fbpx

Download free GDPR compliance checklist!

Tag Archives for " privacy by design "

Chrome to have more intuitive privacy and security controls

Google have started rolling out new tools and a redesign of Chrome’s privacy and security settings on desktop, to help you control your safety on the web.

With new design it will be easier to:

  • manage cookies,
  • find the most sensitive website permissions in Site Settings,
  • control what data is stored in Google Account and made available across all your devices,
  • clear browsing data as “Clear browsing data” option moved to top of Privacy & Security section.

With our new safety check in settings, you can quickly confirm the safety of your experience in Chrome. Enhanced Safe Browsing gives you more proactive and tailored protections from phishing, malware and other web-based threats. If you’re signed in to Chrome, then Chrome and other Google apps you use (Gmail, Drive, etc.) will further protect you based on a holistic view of threats you encounter on the web and attacks against your Google Account.

Google is also launching Secure DNS, a feature designed to improve your security and privacy while browsing the web.

Source: More intuitive privacy and security controls in Chrome

Apps Checking Covid-19 Symptoms Pose Data Collection Risks

Insurers and health tech companies developing mobile apps to let patients track Covid-19 symptoms and connect with doctors need to be mindful that their data storage practices don’t run afoul of federal and state privacy laws, attorneys said.

Developers of mobile apps and websites aimed at fighting the virus still have to navigate state privacy laws and a host of other regulations, like those from the Federal Trade Commission.

Source: Apps Checking Covid-19 Symptoms Pose Data Collection Risks

ICO Publishes Final Version of Its Age Appropriate Design Code

On January 21, 2020, the UK Information Commissioner’s Office (ICO) published the final version of its Age Appropriate Design Code, which sets out the standards that online services need to meet in order to protect children’s privacy.

The code lists 15 standards that organizations must meet, including requirements to (1) take into consideration the best interests of children, (2) refrain from using children’s personal data in ways that are detrimental to their wellbeing, and (3) ensure that settings are “high privacy” by default.

Source: ICO Publishes Final Version of Its Age Appropriate Design Code

European cities share 10 principles for using citizen data

The guidelines outline key principles for using citizen data responsibly. They were developed with and includes real-world examples from several European cities.

The cities of Bordeaux, Barcelona, Debrecen, Edinburgh, Eindhoven, Florence, Ghent, Helsinki, Manchester, Rijeka and Zaragoza collaborated on the guidelines.

This data is discussed in the context of being traced, collected, measured, stored, used, managed and processed by both public and private entities.

Source: European cities share 10 principles for using citizen data – Smart Cities World

Facebook is building more secure Instagram messaging app 

Facebook is launching Threads, a new camera-first messaging app from Instagram for keeping up with your close friends in a dedicated space.

Facebook claims it is built with privacy in mind, so that you can feel comfortable using the app to communicate with your close friends.

Read more: Privacy Matters: Threads | Facebook Newsroom

Design considerations for building privacy-protecting analytics services

If data is the new oil, then analytics are the new refinery without which any modern business is unable to make informed decisions.

However, data analytics and privacy are seldom assumed to go together. If media reports and regulatory actions are any indication, services and platforms that utilize or enable analytics have consistently been under scrutiny in terms of meeting reasonable privacy expectations.

Full article: Design considerations for building privacy-protecting analytics services

Romanian DPA fines UniCredit €130,000 for data protection by design failures

The National Supervisory Authority for Personal Data Processing (‘ANSPDCP’) announced, on 4 July 2019, that it had fined UniCredit Bank S.A. €130,000 for breach of Article 25(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) relating to the principles of data protection by design and by default.

The ANSPDCP found that failure to implement appropriate technical and organisational measures designed to effectively implement data protection principles and integrate necessary safeguards in the processing of data led to the disclosure of data concerning 300,000 data subjects during the period of 25 May 2018 to 10 December 2018

Source: Romania: ANSPDCP fines UniCredit €130,000 for data protection by design failures

Données & Design: a platform to bring designers together on the topic of GDPR

Données & Design is a platform, created by French data protection authority CNIL, seeking to create spaces for collaboration and discussion for designers to build together user journeys respectful of privacy.

The platform aims at efficiently integrating those considerations in the daily work of designers in order to help them argue their choices and collaborate more effectively on data protection issues with privacy professionals and other members of a project team (DPO, product owner, projects manager…). The platform provides contents explaining and illustrating points of regulation on which designers can intervene.

Source: Données & Design: a platform to bring designers together on the topic of GDPR

Are users’ preferences about privacy relevant?

It is a well-documented fact that many users are willing to share information on social media and other platforms, also when it compromises their privacy.

People do not understand the risks nor the consequences of sharing information on the Internet. Design of privacy in human-computer interfaces therefore suffers from an inherent problem: We cannot base privacy-design on asking questions from users related to user-interfaces.

Full article: Are users’ preferences about privacy relevant? – UX Collective

Interface design: The who/what/where rule

Who/what/where is a simple mnemonic for user interface design. Every time that a user takes an action, there are three things that they need to know: who, what and where:

  • who they are — that is, the identity that they’re using;
  • what action they are taking;
  • where the relevant data is visible, especially to which people on what surfaces.

Read article: Interface design: The who/what/where rule

1 2 3 4
>