fbpx

Download free GDPR compliance checklist!

Tag Archives for " data access "

Talend Report Showcases Low GDPR Compliance Rates for Data Subject Access Requests

Talend’s new survey shows that less than half of all companies and public sector organizations were able to respond to a Data Subject Access Request within the time period stipulated by GDPR.

Media and telecommunications companies also scored very poorly, with only 32% of them responding in a timely manner. Only 46% of retailers are able to respond to Data Subject Access Requests in a timely manner.

Source: Talend Report Showcases Low GDPR Compliance Rates for Data Subject Access Requests – CPO Magazine

Brexit Party under investigation for ‘failing to hand over personal data’

An investigation into Nigel Farage’s party has been launched by the Information Commissioner’s Office.

The Information Commissioner’s Office (ICO) launched the investigation in response to complaints the Brexit Party had failed to answer requests for data.

Source: Brexit Party under investigation for ‘failing to hand over personal data’ | Science & Tech News | Sky News

Alexa users can now disable human review of voice recordings

Amazon has given Alexa users the option to disable human review of their voice recordings, and committed to greater clarity about its use of the strategy in future, but says it will not follow Google and Apple in halting the practice altogether in Europe.

Echo owners, and other users of the company’s virtual voice assistant, can turn off human review in the Alexa privacy page by disabling a setting labelled “help improve Amazon services and develop new features”.

Source: Alexa users can now disable human review of voice recordings | Technology | The Guardian

Amazon’s Ring Is a Perfect Storm of Privacy Threats

Recent reports show that Ring has partnered with police departments across the country to hawk this new surveillance system—going so far as to draft press statements and social media posts for police to promote Ring cameras.

This creates a vicious cycle in which police promote the adoption of Ring, Ring terrifies people into thinking their homes are in danger, and then Amazon sells more cameras.

Source: Amazon’s Ring Is a Perfect Storm of Privacy Threats | Electronic Frontier Foundation

DSAR test reveals huge data breach potential

A phoney data subject access request (DSAR) made by a woman’s partner to companies in the UK and the US prompted a return of personal data from 25% of the firms contacted.

The security specialist making the request leveraged the terms of the GDPR to make his claim. He got in touch with dozens of companies on both sides of the Atlantic, stating in each case that he wanted information held on his fiancée. One of the data returns held his fiancée’s criminal record check.

Source: DSAR test reveals huge data breach potential

German court decides on the scope of GDPR right of access

The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but rather in the sense of a “summary”.

This interpretation appears to conflict with an earlier decision of the Labor Appeals Court of Stuttgart which ordered an employer to provide actual copies of all information held by the company.

More recently, the Appeal Court of Cologne held that the customer of an insurance company is entitled to access all personal data pertaining to him and processed by the company, including any internal notes regarding conversations between company employees and the customer.

Source: German court decides on the scope of GDPR right of access

UK decision to deny EU citizens access to data challenged in court

The government has been taken to court over its decision to deny European citizens the right to access data the Home Office holds on individuals in immigration cases.

In a high court judicial review, campaigners for EU citizens allege that a clause in the Data Protection Act 2018 unlawfully excludes them from rights they would otherwise hold to access private data held by third parties.

Source: UK decision to deny EU citizens access to data challenged in court | UK news | The Guardian

A few practical tips for managing subject access requests

Subject access requests are the bane of many an in-house privacy professional’s life.

It may seem curious that, on the one hand, we take seriously as privacy professionals our responsibility to uphold data subjects rights while, on the other, the exercise of one of the most fundamental of these rights – that of access to data – will typically cause even the most dedicated of privacy professionals to elicit a small whimper.

Full article: A few practical tips for managing subject access requests

Swedish DPA digs into Spotify’s responses to SARs

The Swedish data protection authority – Datainspektionen – had initiated a review of Spotify Technology S.A.’s responses to data subject access requests (SARs).

Investigation was initiated following a number of complaints regarding how Spotify manages data subject access requests (SARs). Article 15 of the General Data Protection Regulation (GDPR) provides individuals with right to access their data any company holds about them.

Swedish DPA noted that the information Spotify provided to users in response to a SAR is incomplete and not sufficiently clear. Therefore Datainspektionen asked Spotify to detail how it handles SARs, in particular, what information it provides, what information the copy of personal data includes, and how the information is presented to data subjects.

Source: Datainspektionen granskar rätten till registerutdrag

Facebook Promised A Clear History Tool. Where Is It?

Last May, Facebook promised to create a “Clear History” function it said would give users more control over their data. Nine months later it’s nowhere to be found and sources say it’s a key example of the company’s “reactionary” way of dealing with privacy concerns.

Full article: Former Facebook Employees Say The Company’s Prioritization Of Privacy Is About Optics

1 2 3 6
>