing, my God, really. Fantastic. Thank you. Absolutely. Great. My question is about a feature in Deck which I've been missing for a long time and it's about revolving or repeating tasks. Is there any feature or how do you handle these things? Things you have to get your hand off yourself constantly every week or every day or every month or something like that and distribute it towards other members of the team? How do you handle that practically? So we can look into this feature request later but I want to point out that Deck is supposed to be like a simple and very lightweight tool, Kanban style to do your tasks. We're not going to build Deck into like a full-fledged project management tool for everything. And we have partners actually over there, Open Project. They have a solution which has a thousand times more features. They probably have this feature, I'm sure. And if you really want to do advanced project management, I would recommend using something like that. Deck is supposed to be like more lightweight and simple. Okay, while we are traveling with the microphone, I have one here as well. How do you manage to offer all these AI features on-premises? Sounds like a hard question to me. Big question, yeah. I mean, it's interesting. I think it's really interesting what's happening. I mean, if you just look back like a year from today, then most of us thought that these features are not even possible technically, right? It was not really there. There was this whole Chatchivity didn't exist, all this stuff didn't really exist. So just 12 months ago, we all thought that's not really possible. And then end of last year, when Chatchivity launched and all these other tools, it was like, oh, wow, this is really fascinating, but it's something only Big Tech can do because they have these gigantic server farms and there's no way an Open Source project of those communities can compete with that. And again, a few months later, actually then this whole like Open Source AI, locally AI, small models, powerful models popped up. And nowadays, there's a super active community of AI developers and freely available models, freely available training data. It's really becomes a phenomenon. And so this all becomes now possible. Obviously, we don't do this alone, right? We are standing on the shoulders of giants here. We built on top of existing models like the Falcon model or the Lama2 model and others, but it's now absolutely possible to do this local. I have to say, not everything works like super fast. There are some operations where you really have to wait for, but even that improves all the time. So if you compare what's possible today to like two, three months ago, it's already a lot faster and better. And yeah, it seems to be possible to do this stuff local and there's not a huge dependency on Big Tech here anymore. Woo-hoo. Well, my question is similar to the previous one. The self-hosted AI is actually really cool and I was excited to see that, but it had me wondering, does that change the recommended hardware specifications for self-hosting next cloud if we wanna, you know, that usable experience out of the AI? So I would say for the standard stuff, it's just as before actually, maybe even this going down with the performance improvements we did. So there's always the example with the Raspberry Pi. I mean, I personally would not really recommend to use a Raspberry Pi because it has no redundancy and other limitations, but you can run it on a Raspberry Pi. The AI stuff, of course, there's a big depends because we're using like different models for different things here. There are some things, for example, the object and face recognition, which is a relatively small model. I think this is something that is not so hard to self-host. Then there's also the translation stuff. This is also using a relatively small model which runs on cheap hardware, I would say. The full large language model, this is a bit more tricky. It runs on CPUs, so it doesn't require GPU. This was important, so it runs on normal servers, but it's possible that an answer, depending on the machine, then can take, I don't know, a minute or something. But yeah, if you add more resources, if you add another GPU, it gets faster and I'm also very confident that in the next release it will be even faster because the industry is moving on. But so the answer is depends, I guess. I don't know if what. I mean, I have something to add for that and I think as a designer, we also try to keep that in mind that it's a little bit slow, so while we're thinking about how this would work for all devices, we try to make sure that even if it's slow, you don't have to wait for a minute or two to get on with your workflow. So it was considered, I think we are limited by, and enabled and limited by what's out there in the community, but we try to factor that in when we're building something. So you can give it a try and hopefully it doesn't seem too obvious or that maybe it's not working as fast on a relatively not powerful device. All right, we go over to James. I'm just telling quick, there's a lot of questions. Please be patient, we come to all your questions. So, James. I just wanted to, quick question, but also just want to say I really appreciate the improvements in sharing in the user experience that's been a really long time pull request, so thank you so much for all the work on that. It's really great. On the repeating tasks, I know there's an open pull request right now on the tasks app for repeating tasks in development. You can look at it online, it's exciting. I was curious on these reminders and everything that people were asking about, are those exposed in the tasks app or in CalDAV or is that more just like in notifications? I think at the moment it's just of notification, but it seems like really interesting to sort of link that to all the different apps as well, but at the moment it is just notification and it works across all devices as well. All right, well, status is moving. I have a question here also, which is kind of a follow-up question with the previous I got, can I disable these AI features in NextLab Hub? What's the follow-up question there, right? Yeah, this is a question that comes up all the time and we should be more clear about that. So first of all, none of these features are enabled by default, right? So none of these AI features are there by default. They're all in separate apps and they all can be activated and deactivated as you want. They're disabled by default. But then if you decide to use something, there's still this configuration screen we show in the presentation where they can select what to use for what. So you're really, really in control and it's all opt-in basically. So nothing is happening without your approval. Status. Hello. I have a question, but first, it's wonderful what you've done. It's really amazing. I have more citizen-centric questions with trust and transparency and all the tools you have in AI. They are the broad question of compliance, like they are European ethical guidelines for AI use. I'm from a healthcare background, so there are many, many compliance steps. Do you envision, including in the Next Cloud Hub, out of the box some compliance or following guidelines regarding AI and other GDPR subjects or not? Yeah, so it's an interesting question. The thing is that, of course, by design, we try and make sure that everything can run on-premise and no data leaks, which, I mean, compliance is a really wide subject, right? And so I can't say Next Cloud solves all compliance problems because it really depends on your problem. But instead of handing over your data to another partner, keeping it under the control of your sysadmins, already removes half your compliance issues. And so that is also the approach we take with AI. So by not sending it to a third-party server but processing it on the server, that really takes away a lot of the problems. Of course, if, for example, there are requirements to ensure that the AI has no bias, et cetera, that's where, of course, also the ethical AI rating comes in because you will be able to see whether the AI that you're installing, even if it's local, actually has the training data also available so you can look for things like bias. So I think the transparency rating here is going to be important, that you check whether the AI can be optimized, the power use that you can check for bias, et cetera. But in the end, by keeping the data on the server and not sending it away, yeah, a lot of the compliance headaches, of course, go away. And we have a number of features in Next Cloud that is, for example, the privacy screen where you can see as a user where your data is physically and what are the people who have access to your data. And we have, of course, logging, the audit log, other features, so there's a whole bunch of compliance features as well, of course, all over Next Cloud to help with this. Right. Just a moment, guys. Yeah. Hello. I found Next Cloud Assistant very interesting, very impressive, but do we have any more details about the languages supported in Next Cloud Assistant and do we have any details about which models are used? I speak Arabic and it's very important to me that the Assistant supports Arabic as well as RTL languages. Thank you. Yeah, that's a great question, actually. The answer, again, is depends, because, again, we use different models for translation, even for the large language model, we have different options, so it depends. Maybe we should be a bit more clear there in the app description about what part is optimized for what language. I think that's a great point. If you personally want to know the details, you should talk to them after the presentation. Hello. Again, thanks. Love the new changes, especially around the AI. My question is also about that. So you talked about the red, orange, yellow, green ratings and how that is based on certain criteria, so I have two short questions about that. One is in the shows that we've seen of, for example, you're choosing whether you want open AI's whisper or your local whisper, stuff like that. I haven't seen that rating be there, so one thing is where, at what point of choosing or selecting a tool, will this rating be available to me? And then the other one, which is linked here, so you said yourself that a lot of companies will make the transparency kind of a moving target and they can flip it on you. Who is actually creating these ratings, validating that is rating green or yellow and will this be tested over time to see if anything changed? Yeah. So as I said earlier, the different apps, they're all opt-in in the apps page. You have the different apps and you can enable them and this is also where you can see the rating. They're like connected to the apps. Yeah, so basically the developer of the app, of the, I don't know, local translation app, for example, this is the person who then decides what rating this has. And obviously we review it according to our information. We don't have the opportunity to really look into the system. Sometimes, I don't know, it's chat GBT, it's completely transparent what's going on. But yeah, of course, we check if the rating is correct over time. But yeah, it is a screen that we didn't show in the presentation, but in the apps list, actually when you select the different things, you will see the rating and if you- The description, right? The description, yeah. If you select the chat GBT integration, you'll see that this is red and if you use the local, then you see the screen. Right, status. I have one question here. Let me allow me to squeeze one in here. Why, so I think this one is for you, Joss. Why did you develop that multi-language development option? What's wrong with PHP? I think that microservices are overrated, so. Yeah, everybody has their preferences, but I think that is pretty much the answer. Like there isn't, I don't know, people don't agree on this. I think there's nothing wrong with PHP. We're also not going to move away from PHP, but as Joss said, people have preferences and it's not even only the people. For example, the AI stuff, lots of it is written in Python, so it makes sense for us to support it fully. So it's just giving more options, but this is not going to throw away the PHP code. Talking about AI, did you give any thoughts to federated learning concepts? So you have AI running, let's say, on company one and AI running on company two, all in capsules, and so is there a possibility or did you think about or are there any concepts like federated learning which Google introduced, oh, I don't want to say Google, sorry, the G word. But so that you can take the learnings from different AI's and put them together somehow. It's tricky. But just the data, not the data, but just the learnings. It's tricky because if you were in one company and you're, I don't know, let's say, or BMW, right, and you're debating your strategy on how to beat, I don't know, Toyota, and then your AI is trained on the conversations. Right, yeah. So I think in, yeah, software healthcare, this could make sense indeed if you train a network that can detect, for example, on a scan, can detect cancer and then getting the data from all the hospitals to get better detection. That's very helpful, yeah. So I think this is very much up to the, yeah, that's kind of the AI models. It's kind of more an issue, I think, on the layer below us. I mean, perhaps we can look into facilitating that. Yeah, I think this is a great topic, but it's, I mean, we're providing the software fully open source with the machine learning models and all the infrastructure and you give it to you. And what you do with it is then your responsibility. If you decide to share patient data with another hospital because we have an agreement with them, I don't know. But I mean, this is, okay, then not. But I mean, this is then really the software can do whatever you want, but how you use it is your responsibility. Yeah, but we're not collecting any data. But if you want to do some research, sure. But I think this is more for the underlying models and the people working on them. I mean, of course, we try to tune the model, we select the models, but in the end, we are an interface to the models. And I think this is something that should be arranged on the level of the models. That makes sense. Okay, first, let me join the place. Really a lot of very interesting stuff we showed today. I'm also very interested in the new server app ecosystem with microservices because I think it will probably make a lot of frameworks that are written in individual languages more easily available to apps. And what I was wondering is, does this require the server to be able to manage a Docker daemon? Or does it make app deployment more complex because I can't see how it solves without one or the other? Thank you. Yeah, great question. One of the benefits of having the server apps written in PHP is that the whole deployment and updating everything is super easy. We have our app store, you go to apps page, you click on enable, it downloads it from server and packs, it puts it in the right folder and it works. That's great. But of course, if you want to have other technologies, if you want to have something, I don't know, written in Rust, that's of course more complicated, right? It's compiled first of all and maybe has dependencies and it's more complicated. There we decided to, first of all, you can configure all of that manually if you want, right? It's just you can put your go daemon anywhere. It just needs to know the endpoints in both directions and you need to have a secret in both directions that is authenticated and then it works. But this would be manual configuration. But the goal from us would be to make it like from a user perspective, as simple as with the PHP apps. And for that, we are trying to develop in a way that you have a similar list of apps. You click on, I want to have that and then it should work. It's more complicated for the packaging. Basically, we rely on Docker there. Seems to be the standard nowadays. Why not invent something else? And we try to do a little bit of magic that it can actually then on click then download the Docker image and run it and set it up properly. This is still in development, it doesn't exist yet. But this is the goal that for the normal admin, it's the same one click. Of course, this has limitations. So if you want to run this on a different machine, if you have a cluster set and other things, you probably have to configure some config files. But for the super simple setup on one machine, we're trying to get the same user experience with have a list of apps click and it's working. But this is like in development for the next release, or later. I love the integration with the diagrams. That's just amazing. But my question would be, I don't really want to learn how to write those diagrams. Does the AI already help that? I mean, I want to describe in natural language what's happening and then it writes me the diagram. Yeah, feature request was noted from the back seats. But well, I mean, I wouldn't be terribly surprised if one of the AI models actually knows mermaid since X4 ready. It might work, actually. It might just work. It might be one of the two big language models we use might be trained on mermaid, I don't know. Yeah, we'd love to hear about it. Yeah, thanks. My question is also about hardware used for the AI features in the, as far as I know, for the all-in-one package right now, it's not possible to use GPUs because it's all based on open images. And for recognize, it's still running on CPU. Now with the new clustering features of this developed pipeline, maybe it's possible to have different containers executing the AI apps and these can access GPUs within this AIO image. So that's just one idea of how it might be possible to improve this. So that's all in heavy development. But the good news is the people who do this are actually here in the room. So maybe we can have a conversation later. All right, I think we're there, right? No more questions. Then we're going to close off the questions. Thank you, speakers. Thank you, everybody, for those wonderful questions. You can applaud for that, of course. So I'm in between food and this last final message I wanna send over. Again, the conference program can be found at our website, netcloud.com. If you go there, you can find the conference program. The official hashtag, I already mentioned that. Speak out, share the experience, use that hashtag over there, netcloud.com. Hashtag, netcloud.com. And the Wi-Fi password, of course, very vital here. Netcloud.com 2023 and the network, you'll find them as netcloud.com. All right, something else I also wanna mention here is the code of conduct. If there's anything that's bothering you or when there's something you wanna ventilate and say, go to Jan, Greta, Kate, and Anna. They're working around here. Those are the faces behind that and you can find them here on site. All right, there's also, I forgot to tell you also about the program, you can find them on those, on the tables over there, you see those little... QR codes. Sorry? The QR codes, just scan. Yeah, you can scan the QR codes so you can find information that way as well. All right. Something which is also important is, of course, pictures. We take pictures. If you do not want to have your photo taken, just go to the registration desk. They will put a dot on your badge, which kind of indicates to us that you don't wanna be photographed. So if you don't want to have that happen, please go to the registration desk and make sure you have such a dot. And the other way around, if you see somebody who has a dot and you're trying to take a picture, then please be so kind not to take pictures of people who don't want their pictures taken, especially when you share them online. That's... Nature sometimes can also do their calling right. So you need to do sometimes some stuff. We have some toilets downstairs. Those are unisex toilets. I can imagine you're looking for something a bit more private upstairs. There's on the first floor, we also have toilets and a bit more privacy perhaps as well. So if you are looking for toilets, we have plenty of options. All right. So it's very, very cool here. If you need something, you just can open a fridge, take your drinks, no need to ask. So you see a couple of fridges here with drinks in there. If you're thirsty or if you need something, just grab it, take it, no need to ask. So with that, I wish you all, well, good lunch, have a good lunch, nourish yourself and come back here because we have a very great talk coming up here from Mark Shrems at 1 p.m. So please be on time here and I will make sure, you see this little notification, I will make a lot of noise to make sure that you're back here at 1 p.m. and that we can kick it off with Mark Shrems. Thank you everybody, enjoy lunch. Computers revolutionized office productivity. Computers revolutionized office productivity. Networks made it easy to share files with each other, optimizing the flow of documents. Real productivity of teams. Bringing context to content and real-time collaboration to working together. Get work done. Computers revolutionized office productivity. Networks made it easy to share files with each other, optimizing the flow of documents. Today, NextCloud unlocks the real productivity of teams. Bringing context to content and real-time collaboration to working together. Get work done. NextCloud. Computers revolutionized office productivity. Networks made it easy to share files with each other, optimizing the flow of documents. Today, NextCloud unlocks the real productivity of teams. Bringing context to content and real-time collaboration to working together. Get work done. NextCloud. Computers revolutionized office productivity. Networks made it easy to share files with each other. Optimizing the flow of documents. Today, NextCloud unlocks the real productivity of teams. Bringing context to content and real-time collaboration to working together. Get work done. NextCloud. Computers revolutionized office productivity. Networks made it easy to share files with each other, optimizing the flow of documents. Today, NextCloud unlocks the real productivity of teams. Bringing context to content and real-time collaboration to working together. Get work done. NextCloud. Computers revolutionized office productivity. Networks with NextCloud talk. You can chat, do video calls, and collaborate around your documents. Communication is the key. Just saying. Here, by the way. You have chat rooms about topics, one-on-one chats where you can even invite external participants. And on top of that, you can group files and rooms and other resources into projects. Of course, those documents you shared can be edited together in real time. NextCloud even comes with a built-in whiteboard you can use during your calls or on your own. You can easily integrate external applications and scripts into your chat workflows. Chat messages can also be turned into tasks in-deck and from the calendar. You can easily create a talk room for a meeting. Calls can be scheduled for a specific time. This is, for example, useful for web meetings or webinars. You will never miss a call again, except when you want to miss them. With NextCloud talk, you can do video calls and screen sharing with... Computers revolutionized office productivity. Networks made it easy to share files with each other, optimizing the flow of documents. Today, NextCloud unlocks the real productivity of teams, bringing context to content, and real-time collaboration to working together. Get work done. NextCloud, meetings feel like a waste of time, especially when one colleague is talking almost constantly. Do you get stressed from all the calls and chat messages coming in? Do work and private life blur into each other? These days, we are often working hybrid or remote, so a healthy meeting culture is more important than ever. NextCloud can help with this. NextCloud talk makes it easier to be mindful of the attention of other people. You can, for example, send a chat message that won't cause everybody to get notified. You can even start a call without ringing everyone's phone. If you then have to pull in others, you could ring them specifically. During the meeting, talk shows you how long everybody has been talking. Now you can ensure everybody has a chance to share their opinion. If there are to-do items, you can put them in the chat with to-do or task in front. The talkbot will record them. At the one hour mark, pick one of the proposed times or set your own. We thought this feature was so useful. We also made it possible to set a reminder on a file and snooze emails. That way, you can stay focused on the task at hand. Say goodbye to endless meetings and hello to efficient collaboration. Create a more productive, respectful, and healthy meeting culture with Next Cloud Talk. Visit our website and follow us on social media to stay updated on the latest features and improvements. With Next Cloud Talk, you can chat and video calls and collaborate around your documents. Even is the key. Files and rooms and other resources and attachments you share can be edited together and used with a built-in whiteboard you can use during your calls or on your own. You can easily integrate external applications and scripts into your chat workflows. Chat messages can also be turned into tasks in-deck and from the calendar. You can easily create a talk room for a meeting. Calls can be scheduled for a specific time. This is, for example, useful for web meetings or webinars. You will never miss a call again, except when you want to miss them. With Next Cloud Talk, you can do video calls and screen sharing with several people at once. Raise your hand to get attention. Or on the keyboard to do so. Sometimes you just want to leave a quick voice message. And that's easy, too. If the others are on a different chat service, like Slack, Teams or IRC, no worries. Next Cloud Talk can connect to those and chat in real time. You can also chat and do video calling with the native mobile apps. You will get push notifications anytime you get a call or a chat message. This one here. On the road, you can share a location so people know when you'll be there. And to help your friends connect, you can share contact details. A project manager whose curiosity in AI-driven collaboration has led her to explore various articles on the subject. She reads that the use of AI can be risky, especially when handling sensitive company and customer data. But with Next Cloud Hub, those hindrances are no longer a concern for her. She knows that all data is strictly handled on the Next Cloud server and is not leaking or being used by another company to train their AI platforms. Let's see how these features play out in Christine's daily work. Yesterday, Christine received an email from Margo, which included a detailed document outlining observations and metrics of quality issues within the company. In that same email, Margo asks Christine to create an outline for a project aimed at addressing these challenges and to discuss this project approach in a call the next day. Her team also received that mail from Margo and members sent in suggestions. Really great to see that many ideas, but the mail thread is far too lengthy to read. Christine definitely wants to use the suggestions from her team. She asks the assistant to compile and summarize these insights from her team. Then she goes back to the document from her manager. Christine wants to tap into the collective brainpower of her team and the AI, and with the summarized insights in hand, Christine directs the assistant to create a project outline. The on-premises AI capabilities of Next Cloud Hub enable her to craft an efficient plan for Margo. The assistant completes the project outline and Christine shares it in a Next Cloud talk room with her manager. Christine asks Margo if she can record it so she can have the transcript of the conversation to share with her team and engaging meeting ensues. After the conversation, the call summary bot summarizes the meeting and shares tasks from the conversation. Christine incorporates this task list and the transcript of the conversation into the project outline for her and her team. After the meeting, Christine notices that a couple of tasks need to be delegated to Zarina from the German team. She uses the whole task list and uses Next Cloud Translate to get a German version. Now this can easily be put in a task for our German team, directly from text. Next Cloud Hub's built-in AI capabilities helped Christine to tackle this challenge within her organization much more quickly and efficiently as otherwise would have been possible. And she did not have to worry about any of this data leading to a third talk. Next Cloud Hub is a project plan nor the content of the call transcript that was created by AI. Christine feels in control and she stays informed without feeling overwhelmed. Next Cloud Hub helps Christine to digest key information for this meeting and other tasks and projects. Explore how Next Cloud Hub can help you redefine your organization's collaboration, offering trustworthy AI for smart productivity and robust security. You can chat, do video calls and collaborate around your documents. Communication is the key. Just saying. This here by the way. You have chat rooms about topics, one-on-one chats where you can even invite external participants and on top of that you can group files and rooms and other resources into projects. Of course those documents you shared can be edited together in real time. Next Cloud even comes with a built-in whiteboard you can use during your calls or on your own. You can easily integrate external applications and scripts into your chat workflows. Chat messages can also be turned into tasks in deck and from the calendar. You can easily create a talk room for a meeting. Calls can be scheduled for a specific time. This is for example useful for web meetings or webinars. You will never miss a call again except when you want to miss them. With Next Cloud Talk you can do video calls and screen sharing with several people at once. Raise your hand to get attention or on the keyboard to do so. Sometimes you just want to leave a quick voice message. And that's easy too. If the others are on a different chat service like Slack, Teams or IRC no worries. Next Cloud Talk can connect to those and chat in real time. You can also chat and do video calling with Google Apps. You will get push notifications anytime you get a call or a chat message like this one here. On the road you can share a location so people know when you'll be there and to help your friends connect you can share contact details. We believe privacy is a fundamental human right and everybody should have access to secure communication free from surveillance. We are building decentralized products as an alternative to centralized platforms. People can choose what they want and where they want it. We believe in open source and open standards. Open source is the only way for users to trust their devices. We value sustainability protecting people society and the environment. We believe accessibility is a fundamental human right and technology should be accessible to everyone. The time of our users is very important to us. We do our best to make NextCloud easy to use. We foster diversity from innovation to transparency and collaboration. Working with our communities and supporting marginalized people leads to a better result. Working together Get work done NextCloud Especially when one colleague is talking almost constantly. Do you get stressed from all the calls and chat messages coming in? Do work and private life blur into each other? These days we are often working hybrid or remote so a healthy meeting culture is more important than ever. NextCloud can help with this. NextCloud Talk makes it easier to be mindful of the attention of other people. You can, for example, send a chat message that won't cause everybody to get notified. You can even start a call without ringing everyone's phone. If you then have to pull in others you could ring them specifically. During the meeting Talk shows you how long everybody has been talking. Now you can ensure everybody has a chance to share their opinion. If there are to-do items you can put them in the chat with to-do or task in front. The talk bot will record them. At the one hour mark Talk gives you a small notification. Perhaps time to end the call? After the call you'll get a short call report including the tasks you identified. That helps you keep track of the meetings. Less notifications is nice, of course. You can disable notifications on a chat room but outside of work hours you might prefer not to get any notifications at all. That is easy. Configure your work hours and enable the automatic Do Not Disturb feature. Sometimes you do want to get notified, just not right now. You can set a reminder on a chat message so you can deal with it later. Just pick one of the proposed times or set your own. We thought this feature was so useful. We also made it possible to set a reminder on a file and snooze emails. That way you can stay focused on the task at hand. Say goodbye to endless meetings and hello to efficient collaboration. Create a more productive, respectful and healthy meeting culture with Next Cloud Talk. Visit our website and follow us on social media to stay updated on the latest features and improvements. Meet Christine, a project manager whose curiosity in AI driven collaboration has led her to explore various articles on the subject. She reads that the use of AI can be risky, especially when handling sensitive company and customer data. But with Next Cloud Hub, those hindrances are no longer a concern for her. She knows that all data is strictly handled on the Next Cloud server and is not leaking or being used by another company to train their AI platforms. Let's see how these features play out in Christine's daily work. Yesterday, Christine received an email from Margo, which included a detailed document outlining observations and metrics of quality issues within the company. In that same email, Margo asks Christine to create an outline for a project aimed at addressing these challenges and to discuss this project approach in a call the next day. Her team also received that mail from Margo and members sent in suggestions. Really great to see that many ideas, but the mail thread is far too lengthy to read. Christine definitely wants to use the suggestions from her team. She asks the assistant to compile and summarize these insights from her team. Then she goes back to the document from her manager. Christine wants to tap into the collective brainpower of her team and the AI and with the summarized insights in hand, Christine directs the assistant to create a project outline. The on-premises AI capabilities of Next Cloud Hub enable her to craft an efficient plan for Margo. The assistant completes the project outline and Christine shares it in a Next Cloud talk room with her manager. Christine asks Margo if she can record it so she can have the transcript of the conversation to share with her team and engaging meeting ensues. After the conversation, the call summary bot summarizes the meeting and shares tasks from the conversation. Christine incorporates this task list and the transcript of the conversation into the project outline for her and her team. After the meeting, Christine notices that a couple of tasks need to be delegated to Zarina from the German team. She selects the whole task list and uses Next Cloud Translate to get a German version. Now this can easily be put in a task for our German team directly from text. Next Cloud Hub's built-in AI capabilities helped Christine to tackle this challenge within her organization much more quickly and efficiently as otherwise would have been possible. And she did not have to worry about any of this data leaking to a third party, neither the translation nor the new project plan nor the content of the call transcript that was created by AI. Christine feels in control and she stays informed without feeling overwhelmed. Next Cloud Hub helps Christine to digest the information for this meeting and other tasks and projects. Explore how Next Cloud Hub can help you redefine your organization's collaboration, offering trustworthy AI for smart productivity and robust security. With Next Cloud Talk you can chat, do video calls and collaborate around your documents. Communication is the key. Just saying. It's hair, by the way. chat rooms about topics, one-on-one chats where you can even invite external participants. And on top of that you can group files and rooms and other resources into projects. Of course those documents you shared can be edited together in real time. Next Cloud even comes with a built-in whiteboard you can use during your calls or on your own. You can easily integrate external applications and scripts into your chat workflows. Chat messages can also be turned into tasks from the deck and from the calendar. You can easily create a talk room for a meeting. Calls can be scheduled for a specific time. This is, for example, useful for web meetings or webinars. You will never miss a call again except when you want to miss them. With Next Cloud Talk you can do video calls and screen-sharing with several people at once. Raise your hand to get attention or on the keyboard to do so. Sometimes you just want to leave a quick voice message. And that's easy too. If the others are on a different chat service like Slack, Teams or IRC no worries. Next Cloud Talk can connect to those and chat in real time. You can also chat and do video calling with the native mobile apps. You will get push notifications anytime you get a call or a chat message like this one here. On the road you can share a location so people know when you'll be there and to help your friends connect you can share contact details. We believe privacy is a fundamental human right and everybody should have access to secure communication free from surveillance. We are building decentralized products as an alternative to centralized platforms. People can choose what they want and where they want it. We believe in open sourcing open startups. Open source is the only way for users to trust their devices. We value sustainability protecting people society and the environment. We believe accessibility is a fundamental human right and technology should be accessible to everyone. The time of our users is very important to us. That's why we do our best to make Next Cloud easy to use. We foster diversity from innovation to transparency and collaboration. Working with our communities to recognize people leads to a better result. First revolutionized office productivity. Networks made it easy to share files with each other optimizing the flow of documents. Today Next Cloud unlocks the real productivity of teams bringing context to content and real-time collaboration to working together. Get work done. Next Cloud. Feel like a waste of time especially when one colleague is talking almost constantly. Do you get stressed from all the calls and chat messages coming in? Do work and private life blur into each other? These days we are often working hybrid or remote, so a healthy meeting culture is more important than ever. Next Cloud can help with this. Next Cloud Talk makes it easier to be mindful of the attention of other people. You can, for example, send a chat message that won't cause everybody to get notified. You can even start a call without ringing everyone's phone. If you then have to pull in others you could ring them specifically. During the meeting talk shows you how long everybody has been talking. Now you can ensure everybody has a chance to share their opinion. If there are to-do items you can put them in the chat with to-do or task in front. The talk bot will record them. At the one hour mark talk gives you a small notification perhaps time to end the call. After the call you'll get a short call report including the tasks you identified. That helps you keep track of the meetings. Less notifications is nice of course. You can disable notifications on a chat room but outside of work hours you might prefer not to get any notifications at all. That is easy. Configure your work hours and enable the automatic Do Not Disturb feature. Next you do want to get notified just not right now. You can set a reminder on a chat message so you can deal with it later. Just pick one of the proposed times or set your own. We thought this feature was so useful we also made it possible to set a reminder on a file and snooze emails. That way you can stay focused on the task at hand. Say goodbye to endless meetings and hello to efficient collaboration. Create a more productive respectful and healthy meeting culture with Next Cloud Talk. Visit our website and follow us on social media to stay updated on the latest features and improvements. Meet Christine, a project manager whose curiosity in AI driven collaboration has led her to explore various articles on the subject. She reads that the use of AI can be risky, especially when handling sensitive company and customer data. But with Next Cloud Hub those hindrances are no longer a concern for her. She knows that all data is strictly handled on the Next Cloud server and is not leaking or being used by another company to train their AI platforms. Let's see how these features play out in Christine's daily work. Yesterday Christine received an email from Margo which included a detailed document outlining observations and metrics of quality issues within the company. That same email Margo asks Christine to create an outline for a project aimed at addressing these challenges and to discuss this project approach in a call the next day. Her team also received that mail from Margo and members sent in suggestions. Really great to see that many ideas but the mail thread is far too lengthy to read. Christine definitely wants to use the suggestions from her team. She asks the assistant to compile these insights from her team. Then she goes back to the document from her manager. Christine wants to tap into the collective brain power of her team and the AI and with the summarized insights in hand Christine directs the assistant to create a project outline. The on-premises AI capabilities of Next Cloud Hub enable her to craft an efficient plan for Margo. The assistant completes the project outline and Christine shares it in a Next Cloud task room with her manager. Christine asks Margo if she can record it so she can have the transcript of the conversation to share with her team and engaging meeting ensues. After the conversation, the call summary bot summarizes the meeting and shares tasks from the conversation. Christine incorporates this task list and the transcript of the conversation into the project outline for her and her team. After the meeting, Christine notices that a couple of tasks need to be delegated to Zarina from the German team. She selects the whole task list and uses Next Cloud translate to get a German version. Now this can easily be put in a task for our German team directly from text. Next Cloud Hub's built-in AI capabilities helped Christine to tackle this challenge within her organization much more quickly and efficiently as otherwise would have been possible. And she did not have to worry about any of this data leaking to a third party, neither the translation nor the new project plan nor the content of the call transcript that was created by AI. Christine feels in control and she stays informed without feeling overwhelmed. Next Cloud Hub helps Christine to digest key information for this meeting and other tasks and projects. Explore how Next Cloud Hub can help you redefine your organization's collaboration, offering trustworthy AI for smart productivity and robust security. With Next Cloud Talk you can chat, do video calls and collaborate around your documents. Communication is the key. Just saying. This hair, by the way. You have chat rooms about topics, one-on-one chats where you can even invite external participants. And on top of that you can group files in rooms and other resources into projects. Of course those documents you share can be edited together in real time. Next Cloud even comes with a built-in whiteboard you can use during your calls or on your own. You can easily integrate external applications and scripts into your chat workflows. Chat messages can also be turned into tasks in-deck and from the calendar. You can easily create a talk room for a meeting. Calls can be scheduled for a specific time. This is, for example, useful for web meetings or webinars. You will never miss a call again except when you want to miss them. With Next Cloud Talk you can do video calls and screen sharing with several people at once. Raise your hand to get attention or on the keyboard to do so. Sometimes you just want to leave a quick voice message and that's easy too. If the others are on a different chat service like Slack, Teams or IRC no worries. Next Cloud Talk can connect to those and chat in real time. You can also chat and do video calling with the native mobile apps. You will get push notifications anytime you get a call or a chat message like this one here. On the road you can share a location so people know when you'll be there and to help your friends connect you can share contact details. We believe privacy is a fundamental human right and everybody should have access to secure communication free from surveillance. We are building decentralized products as an alternative to centralized platforms. People can choose what they want and where they want it. We believe in open source and open startups. Open source is the only way for users to trust their devices. We value sustainability protecting people society and the environment. We believe accessibility is a fundamental human right and technology should be accessible to everyone. The time of our users is very important to us that's why we do our best to make Next Cloud easy to use. We foster diversity from innovation to transparency and collaboration. Working with our communities and supporting marginalized people leads to a better result. First revolutionized office productivity. Networks made it easy to share files with each other optimizing the flow of documents. Today Next Cloud unlocks the real productivity of teams bringing context to content and real time collaboration to working together. Get work done. Next Cloud. Feel like a waste of time especially when one colleague is talking almost constantly. Do you get stressed from all the calls and chat messages coming in? Do work and private life blur into each other? These days we are often working hybrid or remote so a healthy meeting culture is more important than ever. Next Cloud can help with this. Next Cloud talk makes it easier to be mindful of the attention of other people. You can, for example, send a chat message that won't cause everybody to get notified. You can even start a call without ringing everyone's phone. If you then have to pull in others you could ring them specifically. During the meeting talk shows you how long everybody has been talking. Now you can ensure everybody has a chance to share their opinion. If there are to do items you can put them in the chat with to do or task in front. The talk bot will record them. At the one hour mark talk gives you a small notification. Perhaps time to end the call? After the call you'll get a short call report including the tasks you identified. That helps you keep track of the meetings. Less notifications is nice, of course. You can disable notifications on a chat room but outside of work hours you might prefer not to get any notifications at all. That is easy. Configure your work hours and enable the automatic Do Not Disturb feature. Sometimes you do want to get notified, just not right now. You can set a reminder on a chat message so you can deal with it later. Just pick one of the proposed times and set your own. We thought this feature was so useful. We also made it possible to set a reminder on a file and snooze emails. That way you can stay focused on the task at hand. Say goodbye to endless meetings and hello to efficient collaboration. Well hello everyone. I hope you enjoyed your lunch. If you want to make your way towards the stage, we'll be having a little bit of a chat. It looks like three and a half minutes. If you can make your way here, that would be really appreciated. Thank you. Hello. Hi everybody. I hope you enjoyed your lunch break. I want to ask if everybody was interested in the next talk to come a bit closer to the stage. Originally someone else wanted to do this introduction of our next awesome keynote speaker is Max Schrems, really personal hero of mine for many many years and also should be your hero by the way because he is really defending our privacy rights here in Europe in a big way. Had the guts to sue like Facebook two times and won two times against it. So this is obviously quite cool and quite an achievement. It also, I have to say, is always for me always a bit weird because we have some privacy laws, we have the GDPR, we have other regulations but somehow like a single person like a law student is needed somehow to enforce our rights here because no one else, no other organization did it at the time. So I'm really happy that Max did that and obviously because we go into the third round now keeps on fighting for that to protect our data also as part of his organization none of your business which I think is super cool and deserves some support from all of us. So I'm personally really really happy to have Max here so say a big welcome to Max now. There you come in. Thanks a lot for the introduction and on the supporting part of all of this you guys already support us because we're running on Next Cloud ourselves so that's not the reason I'm usually not like promoting but thanks. Yeah, exactly. Can you turn me a little bit down if possible? It's a bit much at least from my perspective I hope it's not. I was asked to talk about the EU data transfers a very lengthy story I'm just going to start up with a recap of what happened what's the background story why we ended up with this whole endless discussion and in the end go into this new data transfer deal that was published this summer we just realized actually the keynote here was announced like the after the passing I think of the new law we just realized yesterday it wasn't technically passed yet because the EU has put it on its website but not in the official journal of the EU and that's not how law is passed so it seems actually this thing doesn't even exist yet so I was writing with someone on the commission on yesterday and they said yeah actually we still have to publish it officially so seems companies transferring stuff under a law that is not officially passed yet that's kind of the state of play and back to the intro of yes we have the GDPR yes we have all these wonderful laws but we have a huge enforcement gap so a lot of that is just on paper and in reality if you don't follow it not much happens so basically going into the data transfer discussion first I would like to explain in a very very simplified version how US surveillance law works because we oftentimes talk over there is some law there is something going on but to probably dive a little bit deeper into that and how that actually works this is actually a slide from Berlin where the disclosure has happened and when we had all these demonstrations that's almost 10 years ago more than 10 years ago and the big discussion was what are we going to do there was outrage Merkel wasn't happy that her phone was tapped and all that kind of drama but actually there was much that would have happened so we started with discussions on how we can litigate that and actually a journalist called me one night and asked me is that actually legal from a privacy perspective like for these companies to actually just give all that data to the American services and I was like usually journalists you have the same questions all over again and you answer them again this time I was like that's a really interesting question because I haven't really thought about that and if you look at it you have basically two surveillance systems which is capturing the data on the backbone of the internet that becomes less and less relevant because more and more of that data is encrypted so they can see where the data comes from where it goes to to a certain level but below the encryption level not that much anymore the second thing that they came up with was back then called prism now it's called downstream these two things are the same they just changed the name over the time and the idea here is let's get the data from the service providers because they have the keys they have access to the data so there is some way that they can get it and we just required them to give us all the information which is obviously the easiest and most convenient way for a secret service I usually joke is like it used to be that they have to tap each phone now they just have to tap basically Apple and Google and thereby have almost every phone which is much more convenient for a secret service than doing it themselves as you can see from the slides they were already pretty dated when they were published by Snowden and that's more than 10 years ago so we do know some stuff that went down 10 years ago but we all know how much technology has changed since then so it's not unlikely that much more is happening that there is new security services new operations that happen that we're simply not aware of so often times we talk about these two programs but we have to think that there is a law in the background that allows these programs that could be totally different programs by now there is no official recognition there is no official reason to say there is definitely something new or maybe they've just developed further but just to kind of think about that for a second that this is the status of probably 15 years ago and there may be much more right now in these slides it was rather interesting because you also have the different levels that of systems that talk to each other where I don't know they say some voice component goes over into this system and so on it's not very detailed but basically there's an FBI direct interception unit that does kind of the technical connection as far as we know and then the different services can provide the different services can get the data through them so basically that is kind of the NSA bubble of what they do what's really interesting is we also had the logos of the different companies on it and there is a slide that also says when which company was actually hooked up to the system on which date so we had a very good understanding of how this works and that's crucial for surveillance litigation because usually surveillance litigation is a big S conspiracy theory you just don't know in detail what they do it's all secret as a lawyer you look like a fool if you're in front of the judge and say oh they may do and uh and in this case we actually had a bit of an understanding what they really do if you look at the American law all of that happens on the Pfizer 702 that has a second kind of number in US law which is 50 US code 1881 A so you sometimes see 1881 A or Pfizer 702 in reporting it's basically the same law that law is 14 pages long and even though people say I'm not the worst lawyer the world has ever seen it takes you days to understand how these articles interrelate to each other it's the most fucked up law the world has ever seen but once you go through it you realize that there is a lot of like just back and forth blinking that doesn't make any sense if you look at the at the gist of the law what it really says you have two elements that you need you need an electronic communication service provider which is a cloud provider basically telco provider anything like that what's important is this law does not apply to any US business only to these electronic communication service providers so if you send data let's say to Lufthansa US subsidiary something like that they would probably not be an electronic communication service provider and wouldn't fall on the law so it's not like any data that goes to the US is the end of the world it's specifically kind of the big cloud providers where they actually really fall on this loss the second thing you need is foreign intelligence information and that is defined as information that relates to the conduct of the foreign affairs of the United States there's additional that's kind of the broadest definition there's a couple of things that fall under that definition long story short this is an extremely broad definition that basically means anything we're interested in globally that's the kind of plain language and that's the two things you need this electronic communication service provider informed foreign intelligence information informed foreign intelligence information you do not need a crime you do not need probable cause you do not need an individual person you go after you don't need any of these elements we typically have in criminal law or in phone tapping laws in these laws that we have the interesting thing is this would actually be illegal in the US as well under the fourth amendment the fourth amendment also says very similar to Europe that you need probable cause to phone tap and you need a judge saying yes you don't need to justify terms but for the purposes of here that's kind of what you want the problem with the fourth amendment is the fourth amendment only applies to American citizens or US persons so also permanent residents and that is historically normal like we had that in the US as well that we had citizens rights mainly because 200 years ago people didn't move much so you were usually the citizen of the country that you were in so you had citizens rights now ever since the second world war the latest we usually have human rights now it's very easy to just say you're not a citizen you don't have any rights so we moved into human rights the US is still under the old constitutional fabric that they have in the idea of citizens rights now what this law does is basically these elements here the minimization and targeting procedures separate the data stream into American data and non-American data that's fundamentally what this law does it's kind of a switch that says okay this bit is related to an American person can't touch it because this would be unconstitutional very bad this bit is not related to an American person you can go and do whatever you want to do and that is structurally what this law does they call that minimization and targeting procedures and that's kind of these filter procedures now the US says that that's all approved by the Pfizer court and that sounds like odors judicial review some court is actually looking at that what the court is looking at is the entire surveillance system for one year so it certifies basically the filtering it doesn't certify the individual data bit that goes through it and if there is actually problem cause or reason to look at it so it's basically the system that gets approved by the court not as usual that you say okay there's really that guy that really has some reason that's connected to I don't know IS or whatever and that is kind of the interesting thing that there is court approval but not individualized court approval and that usually makes it rather useless for most of the purposes who is actually making the individual targeting procedure is an NSA officer they have a targeting sheet which is basically a form where they can put in an identifier identifier is typically an IP address email address any kind of like user ID for social network stuff like that and they can type it in they need to kind of put one box where they say why they do that click the button and that targets the person and the data and then there is a big provider so we talk about a couple of hundred thousand accounts per half a year that are targeted and one account may include the data of hundreds of people because if it's the email address of one person you have all the emails that go to that person from other people as well so the numbers are actually quite vast if you think about it then there is a so called directive to the service provider which is the legal order saying you have to kind of give us access to the data then we don't know the details it could be something like an API where they can basically call the data and get it back they say oh we don't see how it's technically actually implemented the law only says you have to do the technical implementation to be able to capture the data but in litigation we ask people that had the security clearances if they are sending letters back and forth between the Silicon Valley and the NSA headquarters and that's for voice over IP not overly likely that that's how it's done so we do assume that there is some kind of API for litigation so litigation wise basically the system was like that if I'm that little Austrian smiley down here I had a contract with Facebook Ireland back then we started all of this for the younger people in the audience like 12, 13 years ago Facebook was cool back then people actually used it but you have exactly the same thing with Instagram now and the likes so you have a contract with actually Facebook Ireland which is an Irish company and this Irish company then sends the data abroad to the US and they have a contract with each other and have to make sure that the data is properly kind of protected in the US otherwise they're not allowed to send the data outside of the EU now they can't really do that because if your data de facto goes on the US server it's going to be surveilled under 12 triple 3 which is in executive order not a lot that I'm not going to go into through upstream and then under FISA and have it somehow end up at the NSA so it's very hard for them to kind of write into a contract that this does not happen because that's simply US law now if you think about why they're so interested in especially Prism or their downstream as they call it that is basically one of the slides where they say that's where there is no SSL encryption anymore we can get the data right there because they have the encryption keys and that is also interesting because a lot of the American companies said oh we're just going to have encryption and they have endless lists of how their data is now secured if you look at it they always just basically talk about the transport part of it and not when it's actually there even Google said yeah there is I'm not the tech person but the A something encryption on their services was like great that's the same thing that my Android phone has but if you have the code and so they try to kind of oftentimes come up with time oh there is encryption and most of the lawyers just hear encryption are like cool encryption but don't talk when where does it actually protect anybody now if you look at the other side at the EU side of the story we basically and most people ignored that ever since 1995 when the first directive came around we had an export prohibition on data so basically the EU says you cannot export data out of the European economic area period as a default rule why is that if you have privacy rules and you just send the data to the next country that doesn't have privacy rules then your whole system doesn't make any sense because you can just move your data out of the protected area or out of the jurisdiction now there isn't a derogation for what I would call necessary transfers so if you have to book a hotel in North Korea you are absolutely fine in booking hotels in North Korea because it's really necessary to send your booking to Pyongyang if you really want to stay there obviously North Korea is probably the country that has the least protections of anything that we could think of but that's fine the GDPR accepts if you really want to go there you have to book your hotel that's fine what's the bigger issue is the outsourcing part so if you don't really need to send data abroad but it's more convenient, cheaper the business is there, whatever happens and for that there are different options to kind of extend GDPR rules to another country how that works is if you think about Switzerland it has a data protection act and we kind of accept that that data protection act is very similar to the European Union and that becomes like a big privacy bubble and we say oh you can just send the data there to the EU law Swiss people may disagree but that's kind of the fundamental idea now if you have a country like the US where there's no data protection act that can also work you can contractually kind of get there it's a bit like if you say I buy organic bananas from some country and they just follow the rules of what organic is in the EU we kind of say okay you're not from an EU country but what you do is still kind of compliant with our rules so we accept it and you can put the bananas in the supermarket that's kind of what we do with so-called standard contractual clauses so that's a contract privacy shield by any corporate rules and so on what this basically does is that an American company signs a contract saying I follow EU law and therefore they're kind of our data is protected contractually that can work sounds like a bit technical but it's from a legal perspective fine if there is a vacuum in another country if the other country just has no rules then you can have a contract over what you're going to do the US is they have these surveillance laws and you cannot contract out of them so basically you have a situation where all these contractual arrangements that all these companies are now pushing and where there's all kind of endless paperwork to sign are going to conflict with American law because if this contract or EU law says you need to have privacy an American law says you have to have surveillance at some point this is not going to work out fundamentally from a lawyer's perspective it's like two trains colliding there's too much law, too law saying the opposite thing you can technically not comply with both at the same time and what the EU is trying to is to put more text or more paper in between the two colliding trains and we can all figure out what happens with the paper it's going to be shredded and that happened at the Court of Justice twice so it's like not too hard to comprehend that if two laws simply or two jurisdictions simply say the opposite thing you cannot contract out of it like there is no way and that is fundamentally what we're doing now since 10 years is to explain that to the European Commission and failing over and over again how did that happen so we ended up at the Court of Justice the Court of Justice is kind of the Supreme Court of the European Union the highest court we have and the case law was kind of interesting because typically when you have fundamental rights we have a so-called proportionality test so they say okay there's a fundamental right the right to privacy for example and then there's a public interest let's say going against criminals there's a public interest and you have to balance these two interests somehow and we do that in a so-called proportionality test which is a four-step test that you go through the first three steps kind of make sense the four step is kind of like a political how far did that go so that's typically where we are and then there is a situation for example for data retention that the member states do over and over again where your cell phone metadata is kept for terrorist prevention which is the whole data retention for a start and spare information we usually ended up in the red zone and the Court of Justice said no you can't do that bit too much now what exists on top of that and that's legal geekism there is a violation of the essence of your fundamental right never happens it's basically if a violation is so massive that they don't even start the proportionality test anymore the only time that exists by law is in torture there's no proportionate torture it's just always banned and what was interesting both of these types of litigation the Court of Justice actually said that the surveillance in the US is so extreme that it's a violation of the essence of fundamental rights they said we're not even starting a proportionality test here anymore this is so outside we're not even going to engage in this discussion and that is very bold from the Court of Justice there is no other judgments other than these two where they have found that so far so the Court is actually quite strong on that for us it was interesting because we argued the violation of the essence when we're there because the case law basically suggested that we never thought the Court of Justice would actually say it so you would sit there in Luxembourg get the judgment you kind of divided up by the lawyers everybody reads a couple of pages and our Irish lawyer was like oh my god we found a violation of the essence which is as a lawyer like woo we found something super crazy because it never existed in case law before and we didn't think ourselves that they would say that but they did so what in the end we now need to have is that you have to if you transfer data abroad you have to have compliance with the GDPR so you have to make sure that the company abroad kind of follows the same rules it doesn't have to be exactly the same and you have to follow the Charter of Fundamental Rights which is kind of the fundamental rights document in the European Union we don't have a bill of rights or constitutional rights we have what they call the contractual rights as kind of the treaties of the European Union it's defect to the constitution we're just not allowed to call it a constitution so what happened with all of that once the first deal which was called Safe Harbor was dead the commission came around the European Commission two or three months later with this wonderful logo and said oh there's a new deal it's called the EU-US Privacy Shield and I was like which graphics person ever anyways and what was interesting was presented in the European Parliament and I asked one of the people at the commission you know how did they end up with this shitty name and the answer of the guy at the commission was like I've never heard that name before it's basically something that the commissioner made up and the PR people this deal doesn't even exist right now so they presented a wonderful deal to the public that didn't actually exist I don't have it in the slides right now but we kind of two weeks later made a freedom of information request in the US a colleague organization did that and they asked for the text of the new deal that was presented in press conferences and so on and the answer they got was that the access request is rejected because the record you requested does not exist they literally presented the deal that simply didn't exist at the time two months later there was actually then the text of the deal and we could actually read it now what was really interesting is the European commission put a lot of PR effort into that and they for example said that the US authorities assured that there's no indiscriminate or mass surveillance by national security authorities that was in all the newspapers then we now have these wonderful assurances now as a lawyer you tend to kind of retext in very much in detail and word by word and I was like assured so basically they just told us that they don't do it and that's kind of like China assured us that there is no secret concentration camps great thanks for the assurance and then the second is like indiscriminate or mass surveillance that term doesn't have a trademark or a definition so once you go into the actual deal you see how this all works out so there's an annex to this European commission decision and on page 4 of this annex you find that there is collection in bulk so we don't have mass or indiscriminate surveillance but we have bulk collection and that is used for 6 purposes that go as far as combating transnational criminal threats and again reading text in detail you don't need a crime you need a threat so if there is some Mexican dude walking along the border with a little bit of cocaine or whatever in his hand that's a threat because if he puts it through the border fence that's a transnational crime because you basically just traffic drugs that's technically enough for a bulk collection and if you then go through the exact details of all of that you realize how the press release is very different if you actually then go into it now if you go not just in what the EU published but actually the source document in the US that word bulk has a little footnote and if you follow that footnote you realize that these limitations only apply if the data is actually processed in bulk in long term if you collect all the data in bulk to then find the needle in the haystack this is not bulk collection this is basically targeted collection for the definition of all of that so if you go from press release layer to layer to layer you realize actually we have all mass surveillance but we have assurances that there isn't any and that is basically how the system works we even ask the evidence that they produced for the court they said oh we have a letter by the US they don't do it so that's the evidence we have as the European Commission and it's to me mind blowing because I mean it's like Russia saying oh we never invaded anybody here's a letter and the Russians told us so what's the problem and that is a bit how technically all of this went down there was also an issue that you couldn't go to any court in the US and they came up with a wonderful solution that there is now a privacy shield on boots person that person at the time and the system was that you would go to your local data protection authority in the EU they would forward the issue to that person they would then internally in the US try to figure out the problem and give you an answer and the wonderful thing is the deal already had the answer pre-described like literally the deal said what you're gonna get as an answer in any case and they would always tell you that the case has been investigated otherwise you wouldn't get an answer second that they either complied the situation but they don't tell you which one so either they complied from the get go or they didn't complied but they remedied the situation there's no answer that they didn't remedied the situation not possible they always remedied the situation and then they would also tell you that they neither confirmed nor deny that there was any surveillance on you and the reason for that is if they would actually tell you there was surveillance on you you would actually have a possibility to get into American courts because in the US there's a stand-in doctrine and it's really hard to get into courts for litigation the ACLU that we work with which is kind of the fundamental rights organization in the US actually litigated the US government and the the US government says you cannot prove that you were actually under surveillance because of all the different hops and networks we surveil there's always one or two that is down and your package could have gone through the one that is actually down so they started litigation I kid you not with Wikimedia to say that's Wikipedia that's one of the most visited web pages ever and the US government still argued it could be that all Wikipedia packages of the last years always went through that one hub and therefore we never captured it that was the one that actually the courts did not accept anymore but for anybody else they basically say oh you can't prove you were actually under surveillance and if they would have basically told you there then you would have a cause of action so this deal was also struck down by the Court of Justice in our second litigation what are the practical consequences and realities that all these kind of transfer deals that are not necessary were actually under threat there is no legal basis to do that anymore if you divide it up it basically means if you I don't know book a hotel or a flight in the US that's fine that's necessary no problem there was a lot of the industry the world is going to go under you can send emails to the US anymore which was other bullshit but it works for just creating drama what is a problem is if you outsource your data to an electronic communication service provider in the US and that also includes servers in the EU so what the big company said is server in Frankfurt wonderful what they did not say is that these American laws do not have a jurisdictional limitation so they basically apply globally to any server that they have access to which is normal same thing in Austria for investigative powers wherever you have access as an authority you can get there the limits in the US is what they call possession custody control so if an American provider can say I cannot physically access the data I simply don't have the keys I gave it to someone else in Europe then they would be out and that would be a possibility that they have a sub organization in the EU that holds the data and the American boss simply doesn't have access to it that would work but when you talk to the big tech companies they're like it costs money it's complicated so that didn't really happen in reality you can still transfer data as a set to a normal company in the US that is not an electronic communication service provider now we basically filed complaints against the biggest websites of the European Union and basically country by country to actually try to enforce this a second judgment and it ended up to be 101 complaints we basically went for google analytics and facebook pixel just because it was easy to find and easy to show and went through public www to find them and because it happened to be 101 we already had our logo there as well and what was interesting is we basically when we went through the companies most of them said sorry we removed it blah blah blah because it was just a facebook pixel and really was easy enough to remove usually the second thing is that they said they did supplementary measures which is basically what was discussed the last couple of years as the big solution and then there is a what they call respace approach to just quickly debunk why that is all bullshit so the supplementary measures there was the idea and it was actually in our submission to the court of justice were the only ones to argue for that that you could find a technical solution for the problem and were like if you find a technical solution you might guess wonderful great one of the arguments for that was okay if you transfer data let's say to I don't know Australia it may go through 100 countries on the way that we really don't trust and if that is end to end encrypted fair enough you could probably work with that and say that's fine same thing as it goes just through the US and just go somewhere else and you may have proper encryption and technical solutions for that now what the industry made out of that is that they basically said oh we have technical stuff like encryption and transit and you can encrypt backups but if you boil down to like a zero-knowledge approach you're almost at no useful scenarios anymore where you can actually use that what the industry then started to say oh we're just going to have contractual stuff contractual is wonderful because you just change some text in terms of conditions and never touch anything anymore and not solve any of the problems and they basically say that they will inform you or resist or try to kind of do anything against surveillance like that prom is not working if the third country law like in the US doesn't allow that so the US already says there is a gag order you're not allowed to talk about the surveillance all of that is in secret blah blah blah so they produce pages and pages of text saying oh if possible we will inform you it's like if possible means it's not possible so you're not going to do that and what we saw is that these big tech companies just generated 30 pages 40 pages of bullshit of all the wonderful supplementary measures that they do and they were literally laughable like some of them are on website you can go through them but nothing that actually from a realistic perspective helps anybody so we went, that's the EDBB that basically confirmed that Facebook was super interesting they had stuff like we have a tech team or a legal team that actually reviews requests and was like I guess so I mean if the police asked for data it would be nice if someone reused that but the law is still you have to give it so what's the point in having that team my favorite one was actually Google they said that they put out the fence around their data center and put a sign on it that was one of the on the list of their supplementary measures I was like yeah I'm sure the NSA is going to be super impressed about that there was a lot of these supplementary measures went around all the authorities in Europe usually told the companies to fuck off with that but a lot of the big tech deciders or the people that you know then buy big products are like oh there's a long list of Microsoft for example that tell us everything's fine so let's just continue as it is and that was kind of what this it was a PR exercise largely and then the funniest one was the so called risk-based approach that is something that the lawyers pulled out of their ass it's basically that in the GDPR there are certain elements where there is a risk element where the law says dependent on the risk you have to do X typical thing is security there is never perfect security but dependent on your risk what you have blah blah blah blah technical developments you have to do what's kind of state of the art usually now they said oh we found that in three articles or four of the GDPR let's say that's a general principle of the law and we just apply risk to everything in the whole law which is just not how law works at all but that was actually put around and argued by a lot of the lawyers to say oh we should write you a piece of paper as the CEO of a company that everything is legal because we now apply a risk-based approach it's like we apply a risk-based approach to murder murder just doesn't exist because it's risk-based that's kind of the thinking behind it that was also rejected by first the Austrian authorities now by a couple of other courts now back to enforcement we tried to kind of get this through as I said we made this 101 complaints was super slow most of the DPAs didn't really want to do anything about it because most of the data protection authorities are like data transfers don't touch it problematic we don't want to kill the internet and there were some cases like in Germany or France where public tenure was a problem so that basically for government for government projects they couldn't use Microsoft anymore because they couldn't comply with the law what's really interesting what's upcoming is non-material damages so theoretically the EU passed a collective redress directive this summer where you can do collective redress meaning summer clogging like where thousands or millions of people can get together and bring a case and that could become interesting if we also have non-material damages so let's say each person whose data was transferred to a country that you don't like where your data goes to ask for 100 euros if you then have let's say I think Facebook has 200 million users if you do the math that becomes really really interesting this is starting now so we're just seeing where that goes down and if there could be more cases in that direction because that will allow people to directly do something and not depend on the authorities to do something so that's kind of on the enforcement side what's up so then after all this drama and the last couple of years the commission came around and presented another wonderful deal now so first we had safe harbor and now we have privacy shield now it's a transatlantic data privacy framework the cool kids call it apparently that's now what's all over twitter and and the story of that was there was basically one and a half years of negotiations to European commission said no deal the Americans don't move how should we ever solve the problem and then these two guys got together over a coffee and suddenly solved all the legal problems in a heartbeat and the background was that after the invasion of Ukraine the US literally apparently what I was told was coming up the next day and said we now need to show everybody that we love each other and how better to show each other that we love each other than having a wonderful conference or press conference where that dude says you can get natural gas from the US and that person says you can get our data and that seems to have been the political logic of the new deal same thing again there was no text it was on the headlines same procedure as last time and what was interesting is that they basically then produced a paper about a year later and what they do is just spam everybody with tons of paper and I talked to lawyers that give presentations and explain that this is now the wonderful new deal and everything's fine no one the fuck has read these papers none of these lawyers that sit there that I've talked to has ever read that shit in detail now I'm the unlucky person that actually read stuff in detail and so if you go through it basically what they do is that they have these commercial principles so the commercial principles tell you what the companies can do with the data and these principles are still the old safe harbor then privacy issue principles now taught principles that still be are based on the privacy laws we had in the 1990s in Europe so not GDPR the old directive and the interesting thing is the updated them now and industry organization US has shown the updates so on the core principles they added us twice in here and the footnote on the first two pages second and third page no change at all and the last page they added that there could be other enforcement than the other two than the authorities that right now exist they are not foreseen it's just like an option to do that in the future that's the big upgrade to the new core principles now if you compare these core principles with the GDPR in the you usually need consent or another legal basis there are six different legal basis in the American system you only need to have an up doubt if you share the data with someone else or if you change the purpose of the processing now here basically they have to ask you for example for a consent and say do you want that or not in the US system that's usually a sub sub sub process so someone far down chain and down in the processing chain some company that you've never heard you just know kind of the front the front page of something and they have I don't know 20 companies in the US that do some shit this sub sub sub company has to offer an opt out on their website for these two purposes no one in the world ever knows that their data goes to that company no one ever checks that no one ever goes to the website and then clicks the opt out so basically what that means is you can do whatever the fuck you want to do with data and still be certified as fully compliant with EU law which is amazing because even on the commercial side we allow these companies to do much more with data than our own same thing is usually we need data to be necessary there it only has to be relevant which is a legal difference but it basically means as long as there are some relevance for what you're doing you can use the data necessary really needs you absolutely need the data which allows you suddenly to kind of store as double the amount that you would be allowed to store otherwise typically in the EU you have full access you would get access to all your data there is very limited access to all of that and dot dot dot there's a hundred other of these now on the government surveillance side there is now a new executive order quickly what is an executive order we all know that trump had his wonderful sharpie and put stuff up in the cameras and said oh I signed something that is an executive order and an executive order is an internal an internal rule by the government that is not a law so it's like your boss telling you do A not B that's not a law your customers cannot sue you over it no one else can sue you it's an internal order and that is the same thing with an executive order so they have rules on saying do this on surveillance don't do the other on surveillance but if they break it as a person that whose data got illegally surveilled you have no right to actually go against it it's basically your boss said something you didn't do it but that's an internal problem nothing that you can rely on and that is an executive order the reason why the US uses that a lot now is because their executive order is very broken they can't even pass the budget anymore so it's very hard to pass any law so they try to kind of manage the whole country with these executive orders but for the purposes of surveillance not really helpful because you don't have any rights under it now they said oh there's this wonderful new executive order that is now signed by Biden what they did not say is the new executive order is 14086 that actually there was a PPD 28 which is also an executive order from Obama that literally had now the commission runs around again saying oh there is this executive order with all these limitations and so wonderful and all great and all new the reality is you find almost all these limitations in the old PPD 28 that was already at the court of justice and the court of justice already said that's not enough so it's reformulated same shit and we run it through the court another time around there are some differences so the there's largely the same limitations they're slightly clearer languages in the new executive order but there's for example also additional reasons for mass surveillance so for example for health crisis that's what they added after corona or for climate change so they can now I don't I have no fucking clue what how they surveilled people and then help climate change I don't know but maybe everybody found on the left found that cool I don't know but that's now in so it's not that there is more protections there's also parts where there's actually more surveillance in it and the commission usually runs around and say oh it's better it's I think generally a bit in the right direction but it's like if the court of justice had put up a fence and the fence is now two millimeters instead of one millimeter yeah it's higher but it doesn't really fend off anybody and that is kind of what they did what was really interesting is they now added the word proportionate to US law and that would be a huge game changer and that was the main thing that they put out in the press releases and the problem with that is the following and unfortunately we had to convert the presentation so you don't see the full effect of this imagine the lower thing is not there for theatric reasons and what they basically said in America and the European system is that FISA and prism surveillance is a violation of the essence of your fundamental rights so it's not even proportionate at the same time the US says to continue this violation this processing of data this surveillance not going to change any of it but it's also now going to be proportionate and this you cannot square like this is technically not you cannot technically square it and the solution that they did is that they basically just said there is an American definition of proportionality which is just going to be shifted so far over that we can agree on the word we both agree on the word proportionality but then the definition is going to be different this is now the latest solution to the problem and it works well because the European Commission can say oh they now have a proportionate surveillance system and the US can say yeah sure proportionate but just our proportionate so everybody can walk off and everybody can be happily ever after and we can go back to the Court of Justice with that slide and the judges are probably going to be like in which fucking film am I in but that is basically what what they're doing now then they were unhappy the Court of Justice about this Ombudsperson and I actually brought some stuff for you here I usually forget to bring it they basically now replace the Ombudsperson with a CELPO I forgot what the acronym is for but it's basically another dude that does the same thing there should be no animation that we don't have and gives you exactly the same answer and the funny thing is as with the old answer is exactly the same one that I mentioned before you can get that back now if you're unhappy with that you can go to the Court which is a second instance it's not a real Court and it is actually also an executive body that they just called Court and it's amazing because the US has a definition of what a Court is and you need a law to establish a Court it's not a Court it's what you can call an independent tribunal something like that but the EU insisted it has to be called Court so this thing now got a new name it's now a Court but it does exactly the same exercise that you have before a second time around and you will get exactly the same answer a second time around but therefore you have an appeal and someone asked what are you going to write in your appeal because in the first instance this system here you don't know anything why you got that answer you never heard you have no reason to say this decision is wrong because you were absolutely excluded from the procedure you just filed something with your DPA and five months later you get this or ten months later and they said oh if you appeal you don't have to argue your appeal you just have to write I appeal because you cannot argue your appeal because you don't know anything about the procedure so it's the most puppet thing the world has ever seen and because we thought it's funny we basically took that exact wording and put it on a stamp so if you want to have your judgment anytime soon you can get the stamps here you can have the first instance and the second instance this is your judicial approval and your kind of judicial redress anybody that wants stamps here the lawyers love it I don't know if the tech people love it that much but the lawyers find this the most amazing thing ever okay and then there's a lot of technical shit with all of that for example this whole new deal only applies for data that was transferred from the EU to the US under one of these deals after July of this year now that means if you process data or transfer data before that date you would actually have to get it back to the European Union and then send it to the US a second time around to actually even fall under the definition of the time application of this whole deal so technically I don't know my Facebook Instagram data would have to be removed and then send it back to the EU then send back to the US so that you fall under the definition of this executive order because the executive order does not apply to anything that happened before this summer so a lot of that stuff is in reality just laughable and you just wonder how you can ever get there now what's the short-term solution my problem is usually with NOIB we do a lot we have more than 800 cases and usually we explain to people that's how you fix the privacy problem and everything is fine we don't have a fix for it we can't change US law, we can't change European law but if we think about solutions a little bit the short-term is this is going to be ping-pong, get back to the court of justice and probably be destroyed again in two years and then we are back at square one and we do the whole exercise another time around long-term what could be the solutions so I think what we need to talk about in the long run and there is a part of the executive order that has that in it is kind of what they call a no spy agreement so if we now have a globalized internet country only protects their own people your data is typically not protected 99% of the time when it's somewhere not in your own country which is typically where your data is in most of the situations that we have today so one option is that at least among the democratic countries in the world we come around with a kind of no spy agreement where we say okay we have baseline guarantees, they're all the same and it's independent of citizenship would be very logical and actually the executive order has an element of that in it because it says it only applies to the EU if the EU also gives these rights to Americans which fair enough I think that's a fair proposition but if you do that both ways at a certain point you would end up at a no spy situation where basically countries grant these rights to each other and that could allow data transfers again the reality is right now in the US that's politically almost impossible if you talk with anybody in Washington they say if I grant rights to foreigners I get voted out of office I get voted into office if I take away rights from foreigners that's how politics works this could only work if the industry is really pushing for it to say okay if we need to process data and we need to do our shit we need to solve this legal problem here and that is basically how such an agreement could come around let's say in 20 years I think that could be an option now the cheapest option would be that the US would just put 20 judges there then we wouldn't have to worry about all that stuff we wouldn't have to pay lawyers for all this kind of crazy stuff but that says as I said politically also unlikely to happen in the meantime what's going to happen more I guess is that we have the segregation where basically data is just held in the European Union and we have some data holder here that is not directly accessible from the US not a big fan of that I'm personally more of a globalist where we just should have free data flows and proper regulations but for the time being that's probably what we're going to see more for companies that actually want to comply with all of that so not the perfect solution but at least the in-between solution and we will see last sentence on that data much more because right now this is a conflict of law debate about privacy but we will have similar conflict of law debates in other areas typical example is freedom of speech in Austria and Germany or as in France the denial of the Holocaust is a crime that's not going to change anytime soon in the US that's freedom of speech how as a company do you comply with both rules at the same time so you will have more and more and more of that because the different countries try to regulate the internet more we see new laws passed every year on the internet and there is no jurisdictional rules on that so we will see these conflicts we're probably the first ones here with the privacy debate but we will see similar conflicts in many other areas of the law so we will have more and more of a discussion of which jurisdiction is your data in what is the one that you want to comply with or not and you will not be able to comply with 200 because I mean you probably don't want to comply with certain rules of this world so I hope that was useful I know it was a bit deep dive legal stuff but it may be useful to get a bit of background of these issues and thanks a lot and I think we have some time for discussion now as well and I was told they need a couple of minutes to put chairs up and so on so for the time that we need for that if you have any questions we can do that right now as I understood thanks thanks a lot and if anybody is interested here and I added some legal conference I mean lawyers are usually very dull and I'm the one person not wearing like a suit but they came up with like all these stamps like as if they have been on a club or something it was really amazing well thank you very much that was super enlightening I would say especially I'm from Canada as a North American we kind of look at EU privacy laws I think kind of as a target and yet there are a few issues out there one question I have while we're collecting questions from the audience given that you're an expert in EU law as it relates to US law I'm curious how you feel about that's not even solved yet you've been working on it for quite a long time yet we have more than a few countries all over the world so how do you see these efforts that you're doing especially with maybe being an example for other countries in the world and how do we deal with all the permutations yeah so a couple of questions there at the same time so we have a huge enforcement issue in the European Union and that's especially with the data protection authorities and as a lawyer it's a weird bubble you're in like typically if someone parks in the wrong spot they get a ticket goodbye if you are in the legal bubble for GDPR you're at conferences where like yeah you know it would be really interesting if we would do something about that I literally had that with a head of a DPA that told me wouldn't it be funny if we would actually enforce all of that over dinner and I was like that's like the drug police say wouldn't it be funny if we would do something about fucking crack and this is a bubble of where even as a lawyer you're sometimes wondering which bubble you're in so that's I think the first part secondly what we see is we have I think about 70 countries globally that follow more or less the European system cannot be one of them so even the US is kind of squeezed in like Mexico is basically following a similar GDPR type of law Canada does Canada also has an adequacy decision for that so I think in the long run this typical system that we have is going to spread out in more countries globally and will become the standard what's going to be a huge problem is divergence different countries different laws biggest issue right now the US itself because the 50 different states started to have privacy laws so there is now a privacy law in I think Illinois for biometrics but only for biometrics then there is one for that and this is going to be unmanageable at some point so we'll at some point have to come to an international consensus on how we do deal with that and the effect I think the European system is very logical structured and more or less a system that is similar to that would probably work in the long run however each country is free to decide what they do so that will be interesting how all of that moves along and how that interconnects and I think what's really important is to have a systematic approach because this is technically not feasible you can't comply like write code for 50 different jurisdictions and still keep that separate and follow all of these rules it's just I think for economic reasons not really sensible and the biggest issue then is that we actually I should move over to get this okay yeah and the biggest issue is that we also get that enforced in the end because that's our big concern in Europe like five years after the GDPR they now started having a couple of bigger fines and the DPA is basically put out one big fine every two or three months to say oh we did something look at it but in our case we have more than 800 cases and at certain jurisdictions 99% of the complaints are simply not dealt with so you have a fundamental right to privacy you claim it and then 99% of the time they tell you not for you and I sometimes joke it's like a right to vote but 99% of the time there's no voting booth then you don't really have a right to vote and that is where we see that the culture hasn't changed with the GDPR so the legislator said big fines big enforcement heavy serious that was more than 90% in the European Parliament so it's interesting because of very strong political backing all the member states voted for it other than Austria my home country because we thought it's not strict enough for whatever reason and but everybody backed it but now the executive is simply not enforcing it and that is that is an interesting political situation where democracy doesn't work that well anymore if there's a political consensus and then the authorities just don't do it I hope that's somehow useful we now got the chairs it's amazing choose your favorite do we have any audience questions do we have a microphone that we can sure yes hi you spoke on the separation between data of US citizens and non US citizens how does that work if that data is mixed so let's say I have a conversation with a friend that is a US citizen is the NSA allowed to listen to half the conversation so basically whenever there is any American involved it kind of falls under all of these rules the world's litigation on that because they were technically partly not able to properly do that and that is then litigated in the US so if it's like oh this tiny little bit of an American conversation was in the system that's a case other people in the system not a case because you don't have rights under the fourth amendment all right thank you if I remember correctly the GDPR says that you should not collect more data than absolutely necessary to fulfill the purpose now I'm wondering with Sim Altman I think some people know about him and he's really big in this new thing called World App where you can create like an authentication system called proof of personhood so you only sign up and then you know it's a proof of person but why do all these platforms need to know that I am me actually and this would be like the lowest level of actual necessary data why go anywhere beyond that typically you can litigate that if you have cases like that the other concept that goes in is privacy by design it's kind of to already build a system to have minimum information I had a very simplified again I'm not a tech person I had four years of programming in high school and the there are situations like that that we for example have in Austria at least with EID which is its own issue but for example it allows to show that you're above 18 or not if a company needs to know you're above 18 because you buy tobacco or whatever they don't need to know your ID your name your birth date and so on they just need to know above 18 or not and that can be solutions where that technically is doable and that can also be litigated because you have to ask why is the system designed to give I don't know 20 fields if you only just need a binary yes or no and that would be the proper design then so I could sue the company for your collecting more data than you actually need typically you could if you have a good case on that and you have to show that in the individual case that was not necessary how easy is that not overly easy to give you an example the litigation the shrimps to litigation in Ireland cost 10 million euros what and I was personally liable if I would have lost the next thing I check this there is no enforcement agreement between Ireland and Austria so I was like I'm just not going to have a summer house I guess but that's the reality that also the the court system and the political system and all of that in certain member states is extremely shitty in Ireland to bring a case generally you have to calculate about 100,000 euros and we got from winning at 1.3 million back for our legal fees because the whole legal system is so slow and so complicated that you just need a lot of hours by lawyers to kind of be put in to give an example in Austria and appeal cost 30 euros and so you have like extreme differences and that's to a large extent what we do at NOIB is to try to find these differences and use them because they basically go to Ireland because they know it's almost impossible to litigate they know they don't pay taxes there so they basically choose a jurisdiction as a company like we can choose a jurisdiction as citizens let's bring it in a country that's where the legal system actually works and that is also possible the other way around so that's what we call strategic litigation it's very complicated and especially in the EU it's very complicated because you have all the different languages, legal systems and so on it's immense and we're just scratching the surface but there's a lot of efficiency in it because we run on donations like everything we do is donated money and I have the feeling if someone donates as money that I'd rather put it somewhere where I get a lot from 30 euros than it's its own story I could do a whole day on that now I think we'll take one more question but we do have to set up for the panel discussion and I think these topics will really just continue during that discussion so I think we'll bring the mic over here Hi Max first of all thanks for everything you did for us that's really absolutely fantastic I'm also in the I'm also a certified board commissioner of the European association of data protection commissioners in the working healthcare area what you just said triggered something in me well actually what you said the US authorities are not allowed to spy on US citizens so coming from legal point of view wouldn't it be just simply the solution to add one US citizen to your database and then sue them in the US that's exactly where these target minimization procedures come in so they have to have a procedure to separate them in the database or in the data stream in reality and that is partly why the system works they have thought about that that's the whole part of this thing that they have to get certified to show to the court that they do exactly this thing right not much more but that's the one thing but nice try okay you've chosen your favorite chair do you want to try the others I think we'll enjoy our other panelists to come join us Catherine Fritsch is going to join us also I think choose your favorite chair and Daphne Muller will also join us what's my favorite chair here hello hey there first of all can we get a round of applause for our panelists and also Max thanks for everything you visited in the last 40 minutes that was really fascinating I'm hoping that we can in this panel session use the expertise of our three panelists and kind of blend them together see the areas that they overlap maybe we can explore the areas where they don't and the idea is to use our theme transparency and together to kind of use that to navigate these topics some of you will be experts in certain topics that we talk about maybe there are questions we can't answer and I think that's really okay the idea is to blend our ideas together ask the tough questions and see where we end up now I think Catherine it's worth having an introduction to present you you are here today thank you for joining us and you're also doing a keynote tomorrow so thank you for that as well Catherine is a technology and climate researcher a consultant as well senior program manager at the green web foundation which we'll hear much more about tomorrow a chair of epicenter works an Austrian digital rights organization doing I would imagine really amazing work so thank you for that co-founder and also co-led an institute for digital culture co-initiator of feminist futures doing important work there as well and nominated for the Forbes 30 under 30 list which is extremely prestigious so thank you for being here we really appreciate it thanks for the invitation Daphna Muller is also here we're lucky to be friends which is great and Daphna is part of the next cloud team as well and we're very lucky to have her as manager of alliances and ecosystem and support she's doing amazing work with our team so thank you Daphna you are also a researcher on the future of technology its impacts on society and the industry the technology industry with a special focus on privacy so extremely important work as well you've had several publications in that area which is really amazing also Daphna is a speaker at TEDx if you look up her talk it is very enlightening so I would definitely recommend you have a look there it's about data privacy and platform capitalism and how those two collide so all of you thank you for being here now I think I have a few rules I think the rules would be no topic is off the books but we all have our interests and also our expertise but feel free to dive in wherever you'd like the idea is to be less structured and more weave our way through the conversation and ask the hard questions so if you want to speak feel free to indicate to me or just go for it if it feels natural and I would encourage everyone on our instance if you want to have some discussions there maybe we said something interesting please continue to have that chat on the next cloud instance for the conference we would encourage that now I wanted to start with trust, transparency and togetherness which is our theme and I wanted to use artificial intelligence kind of as a jumping off point just to ask some hard questions because I think artificial intelligence is an area where all of these questions are coming up we're asking questions like environmental impact privacy clearly is an implication that we've been talking about but I think when I say trust, transparency and together in that area I'm curious from the three of you what immediately comes to mind or to heart even what passionately just kind of comes up in you so Katrin maybe we can start with you you mean about the keywords transparency and together well from an kind of climate few transparency has become a really big topic with tech particularly when we look at CO2 emissions of AI for example and how to report those so this is a really big area that is still kind of under researched and where I see a lot of potential that's coming to mind to transparency however I also observe that transparency definitely is not enough I would also encourage to for example ask questions around democracy or equity in tech that is just some other kind of perspectives that like transparency is a part of it but it's not only transparency that's going to make technology more equitable so I think when it comes to questions of trust it's also basically thinking who trusts into technology who can afford to trust into current technologies and we've seen in the history of technology specifically also if we look at AI that there has been a lot of discrimination a lot of favouring of certain people and a lot of pushing away of marginalised people so I think also when it comes to trust I'm curious about asking who trusts into whom and from whom And do you feel like that trust is a bit of a privilege that it's not afforded to everyone? Definitely, yes, that's my question Any ideas on what we can do about that I guess Well, that's where transparency obviously comes in but also the question around accountability so who is held accountable for example for data breaches privacy violations etc and then also really looking into the bigger system so you were talking about the US quite a lot so if the democratic system is kind of falling apart then obviously this is also a big issue so that's been one of the themes that kind of reoccurred in my work throughout the last years was really to ask I'm more coming from the digital human rights field I worked a lot with NetsPolitik.org and really to ground these conversations also into bigger conversations around democracy and justice that's part of my work and we can explore that more Max, trust, transparency together, does that bring up any anger or maybe passion in you? I have to say sorry right away I'm typing my notes down on my phone because I had that sometimes so people were like he's texting while he's on the stage I'm not I'm just remembering that's usually my biggest issue so for me I'm taking very much like my privacy hat here I'm probably the wrong person for the big stories sometimes but I think transparency always triggers me a lot in the sense of that that's kind of a wishful solution to a lot of issues it's like put a bigger sticker on it and that's what we see at least in the privacy bubble is like the transparency usually boils down to just have a longer policy that says we may do even more stuff with your data but it doesn't really solve the problem my favorite example is in it's kind of what the US calls notice and choice principles there's a big notice and then your choice is take it or fuck off and my favorite example is in California there's usually a law that you have to put anything that has cancerous material in it have a big sticker on it and there's even a sticker on Disneyland in California apparently I found the picture once but that doesn't really solve it so transparency is really interesting to see what's going on but typically only like real experts of people that I really have the time have the time to really go through that transparency and make use of it the bigger issue is how do we then solve it so transparency for me is always a bit of a trigger word of like have solution potentially and I think trusting together and as I would just say two things in combination what's at least from a privacy perspective really interesting is we need to be able to share data with other people we need to have a trust part or also the togetherness part because there is often times an answer especially in the tech community is how can we just segregate it wall it off have a technical solution to it and that partly makes a lot of sense but partly we also want to share with other people we need to have a contract somewhere interact with other people and that is usually in a developed society only possible if you have good trust you can say I can give you my most secret stuff and that's a very high level of solving issues but that is probably what in the long run we want to have not easy and not simple but we usually for example mostly trust banks that they don't run away with our money tomorrow maybe in two months but there is a certain level where our interaction only works on trust and I think that is interesting how we can develop that further and that can partly also be technical that basically for example I can see proof actually happening in a way that they promise because I have some code that shows that to me that is the end of what I am going to say on that hope that is useful one of the challenges I have with trust is that we give a simplified example of trusting if I am trying to have a conversation with you we trust each other and that is okay but the reality is the trust as you explored goes through many many many entities how do you trust the entire thing well that is a challenge I think however we usually overcame that in let's say developed societies largely so I usually make an example if I go and I see a train back to Vienna I do not trust that it runs on time if it is in Japan but I do trust that it doesn't derail instantly and I have enough trust that some engineers somewhere in some role manage that without me ever checking it and I think we do that in most stuff like no one checked if this place is built up to the building code but we kind of trust it doesn't fall on our heads even though there is a lot of concrete above us we usually do have that trust in a lot of areas I think in a tech bubble we have a way a long way to go there partly but in most other areas of the law we manage that trust and there is with new technology that was always an issue like if you look at the history of law whenever a new technology came around there was first distrust and also misuse some problems and things that didn't work at the beginning but usually the more that matures the more the trust is building up gradually and we have to say with a lot of these discussions we are having we are at the fucking beginning like it's like industrial revolution ten years in and you know yeah we had some workers lost but no one trusted them either now a hundred years later we have some feeling that usually you get your paycheck at the end of the month that built up and I think we have to be a bit like positive on that as well even though we usually deal with all the shit that doesn't work but you have to remember where you are on that timeline that you're still at the very beginning definitely any thoughts on trust, transparency and togetherness I think products developed by the computer science industry most users will have absolutely no reason to trust most of them there's just no discussion about it I was attracted to open source and next cloud because I was wondering what it would be like to be surrounded in an environment where people actually have values because that doesn't exist elsewhere no so why should we trust it I don't know not whether you think no but I think maybe that's something that's unique in the open source communities that we exist in is you have to build trust often these are complete strangers that you're working with on things you're passionate about and it takes a while to build up that trust and like I have friends I've worked with but I don't even know their names that's surprisingly okay just to put it in we have all our legal shit in the next cloud and we had a discussion at the beginning can we trust that open source thing that no one of us has read every line either and in reality as a user you just trust that some of you guys have checked on each other and it somehow works PS sometimes it doesn't this is not a live bug report exactly, but that is largely what you do as a user as well because these are people that are well-intentioned that did the best that they could and if there's a mistake because it's open source someone else would find out that's exactly that trust model you have and no one has checked that from our side either I mean we do have a second wall around it to be honest but that is like the level where we felt okay that works for us, that's okay but that's trust we have in your daily work as well because if you guys would distrust each other nothing of that would ever happen and there has to be all that trust in a way deep it's important to take moments to really take it in you know Katrin I feel like you've been writing notes I see so would you like to jump in? No I was just thinking it's a bit like infrastructural like once it doesn't work you actually realize oh damn it doesn't work so it's like kind of invisible but then when it breaks like you trust into like you trust like a train system for example you kind of trust it but then once it doesn't work that's actually when we realize how important it is and a lot of it is extremely cultural I mean I studied in the US twice and part of it is that I love the US to death it's kind of my to me kind of the second place where I feel home but there is a very different culture in trusting for example and even within the US I was first in south of Florida where everybody is Republican and everybody goes to church and everybody is Baptist but in that bubble they trust each other as well because the fabric is then church and religion and so on and while we usually have more trust in government more trust in regulation, more trust in okay I can go in somewhere it's not going to fall apart that trust you don't have that much a typical example is when you repair a car in the US no one ever checked if that repair guy knows what they are doing and you need to go through I don't know 100 certifications and 5 years of training to be able to do something on your car but in the US I needed all these different platforms to figure out can I actually trust that guy to repair my car that it doesn't fall apart because there is no tiff, there is no any kind of like approval and transaction wise it's easier for me to just go to any place and know that the guy that's there actually knows what they're doing and I think that is interesting how we organize trust in societies, how we have that also in certain areas and other areas not and I think that probably plays out in a lot of that stuff in reality and there are different reasons or different arguments for different ways of doing it but parts of it, especially trust is extremely cultural if you're in a society where you fundamentally distrust each other best example we had an exchange student from Argentina she was 18 and she wouldn't walk in Salisbury the smallest town ever seen for 15 minutes at night because she was always told she's going to be molested whatever at night she was crying the first time she was at night out there because she learned you distrust society you distrust anybody out on the street that's the way you were brought up which in Austria like oh let's just do everything's going to be fine I think that's extremely interesting how that's different per culture per bubble and so on now I shut up well I feel like often for us citizens of the internet that's often the approach that we should be taking which is distrust everyone until you have a few organizations that maybe you can trust and they introduce you to other organizations or people that you can trust so it's an interesting one I also wanted to bring it a big bit back to the era of the climate crisis where a lot of these infrastructures like particularly if we look at the internet and digital infrastructures a lot of the times they've just become monocultures I think this audience know what I'm talking about so for example in certain environmental disasters often these infrastructures fall apart there's this great example from Hurricane Katharina where like people did not have any access to internet anymore except for this one small community of an open source internet network that was still able to be resilient in this time and they were the only ones who still had internet access so I think that's a really interesting example also to kind of bring it back to times of crisis how can we also build these smaller open source alternatives that might be more resilient than these big tech alternatives to kind of also be more resilient and prepared for all the different disasters that we're facing you really hit me with the word monoculture I have some passions local farming and such but it occurred to me just then when you said it that we can approach the internet and the tech industry with that idea of monoculture as well because we're seeing that sort of playing out where you have four or five, six very very very large monocultures of tech businesses and Daphne I know you have maybe some opinions on whether that's good for society maybe there are some challenges there that we need to address but mostly like is innovation worth the societal cost in the particular model that we have currently I'm breaking the microphone by touching it so the question was does innovation is a kind of balanced in the monoculture is that what you tried to ask yeah monoculture I think at least or proved me wrong is a bit of a result of the capitalistic system and how it's been set up currently and so the question becomes well should we keep going in that direction? No and so where should we be headed? we had a discussion not I was waiting for the one person saying yes right now we had a discussion you and I not so long ago about Microsoft investments in open AI and yeah it's not really a surprise to me that they are doing that for example I have a strange fascination to the acquisitions of Google because I figured out that Google or in other terms Alphabet doesn't really do a lot of innovation on their own so I was wondering what those 300,000 engineers are doing all day they bought most of their major successes such as YouTube, Android they bought Quick Office which is now Google Docs they even bought their advertising technology which they earn all their money with called Double Click so if Google would have not acquired any other company they would have not been much more than a search engine and a very good knockoff from Hotmail so every time when my colleagues are worried about competition coming from Big Tech they are just a search engine with a knockoff from Hotmail and that we also don't have to be too worried about Microsoft for the same time because their investments in open AI are not a surprise given their business strategy they actually bought Hotmail they also bought LinkedIn, GitHub they bought Skype which is now Microsoft Teams they buy a lot of different companies they actually also buy Powerpoint did anyone know that? they didn't invent Powerpoint so it's not a surprise to me that platform capitalism is functioning in this way what about I'm curious too about the environmental impact as it relates to this centralization you have all the information going to one place now we've explored the problems with that from a political point of view but Katja and I'm curious from an environmental perspective can we do better with decentralized solutions is that a better option or are there solutions that you're exploring that we should be thinking about? yeah so at the moment you can't generalize that decentralized solutions are definitely gonna look at carbon emissions now specifically that they're gonna have less impact simply because we don't have the data on it like there has not been done enough research but if we like go back to the topic of AI on the one side it's really good that we have these AI technologies because they kind of help us understand the massiveness of the biodiversity crisis of the environmental crisis so like these models can definitely help us in understanding these crisis but at the same time especially in the tech industry at Korean Web Foundation we work a lot with developers and technologists a lot of people are just not aware how much of a carbon impact for example the internet has or AI has so it's around 2-3% of global emissions are only from digital infrastructure which basically means that it's bigger than the entire aviation industry so it's a lot are you saying we should stop flying or that we should stop using AI yeah I can I can't give you this advice really but I also don't think it's always the best solution to base it on like individual users you know like these individual perspectives we had it as well with plastic where you're like if you don't take this one plastic bag at the supermarket you're really going to contribute to you know making the world a better place while we have these massive fossil fuel companies that are just emitting so much more than like single people I think we have to have both approaches so it's not like individual versus the whole society or politics but like it has to be in conversation basically but what we're definitely seeing is that there's a really growing interest into this topic on digital sustainability but also that there's clearly a lack of data so that's one of the big topics that we're trying to work on for me there's an interesting connection between what you say about AI potentially helping to understand the massiveness of the societal issues while also the tendency that this exact solution will actually contribute to climate change in the first place and I find that such an ironic train of thought because in many different industries AI is supposed to be magic and help to solve societal problems while actually they are causing those same problems that they are solving or claiming to solve they don't solve it and I'm arguing way too often with climate researchers about yeah but AI will help climate change I say AI is causing climate change come on in the Netherlands in 2019 the data centers were already using three times more electricity than the trains how is this going to help come on I think part of the question there also becomes what's the greater societal value of each the train system versus AI and I think often with technology we don't really know right you have a question it's important to ask what might the near future hold with these technologies okay we're fumbling a little bit because we're brand new at this whole AI thing and we know we can do better but obviously there's a lot of work to do you have a question well actually what you just said it triggered something in me when you said the word decentralization well actually if you can decentralize the energy supply which is a good way to it and if you have like decentralized AI I mean look at this here I mean if you connect these things together then AI doesn't have to be a real environmental problem in the end probably yeah definitely I agree with you we just don't have the data that's it's an interesting thought and I agree with you I just think we still need a lot more research in these areas but definitely decentralization of energy is one yes exactly I'm curious for each of you in your area of expertise do you see awareness increasing like are more people who aren't necessarily nerds and technical folks in our audience do you see generally that awareness of the problems is increasing and that there's a desire for solutions is also kind of seeing some momentum I may quickly add to what you just said before I think what's really interesting is this responsibility shift in the sense of like you're in charge of a plastic bag it's not the plastic industry and we have the same thing in the privacy bubble where it worked really well to say oh you are in charge of where your data is and you should like you know have your little bunker in your basement where you keep all your data and otherwise you know you're in charge of what you're doing by the industries to shift responsibility from the ones that actually have power over something to the ones that actually don't and it's amazing to me because in Austria you still have to study Roman law from 2000 years ago and one of the principles ever since 2000 years is if you have power over something you also be at a responsibility of that shit and so it's like if you write the code you're responsible for what it does and not someone else that uses it so I think that's the awareness part and that's kind of what I mentioned before about transparency we do see in the privacy bubble definitely more awareness like people do feel that something is weird and there's something going on my favorite example is we get that I think every two weeks we have some journalists saying I have this case where someone was listened to in their conversation and blah blah blah are they all spying on our microphones it's like no they're spying on everything around you so they can already predict what you said yesterday which is even more creepy but there is this feeling that something is wrong but people will have a hard time to explain it and really know how it works in detail and that gets back to the awareness part I think we need general awareness we need people generally agree that we need to move stuff but that is different from detailed awareness and I can tell you we work on Facebook for 10 years I don't know the fuck how this is working in detail and we even got like the raw data at some point but I don't even think that Facebook engineers fully know how this system is working because they just do their little thing there so it's hard to just then basically on the awareness part I think we need to stay on a very high level to make it comprehensible for people to make it understandable and not worry too much in the sense of people work for 8 or 10 hours a day go home and not going to want to worry about open source environmental impact of their train trip privacy and you know the other 20,000 things that exist and we need to kind of really decide that we are generally aware of the societal solutions to that with experts that know what they're doing in that area I think that's how we ever overcame any kind of bigger issues that's how we overcame I don't know electricity working it's not like everybody understands how electric fittings work it's just they understand there's a plug and it comes from somewhere and leave it at that and if it sparkles you probably don't touch it and I think that's cool and I think that's also how in all these other areas we need to get to I hope that's somehow useful it sounds like you're that abstraction done well is good for everyone and Daphne I mentioned are you seeing extra awareness in the field of maybe the academic field and are you seeing those ideas translated to everyday people who have extra awareness is there movement in helpful places or just kind of stale it's kind of fun to observe also a little bit from the outside I'm working in industry because on the one end critique on AI and privacy has always been there since I am studying the field where the industry is trying to emphasize on the narrative that AI is magic and it will become so intelligent that it will take over mankind the academics say well we don't fall into that trap maybe we should focus on the present day problems that are more concrete like discrimination or climate change and they kind of argue that this narrative of AI will take over the world is taking the attention away from the real problems that are more likely to happen now there are some developments in academics but when I got interested in AI FX for work I called my favorite professor Denay he's sitting over there and I asked him what's going on with AI FX and conveniently he just did a literature review on that and the first sentence was well I'm sorry this is hopeless all the frameworks are hopelessly high level there are some toolkits but they are behind paywalls so the papers are basically advertising papers for a paywall tool none of these methods are ever peer reviewed or tried in a follow up study so they were pretty useless for me as a practitioner in the industry and then we discussed quite lengthy why this was the case and we think it's the case because academics seem scared of just becoming concrete about what is an acceptable application of AI and what is simply not an acceptable application of AI they don't want to make up their minds and that's possibly because many academics also believe in the narrative that limiting developments in AI is somehow dangerous because it would limit technological progress and of course if you limit technological progress then you must certainly limit human progress which is a connection that is not necessarily true it sounds like there are some similarities and one definite just mentioned with Max the sort of challenges you're seeing in law as well where they said they wrote a thing and yet it's in some cases not even there at all or so broad that it's not useful in law it's probably different per area we usually assume that people generally follow the law that doesn't mean that they always follow the law unless you have an absolute state, a total surveillance state people will always not follow the law 100% and that's fair, that's part of society and sometimes people over follow the law you still had to do military service so I opted out that I was an ambulance driver I don't have much respect for red lights anymore when you go around the city and then you realize people are in the middle of the night at an intersection where there's no traffic whatsoever, they sit in their car in front of a red light and stop for no good reason because nothing is around there, no one cares but we still have this inner feeling of that's a rule, we have to follow the laws and someone actually running a red light would probably die internally for realistic reason the other way around if it actually comes to following hundreds of other rules people don't feel that's that important and that's okay what's interesting in the privacy field and especially in the digital field is that this Silicon Valley approach of move fast and break things just got so intensive and I was studying California for half a year in Silicon Valley actually at a small university we were taught in school to kind of think about how likely is it that you're going to be caught how likely is it that there's going to be a consequence how much money can you make with that that was simply the thinking and it's economically making a lot of sense but as a reaction we need kind of much fiercer enforcement which I'm not a fan of I'm a fan of a government that doesn't look into everything and enforces everything a hundred times and that is a bit of a societal thing like the more aggressive industry becomes and the more they use every little hole and just go to the last edge and even go beyond if there's no consequence the more kind of you have to push back and the more aggressive it gets and the more all of this kind of pushes up and I think that's part of the Silicon Valley culture that we just now live in de facto globally that we have to deal with so I for example when a GEPR came around they said 20 million or 4% of the worldwide turn over as a penalty which is billions partly where I was like that's crazy like we never have penalties that are that high but it was necessary because in that culture unless it has a billion it's not even relevant, they don't even think about it and we see that even now in cases where we won I mean we had I think 1.8 billion or whatever against Meta which like without us sometimes it's like how much do you have to donate Noib to get how much penalty for Meta I think that would be an interesting calculation but even there you see they litigated for another 10 years and they just tried to drag it out and so on and that is I think an interesting development we got to get into is that we got to have this if we don't morally agree on a core if we don't comply with the rules because we think it's morally right but we have absolute disagreement where they say that's privacy is morally wrong and we think it's right it's got to be really really hard to kind of work on that without really getting hyper-aggressive which is in fact what we do at Noib we're not nothing else than being the aggressor in this but I'm not happy about that that's development that we see but I don't think that there is much of a way around right now unless you know we're going to mature in this area and we see that people will actually do ethical rights more and not just try to go as far as possible I hope that was somehow useful Do either of you maybe have some thoughts to that and I don't know if you know logic magazine it's a really really nice magazine on tech and society and the latest issue was around how to move slow and heal things I thought that was a really good kind of push into another direction we once got a sticker saying move fast and fix things but yeah I'm curious you mentioned those fines and the billions do you still think they're effective at all that's also interesting going back to do we have data on that we don't so there's a lot of data on individual crime and individual people like blue color crime white color crime why do people break the law break in you know molest other people there's a lot of research on that there's very little research on what companies do and how companies decide to break the law or not almost non-existent so we tried to get that because we want to be as efficient as we could be to kind of do stuff like that so we're now starting with that gradually to kind of ask DPO's what is actually I mean you have a lot of anecdotal research so to say the DPO's data protection officers tell you I tell my boss for five years you can't do it but the answer is we make 10 million euros with it so why stop if there is no consequence so we we start kind of going into that what is interesting we actually did a mass complaint system where we send I think complaints to 500 different websites for shitty cookie banners basically because under law there should be a yes or no option but they just do something else as we all know so thinking was let's show everybody that actually if they would comply with the law it would be a nice one and because they have A, B, C, D, E, F, G testing for cookie banners they like test them like fuck until they get more than 90% of the compliance rate we were like let's do the same thing so we sent four versions of emails to the companies to say we're gonna sue you and it was interesting to see like you know which versions work the best and I think that's really interesting to go the other way around the result was the most neutral one worked the best but we hardly do that we hardly know also as the regulators the the authorities are actually there to enforce it we have to think that just the privacy regulators in Europe we pay 300 million euros per year to these regulators 100 million of them by the way in Germany so one third of all the money that goes into data protection is actually sent in in German there's zero evidence on anything working here the German DPAs don't even publish their decisions we don't even know if they decide anything in what they decide even though they're also in charge of freedom of information at the same time which is like mind-blowing but we need to also ask how this is doable well how in the long run we can enforce against these big tech companies what are the dynamics behind it how are the decisions done in detail to actually be efficient in now doing DMA, DSA and DEU is gonna come up with another 100 rules probably and we cannot just pass more and more and more in law we also have to think on how do we actually get that on the phone or on the device of the individual person and I think there is tons of research to be done where with very little money and very little research we could probably be 10 times as efficient as we are right now I think regulation is part of the answer but for me it's also interesting to zoom even further out and wonder why so many companies are up for violating the law in the way that we are doing so many companies are crossing such boundaries of human decency so I also am very curious about the values behind people studying computer science and the type of values and the type of mindset that we actually teach these kids and I think we are just pushing up the hype of computer science too much I think we are teaching these kids as if they are gonna be savers of the world by collecting and that is if I may add but I don't want to what was really interesting to me when I was in the Silicon Valley being there and I was first as I said in Florida super Republican super conservative but I was like these guys at least had some values there were values I absolutely disagree with but there were values sometimes in the Silicon Valley there was this liberal do anything but that's not necessarily a value that's not just like less a fear whatever and I was interested in because I had that feeling and the other thing that is mind-blowing to me maybe you all know much more about that but at least my colleagues in Austria that study engineering at the university did not get any courses into ethical stuff also just a law crazy right it's amazing because in any other area that you I don't know if a friend of mine does social studies and basically not social studies but like social aid if like you know street workers and so on they have half a year only of legal what are you allowed as a street worker and that is interesting because in that area that's part of this maturing process we probably will have to have we have that any doctor gets training on what are you allowed to do or not and at least the friends of mine I mean that's also a bit an older generation now the only thing they were told is yes you have copyright in your code make sure you have it that was kind of the legal education they got at the time definitely this will also mature this will also change but it's it's the part that I mentioned before if people have fundamentally different moral values or different views of what's right or wrong it's very hard for the government to enforce that like we could probably way of thinking about it I was at the German data protection authorities conference and they asked me to speak for and to kind of tell give them an impulse on how can we enforce it and I actually had a slide of like a favela in Rio and that I visited way back when it's basically an area where the government just gave up and just says okay let's just do whatever you want to do it's super hard for democracy and governments to retake that ground like once you haven't fundamentally enforced your shit it's really really hard to get big into it and that is partly what happened with the Internet I mean that's that was like the funny and crazy 90s and I mean I was still in that age that had an ISD and Internet so I had kind of an idea of oh that's suddenly you can get MP3 for free that was funny and so on but we're moving into an area where we can make sure that democratic rules are also enforced and get there that's extremely hard for governments generally to retake ground once the ground is used not to be regulated and that's going to be an interesting time you mentioned government there quite a bit I'm curious if each of you think that government regulation is the solution to these problems we've been mentioning like the environment such as societal issues that we're seeing for technology these days I think we have five minutes left should we take some questions or I think let's answer that one and we'll see how long that takes because I promise that we don't do too long yeah I think I mean it's a question back to democracy and also the raise rise of authoritarianism across the world like is government always the right model and there's a lot of countries in the world where you cannot trust your government at all so I think that's just a really important perspective to take into account when we're talking about should government regulate more there's internet shutdowns happening there is like a lot of facial recognition software developed people can't cross borders there's a lot of technology developed there so I'm not sure if like I think it's like from a very European perspective this idea of government and trust so I'm just a bit like trying to bring in the other perspective as well and also I have to be transparent I think Maximil also both from Austria I'm sorry for that I think the problems in the country are not that different in many ways from climate change I think both are problems that are hard to understand and probably don't have only one solution direction but require multiple so I think government is one of the pieces of the puzzle and my research focuses on the mindset around innovation and this conflict of innovation and regulating AI or privacy one of my favorite examples is from Criminality Prevention this narrative that surveillance is necessary to protect us from terrorism one of the AI software that's currently running production in the US by American judges is North Point and they help judges with knowing if someone will commit a crime again and the accuracy rate of this AI is 61% which is not much better than a coin flip so theoretically you could ask any animal like monkeys or my favorite one the weasel for a judgment and you will get a equally good reply come on 61% I have seen horoscopes with a better accuracy right so to break through the hype when we talk about AI within my team and at next cloud with Frank and Joss for example we started to replace the word AI with a weasel and then we asked ourselves if it was still a good idea or not and you have to remember the weasels are racist sexist and they potentially also fart a lot because they emit a lot of greenhouse gases and then you can judge if it's still a good idea so is it a good idea to train weasels to generate a draft for a report nobody will read okay fine is it a good idea to train weasels to blur your background while video calling I have no issues but is it a good idea to train someone as to go to jail or not I would say that's a bit problematic is it a good idea to train weasels to drive a heavy car through busy city streets of course not someone is going to die so I think weasels should take over the world we have a question here maybe I'll pass the microphone thank you we only have a few more minutes we'll try to squeeze in a few following the discussion as my favorite sociologist Nicholas Luhmann once said reduction of complexity creates sense I think usability is key because if you look at how although I call them magma because GAFAM doesn't fit anymore how magma actually conquered the world is because they found easy solutions easy to use solutions for people so it's very simple I mean people are buying an NSA spy and install them at their homes because hey lights on and everything's happening it's fine so it's easy it's convenient so I think usability is key I mean if I want to use a solution like NextCloud as a private person first of all a lot of in the tech community don't even know that it exists I mean I'm talking to a lot of developers and they don't really know that it exists so it's a thing where like marketing and sales and so on is a thing and it has to become a lot more public I think and it has to become easily usable like I want to have one click solution I mean I have a business background but I never written a code in my life but I'm still a fan so and I think this is the most that you don't think about code or that you don't think about software but that you think you have to have a solution for finding for solving problems I think this is the main key and if we provide an alternative where we can say ok here we have a solution which is equal to a solution like Gmail or like the Google suite or Microsoft in the corporate area we really provide a solution there which is compatible and it actually is after what I found out today I think we really have a great chance to get an alternative because people who are minded I think two thirds of the people are minded about the privacy of the data after Snowden and if we have a great alternative and I think we have one here we saw one today and so that brings up some hope in me actually well that's good news isn't it quickly please thank you so many of these problems sound like it's because we are punishing data collectors on the other side it's too cheap to collect all this data why don't we do something that a small German party wants to do it's a digital dividend so all those companies need to pay for the data that they are using and give the money to the people they collected the data on but that discurses them from actually collecting all that data you can't do go fast break things because you still need to pay before you even broke anything to a certain extent I think the taxation thing is interesting in different areas I was just recently reading books like on how much like the systems are built that you're constantly hooked and you're constantly connected and so on it would be interesting to say if the biggest aim that you have is to have people be on your fucking phone for six or seven hours a day which is not going to be good for any brain why not tax that we do have rules and I think we have to be more creative about that we have discussions about when Facebook and the kind of social media came along is like the people didn't watch the news anymore they weren't informed about stuff that news actually had to pay to get in and so on and we did regulate that in other areas I can tell you that for private TV or for private radio we for example require them that there is not more advertisement than I think six or seven minutes in Europe there is a cap on advertisement it's twice half the time than in the US and we could do the same thing and say okay you can in a news feed you only every ten thing can be an advertisement you can pass that as a law we have laws where we say okay at every full hour there has to be neutral news on any rate if you want to have a radio license even as a private company you need to provide news that's part of like getting a radio license why not say there has to be somewhat news in every 20th thing that is in a news feed I mean obviously all of that gets a bit more complex because what's news what's conspiracy blah blah blah but there is a lot of these options that we could think about and it's interesting to me that this bubble managed to say okay we're above the law you can't do it that would be against innovation and it's not against innovation to say cars shouldn't go 200 kilometers an hour in a city's limits that's actually helpful and I think there is much more we need to open up our minds much more that this is doable and if anywhere realistically in Europe in a sense we managed to pass laws like that that we wouldn't be able to manage anywhere else and we're large enough as a market that we end up have to comply with it and these two factors globally don't have that many other places so I think that would also be interesting and also inspire other countries or other places that it's doable with their variant of what they want to do we don't have to force privacy on everybody but whatever they want to do I think that that would be interesting to think about I'm not going to talk about it I'm going to answer the rest later I think since we're running up against time one final question for each of you maybe just a couple sentences given everything we've discussed today what can those sitting here in the room today and those watching online what can they begin to do to try to help in some of these areas Catherine do you want to start? I would suggest especially for developers and technologists to check our developer site I'm also going to show you some more tomorrow morning but there's quite a lot of cool open source tools so I think that would especially for this community be a really interesting start to get a feeling on CO2 emissions of digital services it's on greenwebfoundation.org slash tools what to do I always have a bit of a hard thing because usually this we need to change structurally but especially for this bubble what helped us is to point at alternatives typically next cloud is one of the alternatives we can point to to say there is something else and to take up what was there before is also the usability side of it it has to be as easy as something else which I know at least our developers hate in our office because we software and they love to do fancy stuff but it usually looks ugly but that is usually in our team even what gets people to use it I think once we can develop stuff like that where people can understand that it's easy in one line to see that there is an alternative that can break down a lot of things in the long run and I think you guys are one of the examples of how to do that well thank you Daphna first contribute to next cloud I have no business interest whatsoever and second remember that more technological progress doesn't mean more progress for humanity if this requires the violation of human rights I think we can agree with that so can we please say thank you to our panelists thank you very much we're going to have a little bit of a break now about 30 or so minutes I guess a few less because I hate some of those for those who are doing lightning talks later if you can gather near the audio booth they'll kind of run you through what will happen then but for others please enjoy snacks and such thanks for joining us thank you with next cloud talk and chat do video calls and collaborate around your documents communication is the key just saying hey Carl nice hair by the way you have chat rooms about topics one-on-one chats where you can even invite external participants and on top of that you can group files and rooms and other resources into projects of course those documents you shared can be edited together in real time next cloud even comes with a built-in whiteboard you can use during your calls or on your own you can easily integrate external applications and scripts into your chat workflows chat messages hello everyone we're going to start the lightning talks in just a small couple of minutes so if you want to come and gather that would be great for those who are actually giving lightning talks you should likely come nearer to the front the way it's going to work it's going to be a little bit more self-serve one after the other so please if you're giving a lightning talk come forward and be ready for that so if everyone can come join us that would be amazing yeah I think so as well also we discovered it because last month I was usually then drinking something with sugar but yeah I figured out okay thank you everyone we're going to start just in 30 seconds or so now the way the lightning talks will work is they're one after the other hence a little bit of lightning and you know fast pace you might be used to this but really if you're the speaker I think you've been all set up and they're going to go one after the other so it's kind of self-serve we're all community here so just we have a band in the front here so it'll be just passing the microphone from one to the other they'll set you up over there I'm sure I don't know what's going on if you'd like to come up and start your lightning talk everyone round of applause okay great hello everyone this is a bit of a detour now completely technical talk on optimization of next called apps these are lessons learned from building the memories app which is a community maintained app I'll talk about it so just before I get started it's a bit short time and this may not necessarily reflect your app and of course don't optimize unless you know you need to because that's not going to help so what is memories? it's a community supported, community maintained photo manager for next cloud it's got stuff like exit support timeline, editing of exit data transcoding life photo support and so on and there's a demo there but if you think that's not very fast it's because the server is in San Francisco but memories is fast it's really fast but on a reasonably cheap server $100 it can render a timeline of 15,000 photos in just less than a second so what makes memories really fast so the first lesson learned is that if you want to optimize an app you have to do it across the spectrum optimizing any one of these four is not going to work out and so I'm going to try to talk about each of them very shortly so this is about building a PHP app but now of course you can't build them in any language thankfully starting with memory caching and background jobs these are very simple the reason I put them here is because they are so easy but also easy to overlook you literally have a beautiful interface for memory caching in next cloud you can just create a cache put data in the cache, get data from the cache and that's going to help your performance a lot which memories use this you can do background jobs for long learning tests you can set a background job not do it on every request but do it as a cron job again a beautiful interface that next cloud provides more advanced when you're building a PHP app each request is going to cause a lot of bootstrapping for every app that you have installed in your next cloud instance it's going to get initialized, it's going to register hooks and this PHP architecture really makes it very easy to scale but at the same time it makes it a bit more expensive and so what you can do to optimize is do more in one request rather than making many smaller requests for example what Memories does is instead of loading one thumbnail with one extra request it uses one request to load multiple thumbnails and this simple optimization actually cut down CPU utilization by almost like 50 to 60% the second is database optimizations and here the important lesson for me at least was that databases are really fast and so assuming that something will be slow is not always the right thing as long as you do basic stuff like create an index, use joints very possible and your queries should be really fast even if they look very complicated and of course if they are not fast and explain we'll tell you what you can improve on a bit more advanced example on how you can actually leverage a database in the way Memories does to speed up your application this is a common table expression which goes over the next cloud file cache and walks recursively inside a directory to find all the folders inside the directory and then treats that as a table and this is extremely powerful that means you can scan a directory inside your next file file system and do something like a join on your application's table and filter results out of it you can leverage the database to do really powerful things like this and this query is really really fast because it's index variable by next cloud itself of course this might not be the best practice because it's not super maintainable the third thing was frontend optimizations here obviously the big one is lazy loading not only data but also your components themselves so JS parsing is still slow in 2023 and so that means if you try to lazy load your components you will get a significant boost in your performance and one more overlooked API is the cache API of the browser which likes to explicitly put things in your cache and this can help a lot because you make your cache much more explicit in your frontend and finally this one was a hardened lesson is that deployment is just as important as all the first three and that involves warning the admins when they're doing something and that's because the application is not right when something is missing that keeps your application from being fast and that's because next cloud deployments are very heterogeneous you will find things on Linux FreeBSD and in Docker without Docker all different kinds of versions and so on and finally keep measuring performance if you're trying to build a high performance app don't guess use a profiler and that was again a hardened lesson because performance bottlenecks tend to be and heining off to Simon Thank you So I'm Simon I'm the maintainer of Next Cloud 101 and yeah I just wanted to do a short presentation about the project what it can do how you can install it and yeah it gives a short overview basically so first of all some words about me yeah as I said I'm Simon working for Next Cloud since 2021 in engineering and design and doing currently an internship in design yeah my username on GitHub is Simon Next on 101 the main concept of that is that it's completely built around Docker it's basically inspired by projects like Protainer and others yeah and then the main advantage is that only one container actually needs to be started by hand and then it does all of the rest and you basically also have a simple web interface for managing your installation and then it automatically creates all the needed containers by itself Included features are of course Next Cloud then Next Cloud Recording Server for example Next Cloud Office ClimAV for Antivirus Full Text Search and much more one of the coolest feature in my opinion are that it also bundles a backup solution which is based on a bug backup where you can actually back up the whole server restore a specific snapshot check the integrity even restore the whole instance on a new server from the backup and all of these things that are listed here are then basically put into its own container which as I said all of one manages and usually this would be quite a huge like a lot of complicated stuff to manage there and that's what all one takes care of for you and more details can be found at github.com slash Next Cloud slash all in one then I made some short or show some steps how to use it basically there so the main advice from my side would be to actually visit github.com slash Next Cloud slash all in one but the general steps would be to actually install Docker first of course then install all in one and the read me and then open the order interface and the rest then is done from there and I included a few screenshots basically that is when you visit the interface the first time there you get a password to lock into the interface then you lock in by the way this password is actually only shown the first time otherwise it wouldn't make much sense and then you have the initial steps where you first of all type in a domain domain is required order to make TLS work and is also required for Next Cloud to be put into the trusted domains then when you have configured everything correctly like port forwarding usually then you have this kind of for the steps where you can actually enable additional optional add-ons and change the time zone for example and then when you are done with that you click on start containers and then it downloads all the other images and starts the containers correctly in the correct way and then you have basically landed at this page at some point after a few minutes there you see that some containers are still starting and then in the end when everything is done you see this interface where you can then directly get the lock credentials for Next Cloud itself and then you can for example click on open your Next Cloud and then of course you can open your Next Cloud installation and there you can already see the backup and restore features then shown yes but my advice as I said would be to follow the instructions at github.com. Thank you and I hand over to Clemontine oh sorry thank you Hi I am Clemontine I am the UX UI designer of Aura and today I am going to talk about the benefits of usability testing so usability testing is a really important part of the UX design approach it allows us to find pain points and understand what users struggle with in order to determine where issues are coming from and how we can solve them to improve our design ok so don't judge me this one is a bit long to do that we start by writing a scenario of actions we want the users to do during the test we give them instructions and we observe them as we take notes these tests can be done either on web prototypes or even on paper prototypes during the early stages of design so here we focus primarily on the sharing options in NextLoud and we perform the test on the NextLoud 25 test platform so the test is being recorded so we can go back to it as many times as necessary and the user is encouraged to explore themselves out loud and give as much feedback as possible especially if it's negative because that's what we need to improve the design so the first thing I like to do before starting is reassure the user that we're not testing them we are testing the product there's no wrong answers it's ok to fail last or stuck and we do not talk or answer any questions during the test so as to stay initial unless they want us to repeat the instructions of course and once we're done we analyze the results and we are left with factual and unbiased data so that we can improve our design so at Aurora we are in a pretty favorable position to get clients to help us with those tests we encourage them to collaborate on the products and some of them are really interested in it so we ended up performing 12 user tests with various clients and employees ranking from beginners to advanced NextLoud users but all of them were non-IT so here are the results each line represents a client and a user sorry and each column represents an action that they had to perform so the numbers at the bottom indicate how much of a struggle an action is so they are ranked from zero to three so zero being no problem at all one being success but with hesitation two success with difficulty and three failure to complete the task so essentially the higher the score the higher the struggle now I'm going to present two of the main issues that came out of these tests please keep in mind that these tests were performed on NextLoud 25 so some things might already have been changed or fixed here's the first one so this one is about the sharing icon so you can see on the right here for the first folder the accounting one the sharing icon ends up disappearing and being replaced by the little avatar of the user that shared the folder with the person so what happens when you ask a user to share the accounting folder is that they get kind of confused and they hesitate on where to click so actually 11 out of 12 of them had at least some hesitation on where to click to re-share this folder and the second one is about the guest option so this one is here way at the bottom of the options when you want to share a folder so for most users it's either unheard of or it's really hard to find if not impossible so this one was a huge struggle in general not to finish I'm going to show you one of my design proposal to fix the sharing icon issue so my solution to that would be so you can see same folder here to leave the sharing icon essentially it would be a permanent one it would be a permanent one so you can see that they're practically all aligned and then the avatar of the person that shared the folder moves a bit to the left I think there's much enough space to do so and it would help prevent confusion for a lot of users so that's my solution thank you for listening and if you have any questions you can come see us afterwards some more slides hello everybody I love to manage data I love to manage structured data and I think you do so too maybe at least one of you some of you and I like to collaborate on them because I don't want to do everything on my own and I love next cloud so bring it all together and the first use case on my private side was my kids were sick and I wanted to share it with my mother and to share it with my wife that was the beginning of the story and I thought a little bit about it and think okay we need a combination of three different approaches the first one is some kind of data back end or call it as you know we have an API to manage everything you want to do with the tables app of course it's right now there and we have an Android app for it thank you so much because it's from the community that's really great you can use it right now we have an API so you can connect to every workflow engines as you know we have the analytics app that is connected to the tables app directly in next cloud and we have the smart packer integration stuff as seen this morning the next site want to collaborate on the data so we want to share tables and views with other users from the groups and even public but that's not implanted yet so that's not here and we want to configure the permissions that you need if you share it so it's possible to share a view or a table but you can only read the data or even you cannot read it but you can create new data so you can submit new requests or whatever but you can't see the submitting of other requests and what's even possible is that you can filter those views on context so you can say okay the responsible is equals my username and if you share this view with other users the tables app will automatically insert the user app user ID for sure from the other user so that makes it a little bit magic and you don't have to create so much views and you can share it via a group and don't have to do it with every user and the last is please don't call it a spreadsheet just because it's named the tables it's more about small customer applications or known as no coding platform or you name it and think a little bit more of supporting workflows working with those data and not just only storage and the next thing I'm working on is that we want to organize tables and views and maybe even single rows into one context so you can bring all the assets together to have I call it tongue context maybe you have a better name for me so just talk to me to bring it together give it an icon in the menu bar and you can create on the front end your own small application within your next cloud context if you've never seen it before that's how it looks like today on the left side the tables with some views as an example we have shared tables we see who's the sender of the sharing we have the data in the middle part and if you open up the sidebar you see some sharing integration and a little bit metadata on the top so if you'd like to contribute to this tables app you're very welcome we have very interesting discussions on GitHub about new features and also for technical challenges and we have a lot of them it would be really nice to have some more ideas and approaches on that part let's discuss it pull requests always welcome for sure you can fix bugs if we have some and we can enhance features just three ideas I want to show you if you ask yourself how to proceed how can I work together we could add some notifications for triggers on new roles so if somebody inserted it give me a notification bring it to my mobile phone forward it to my watch and I can see a notification on my watch if somebody inserted a new role in a shared table I think it's a cool feature it's not too hard to implement and some other ideas so time is over when I started to develop here it was a quite hard story to get it all up make the setup understanding how these different components work together so if you are in front of the same problem just ping me, talk to us we can help you, makes it a little bit easier for your setup so you can really start working for the interesting things so thank you very much give me a ping and enjoy test test next cloud for content creators this, yep, double check that is me I'm Duncan, I'm from Houston, Texas and by day I work in application support and development primarily .NET but by night I run a YouTube channel that you probably never heard of called Raid Owl primarily focused on HomeLab and self-hosted content so naturally you can see where next cloud fits into that and next cloud is an integral part to how some of these videos are created and I do have quite a large team so I only have five minutes, I'll see if I can get through everybody yeah, it's just me I am a small team that's kind of a half joke because I do have a buddy of mine who's getting into editing so we do collaborate but the point of this presentation is to kind of show how next cloud fits into my workflow and how it can be used for even larger creators of not just one not just two very large teams so this slides pointless, don't know why I put it in there I run Docker with the next cloud on it, cool, next this is my main workflow the things highlighted in red are the manual processes things in white are automated import the media into workstation pc until we find a robot that can take the memory card out of my camera and put it into my computer that stays manual workstation pc creates proxies for those that don't know a proxy is essentially a compressed version of a larger video file that's obviously easier to store most of the time easier to edit those are created by my workstation those are synced to next cloud via the desktop client the next things are kind of the meat and potatoes of this where I go in and create a project folder and a kind of folder structure I then create a task list for each individual project I then create a talk room for me and my editor to collaborate on then I move those proxies to the project folder all is manual from there he can go and download them edit upload bada bing bada boom what I wanted to focus on is that manual process something about content creators not just me a lot of the ones I talk to love templates templates for everything when it comes to creating a video or a project it adheres to that template 99 out of 100 times and for me having the ability to create a project or a template where when I spin up a project I give it a name and boom that same folder structure is created a task list is created that forms from my template and even a proxy folder and why I have that highlighted is because that is the other kind of aspect that I would think that could kick next cloud into this all in one platform for content creators I have used the unofficial supported proxy generator but I think with a bit of work now that I can use something besides PHP because the only extent of PHP development I have is breaking my WordPress deployment so I can break something in another language now but these are things that I would like to see in terms of creating proxies because that is a huge integral part to content creation workflow so the ability to put that all in one would be fantastic and would look something like this again until we have the robots import the media go in and create the project in next cloud that template that I was talking about everything downstream is created even a proxy folder I could then upload my originals to next cloud locally next cloud would handle the proxy creation removing originals if you want to save space editor can then download the proxies do his do his job that I pay him nothing for and cool everyone's happy but that would be an interesting thing to see maybe next cloud hub seven maybe I take it upon myself to do it maybe I leave it to someone smarter than me but that would be cool to see it would be cool to see lots of different creators using next cloud in this kind of way so with that said I wouldn't be a content creator if I didn't ask please subscribe to my channel right now on YouTube thank you thank you so hello my name is I now want to bring a little bit of attention to the prototype fund we are a project from the open knowledge foundation in Berlin Germany we are funded by the federal ministry for education and research and what we do is we support public interest tech we fund projects that are open source and that are good for society and that have been things in the past like for example open MLS which is a security protocol and I'm not a developer so I don't really understand how it works but it makes messaging more secure we had lots of office and collaboration projects that we funded and down from like small individual developers to like small teams we support them and what it looks like in numbers is that we growth like over 14 million euros so far over 340 projects that have been funded and per project we offer a funding of roughly 40 or like up to 47,500 euros this is depending on the project during your project proposal you say how much time you want to work and that sort of defines how much money you get but you can get up to a full time position for six month funded with this which amounts to this amount of money so if you want to submit your project for example like next cloud for content creators you have to be registered in Germany be of legal age you have to be self-employed or pay your taxes in Germany because the money is handed out directly to you or a GBR sort of the organizational form that we can fund when you work in a team and very important to us is that you have to publish your project using an open source license because we want to like exactly what you guys are all doing we want to support that that like open source technology has been developed and continues to be developed and often struggles to find funding so here are sort of the details for the current funding round you get a six month of funding from March 2024 to August 2024 you work alone or in a small team you also offer you lots of opportunities to get coaching on specific skills we've seen just a couple minutes ago the importance of user experience research for example this is something where we offer coaching but also security questions community questions and speaking of community we have a large community of people that we have funded in the past and we are always happy to bring people together who have similar interests, ideas, questions whatsoever so I don't only want to like do the advertisement also give you a little bit of a take home message if you are interested now in applying currently until the end of this month so only two weeks left we have our current application period and when you want to apply there are some things that are different from other funding bodies for example we want you to use very simple and easy to understand language we don't want to hear jargon we don't want to hear business speak we don't need you to show off that you can write very sophisticated sentences we want to understand what you want to do and unfortunately we have to speak German because the funding period like the main admin stuff is all done in German we have a couple of simple questions online that you ask it's I think 11 questions and just read the question and answer them as they are asked not what you think you want to tell and then be as precise as possible with your project idea this is very important because the better you describe what you want to do the better our jury can decide if it's actually something that they want to fund and also look around like are there already similar solutions existing and rather extend on solutions that exist than starting from scratch like nobody wants you to write a new next cloud rather extend on what next cloud is doing for example and on our website we have lots of tips and FAQs where you find more details and the next question currently is the application period from August 1st it started it ends in September 30th there's no first come first serve like everybody who submits within this period has equal chance will get screened put to a jury and then the jury decides you find all information on prototypefund.de I also put up a QR code that leads there if you have any questions I will hang around a little bit longer after this you can ask me directly if you have any questions I will post it on there thank you and I think next up is Julius thank you hi everyone I'm Julius Linus I'm an android developer here at nextcloud and I'm going to give you guys an example of the effort nextcloud has made to ensure the quality of the talk android application just over all of the speed here refactoring what is a strange word what exactly does it mean it's a code also called legacy code to new modern code so why care about refactoring well if you don't refactor tech depth happens and tech depth is basically shortcuts cutting corners things we use to speed up development so that we can meet deadlines so that our product managers are all happy everyone's happy people get paid and that's why we do the use of third party libraries now what is a library well intuitively just like how an actual library is filled with books that other people authored a programming library is filled with programs that other people coded and libraries speed up development time drastically in some cases and this app used a lot of them and this made sense years ago when the app was first being developed and when these libraries are filled still fresh and new and so still updated it made sense to use them they were maintained but unfortunately times change those libraries that were used at the beginning have since fallen to the state of disrepair they're unmaintained as you can see in that example the last update was in 2020 look at some folders have been updated in 7 years that's not good not all libraries are created and equal they're only good when they're actively maintained by a third party that's what makes open source useful the separation of concerns but unfortunately because not all libraries are created equal when they're not maintained they just become bloat tech debt and tech debt needs to be repaid now we at Talk and Android have a lot of tech debt to repay and a lot of libraries used in making the app are abandoned but we have made significant progress now I'm not going to bore you all with the technical details of what exactly we've done and to be honest I'm sure you don't really care either way but just to show you we've done a lot no doubt in help by my genius co-workers Andy and Michael sorry Marcel I'm so sorry my genius co-workers Andy and Marcel who helped clear a lot of these we have practically everything development is pretty much never ending and Google doesn't help either although you can also help us by contributing because it's true we do do a lot of stuff here at Talk and Android but this is just a small part of a bigger picture a ground level view of the greater company-wide effort to deliver quality applications to our users and especially to you you can help us too you don't even need to learn how to code just by reviewing our app notifying us of known issues testing our bills and using it in production you can help take NextCloud to the next level thank you hello everybody to start I need your help because I want to ask two questions so please answer fast as we don't have that much time so if you think about the last months who has used at least once thank you very much and who has used at least once a digital or an online whiteboard okay you see at least there are some more numbers and I think that's a very interesting survey and result we got now because we see that as the whiteboard has become virtual digital online and accessible from everywhere it gets to use more often and I want to tell you today what is an online whiteboard so imagine the physical whiteboard you have and then stretched into almost infinity so where you can connect all the people from all over the world and start adding content in real time like sticky notes, images, documents so basically everything you have done on your physical whiteboard you can now do online and this provides us with a challenge because people need to learn using these kind of tools and I think it's something really great now because we can start doing workshops and meetings in a much more sophisticated way simple example imagine you want to do a brainstorming session in a chat it's maybe not the best tool for doing that because it's missing the visual part and humans are all visual people and this is why this way of collaborating visually brings a big advantage and makes collaboration much faster so if you think about your collaboration workflow starting maybe in a chat going into a video conference and then jumping on a whiteboard and doing things that are visual visual is a big help and this is why so many organizations have started at least during the pandemic online whiteboards and they have an essential tool for designers, for HR for project managers they use it for brainstorming creating mind maps also the whole agile methodologies start to be somehow represented on the online whiteboard and we see a lot of companies that are still relying on physical walls putting a lot of sticky notes and cards and the problem is basically that it's difficult to see that when you're remote so and the other problem might be that these cards fell down when you walk too fast away so in this case doing these things digitally is a big advantage now when we pitch usually the online whiteboard one of the difficulties is the use cases because imagine you start on a blank piece of paper your creativity is almost endless and that's also somehow what somehow related to the use cases you can implement with an online whiteboard so you can do a lot of things but you need to figure out what are the important things for you and for your teams for using an online whiteboard most of the online whiteboards are browser based applications so meaning you can just access them from every device and from all over the world meaning as well there cloud hosted solutions now as we talk today a lot about privacy, data security and this is a core element of next cloud I'm here from Kollabord and Kollabord is an online whiteboard we developed with a small software company in Switzerland and if we look at the market it's a very powerful feature rich online whiteboard and we also focus on the security we even thought once about putting the data somewhere into the Swiss mountains but we didn't do that as we found some better hosters in Germany like the open telecom cloud so Kollabord in the end it's GDPR compliant online whiteboard you can get from the cloud you can host it by yourself on premise and this offers a lot of customizations and also a set of public API developers can use we created an integration with next cloud so there is an app in the next cloud marketplace where you can get your Kollabord app and you can log in and this is the cool thing now because when you're in the workflow about collaborating with your team you have everything in one platform you have everything in next cloud and then you can jump immediately during a call or during a session on the online whiteboard work creatively do a brainstorming session and overall have everything in one solution so you might know maybe once there will be a new icon for the whiteboard that's all I wanted to tell you today you can test Kollabord for free there is also a free version and try the next cloud integration if this is something you would like to test so thank you everybody and have a good rest of the conference thank you and now it's Kasper hello everybody my name is Kasper Hanung and I'm a telomate software and what we are accomplishing in next cloud is to enable collaboration and what is CAD, computer aid design that's everything what we live in that's our streets this building is an architectural structure that's represented and a drawing in its construction, in its lifetime and that is what we want to enable in next cloud so the problem is that many professionals in the construction with the state industries and government, many to be able to share CAD drawings and collaborate around these projects and they want to need to do that in a secure basis and this is where this beautiful next cloud platform comes in because that gives you the secure way of handling your files what we did we telomate with offices in Seattle and Stockholm we have with a partner in the UK and in Birmingham who has used next cloud as a platform and they share their drawings among all their clients and partners around Europe so we built this app for this particular purpose here we have integrated our CAD viewer CAD conversion platform directly inside next cloud so there's no external access thereby ensuring that all customer content is completely secure the way it works is that if we have our own app structure we have set the mind types for all the large CAD packages the AutoCAD, the microstation and as well as TIFF to our application we go here we go in whenever people click on a file we go into the next cloud folder structure we convert that into our system we native code convert that into cache where after we have implemented a VJS encapsulation that goes into the next cloud frontend where it's then displayed in display we use the vector graphics standard W3C SVG standard which is uniformly supported on all browsers and all platforms with that we add a number of specific extensions in order to specifically handle CAD we need layer manipulations we need ability to measure we need transformations so we also can handle a printl to scale and stuff like that the typical use case is that a user goes in and upload an AutoCAD or microstation floor plan into the system in this case next cloud they want to display the floor plan and do layer manipulation measurement printing they want to annotate it it's typically a process where you go in and you want to change things and communicate those and in that case collaborate around the floor plan and you may want to publish this drawing, this floor plan with annotation, red lines in a process where it can be either encapsulated in the system itself into next cloud or it can be externally shipped off as a PDF then there are some advanced features where you can sort of compare drawings to each other to show differences I'll show that very much in the end and there are some admin features that are very specific this is typically how it looks inside next cloud this guy here there will be a menu bar at the top, our icon bar we have three skins where you can go in and do all that kind of stuff you want to do with a cat like measuring handling of it, red lines and we even enable the standard collaboration interface so you can share and talk about it inside next cloud this here is a typical use case where we took the drawing before we go in and the user will go in and set layers so that they only got a set number of layers for the specific case displayed and they then go in and red line it use the red line interface to talk about it what they want to done with this thing here and what we do here is that we have an ability to go in and create a pdf that then gets stored in a market folder for sharing and this is a process that we have integrated into next cloud and it's very well used and once that is done then that pdf with the annotation in it can then be loaded in or externally distributed to the partners that are working on this with this project here I'm showing something that's quite interesting this is a real data this is a railway station somewhere in Europe on a very large national railway network and what's happening there is that there is an ability that you can load in two different drawings and then compare them to each other and see what have been added what have been changed this particular organization uses this tool to be able to see what have happened to my signals over time whenever you upload a new version or this is two specific drawings that is then being uploaded and then compared and what was very very interesting here is that we learned today that next cloud version 6 has a version control now where you can name the versions which means that you can actually for the whole construction industry now using stuff like this where you can go in with a logical algorithm and actually visually display the changes over the versions inside the cloud so that's something we're going to very much explore and help us during this time here so I guess that's it we finish off here thank you very much I'm clearly getting near the end of the day I have up to this point prided myself on knowing what next cloud was capable of but I want to thank all our lightning talk speakers for informing me that I actually have no idea I hope everyone found those really fascinating I certainly did I'm sure there will be more happening tomorrow as well I want to say for now for those who are here in person there are some workshops happening we got a little break maybe about 15 minutes so make sure to come back for those workshops we have two of them so how to build a next cloud app which I think is pretty relevant to our crowd here today and the other one is how to contribute to Collabra Online those are going to be great for those who are online thank you so much for joining us we want to express that you should come back tomorrow there's a bunch of great things happening tomorrow there are two key notes happening one with Catherine Fritsch and the other one with Simon Phipps we would encourage you highly to check those out and there's a bunch of lightning talks happening as well so please come join us again just checking my notes here did I do that yeah I think we're doing okay European time tomorrow so if you're in a different time zone I apologize you'll have to figure that out on your own for everyone in person we got about 15 minutes but please come back quickly we don't want to be a little later than that so thank you very much