Emma’s Diary fined £140,000 for selling personal information for political campaigning | ICO
The data broking company, which provides advice on pregnancy and childcare, sold the information to Experian Marketing Services, a branch of the credit reference agency, specifically for use by the Labour Party. Experian then created a database which the party used to profile the new mums in the run up to the 2017 General Election.

The Labour Party was then able to send targeted direct mail to mums living in areas with marginal seats about its intention to protect Sure Start Children’s centres.
ICO  fine  dataprotection  example  politics  databroker  experian  labourparty  marketing 
6 days ago
Google records your location even when you tell it not to | Technology | The Guardian
To stop Google from saving these location markers, the company says, users can turn off another setting, one that does not specifically reference location information. Called “web and app activity” and enabled by default, that setting stores a variety of information from Google apps and websites to your Google account.

When paused, it will prevent activity on any device from being saved to your account. But leaving “web and app activity” on and turning “location history” off only prevents Google from adding your movements to the “timeline”, its visualization of your daily travels. It does not stop Google's collection of other location markers.
locationdata  google  privacy  dataprotection 
7 days ago
Google, Facebook, Microsoft, and Twitter partner for ambitious new data project - The Verge
In a blog post, Google described the project as letting users “transfer data directly from one service to another, without needing to download and re-upload it.”
facebook  google  data  datatransfer  GDPR 
18 days ago
Dixons Carphone says data breach affected 10 million - BBC News
Dixons Carphone has said a huge data breach that took place last year involved 10 million customers, up from its original estimate of 1.2 million.
databreach  dataprotection  dixons  example  GDPR 
18 days ago
Facebook's Stock Market Pain Is Necessary—And Will Continue
The expectation that Facebook was just going to shrug off Europe’s hard-hitting new General Data Protection Regulation (#GDPR), as well as the privacy scandals that have plagued it through much of the year so far, was way off the mark.
facebook  GDPR  cambridgeanalytica  dataprotection 
18 days ago
How to detect bank fraud with maths - YouTube
Background on how Monzo spotted the TicketMaster data breach
databreach  dataprotection  fraud  personaldata  security  banking 
26 days ago
Microsoft calls for facial recognition technology rules given 'potential for abuse' | Technology | The Guardian
In a blog post on the company’s website on Friday, Microsoft president Brad Smith called for a congressional bipartisan “expert commission” to look into regulating the technology in the US.
facerecognition  facialrecognition  technology  regulation  privacy  Microsoft 
27 days ago
Data Breach reporting webinar
The ICO posts a recording of their data breach reporting webinar on their YouTube channel
ico  databreach  breach  webinar  GDPR  UK 
4 weeks ago
This fitness app lets anyone find names and addresses for thousands of soldiers and secret agents
Polar’s widely used fitness app endangers military personnel, intelligence operatives, and people who work at sites where nuclear weapons are stored.
locationdata  dataprotection  databreach  privacy 
5 weeks ago
CLAUDETTE - Machine Learning Powered Analysis of Consumer Contracts and Privacy Policies
CLAUDETTE, a research project aiming at automation of personal data and consumer law enforcement using machine learning!
AI  innovation  privacy  dataprotection  policies  law  machinelearning  GDPR  research 
5 weeks ago
EU parliament calls for #PrivacyShield to be pulled until US complies | TechCrunch
The parliamentarians’ view is that the data transfer mechanism does not provide the necessary ‘essentially equivalent’ data protection for EU citizens — and should therefore be suspended until US authorities come into compliance.
dataprotection  privacyshield  EU  datatransfer 
5 weeks ago
ICO report: Democracy disrupted? Personal information and political influence (PDF)
This report intends to ‘draw back the curtain’ on how personal information
is used in modern political campaigns.
politics  ICO  research  democracy  dataprotection  cambridgeanalytica  facebook  advertising 
5 weeks ago
Data Breach Reporting webinar | ICO | 12pm 19 July
On Thursday 19 July, we will be hosting a webinar on Data Breach Reporting. It’s aimed at Data Controllers and will give advice and guidance on how and when to report security breaches to the ICO

We will also share our experience of the first few weeks of breach reporting under the GDPR, and respond to some frequently asked questions.
databreach  GDPR  ICO  guidance 
6 weeks ago
Data Democracy workshop | Meetup
You will be given instructions on how to request your data from organisations that include the Home Office, the NHS and Facebook, hopefully highlighting how much of your data is available to you, and prompting you to ask the question ‘what do I do with all this?’
event  government  data  subjectaccessrequests 
6 weeks ago
HMRC takes 5 million taxpayers’ Voice IDs without consent – Big Brother Watch
Millions of callers to HMRC have been required to repeat the phrase, “My voice is my password” on an automated line before being able to access services. Big Brother Watch said taxpayers are being “railroaded into a mass ID scheme” as they are not given the choice to opt in or out, in a scheme that experts say breaches UK data protection laws.
surveillance  GDPR  privacy  voice  security  HMRC  example  UK  biometrics 
7 weeks ago
Data Rights Finder
Data Rights Finder helps you understand how organisations use data. It guides you through making requests to change how data about you is used.

We have information for the main banks, insurance providers, comparison websites, and financial services organisations.
GDPR  privacy  policies  banking  rights  tool  technology 
7 weeks ago
Amazon made a special version of Alexa for hotels with Echo speakers in their rooms - The Verge
Amazon says that “soon,” users will be able to temporarily link their own Amazon account with Echos that are running Alexa for Hospitality. That way you’ll have access to your music subscription from Amazon Music or Spotify or your audiobooks from Audible. “When a guest checks out, Alexa for Hospitality automatically disconnects their Amazon account from the in-room device.”
amazon  voice  technology  dataprotection  privacy  hotel  alexa 
8 weeks ago
US mobile carriers cut off flow of location data to brokers | AP News | #privacy
Verizon, AT&T, Sprint and T-Mobile have pledged to stop providing information on U.S. phone owners’ locations to data brokers, stepping back from a business practice that has drawn criticism for endangering privacy.

None of the carriers said they are getting out of the business of selling location data. The carriers together have more than 300 million U.S. subscribers.
surveillance  dataprotection  US  mobile  marketing  advertising  locationdata  privacy 
8 weeks ago
BT fined £77,000 by the ICO for five million spam emails | ICO
The investigation found that the company did not have customers’ consent to send direct marketing emails. This is against the law.
The 4.9 million emails were sent between December 2015 and November 2016 promoting three charity initiatives: the BT ‘My Donate’ platform, Giving Tuesday and Stand up to Cancer.
spam  fine  example  email  PECR  BT  marketing  charities  fundraising  ICO 
8 weeks ago
ICO statement in response to Dixons Carphone breach announcement | ICO
ICO deciding whether to treat the Dixons breach under the 1998 or 2018 Data Protection Act
dataprotection  databreach  ICO  security  regulation  GDPR 
9 weeks ago
ICO Consultation: Children and the GDPR guidance
Children need particular protection when you are collecting and processing their personal data because they may be less aware of the risks involved.
children  guidance  ICO  GDPR 
9 weeks ago
Privacy notice | ICO
This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.

This notice is layered. So, if you wish, you can easily select the reason we process your personal information and see what we do with it.
privacy  ICO  example  policy 
10 weeks ago
Vermont Passes First-of-Its-Kind Law to Regulate Data Brokers
Earlier this week, Vermont became the first state in the nation to enact a law that will regulate data brokers that buy and sell personal information in an attempt to add a new layer of accountability to the massive, data-trading companies that often operate without much oversight.
marketing  advertising  US  Vermont  law  legislation  regulation 
10 weeks ago
IAB Europe plans independent board to govern GDPR framework - Digiday
The Interactive Advertising Bureau Europe plans to establish an independent, nonprofit board of cross-industry stakeholders to govern the industry standard it devised for compliance with the General Data Protection Regulation.

The plan is to give publishers, agencies, ad tech vendors and advertisers equal representation in voting on issues that arise as businesses start to comply with the IAB Europe and IAB Tech Lab’s Transparency & Consent Framework.
advertising  marketing  IAB  GDPR  privacy  dataprotection  business 
10 weeks ago
Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage — Krebs on Security
MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users.
databreach  example 
10 weeks ago
ICANN's Pre-emptive Attack On The GDPR Thrown Out By Court In Germany | Techdirt
EPAG therefore built a new domain registration system with "consent management processes", and a data flow "aligned with the GDPR's principles". ICANN was not happy with this minimalist approach, and sought an injunction in Germany in order to "preserve Whois data" -- that is, to force EPAG to collect those administrative and technical contacts.
ICANN  GDPR  legalcase  germany  example 
10 weeks ago
Sorry – but yet another #GDPR messag by @CeriStanaway
From dire warnings about missing out on awesome deals, to desperate and repeated pleas to not to leave, I reckon many companies have misjudged their GDPR messages.
GDPR  consent  email  marketing 
10 weeks ago
ICO resources: Communicating the importance of information security to staff [PDF]
The ICO has created a suite of posters to help your staff take extra care when sharing work information. The posters cover some of the most common mistakes we see, including sending information to the wrong recipient, leaving work documents in public view or not appropriately disposing of information.

The posters are available to use within your organisation, and can be printed at A4 or A3 sizes.

Further Reading
resources  training  posters  ICO  education 
10 weeks ago
Facebook Gave Device Makers Deep Access to Data on Users and Friends - The New York Times
Data-sharing agreements allow manufacturers access to religion, political leaning, upcoming events and even information on friends that have specifically refused data sharing with third-parties, according to the Times
privacy  consent  datatransfer  facebook  personaldata 
11 weeks ago
TSB letter error 'may have broken law' - BBC News
TSB has been including other people's details in letters sent to customers about its recent IT problems
databreach  personaldata  banking 
11 weeks ago
AI Has a Big Privacy Problem And Europe's GDPR Is About to Expose It | Fortune
“Big data challenges purpose limitation, data minimization and data retention–most people never get rid of it with big data,” said Edwards. “It challenges transparency and the notion of consent, since you can’t consent lawfully without knowing to what purposes you’re consenting… Algorithmic transparency means you can see how the decision is reached, but you can’t with [machine-learning] systems because it’s not rule-based software.”
data  privacy  AI  GDPR  machinelearning  technology  innovation  dataprotection 
11 weeks ago
Axel Springer counters Google with its own consent management tool - Digiday
The German digital media group, which owns Business Insider, Bild and Welt, has spent the last 18 months developing a GDPR consent management tool, which can also be adapted to address cookie-consent requirements under the pending ePrivacy Regulation once it is finalized, according to the publisher.
cookies  GDPR  publishing  privacy  axelspringer  google  consent  innovation  technology 
11 weeks ago
European Commission rejects Government’s approach for personal data transfers as ICO doubts the UK will obtain an adequacy decision - Hawktalk
Michel Barnier, speaking at the 28th Congress of the International Federation for European Law (24 May) rejected the UK’s bespoke data protection deal. He said that the problem was that “It is the United Kingdom that is leaving the European Union. It cannot, on leaving, ask us to change who we are and how we work”.
GDPR  UK  dataprotection  legislation  government  policy  EU 
11 weeks ago
GDPR attacks: First Google, Facebook, now activists go after Apple, Amazon, LinkedIn | ZDNet
La Quad's offensive has been a long time coming. Six weeks ago, it started inviting people to join its collective complaints, and over that time it got more than 12,000 people to sign up. According to operations coordinator Myriam Michel, each complaint has around 9,000 to 10,000 names attached to it.
legalaction  france  GDPR  linkedin  Apple  amazon 
11 weeks ago
Google, Facebook hit with serious GDPR complaints: Others will be soon | ZDNet
So Schrems's organization has made a series of four complaints with four different European privacy regulators, to make sure there is a coordinated investigation.

The first, over Android's "forced consent", was filed in France. Facebook is being complained about in Austria and its subsidiaries, WhatsApp and Instagram, are being targeted in north-German city Hamburg, and Belgium respectively.
maxschrems  GDPR  complaints  legalaction  privacy  google  facebook 
11 weeks ago
Google Facebook Face GDPR Privacy Complaints on 1st Day | Fortune
According to Schrems and his NOYB group, Google and Facebook are railroading users in this way.

“Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the ‘agree’ button–that’s not a free choice; it more reminds of a North Korean election process,” said Schrems in a statement. “Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases.”
GDPR  dataprotection  maxschrems  facebook  google  privacy 
11 weeks ago
Framework for the UK-EU Partnership Data Protection - GOV.UK
This presentation is part of a series produced by the UK negotiating team for discussion with the EU, in order to inform the development of the future framework.

It focuses on the UK’s proposals for the free flow of personal data between the UK and the EU.
dataprotection  GDPR  policy  brexit  EU  UK 
12 weeks ago
Data Protection Act 2018 - GOV.UK
The legislation that implements GDPR into UK law receives royal assent just in time
UK  dataprotection  legislation  GDPR 
12 weeks ago
Facebook vs. Democracy by Stanford CDDRL | on SoundCloud
Francis Fukuyama in conversation with Frederic Filloux (Monday Note)on the latest development regarding social network platforms and democracy
democracy  facebook  dataprotection  privacy  technology  innovation  policy  politics 
may 2018
European news sites are among the worst offenders when it comes to third-party cookies and content » Nieman Journalism Lab
Major news sites in seven countries averaged 81 third-party cookies per page, compared to 12 for other popular websites.
publishing  cookies  dataprotection  privacy  marketing 
may 2018
Huge new Facebook data leak exposed intimate details of 3m users | New Scientist
Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found.
facebook  privacy  dataprotection 
may 2018
IBM Executives Press U.S. Lawmakers Not to Adopt EU Privacy Law - Bloomberg
via @superglaze - More than 100 IBM executives will descend on Capitol Hill this week with a simple message for policy makers: don’t bring Europe’s new privacy regulations to the U.S.
GDPR  US  IBM  government  privacy 
may 2018
ISO/PC 317 - Consumer protection: privacy by design for consumer goods and services
Standardization in the field of consumer protection: privacy by design for consumer goods and services
privacy  standards  ISO  consumerprotection 
may 2018
How will GDPR affect prospect research? | Charity Digital News
One of the biggest GDPR questions for fundraisers relates to researching major donors and what constitutes an invasion of privacy. Andrew Cross at Lightful explains how GDPR will affect current practices.
charities  fundraising  GDPR  dataprotection 
may 2018
« earlier      
#gdpr a able accident. advertising advice ai alexa amazon an analytics and android apple archives article29 awareness aws axelspringer b2b banking be belgium berlin biometrics blockchain book breach brexit browsers bt business cambridgeanalytica captcha cctv charities children china chrome communications complaints compliance conference confidentiality consent consultation consumerprotection cookies coppa corporateresponsibility culture data databreach databroker dataminimisation datamining dataprotection datascience datasharing datatransfer dcms decentralisation demo democracy digital digitalrights dixons dma document documentation driver duckduckgo education eff email emergency enforcement eprivacy equifax eu event example experian experiment facebook facerecognition facialrecognition fax fcc fedex feedback fine fitted frameworks france fraud from ftc fundraising games gdpr germany gmail google government gps guidance guide has health hmrc hotel humanrights iab ibm icann ico identity if image_recognition in india infographic inform innovation internet investigation iot iphone iso italian italy journalism judgement jurisdiction labourparty law lawenforcement legalaction legalcase legislation linkedin locationdata machinelearning machinereadable mailchimp management marketing maxschrems microsoft mobile month_ mps my ncsc new next ngo nhs nonprofit nsa nspcc omgdpr openconsent openrights opensource org p3p palantir parliament paypal pecr personaldata photography plates poland policies policing policy politics posters privacy privacyshield processing project prosecution prototypes publishing records reddit reference regulation research resources responsibledisclosure rights russia safety sales screens_ search security sent services skype smallbusiness smart smartwatches software spam speech staffdata standards starting strategy strava subjectaccessrequests surveillance technology the thirdparties to tool tools toys tracking training transmitters. transparency trial trust typeform uber uk us userexperience ux vehicles vermont voice vulnerability w3c webinar whatsapp whistleblowing whois will windows10 with wordpress

Copy this bookmark: