Free tools and resources for Data Protection Officers!

Category Archives for "Technology"

EU Parliament publishes study on Blockchain and GDPR

In recent times, there has been much discussion in policy circles, academia and the private sector regarding the tension between blockchains and the European Union’s General Data Protection Regulation (‘GDPR’).

Whereas, the GDPR is based on an underlying assumption that in relation to each personal data point there is at least one the data controller, blockchains make the allocation of responsibility and accountability burdensome.

Further, although the GDPR is based on the assumption that data can be modified or erased where necessary to comply with legal requirements, blockchains, however, render the unilateral modification of data purposefully onerous in order to ensure data integrity and to increase trust in the network.

Source: Blockchain and the General Data Protection Regulation – Think Tank

Alexa users can now disable human review of voice recordings

Amazon has given Alexa users the option to disable human review of their voice recordings, and committed to greater clarity about its use of the strategy in future, but says it will not follow Google and Apple in halting the practice altogether in Europe.

Echo owners, and other users of the company’s virtual voice assistant, can turn off human review in the Alexa privacy page by disabling a setting labelled “help improve Amazon services and develop new features”.

Source: Alexa users can now disable human review of voice recordings | Technology | The Guardian

How hackers can use stolen fingerprints

Hackers could use a stolen fingerprint to break into a fairly rudimentary security system. A more advanced system might be possible, too, if they have lots of time and money at their disposal.

There are multiple ways to fool fingerprint readers. Stolen fingerprints are more helpful to hackers if they also have metadata – associated identities and login information, since two-factor security systems often require both conventional passwords and fingerprint scans.

Full article: How criminals might use stolen fingerprints.

As San Diego increases use of streetlamp cameras raising surveillance concerns

Privacy groups call on elected officials to put surveillance protections in place, warn about the potential for hacking and internal abuses.

San Diego has installed thousands of microphones and cameras in so-called smart streetlamps in recent years as part of a program to assess traffic and parking patterns throughout the city.

The technology over the last year caught the attention of law enforcement last year. But privacy groups have voiced concerns about a lack of oversight as law enforcement has embraced the new technology.

Source: As San Diego increases use of streetlamp cameras, ACLU raises surveillance concerns – Los Angeles Times

Joint statement on global privacy expectations of the Libra network

On August 8, representatives of the global community of data protection and privacy enforcement authorities issued a joint statement on global privacy expectations of the Libra network.

Data protection authorities may individually follow up with Libra with more specific questions as the proposals and service offering develops.

Source: Joint statement on global privacy expectations of the Libra network | European Data Protection Supervisor

Germany investigates Google speech assistance systems

Based on recordings from whistleblowers, the media recently reported that Google’s Home Speech Assistant was used to evaluate acoustic recordings by employees in order to optimize the speech recognition process.

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has initiated an administrative procedure to prohibit Google from carrying out corresponding evaluations by employees or third parties for the period of three months. This is intended to provisionally protect the rights of privacy of data subjects for the time being.

Source: Speech assistance systems put to the test – Data protection
authority opens administrative proceedings against Google

New DPIA on Microsoft Office and Windows software: still privacy risks remaining

Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures.

However, the new privacy conditions for the central Dutch government do not yet apply to the data processing via Windows 10 Enterprise or the mobile Office apps. Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online.

Therefore, SLM Rijk advises government institutions to, for the time being, refrain from using Office Online and the mobile Office apps, and to opt for the lowest possible level of data collection in Windows 10.

Full article: New DPIA on Microsoft Office and Windows software: still privacy risks remaining (long blog)

Facebook Just Paid a $5 Billion Fine for Privacy Breaches. Now it Wants Access to Your Brain.

Facebook is building a headset that can monitor, read and translate your brainwaves and allow users to type just by thinking.

By monitoring and recording the signals generated by a series of multiple-choice questions, the system was able to predict the correct answer with up to 76 percent accuracy.

But Facebook also said that in the near future, the new system could be used to help improve augmented and virtual reality headsets — such as those produced by the Facebook-owned Oculus — allowing users to complete actions such as “select” and “delete” using just their minds.

Full article: Facebook Just Paid a $5 Billion Fine for Privacy Breaches. Now it Wants Access to Your Brain. – VICE

UK Lawmakers To Investigate Facebook Libra Over Privacy

A parliamentary committee worries about Facebook holding financial details on its potentially billions of Libra users.

Damian Collins, chair of the House of Commons’ Digital, Culture, Media and Sport Committee, said, given the company’s past poor record on privacy, he has concerns that Facebook can adequately protect the financial details of its billions of potential Libra users.

Source: UK Lawmakers May Probe Facebook Libra Over Privacy, Fraud – CoinDesk

Websites Using Facebook “Like” Button Are Responsible for User Privacy

The Court of Justice for the European Union has ruled websites embedding the Facebook “like” button are responsible for user privacy.

In Fashion ID v Verbraucherzentrale NRW, the Court stated FashionID can be held jointly responsible with Facebook for compliance with Europe’s data protection rules. Facebook’s tracking technique collects the personal data of visitors to a third-party website and transfers it to Facebook.

Source: Top European Court Rules Companies Using Facebook “Like” Button Are Responsible for User Privacy