Free tools and resources for Data Protection Officers!

Tag Archives for " data "

A timely raincheck on the GDPR: the law of unintended consequences

As we approach a six-month point since the full implementation date of the GDPR, it is interesting to see evidence of the legislation having much greater consequences and advantages than those for which it was originally intended.

GDPR in its most fundamental form can be seen as a beneficial facility for handling the core issue of risk management between data and people. In this instance, risk is both an opportunity to be exploited as well as a downside to be mitigated. To support this contention, one may cite recent instances of the GDPR having practical impacts way beyond that of its original draftsmen.

Full article: A timely raincheck on the GDPR: the law of unintended consequences

Hackers erase 6,500 sites from the Dark Web in one attack

One of the most popular Dark Web hosting services – Daniel’s Hosting – was slaughtered last week when attackers hosed it clean of about 6,500 hidden services. The admin says they’re gone for good: he hasn’t even figured out where the vulnerability is yet.

Source: Hackers erase 6,500 sites from the Dark Web in one attack – Naked Security

Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from EU

The draft Withdrawal Agreement at Article 71(2) implies an adequacy assessment by the European Commission could happen in future (this is expected before the end of the transition period in December 2019), but first the UK has to leave the EU and then the Commission has to follow the rules in Article 45 of the GDPR.

This means that the Commission has to involve the European Data Protection Board (EDPB) as part of the adequacy determination process so it won’t be a quick process. However, UK may not get an assessment of adequacy at all.

Full article: Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from European Union

A leaky database of SMS text messages exposed password resets and 2FA codes

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.

Source: A leaky database of SMS text messages exposed password resets and two-factor codes | TechCrunch

Facebook May Face 100M Euro Lawsuit Over Privacy Breach

A French nongovernmental organization wants Facebook Inc. to pay 100 million euros ($113 million) and fix any problems stemming from recent data security incidents and privacy breaches.

The Internet Society of France says Facebook collected data on nonusers without getting their consent, and illegally limited its responsibilities with respects to personal information. The NGO also claimed that Facebook unduly collected the political opinions, religious beliefs, and sexual orientation of its users in violation of EU privacy laws.

The Internet Society is seeking 100 million in euros from Facebook if they can get 100,000 EU data subject to join the complaint. The organization said Facebook has four months to respond before it files its action in the Court of First Instance of Paris.

Source: Facebook May Face 100M Euro Lawsuit Over Privacy Breach

Algorithms can reduce discrimination, but only with proper data

If self-learning algorithms discriminate, it is not because there is an error in the algorithm, but because the data used to train the algorithm are “biased.”

It is only when you know which data subjects belong to vulnerable groups that bias in the data can be made transparent and algorithms trained properly. The taboo against collecting such data should, therefore, be broken, as this is the only way to eliminate future discrimination.

Full article: Algorithms can reduce discrimination, but only with proper data

Some practical advice on data treatment in technology agreements

Technology agreements commonly involve transfer of rights in both intellectual property and data. While IP provisions are typically extensive and heavily negotiated, data has not been receiving the same degree of attention. Many technology agreements contain incomplete or inadequate data provision or no data clauses at all.

Full article: Some practical advice on data treatment in technology agreements

A Rising Crescendo Demands Data Ethics and Data Responsibility

Data ethics is not a subject that you would have expected to be a centerpiece of conversation among Chief Data Officers and senior business leaders in the recent past. However, times are changing. However, times are changing. Just this past week, Apple CEO Tim Cook condemned what he called the “data-industrial complex”. It is against this backdrop that data ethics has rapidly moved to the forefront of any meaningful discussion about data.

Full article: A Rising Crescendo Demands Data Ethics and Data Responsibility

Police access to personal data retained by ISPs is a matter of proportionality

On October 2nd 2018, the Court of Justice of European Union (CJEU) held a decision confirming the conditions of access to personal data retained by providers of electronic communications services by the police in the context of a criminal investigation. CJEU concluded that as the interference that the access to personal data entails is deemed not serious, access to such data can be justified by the objective of preventing, investigating, detecting and prosecuting ‘criminal offences’ generally, without it being necessary that those criminal offences to which it relates be ‘serious’.

Full article: Eu: Access By The Police To Personal Data Retained By Providers Of Electronic Communications Services – A Matter Of Proportionality!

Controlling our health data before it controls us

As smart devices in health care evolve, the line between human and machine is blurring — and creating new concerns about consumer safety and privacy rights.  High-tech health care solutions are part of an emerging sector of medical technologies that monitor personal health data by essentially connecting your body to the Internet. We should consider establishing rules to govern the legal, privacy and ethical issues that are already arising from smart medical and biometric devices.

Full article: Controlling our health data before it controls us – The Washington Post

>