fbpx

Tag Archives for " data subject rights "

Data for money: App facilitating data portability now under the EDPB’s scrutiny

A number of Italian retailers submitted to the Italian Data Protection Authority, the Garante, very similar complaints concerning massive data subject requests received from Italian startup Weople.

Weople exercised, on behalf of the individuals that subscribed to its services via a mobile app, the right to data portability in connection to the personal data collected by the retailers’ loyalty programs. The transfer of such data was to go directly to Weople.

Full article: Data for money: App facilitating data portability now under the EDPB’s scrutiny

Google wins landmark right to be forgotten case

Europe’s top court has ruled that Google does not have to apply the right to be forgotten globally.

It means that firm only needs to remove references to articles and other material from its search results in Europe – and not elsewhere – after receiving an appropriate request.

The ruling stems from a dispute between Google and a French privacy regulator.

Source: Google wins landmark right to be forgotten case

Research reveals six common CX failures when handling GDPR information requests

A recent study conducted by Macro 4 reveals problems in the way companies are handling data subject access requests – an important consumer right enshrined in the GDPR – which threaten to damage consumer trust.

Macro 4’s study evaluated how effectively DSARs are being handled by a sample of 37 UK enterprises, including large financial services companies, utility companies and telecommunications providers. The research uncovered six ways in which companies are failing to meet the requirements of the GDPR and are delivering a level of service that is well below expectations.

Full article: Research reveals six common CX failures when handling GDPR information requests | CustomerThink

CJEU to answer questions about Right to be delisted

French court the Conseil d’Etat has requested the European Court of Justice for a preliminary ruling on a series of questions concerning the implementation of the right to be delisted from search results.

The right to be delisted is not absolute. Insofar as the removal of links from the list of results displayed following a search made on the basis of a person’s name may have consequences on the legitimate interest of internet users to receive access to information, the European Court of Justice proceeds to strike a balance between such interest and the person’s fundamental rights, in particular the right to private life and to the protection of personal data.

Source: Right to be delisted

DSAR test reveals huge data breach potential

A phoney data subject access request (DSAR) made by a woman’s partner to companies in the UK and the US prompted a return of personal data from 25% of the firms contacted.

The security specialist making the request leveraged the terms of the GDPR to make his claim. He got in touch with dozens of companies on both sides of the Atlantic, stating in each case that he wanted information held on his fiancée. One of the data returns held his fiancée’s criminal record check.

Source: DSAR test reveals huge data breach potential

German court decides on the scope of GDPR right of access

The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but rather in the sense of a “summary”.

This interpretation appears to conflict with an earlier decision of the Labor Appeals Court of Stuttgart which ordered an employer to provide actual copies of all information held by the company.

More recently, the Appeal Court of Cologne held that the customer of an insurance company is entitled to access all personal data pertaining to him and processed by the company, including any internal notes regarding conversations between company employees and the customer.

Source: German court decides on the scope of GDPR right of access

Right to delete is coming to Australia

Shadow Assistant Treasurer Stephen Jones said his party secured a “breakthrough commitment” from the government that would see the Consumer Data Right (CDR) gain the ability have consumer information deleted.

This new legislation will give Australian consumers an “off switch” when it comes to data sharing. Off switch would mean that a consumer will have the power to determine when a company should no longer hold their data.

Source: Labor thinks the right to delete is coming for Australia’s CDR after winter break | ZDNet

Italian DPA Issues Judgment Concerning ‘Right to be Forgotten’

On July 22, 2019, the Italian supervisory authority for data protection (Garante) issued a judgment involving the so-called “right to be forgotten”.

The Garante held that, in accordance with Article 21 of the GDPR, the data subject has the right to object to the processing of personal data on the grounds of his or her particular situation.

On that basis, Google is required to stop the processing of the personal data unless it can demonstrate compelling legitimate grounds.

Furthermore, the Garante made clear that the principles of data protection apply to any information concerning an identified or identifiable natural person. Thus “right to be forgotten” applies to any searches, not exclusively to searches by individual’s name.

Source: Italian Supervisory Authority Issues Judgment Concerning ‘Right to be Forgotten’

Research aims to automatically answer user questions on online privacy policies

Internet users may soon have a way to have their questions about online privacy policies answered automatically, thanks to a new multi-institution research project that includes Penn State. The project aims to enable people to ask questions about the privacy issues that matter to them when reviewing privacy policies.

The researchers will create software in the form of mobile applications, web browser plugins and interactive websites by developing and using algorithms in the areas of natural language processing, machine learning, and knowledge representation and reasoning. The interdisciplinary project aims to reinvent notice and choice — the idea that privacy policies are sufficient because users are given notice about how their information will be used and choices about what they can do in regards to the policy, such as opting out of certain features.

Source: Research aims to automatically answer user questions on online privacy policies | Penn State University

UK decision to deny EU citizens access to data challenged in court

The government has been taken to court over its decision to deny European citizens the right to access data the Home Office holds on individuals in immigration cases.

In a high court judicial review, campaigners for EU citizens allege that a clause in the Data Protection Act 2018 unlawfully excludes them from rights they would otherwise hold to access private data held by third parties.

Source: UK decision to deny EU citizens access to data challenged in court | UK news | The Guardian

1 2 3 8
>