Free tools and resources for Data Protection Officers!

Tag Archives for " privacy policies "

Who controls your data?

There is an elephant in the room to address here: Understanding data privacy is fundamentally boring, if not unintelligible, to a regular user.
Privacy policies are the backbone of understanding data rights. They’re also legalese-packed documents that are thousands of words long and describe an infrastructure of data movement that many companies can’t keep track of themselves. To not read them is a basic, wholly understandable human aversion toward ennui.

Full article: Who controls your data?

Apple App Store Privacy Policy to be Updated

App Store rules will oblige developers will have to disclose how users’ personal data is used, safeguarded and shared under a new privacy policy.

In the release posted on the App Store Connect page to announce the new rules Apple did not refer to the new European Union General Data Protection Regulation as an influencing factor behind the changes. However, the amendments seem to mirror the requirements of GDPR.

Source: Apple App Store Privacy Policy to be Updated Following Introduction of GDPR – Compliance Junction

Apps collect more data than disclosed in their privacy policies

Nearly 60 per cent of apps collected more information than declared in their privacy policies according to a recent study that compared the stated practices of hundreds of apps with how they actually behaved.

To generate revenue, app developers often embed software code, known as ad libraries, allowing them to display ads within their app. Because they want to make the ads relevant to individual users, ad libraries often want specific information about those users.

Source: Who has your data? Researchers scrutinize apps for undisclosed ties to advertisers, analytics companies | CBC News

The ethical and legal ramifications of using ‘pseudo-AI’

Pseudo-AI, or human workers performing work eventually intended for an  “artificial intelligence” or supplementing an AI still under development, is a common prototyping practice, necessitated by the inherit difficulty and large datasets necessary to create an AI. The revelation that human beings are regularly performing work customers are lead to believe is automated can have major trust and public-image ramifications, even if the primary service-providing company is unaware. Additionally, there are numerous legal ramifications.

Read full article: The ethical and legal ramifications of using ‘pseudo-AI’

Social site terms tougher than Dickens

Children may be signing up to apps with terms and conditions only university students can understand. The BBC carried out a readability test on 15 sites to work out the education level required to understand these policies and found that all 15 sites had policies that were written at a university reading level, and were more complicated than Charles Dickens’ “A Tale of Two Cities”.

By having a hard to read policies while providing services to children, companies could be breaching European data rules, which require them to clearly spell out how they use personal data.

Source: Social site terms tougher than Dickens – BBC News

AI spots legal problems with tech T&Cs in GDPR research project

An experimental European research project applied machine learning technology to big tech’s privacy policies — to see whether AI can automatically identify violations of data protection law. Project results shows tah the AI was able to automatically flag a range of problems with the privacy policies, like use of unclear language, insufficient information, processing of personal data not in compliance with GDPR requirements,

Source: AI spots legal problems with tech T&Cs in GDPR research project | TechCrunch

Privacy policies of tech giants ‘still not GDPR-compliant’

Consumer group says policies of Facebook, Amazon and Google are vague and unclear Privacy policies from companies including Facebook, Google and Amazon don’t fully meet the requirements of GDPR, according to the pan-European consumer group BEUC.

Source: Privacy policies of tech giants ‘still not GDPR-compliant’

How not to write your GDPR-‘compliant’ data protection notice

GDPR requires companies to have a robust data processing notices. However, “obfuscating their data collection and processing activities on the personal data while using the keywords from the GDPR, some controllers are publishing revised DP policies that under-inform or misinform their customers.”

Read full article: How not to write your GDPR-‘compliant’ data protection notice

1 2 3 8