EDPB’s common sense approach to the GDPR’s territorial scope

EDPB has produced a detailed 23-page document that is both authoritative and full of common sense.

The guidelines start by treading into well-known territory: the “establishment criterion.” Following a principle that already existed under the 1995 Data Protection Directive, the GDPR will apply to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU. So the EDPB relies on existing case law to consolidate its opinion on this criterion.

Full article: EDPB’s common sense approach to the GDPR’s territorial scope

New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data

This form of international data-sharing could put Americans’ privacy at risk and expose citizens to potential Fourth Amendment abuses, critics say. The possible agreement stems from the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, for which Justice Department officials have lobbied since 2016 and which President Donald Trump signed into law in March.

Full article: New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data, Human Rights Groups Warn

Tech stocks may suffer as investors weigh the data privacy  risks

The market is correct to be concerned about “trust issues”, i.e. the recent unexpected management disclosures from tech leaders Apple, Google and Facebook.

The investing public is no longer in the mood to give technology producers the benefit of the doubt, expect increased scrutiny of technology risks across all sectors. To avoid future losses, investors should consider incorporating a broader set of investment tools to help identify potential risks from technology, in line with recent moves from ratings agencies.

Full article: Tech stocks may suffer as investors weigh the data privacy  risks

Camera traps designed for animals are now invading human privacy

Over the past two decades automated wildlife cameras—known as camera traps—have proven invaluable in ecological research and conservation management. Their sensitive motion detectors have enabled scientific surveys of rare or shy animals in dense forest and as a consequence have seen broader use around the world.

But camera traps frequently take pictures of people as well as wildlife. This has important implications for privacy and human rights and may ultimately undermine conservation goals.

Source: Camera traps designed for animals are now invading human privacy | Ars Technica

Dispatch from Brussels: GDPR enforcement, guidance to come in 2019

During her interview with IAPP Chief Knowledge Officer Omer Tene, Dixon said major GDPR-related fines will not come down the pike in 2018, but it’s safe to expect some fines in 2019. This notion was foreshadowed earlier in the day by the EDPB’s Jelinek during her keynote address.

Notably, both Jelinek and Dixon said no cross-border cases have been escalated to the EDPB. But that doesn’t mean enforcement is far away.

Full article: Dispatch from Brussels: GDPR enforcement, guidance to come in 2019

Data ethics and the rise of the “PEGs”

European data protection law has always been infused with ethical considerations around data use. Under the old Data Protection Directive, even if data use had a valid legal ground, unless the proposed use was also fair the law was still broken. But what is fairness when it comes to data?

Full article: Data ethics and the rise of the “PEGs”

2018 Email Marketing & Unsubscribe Audit

The Online Trust Alliance’s 2018 mail Marketing & Unsubscribe Audit found that the vast majority of audited online retailers have embraced unsubscribe best practices, going beyond mere compliance, and have shown continued improvement since 2014 despite expanded and more stringent criteria. This year’s Audit examines the entire email engagement process, from signup to receiving email to the unsubscribe user experience and results.

For 2018, 74% of the top retailers qualified, a strong improvement from 67% in 2017 and nearly reaching the 75% achievement level of 2015. Email security was another highlight area in 2018. Adoption of email authentication technologies SPF and DKIM reached 100%, and adoption of DMARC (another email authentication technology to prevent spoofing) and opportunistic TLS (encrypting messages between mail servers) improved significantly.

Full report: 2018 Email Marketing & Unsubscribe Audit | Online Trust Alliance

Why We Need to Audit Algorithms

Algorithmic decision-making and artificial intelligence (AI) hold enormous potential and are likely to be economic blockbusters, but we worry that the hype has led many people to overlook the serious problems of introducing algorithms into business and society. Indeed, we see many succumbing to what Microsoft’s Kate Crawford calls “data fundamentalism” — the notion that massive datasets are repositories that yield reliable and objective truths, if only we can extract them using machine learning tools.

A more nuanced view is needed. It is by now abundantly clear that, left unchecked, AI algorithms embedded in digital and social technologies can encode societal biases, accelerate the spread of rumors and disinformation, amplify echo chambers of public opinion, hijack our attention, and even impair our mental wellbeing.

Full article: Why We Need to Audit Algorithms

ICO issues the first fines to organisations that have not paid the data protection fee

Organisations across the business services, construction and finance sectors are among the first to be fined by the ICO for not paying the data protection fee.

All organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350.

Source: ICO issues the first fines to organisations that have not paid the data protection fee. | ICO

Germany’s first fine under the GDPR offers enforcement insights

On Nov. 21 , the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) imposed the first fine under the GDPR in Germany – on a social media company for a violation of its data security obligations.

This is not the first GDPR-related fine in Europe which has become publicly known: the Austrian DPA imposed a €4,800 fine for illegal video surveillance activities, and a €400,000 fine was imposed in Portugal on a hospital after staff members illicitly accessed patient data. However, the current example from Germany provides further insights into how DPAs intend to use their new, heightened fining powers under GDPR.

Full article: Germany’s first fine under the GDPR offers enforcement insights

>