fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " privacy by design "

Romanian DPA fines UniCredit €130,000 for data protection by design failures

The National Supervisory Authority for Personal Data Processing (‘ANSPDCP’) announced, on 4 July 2019, that it had fined UniCredit Bank S.A. €130,000 for breach of Article 25(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) relating to the principles of data protection by design and by default.

The ANSPDCP found that failure to implement appropriate technical and organisational measures designed to effectively implement data protection principles and integrate necessary safeguards in the processing of data led to the disclosure of data concerning 300,000 data subjects during the period of 25 May 2018 to 10 December 2018

Source: Romania: ANSPDCP fines UniCredit €130,000 for data protection by design failures

Données & Design: a platform to bring designers together on the topic of GDPR

Données & Design is a platform, created by French data protection authority CNIL, seeking to create spaces for collaboration and discussion for designers to build together user journeys respectful of privacy.

The platform aims at efficiently integrating those considerations in the daily work of designers in order to help them argue their choices and collaborate more effectively on data protection issues with privacy professionals and other members of a project team (DPO, product owner, projects manager…). The platform provides contents explaining and illustrating points of regulation on which designers can intervene.

Source: Données & Design: a platform to bring designers together on the topic of GDPR

Are users’ preferences about privacy relevant?

It is a well-documented fact that many users are willing to share information on social media and other platforms, also when it compromises their privacy.

People do not understand the risks nor the consequences of sharing information on the Internet. Design of privacy in human-computer interfaces therefore suffers from an inherent problem: We cannot base privacy-design on asking questions from users related to user-interfaces.

Full article: Are users’ preferences about privacy relevant? – UX Collective

Interface design: The who/what/where rule

Who/what/where is a simple mnemonic for user interface design. Every time that a user takes an action, there are three things that they need to know: who, what and where:

  • who they are — that is, the identity that they’re using;
  • what action they are taking;
  • where the relevant data is visible, especially to which people on what surfaces.

Read article: Interface design: The who/what/where rule

Privacy UX: Better Cookie Consent Experiences

With the advent of the EU General Data Protection Regulation (GDPR) in May 2018, the web has turned into a vast exhibition of consent pop-ups, notifications, toolbars, and modals.

While the intent of most cookie-related prompts is the same — to get a user’s consent to keep collecting and evaluating their behavior the same ol’ way they’ve been doing for years — implementations differ significantly, often making it ridiculously difficult or simply impossible for customers to opt out from tracking.

Full article: Privacy UX: Better Cookie Consent Experiences

Study shows programmers will take the easy way out and not implement proper password security

In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy way out and write code that stores user passwords in an unsafe manner.

For their study, the German academics asked a group of Java programmers to write a user registration system for a fake social network. The results show that the level of understanding of what “secure passwords” mean differs greatly in the web development community.

Paying developers higher rates didn’t help considerably, researchers said. However, the research team found that giving programmers specific instructions to implement a secure password storage system did yield better results than not saying anything at all and then expecting developers to think of security by themselves.

Source: Study shows programmers will take the easy way out and not implement proper password security | ZDNet

Designing Welcome Mats to Invite User Privacy

The way we design user interfaces can have a profound impact on the privacy of a user’s data. It should be easy for users to make choices that protect their data privacy. But all too often, big tech

Full article: Designing Welcome Mats to Invite User Privacy | Electronic Frontier Foundation

US to Help Define New International Standard for Consumer Privacy by Design

Defining international standards for privacy is critical for the future of global commerce. To support this cause, many of America’s leading companies and government agencies are collaborating to help define the new international standard for “Consumer Protection: Privacy by Design”.

The standard will be part of ISO Project Committee 317. As one of 12 countries with Participant status in ISO/PC 317, the United States will be represented by its Technical Advisory Group (TAG), administered by the American National Standards Institute (ANSI) in partnership with the OASIS standards and open source consortium. Members of the U.S. TAG represent America’s leading companies and government agencies committed to privacy rights for consumers.

Source: U.S. to Help Define New International Standard for Consumer Privacy by Design | OASIS

ICO to help business with innovation and Privacy by Design

The UK’s data protection authority – Information Commissioner’s Office – will set up a Regulators’ Business and Privacy Innovation Hub to support businesses, with other regulators, to comply and understand privacy and data protection – for example by helping them to build privacy in right from the start in innovative products and services.

The Hub will work alongside the ICO’s Regulatory Sandbox – an initiative to create a safe space where organisations are supported to develop innovative products and services using personal data in innovative ways.

Source: ICO to help business with innovation and Privacy by Design – Privacy Laws & Business

>