Tag Archives for " privacy by design "

Am I logged in or not? GDPR case study on the example of Chrome browser change

Starting with Chrome 69, when you log into a Google service (GMail, or so), Google Chrome is effectively logging you into the browser. This change apparently “solves” the hypothetical issue of user confusion: “am I logged into the system or into the browser?” And at the same time is creating others.

Full article: Am I logged in or not? GDPR case study on the example of Chrome browser change

It Shouldn’t Take GDPR to Prioritize Privacy by Design

With GDPR now live, Privacy by Design (PbD) has taken center stage, as the landmark 99-article legislation requires companies serving EU residents to adhere to its principles. PbD’s journey from being a niche obsession of techies to a foundational element of arguably the most-discussed privacy regulation in history contains valuable lessons about why brands need to incorporate privacy into every digital product or service of theirs that touches the consumer, not just for GDPR-compliance purposes but to provide a great customer experience and mitigate against breaches and cyber attacks as best as a company can in today’s times.

Full article: It Shouldn’t Take GDPR to Prioritize Privacy by Design

Privacy: A Quick Overview for App Designers

Privacy by design and by default is something that all developers will have learn. Here are some basic points app designers should know and take into consideration:

  • Privacy isn’t scary: it’s an opportunity to earn people’s trust.
  • This is about how we handle personal data.
  • Some data are sensitive, and we need explicit consent before collecting them.
  • System permissions for apps are not the same as explicit consent.
  • Everyone is entitled to certain privacy rights: to be informed (Notice), to see the data we collect (Access), to take their data elsewhere (Portability), and to have their data corrected or deleted (Right to Be Forgotten).
  • Here are some design patterns we can use to respect people’s privacy in our mobile apps.

Source: Privacy: A Quick Overview for App Designers – Prototypr

Sidewalk Toronto commits to Privacy by Design principles amid citizen concerns

Members of the Sidewalk Toronto team echoed the principles of Privacy by Design, the framework of Ryerson University’s expert in residence Ann Cavoukian.

The former Information and Privacy Commissioner of Ontario is an adviser to the project’s privacy policy development as it works through a lengthy public consultation phase for a project that is in many ways the first smart city development of its kind.

Source: Sidewalk Toronto commits to Privacy by Design principles amid citizen concerns | IT World Canada News

Privacy by Design: Building a Privacy Policy People Actually Want to Read

Article 12 of GDPR mandates that privacy notices be “concise, transparent, intelligible and easily accessible”.

Legal design is not just a nice to have in the context of privacy; it’s actually a regulatory imperative. With this mandate, the team at Juro set out with a simple aim: design a privacy policy that people would actually want to read.

Source: Privacy by Design: Building a Privacy Policy People Actually Want to Read

EDPS launches ‘Privacy by Design’ contest for health apps

The European Data Protection Supervisor (EDPS) has announced the launch of a contest to design mobile health (m-health) applications implementing “privacy by design and by default” principles.

The aim is to create best practices that may constitute a reference for privacy-friendly development of mobile apps and give users more control over their personal information. Participants are challenged to develop a useful and user-friendly m-health application at the forefront of the implementation of the data protection by design and by default principle, as required under the GDPR. The deadline for submissions is the end of June.

Source: EDPS launches ‘Privacy by Design’ contest for m-health apps – Telecompaper

What privacy pros can learn from the Facebook-Cambridge Analytica revelations

Data lifecycle practices have appeared as standard issues on third-party risk-management checklists for years, particularly in regard to privacy and data monetization.

Privacy pros have been asking good questions, and drafting provisions to cover data collection minimization, use limitations, and secure deletion, but have we thoroughly thought through the potential for third party exploitation of the data, and are we doing enough to monitor and enforce these commitments after the contracts are signed?

Source: What privacy pros can learn from the Facebook-Cambridge Analytica revelations

Data protection impact assessments and data protection by default and by design

In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation.

This fourth installment in the 10-part series addresses privacy risk analysis, including, importantly, formalized risk management processes such as data protection impact assessments (known as DPIAs), as well as the newly legislated principles of data protection by default and by design.

Source: Top 10 Operational Responses to the GDPR – Part 4: Data protection impact assessments and data protection by default and by design

>