Kids’ apps are filled with manipulative ads, according to a new study - Vox
22 US consumer and public health advocacy groups have asked the Federal Trade Commission to investigate children's apps that "routinely lure young children to make purchases and watch ads".
privacy  regulation  advertising  marketing  children  US  FTC 
8 days ago
Senator's data privacy law draft could put CEOs in jail for lying - CNET
The bill would apply to companies that bring in  more than $50 million in revenue and have personal information on more than 1 million people.

The bill would also require companies to submit an annual data protection report, similar to how companies like Google and Apple voluntarily release transparency reports on government demands. The report would need to be signed by CEOs, who could face up to 20 years in prison if they lie to the FTC.
US  dataprotection  legislation  business  privacy 
8 days ago
Russia: Now everyone who uses a messaging app must be identifiable | ZDNet
New decree means messaging services will have to check users' registration data with their mobile operator.
encryption  Russia  privacy  freedomofspeech  surveillance  messaging  government  legislation  identity 
8 days ago
High Court: data protection law and the right to know why a bank account was frozen and then closed
When the Customer sent a letter before claim to the Bank it included a DSAR. He subsequently issued a claim against the Bank which included a claim for breach of the DPA for failure to respond adequately to the DSAR. The Bank then made an application to have the DPA claim struck out or summarily dismissed. 
example  GDPR  DPA2018  legalcase  subjectaccessrequests  banking 
11 days ago
GDPR, Data Portability and Data About Multiple People - report - @projectsbyif
Data portability represents an opportunity for new products and services, but also raises some difficult questions – questions we don’t think companies or governments are thinking about deeply enough yet. This offers an opportunity for those who do to develop a competitive advantage.
report  dataportability  regulation  design  dataprotection  technology  products  GDPR 
11 days ago
U.S. Privacy Bill
Intel's AI and Privacy Policy Team has felt inspired to draft a bill for privacy regulation, and is inviting comment as an experiment in participatory democracy
US  privacy  regulation  Intel  proposal  dataprotection  personaldata 
11 days ago
The French #DPA @CNIL list of personal data processing activities that always require a #DPIA via @finck_m
Délibération n° 2018-327 du 11 octobre 2018 portant adoption de la liste des types d'opérations de traitement pour lesquelles une analyse d'impact relative à la protection des données est requise | Legifrance
DPIA  CNIL  dataprotection  GDPR  guidance 
11 days ago
AI lie detector tests to get trial run at EU airports | CNN Travel
The technology has been tested in its current form on only 32 people, and scientists behind the project are hoping to achieve an 85% success rate
security  EU  facialrecognition  AI 
12 days ago
Exame Informática | CNPD: Hospital do Barreiro multado em 400 mil euros por permitir acessos indevidos a processos clínicos
CNPD: Hospital do Barreiro fined €400,000 for allowing improper access to clinical processes via @superglaze
GDPR  fine  example  Portugal  healthcare  security  CNPD 
23 days ago
Apple CEO Tim Cook Slams Tech's Data Industrial Complex. He's Right To | Fortune
Not for the first time, the Apple CEO took aim at his Silicon Valley peers and what he calls the “data-industrial complex.” According to Cook, people’s personal data is being “weaponized” with “military efficiency,” and technology is being used to deepen divisions and “undermine our sense of what is true and what is false.”
Apple  TimCook  dataprotection  surveillance  siliconvalley  privacy 
24 days ago
Irish Twitter Probe Seen as Test Case for EU Privacy Rules | Bloomberg Law
An Irish probe into Twitter Inc.'s data disclosure practices may set the bar for what type of personal data U.S. companies must turn over to consumers under the EU’s privacy regime.
twitter  GDPR  privacy  dataprotection  IDPC  Ireland  legalcase 
25 days ago
The urgent case for a new ePrivacy law | European Data Protection Supervisor
The Commission decided to propose reforms in two steps, first GDPR, and then ePrivacy (see Recital 173 of the GDPR). Without the ePrivacy rules applying to all providers of electronic communications, these service providers may argue that there is no need to ask permission  - consent - from individuals to use their most private information.  This is precisely the uncertainty which must be avoided. We cannot put data controllers in a position where they are required to apply simultaneously a modernised data protection regulation alongside outdated and fragmented rules on communications data which were designed to regulate a market and communication technologies which have changed beyond recognition in the last 17 years.
law  privacy  eprivacy  GDPR  legislation  EU  dataprotection 
25 days ago
How smartphone apps track users and share data
A peer-reviewed study of almost 1m Android apps has revealed how data from smartphones are harvested and shared, with nearly 90 per cent of apps set up to transfer information back to Google.
android  privacy  google  datasharing  apps  technology  research  smartphones  mobile 
25 days ago
How An Amateur Rap Crew Stole Surveillance Tech That Tracks Almost Every American
Cops alleged Da Boss and his co-conspirators had access to the Holy Grail for any Internet-age scam artist: a surveillance technology that police and debt collectors use to track most of the United States’ 325 million inhabitants via their Social Security numbers, license plates, address histories, names and dates of birth… It’s [also used by] private companies carrying out background checks. Private investigators use it to track cheating spouses. But in the wrong hands it can be used to steal the identity of almost anyone in America. And Da Boss and his crew got access to it.
technology  fraud  surveillance  crime  US  example 
4 weeks ago
Facebook hack affected 3 million in Europe, first big test for GDPR
Approximately 3 million Europeans were affected by a September Facebook security breach in which users' personal information was stolen, the Irish Data Protection Commission told CNBC on Tuesday.
facebook  databreach  GDPR  Ireland  IDPC  security 
4 weeks ago
First GDPR fine issued by Austrian data protection regulator, Gernot Fritz via @connectedrights
The entrepreneur had installed a CCTV camera in front of his establishment that also recorded a large part of the sidewalk. The DSB found this act to be in violation of the GDPR, as large-scale monitoring of public spaces is not permitted under the GDPR. Apparently the camera was also not sufficiently marked as conducting video surveillance, meaning that the applicable transparency obligations had not been fulfilled.
GDPR  fine  Austria  DSB  CCTV  surveillance 
4 weeks ago
This new book looks good - Strategic Privacy by Design by R. Jason Cronk
A new handy guide to implementing privacy by design, written from a practitioner's perspective.
book  privacy  privacybydesign  design  strategy  guide  dataprotection  security  methodology 
4 weeks ago
Google's email-scanning move could impact app developers, startups
The tech company may be providing bolstered data security to its users with its choice; however, policy professionals believe the data restrictions will harm innovation and give Google and other large tech companies more power over smaller entities.
gmail  apps  technology  google  innovation  startups 
4 weeks ago
Privacy International | Data Protection Guide
The Keys to Data Protection: A guide for policy engagement on data protection
guide  dataprotection  privacy  international 
4 weeks ago
Heathrow Airport Limited fined £120,000 for serious failings in its data protection practices | ICO
On 16 October 2017 a member of the public found a USB memory stick, which had been lost by a HAL employee. The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected.

Although the amount of personal and sensitive personal data held on the stick comprised a small amount of the total files, of particular concern was a training video which exposed ten individuals’ details including names, dates of birth, passport numbers, and the details of up to 50 HAL aviation security personnel.

The stick was passed to a national newspaper which took copies of the data before giving the stick back to HAL.
example  fine  BA  ICO  databreach  security  personaldata 
4 weeks ago
Now for Rent: Email Addresses and Phone Numbers for Millions of Trump Supporters - The New York Times
Federal election law allows campaigns and political action committees to sell or rent their lists, provided that the payments received are fair market value.
privacy  trump  dataprotection  marketing  US  politics 
4 weeks ago
Privacy Register: an intentionally simple privacy management system
Privacy Register is a simple privacy management system built on the idea that GDPR privacy registers should be standardised and open.
privacy  GDPR  dataprotection  software  technology  innovation  tools 
5 weeks ago
Twitter Is Being Formally Investigated Following a GDPR Complaint | Fortune by @superglaze
Twitter is being investigated by Irish privacy authorities over its refusal to give a user information about how it tracks him when he clicks on links in tweets.
twitter  GDPR  lawenforcement  privacy  tracking 
5 weeks ago
Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+
At the beginning of this year, we started an effort called Project Strobe—a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access. This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.  

We’re announcing the first four findings and actions from this review today.
google  security  privacy  auditing  dataprotection  APIs 
5 weeks ago
California Governor Approves Bills Tightening Security, Privacy of IoT Devices
Both require manufacturers of connected devices to equip them with a “reasonable security feature or features” that are appropriate to their nature and function, and the information they may collect, contain or transmit — and are designed to protect the device and its information from “unauthorized access, destruction, use, modification or disclosure.”
IoT  California  law  security  legislation  privacy 
6 weeks ago
South African phones targeted by notorious ‘governments only’ spyware | News | National | M&G
Electronic devices infected with Pegasus, a notorious spyware program sold only to governments, have been discovered in South Africa. The spyware, developed by Israeli cyber warfare firm NSO Group, has been used to target journalists and human rights activists across the world.
spyware  security  government  surveillance  southafrica 
6 weeks ago
Cybersecurity Roundup: October 2, 2018 | Violet Blue on Patreon
Includes detailed discussion of the consequences of Facebook's data breach, affecting 50 million accounts (thanks, @violetblue )
facebook  databreach  security  dataprotection 
6 weeks ago
Security Update | Facebook Newsroom
Facebook discloses a data breach affecting tens of millions of people. If you were unexpectedly forced to re-login to Facebook today, you may be one of them.
personaldata  databreach  facebook 
7 weeks ago
ICO takes action for failure to pay new data protection fee | ICO
34 notices of intent were sent earlier this month to a range of organisations across both the public and private sector including the NHS, recruitment, finance, government and accounting. More notices are in the drafting stage and will be issued soon.
ICO  legislation  fine  example 
7 weeks ago
Exclusive: WhatsApp Cofounder Brian Acton Gives The Inside Story On #DeleteFacebook And Why He Left $850 Million Behind
It’s also a story any idealistic entrepreneur can identify with: What happens when you build something incredible and then sell it to someone with far different plans for your baby? “At the end of the day, I sold my company,” Acton says. “I sold my users’ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.”
facebook  whatsapp  privacy  dataprotection 
7 weeks ago
Google Says It Continues to Allow Apps to Scan Data From Gmail Accounts - WSJ
In a letter to senators, a top Google official said the company allows app developers to scan Gmail accounts, even though Google itself stopped the practice for the purpose of ad targeting last year. The company also disclosed that app developers generally are free to share the data with others, as long as Google determines that their privacy policies adequately disclose potential uses.
google  gmail  privacy  dataprotection  apps  marketing  advertising 
7 weeks ago
Premiers éléments d’analyse de la CNIL: Blockchain | Septembre 2018
Analysis on blockchain and data protection from the French data protection regulator, CNIL,
(The Blockchain: what solutions for responsible use in the presence of personal data)
blockchain  dataprotection  GDPR  CNIL  France  research  analysis 
7 weeks ago
How a new EU copyright law could weaken privacy and free speech by @superglaze
From the perspective of the rights-holders, Article 13 will stop the likes of Google getting rich off the works of creators who don't get paid enough. From the side of the digital rights community and more than a million signatories of an online petition — and tech luminaries such as Tim Berners-Lee and Jimmy Wales — it's a step onto a slippery slope that will lead to widespread privacy and free-expression infringements by overturning a key defense against the mass surveillance of people's online activities in the EU.
copyright  EU  legislation  privacy  Internet  digitalrights 
7 weeks ago
Press release: UK intelligence agency admits unlawfully spying on Privacy International | Privacy International
The UK's domestic-facing intelligence agency, MI5, today admitted that it captured and read Privacy International's private data as part of its Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD) programmes
privacy  surveillance  dataprotection  UK 
7 weeks ago
Twitter warns direct messages were exposed - BBC News
Twitter has told an undisclosed number of users their private messages may have been leaked to third-parties for more than a year.

The software “bug”, which has since been fixed, involved direct messages between users and businesses that offer customer services via Twitter.
databreach  dataprotection  GDPR  twitter 
7 weeks ago
First UK enforcement action under GDPR and the new Data
The action in question was an Enforcement Notice of the Information Commissioner, served under section 149 of DPA18, on AggregateIQ Data Services Ltd ("AIQ") requiring it to:

'cease processing any personal data of UK or EU citizens obtained from UK political organisations or otherwise for the purposes of data analytics, political campaigning or any other advertising purposes'     
facebook  ICO  GDPR  enforcement  brexit  democracy  politics  marketing  cambridgeanalytica 
8 weeks ago
Eight in ten internet users have concerns about going online - Ofcom
Around eight in ten adult internet users (79%) have concerns about aspects of going online, while almost half (45%) have experienced some form of online harm – according to research carried out by Ofcom with the Information Commissioner’s Office.
research  ICO  Ofcom  UK  survey  Internet 
8 weeks ago
The official guidance on data protection if there’s no #Brexit deal - GOV.UK
How the collection and use of personal data would change if the UK leaves the EU in March 2019 with no deal.
brexit  dataprotection  government  datatransfer  UK  EU  guidance 
9 weeks ago
Mozilla co-founder's Brave files adtech complaint against Google | Reuters #GDPR
“A copy of the complaint seen by Reuters argues that Google and the adtech industry commit “wide-scale and systematic breaches of the data protection regime” through the way they place personalized online ads.”
legalaction  GDPR  google  advertising  dataprotection  cookies 
9 weeks ago
Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales - Bloomberg
For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.

But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement.
google  mastercard  advertising  privacy  dataprotection  security  example 
10 weeks ago
Sued for Misjudging the Impact of GDPR and Other Changes to the Consumer Data Privacy Landscape – Yes that Just Happened | Dorsey & Whitney LLP - JDSupra
Nielsen Holdings was named in a putative class action Complaint on August 22, 2018, for allegedly misrepresenting the anticipated effects of GDPR on Nielsen’s business model.  Importantly, the class action takes aim not at Nielsen’s ability to comply with GDPR, but rather the effects of GDPR on the big data platforms used by Nielsen.
GDPR  legalaction  business  example 
10 weeks ago
Processing biometric data? Be careful, under the GDPR
As the GDPR considers biometric data to be a special category of sensitive personal data, processing and protecting it must proceed under the framework reserved for sensitive personal data generally. While the GDPR broadly prohibits the processing of sensitive personal data, it recognizes certain bases to justify its processing, chiefly, the explicit consent of the data subject, the performance of specific contracts or processing for certain specific purposes.
specialcategory  biometrics  GDPR 
10 weeks ago
Yahoo, Bucking Industry, Scans Emails for Data to Sell Advertisers - WSJ
Web giant analyzes more than 200 million inboxes for clues about what products people might buy—a practice much of Silicon Valley has declared off-limits
advertising  privacy  email  Yahoo  AOL  dataprotection 
11 weeks ago
Here’s why the first #GDPR fines could still be months away by @superglaze
Summary: it's too soon.
"We are dealing with the first GDPR cases but it’s too early to speculate about fines or processing bans at this stage," said a spokesperson for the U.K.'s Information Commissioner's Office. And here's France's CNIL: "The complaints brought before the CNIL in relation to the GDPR are currently in a trial phase and we do not know yet when the CNIL will deliver its decisions.""
GDPR  fine  legalaction  ICO 
11 weeks ago
Google Faces Location Sharing Class Action Lawsuit
A class action privacy lawsuit against Google was filed in federal court in San Francisco Friday, claiming that the technology giant continued to track the location of cell phone users after they turned off tracking.
locationdata  google  legalaction  dataprotection  privacy 
12 weeks ago
Emma’s Diary fined £140,000 for selling personal information for political campaigning | ICO
The data broking company, which provides advice on pregnancy and childcare, sold the information to Experian Marketing Services, a branch of the credit reference agency, specifically for use by the Labour Party. Experian then created a database which the party used to profile the new mums in the run up to the 2017 General Election.

The Labour Party was then able to send targeted direct mail to mums living in areas with marginal seats about its intention to protect Sure Start Children’s centres.
ICO  fine  dataprotection  example  politics  databroker  experian  labourparty  marketing 
august 2018
Google records your location even when you tell it not to | Technology | The Guardian
To stop Google from saving these location markers, the company says, users can turn off another setting, one that does not specifically reference location information. Called “web and app activity” and enabled by default, that setting stores a variety of information from Google apps and websites to your Google account.

When paused, it will prevent activity on any device from being saved to your account. But leaving “web and app activity” on and turning “location history” off only prevents Google from adding your movements to the “timeline”, its visualization of your daily travels. It does not stop Google's collection of other location markers.
locationdata  google  privacy  dataprotection 
august 2018
« earlier      
#gdpr advertising advice ai alexa amazon analysis analytics android aol apis apple apps archives article29 auditing austria awareness aws axelspringer b2b ba banking belgium berlin biometrics blockchain book breach brexit browsers bt business california cambridgeanalytica cambridgeuniversity captcha cars cctv charities children china chrome cnil cnpd communications complaints compliance conference confidentiality consent consultation consumerprotection cookies coppa copyright corporateresponsibility crime culture cybersecurity data databreach databroker dataminimisation datamining dataportability dataprotection datascience datasharing datatransfer dcms decentralisation demo democracy design digitalrights dixons dma document documentation dpa2018 dpia dsb duckduckgo education eff email encryption enforcement eprivacy equifax eu event example experian experiment facebook facerecognition facialrecognition fax fcc fedex feedback fine frameworks france fraud freedomofspeech from ftc fundraising games gdpr germany gm gmail google government guidance guide hacking health healthcare hmrc hotel humanrights iab ibm icann icloud ico identity idpc image_recognition india infographic innovation intel international internet investigation iot iphone ireland iso italian italy journalism judgement jurisdiction labourparty law lawenforcement legalaction legalcase legislation linkedin locationdata machinelearning machinereadable mailchimp management marketing mastercard maxschrems messaging methodology microsoft mobile mps my ncsc ngo nhs nonprofit nsa nspcc ofcom omgdpr openconsent openrights opensource org p3p palantir parliament paypal pecr personaldata photography poland policies policing policy politics portugal posters privacy privacybydesign privacyshield processing products project proposal prosecution prototypes publishing radio records reddit reference regulation report research resources responsibledisclosure rights russia safety sales search security sent services siliconvalley skype smallbusiness smart smartphones smartwatches software southafrica spam specialcategory speech spyware staffdata standards startups strategy strava subjectaccessrequests surveillance survey technology telegram thirdparties timcook tool tools toys tracking training transparency trump trust twitter typeform uber uk us userexperience ux vermont voice vulnerability w3c webinar whatsapp whistleblowing whois windows10 wordpress yahoo

Copy this bookmark: