fbpx

Download free GDPR compliance checklist!

Tag Archives for " opinion "

Andrew Yang proposes that your digital data be considered personal property

The 2020 Democratic presidential candidate Andrew Yang published his latest policy proposal: to treat data as a property right. Announcing the proposal on his website, Yang lamented how our data is collected, used, and abused by companies, often with little awareness or consent from us.

“This needs to stop,” Yang says. “Data generated by each individual needs to be owned by them, with certain rights conveyed that will allow them to know how it’s used and protect it.”

Full article: Andrew Yang proposes that your digital data be considered personal pro

Design considerations for building privacy-protecting analytics services

If data is the new oil, then analytics are the new refinery without which any modern business is unable to make informed decisions.

However, data analytics and privacy are seldom assumed to go together. If media reports and regulatory actions are any indication, services and platforms that utilize or enable analytics have consistently been under scrutiny in terms of meeting reasonable privacy expectations.

Full article: Design considerations for building privacy-protecting analytics services

10 reasons why the GDPR is the opposite of a ‘notice and consent’ type of law

A ‘notice and consent’ privacy law puts the entire burden of privacy protection on the person and then it doesn’t really give them any choice. The GDPR does the opposite of this.

Here are 10 reasons why it is so: 10 reasons why the GDPR is the opposite of a ‘notice and consent’ type of law

EDPS publishes opinion on communication data as personal data

The European Data Protection Supervisor (EDPS) published, on 11 September 2019, the pleading notes before the Court of Justice of the European Union (CJEU) in the joint hearing for case C-623/17 Privacy International, joint cases C-511/18 and C-512/18 La Quadrature du Net and Others, and case C-520/18 Ordre des Barreaux Francophones et Germanophone and Others.

Notes address question whether the IP addresses or other data relating to electronic communications are capable of providing information on the content of communications, what information concerning the private lives of the concerned persons can be obtained from IP addresses or other data relating to electronic communications, as well as whether, and to what extent, it would be possible to limit the retention and the access to electronic communication data while enabling the objectives set out in Article 15(1) of the ePrivacy Directive.

Source: Pleading notes of the European Data Protection Supervisor (EDPS)

Terms, Conditions and Considerations Under the GDPR

With the recent major GDPR cases on Facebook and Google, DPOs at smaller companies are getting worried and challenged in ensuring terms and conditions and privacy notices are not mixed up.

With hundreds of policy templates to choose from one of the difficulties is writing a privacy policy that is not so long that no one can read it, nor so short that it doesn’t cover the bases, but striking the right balance between the unreadable and the unworkable is essential.

Full article: Terms, Conditions and Considerations Under the GDPR – CPO Magazine

Why Bringing Data Privacy Management To The Board Level Will Reduce Data Breaches

Learning from recent breaches and the need for a greater understanding of privacy in the enterprise, it’s time for companies to take a new, proactive approach to data management.

Making data privacy decisions in a silo is no longer enough. Organizations must now implement robust data privacy practices that also involve their board members on an operational and technical level to protect themselves and their customers’ well-being.

Source: Council Post: Why Bringing Data Privacy Management To The Board Level Will Reduce Data Breaches

How long should it take to risk-score a privacy incident?

If you’ve been in the privacy world for any amount of time, you recognize there has been a marked increase in the speed at which our world operates.

New threats to our data are introduced every day. With the expanding scope of what constitutes protected and sensitive data, the number of privacy cases we must manage at any given time is increasing. Privacy professionals are being asked to do more and faster than ever.

Full article: How long should it take to risk-score a privacy incident?

Build an Online Presence Without Giving Up Privacy

Every social network might as well be LinkedIn.

Every hiring manager will do a Google search on your name, most companies keep an eye on your social networks, and in several industries, you’re expected to have an online presence. With all this online performance, is it possible to retain some semblance of privacy?

Source: Opinion | Build an Online Presence Without Giving Up Privacy – The New York Times

Data Scraping – Considering the Privacy Issues

Data scraping is a general term that describes a plethora of Internet-based data retrieval methodologies, used without the permission of the data owner.

Often, businesses think to capture as much data as possible on the off chance the data serves a future use or purpose. This, however, carries the risk that it may go against some of the GDPR’s key principles, purpose limitation and data minimisation.

Full article: Data Scraping – Considering the Privacy Issues

On privacy impact assessment and leaking data of millions of users

Anonymizing location data is hard. If you absolutely need to do this, better consult someone knowledgable.

Privacy impact assessments should not conform to fixed templates. These should be strict, technical analyses.

Full article: On privacy impact assessment and leaking data of millions of users

>