Free tools and resources for Data Protection Officers!

Tag Archives for " opinion "

Dangerous misconceptions about data breaches

Not all breaches are the same, nor always a failure of company processes, but executives need to take steps to ensure the long-term security of their marketing data.

Many data breaches, including most of the ones making headlines over the past year, are much subtler. These breaches, which can take months if not years to uncover, originate from a lack of proper controls and understanding of vulnerabilities.

Full article: Dangerous misconceptions about data breaches – MarTech Today

BCRs: ‘Best case route’ or ‘better call reinforcements’?

General Data Protection Regulation compliance was top of the list for many global corporate legal departments in 2018. As we plan for a world “post- GDPR” and set priorities for next year, what are appropriate next steps to strengthen a company’s privacy regime?

Full article: BCRs: ‘Best case route’ or ‘better call reinforcements’?

Why We Need to Audit Algorithms

Algorithmic decision-making and artificial intelligence (AI) hold enormous potential and are likely to be economic blockbusters, but we worry that the hype has led many people to overlook the serious problems of introducing algorithms into business and society. Indeed, we see many succumbing to what Microsoft’s Kate Crawford calls “data fundamentalism” — the notion that massive datasets are repositories that yield reliable and objective truths, if only we can extract them using machine learning tools.

A more nuanced view is needed. It is by now abundantly clear that, left unchecked, AI algorithms embedded in digital and social technologies can encode societal biases, accelerate the spread of rumors and disinformation, amplify echo chambers of public opinion, hijack our attention, and even impair our mental wellbeing.

Full article: Why We Need to Audit Algorithms

Addressing the compliance challenge

The regulatory landscape is complex; a recent survey of more than 360 enterprises revealed that 86% are dealing with the complexity of multiple types of data and/or data-related processes subject to privacy and security compliance requirements.

Achieving compliance is an ever-present goal that influences operations, decision-making and success. But as new technologies emerge, businesses transform, and markets evolve, compliance efforts may become undone. Only a continuous approach can prevent this from happening.

Full article: Addressing the compliance challenge

Will the UK achieve adequacy after Brexit?

The status of U.K.-EU data flows post-Brexit has been the subject of speculation since the fateful vote was taken nearly two-and-a-half years ago. But with the prospect of the U.K. crashing out of the EU without an orderly withdrawal agreement growing ever-more realistic, concern is mounting.

Full article: Will the UK achieve adequacy after Brexit? Even the ICO isn’t so sure

Facebook’s Failure to End ‘Public by Default’

With one simple change, Facebook could pass an important privacy test. Right now, users have little choice in the public exposure of their profile pictures. Every single one of them is set to “public” by default. Even if you try to limit your current profile picture visibility using Facebook’s privacy settings for the individual photo, it will still be public.

If you don’t want your profile picture to be public, the only winning move is to delete your account. That’s increasingly difficult to do these days, because not having a social media presence can limit your personal and professional opportunities and even raise the suspicion of authorities.

Full article: Facebook’s Failure to End ‘Public by Default’ – Member Feature Stories – Medium

GDPR territorial guide has ‘sting in tail’ for US companies

Guidance published by an EU data protection watchdog on the territorial scope of the General Data Protection Regulation (GDPR) is likely to raise concern about the costs to US companies of entering the EU market.

“The sting in this document is in the last line for US corporates,” Ann Henry of Pinsent Masons said. “It is the law-abiding companies that will appoint a representative. Arguably making a representative liable will make it more difficult to find people or bodies willing to take on the role of representative given the extent of potential liability both by means of regulatory enforcement and through private rights of action under the GDPR regime.”

Full article: GDPR territorial guide has ‘sting in tail’ for US companies

DP Impact Assessments: EDPB Differs Slightly from ICO Position

The European Data Protection Board (EDPB) has recently published its Opinion on the (United Kingdom) Information Commissioner’s list of processing activities which would require a Data Protection Impact Assessment under the GDPR.

In its Opinion, the EDPB appears to be moving away from the idea that processing of genetic or loca­tion data, on its own, might be enough to trigger the mandatory DPIA requirements of the GDPR. This news will perhaps come as a relief to organi­sations currently struggling to come to grips with the “new” DPIA process and the resources and time that it demands. But, should we be surprised by the EDPB’s Opinion and will it have a significant impact in practice on the way organisations consider and conduct DPIAs?

Full article: DP Impact Assessments: EDPB Differs Slightly from ICO Position

Brexit and data protection – what’s new now?

EU leaders have signed off the withdrawal agreement between the UK and the EU, as well as the political declaration on the framework for the future relationship between the UK and the EU. The political declaration is an outline of what a future EU-UK trade agreement might look like. But the trade agreement has yet to be negotiated and that process won’t start until the UK has left the EU on 29th March 2019. If negotiations are quick (and successful) then the intention is that the future trade agreement between the EU and the UK would come into force at the end of the transition period (31st December 2020, but the transition period could be extended).

Full article: Brexit and data protection – what’s new now?

The post GDPR landscape

With the panic over to ‘comply’ with GDPR, it is seen as becoming more of a day to day compliance matter. Of course, this assumes that organisations have the correct processes embedded in their day to day business and their staff are trained on and aware of the implications. However, there are still many questions around what is the correct approach.

Full article: The post GDPR landscape: Our Findings

1 2 3 54