fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " privacy policies "

OTA Analysis Finds Most Organizations Not Ready For New Privacy Regulations

The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, announced today the results of its latest report, “Are Organizations Ready for New Privacy Regulations?”.

OTA analyzed 29 variables in 1,200 privacy statements against common themes in three major privacy regulations: the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

Source: OTA Analysis Finds Most Organizations Not Ready For New Privacy Regulations | Internet Society

Terms, Conditions and Considerations Under the GDPR

With the recent major GDPR cases on Facebook and Google, DPOs at smaller companies are getting worried and challenged in ensuring terms and conditions and privacy notices are not mixed up.

With hundreds of policy templates to choose from one of the difficulties is writing a privacy policy that is not so long that no one can read it, nor so short that it doesn’t cover the bases, but striking the right balance between the unreadable and the unworkable is essential.

Full article: Terms, Conditions and Considerations Under the GDPR – CPO Magazine

Most EU cookie ‘consent’ notices are meaningless or manipulative

New research into how European consumers interact with the cookie consent mechanisms which have proliferated since a major update to the bloc’s online privacy rules last year casts an unflattering light on widespread manipulation of a system that’s supposed to protect consumer rights.

The study, which looked at how consumers interact with different designs of cookie pop-ups and how various design choices can nudge and influence people’s privacy choices, also suggests consumers are suffering a degree of confusion about how cookies function, as well as being generally mistrustful of the term ‘cookie’ itself.

The researchers conclude that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.

Source: Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds | TechCrunch

Research aims to automatically answer user questions on online privacy policies

Internet users may soon have a way to have their questions about online privacy policies answered automatically, thanks to a new multi-institution research project that includes Penn State. The project aims to enable people to ask questions about the privacy issues that matter to them when reviewing privacy policies.

The researchers will create software in the form of mobile applications, web browser plugins and interactive websites by developing and using algorithms in the areas of natural language processing, machine learning, and knowledge representation and reasoning. The interdisciplinary project aims to reinvent notice and choice — the idea that privacy policies are sufficient because users are given notice about how their information will be used and choices about what they can do in regards to the policy, such as opting out of certain features.

Source: Research aims to automatically answer user questions on online privacy policies | Penn State University

Longer Privacy Policies Are Better?

Everyone knows that most consumers don’t read privacy policies because they’re too long and confusing. Right?

But maybe that’s the wrong way to think about it. Privacy policies are useless from a consumer perspective regardless of whether they’re long or short, said Justin Brookman, director of privacy and technology policy at Consumer Reports.

Full article: Longer Privacy Policies Are Better – And Other Surprising Takeaways From The FTC’s PrivacyCon | AdExchanger

Openly Operated wants to make privacy policies actually mean something

Openly Operated is a set of guidelines for auditing how apps and web services deal with user data, like a combination of a report card and a seal of approval. But it’s also a bid to change the terms of the privacy debate.

An OO-certified app or site must meet three criteria. First, it needs to demonstrate “a basic level of transparency” by making its code and infrastructure — among other things — public and fully documented. Second, it needs to lay out its policy in the form of “claims with proof,” establishing what user data is collected, who can access it, and how it’s being protected. Third, those claims must be evaluated by an OO-certified auditor who then makes the audit results public.

Source: Openly Operated wants to make privacy policies actually mean something – The Verge

Lithuanian DPA launches investigation into D-Link

In response to publicly available information, the Lithuanian data protection authority – State Data Protection Inspectorate – launched an self-initiated inquiry into the allegedly inappropriate processing of personal data by D-Link.

It is feared that D-Link equipment user passwords, browsing history or other information can be accessed by third countries’ servers through D-Link’s devices, allowing profiling and identification of consumers.

State Data Protection Inspectorate also noted that D-Link’s processing activity potentially amounts to a violation of the General Data Protection Regulation’s (GDPR) transparency principle.

Source: State Data Protection Inspectorate Launches D-Link Research | State Data Protection Inspectorate

The New York Times analysed 150 Privacy Policies of popular services

The New York Times analysed 150 Privacy Policies of popular services. The average policy took 18 minutes to finish and required a college-level reading ability.

Despite efforts like the General Data Protection Regulation (GDPR) to make policies more accessible, there seems to be an intractable tradeoff between a policy’s readability and length. Even policies that are shorter and easier to read can be impenetrable, given the amount of background knowledge required to understand how things like cookies and IP addresses play a role in data collection.

As data collection practices become more sophisticated (and invasive), it’s unlikely that privacy policies will become any easier to comprehend.

Read full article: Opinion | We Read 150 Privacy Policies. They Were an Incomprehensible Disaster. – The New York Times

Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

On April 17, 2019, the Dutch Data Protection Authority issued six recommendations for companies, to be taken into account when drafting privacy policies.

The published recommendations follow the Dutch DPA’s investigation of companies’ privacy policies. The investigation focused on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs.

Full article: Dutch DPA Issues Guidelines on Privacy Policies Following Investigation | Privacy & Information Security Law Blog

EDPS: We need to talk about terms and conditions

Terms of service are generally designed to safeguard a service provider against legal challenges.

These terms are not like a memorandum of understanding, trade agreement or a contract established jointly by two more or less equal parties. Rather, they are laid down by the service provider and not open to negotiation. In the EU there are rules protecting the consumer against unfair terms.

Full article: We need to talk about terms and conditions | European Data Protection Supervisor

1 2 3 9
>