fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " opinion "

Inherently identifiable: Is it possible to anonymize health and genetic data?

Nearly 25 million people have taken an at-home DNA testing kit and shared that data with one of four ancestry and health databases.

With this proliferation of genetic testing and biometric data collection, there should be an increased scrutiny of the practices used to deidentify this data. Biometric data, namely genetic information and health records, is innately identifiable.

But can biometric data ever truly be anonymized, what are the methods of deidentification and best practices, and the current state of biometric data under the EU General Data Protection Regulation?

Full article: Inherently identifiable: Is it possible to anonymize health and genetic data?

Consumer Data Privacy Rights: Emerging Tech Blurs Lines

Data privacy is a fundamental right for Americans – but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.

Lawmakers for their part are taking steps to enforce regulatory efforts for data privacy – but still have a long way to go.

Full article: Consumer Data Privacy Rights: Emerging Tech Blurs Lines | Threatpost

UK’s DPA: police should think over live facial recognition technology

How far should we, as a society, consent to police forces reducing our privacy in order to keep us safe?

The current combination of laws, codes and practices relating to live facial recognition (LFR) will not drive the ethical and legal approach that’s needed to truly manage the risk that this technology presents.

The absence of a statutory code that speaks to the specific challenges posed by LFR will increase the likelihood of legal failures and undermine public confidence in its use.

Full article: Blog: Live facial recognition technology – police forces need to slow down and justify its use | ICO

EDPB Issues Final Guidelines on ‘Necessary for the Performance of a Contract’ Legal Basis

The European Data Protection Board has issued issued final guidelines on the “necessary for the performance of a contract” legal basis for processing data under the General Data Protection Regulation (GDPR).

To use this legal basis, you need to show:

  • The processing is carried out in the context of a valid contract with the individual.
  • The purpose for the processing in question is clearly specified and communicated to the relevant individual, in line with the company’s purpose limitation and transparency obligations (even if not in the body of the contract).
  • The processing needs to be objectively necessary to achieve this particular purpose.
  • There are no realistic, less intrusive processing alternatives.

Source: EDPB Issues Final Guidelines on ‘Necessary for the Performance of a Contract’ Legal Basis

EBF publishes proposals on Cyber incident reporting

In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, The European Banking Federation (EBF) published its proposals on cyber incident reporting.

In particular EBF makes the following proposals for supervisors and regulators:

  • Establish a central reporting and coordination hub in each Member State;
  • Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;
  • Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;
  • Further involve national CERTs in information sharing;
  • Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.

Full report: EBF position on Cyber incident reporting

Tech firms know more about us than any spy agency says ex-GCHQ chief

Big internet firms know more about the lives of private individuals than any intelligence agency ever has and that is a dangerous threat to democracy, the former head of the spy agency GCHQ has said.

“The big revelation over the last couple of years has been not about government intelligence agencies, it’s been about the private sector. It is about the internet companies knowing more about me, you, everyone in the hall than any intelligence agency ever could or should know about us.”

Source: Tech firms know more about us than any spy agency – ex-GCHQ chief | UK news | The Guardian

Andrew Yang proposes that your digital data be considered personal property

The 2020 Democratic presidential candidate Andrew Yang published his latest policy proposal: to treat data as a property right. Announcing the proposal on his website, Yang lamented how our data is collected, used, and abused by companies, often with little awareness or consent from us.

“This needs to stop,” Yang says. “Data generated by each individual needs to be owned by them, with certain rights conveyed that will allow them to know how it’s used and protect it.”

Full article: Andrew Yang proposes that your digital data be considered personal pro

Design considerations for building privacy-protecting analytics services

If data is the new oil, then analytics are the new refinery without which any modern business is unable to make informed decisions.

However, data analytics and privacy are seldom assumed to go together. If media reports and regulatory actions are any indication, services and platforms that utilize or enable analytics have consistently been under scrutiny in terms of meeting reasonable privacy expectations.

Full article: Design considerations for building privacy-protecting analytics services

10 reasons why the GDPR is the opposite of a ‘notice and consent’ type of law

A ‘notice and consent’ privacy law puts the entire burden of privacy protection on the person and then it doesn’t really give them any choice. The GDPR does the opposite of this.

Here are 10 reasons why it is so: 10 reasons why the GDPR is the opposite of a ‘notice and consent’ type of law

EDPS publishes opinion on communication data as personal data

The European Data Protection Supervisor (EDPS) published, on 11 September 2019, the pleading notes before the Court of Justice of the European Union (CJEU) in the joint hearing for case C-623/17 Privacy International, joint cases C-511/18 and C-512/18 La Quadrature du Net and Others, and case C-520/18 Ordre des Barreaux Francophones et Germanophone and Others.

Notes address question whether the IP addresses or other data relating to electronic communications are capable of providing information on the content of communications, what information concerning the private lives of the concerned persons can be obtained from IP addresses or other data relating to electronic communications, as well as whether, and to what extent, it would be possible to limit the retention and the access to electronic communication data while enabling the objectives set out in Article 15(1) of the ePrivacy Directive.

Source: Pleading notes of the European Data Protection Supervisor (EDPS)

1 2 3 65
>