Dutch surgeon wins landmark 'right to be forgotten' case | Technology | The Guardian
In what is said to be the first right to be forgotten case involving medical negligence by a doctor, the district court of Amsterdam subsequently ruled the surgeon had “an interest in not indicating that every time someone enters their full name in Google’s search engine, (almost) immediately the mention of her name appears on the ‘blacklist of doctors’, and this importance adds more weight than the public’s interest in finding this information in this way”.
rights  rigthtobeforgotten  privacy  legalcase  netherlands  medicine  google 
4 hours ago
O.K., Google: How Much Money Have I Made for You Today? - The New York Times
Surveillance capitalism has flourished precisely because it fulfills what Zuboff concedes are real needs and desires. Online platforms offer us ways to “ease the complexities of our harried lives.” In exchange for surveillance we get convenience, efficiency and social connection.
surveillance  capitalism  research  dataprotection  privacy  book  facebook  business  businessmodels  advertising 
3 days ago
Los Angeles Accuses Weather Channel App of Covertly Mining User Data - The New York Times
The government said the Weather Company, the business behind the app, unfairly manipulated users into turning on location tracking by implying that the information would be used only to localize weather reports. Yet the company, which is owned by IBM, also used the data for unrelated commercial purposes, like targeted marketing and analysis for hedge funds, according to the lawsuit.
privacy  apps  dataprotection  IBM  US  advertising  datasharing  marketing  tracking  locationdata 
10 days ago
Bookmarked - 101: SIM Card Registration | Privacy International
Mandatory SIM card registration eradicates the potential for anonymity of communications, enables location-tracking, and simplifies communications surveillance and interception. It can also be used in conjunction with an IMSI catcher to know the possible identities of everyone in a particular area.
guide  research  privacy  mobile  dataprotection  government  surveillance  policy  anonymity 
10 days ago
Taking the smarts out of smart TVs would make them more expensive - The Verge
"... it’s not just about data collection. It’s about post-purchase monetization of the TV," says Vizio’s CTO Bill Baxter.
business  technology  TVs  dataprotection  privacy  content  advertising  marketing 
10 days ago
ICO checklist - Leaving the EU with no deal - six steps to take (PDF) #GDPR #Brexit
If you only operate within the UK, you may not need to do much to prepare for
data protection after we leave the EU.
You may however need to ensure adequate safeguards are in place to maintain
any data flows from the European Economic Area (EEA), which includes the EU.
brexit  GDPR  datatransfer  ICO  guidance  EEA  EU 
10 days ago
Blog: Data protection and Brexit - ICO advice for organisations | ICO
The Government has made clear that the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow.

But organisations that rely on the transfers of personal data between the UK and the European Economic Area (EEA) may be affected.
ICO  Brexit  EEA  datatransfer  guidance  GDPR  dataprotection 
10 days ago
GDPR a challenge to AI black boxes
Most artificial intelligence “black boxes” do not comply with EU data protection laws and will have to be re-engineered, warns security researcher and consultant
AI  GDPR  dataprotection  security  technology  transparency  accountability  machinelearning 
18 days ago
As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants - The New York Times
The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices.
facebook  privacy  dataprotection  datasharing  business 
4 weeks ago
Report: The humanitarian metadata problem: ‘Doing no harm’ in the digital era | Privacy International
According to the 2018 Global Humanitarian Overview, there are more than 134 million people across the world in need humanitarian assistance. Of these, about 90.1 million will receive aid of some form. It is likely that the data of each of these people will be collected and processed at some point.
privacy  report  privacyinternational  metadata  dataprotection  refugees  humanrights  charitie 
5 weeks ago
UK Health minister seeks assurance from Google over NHS patient data | News | Health Service Journal
The UK government has sought a “full explanation” for why an app developed using NHS patient data has been transferred to tech giant Google, where it will receive less independent oversight.
health  google  deepmind  dataprotection  NHS  patientdata  government  UK  AI  datatransfer 
5 weeks ago
Ireland's Data Protection Commission publishes information on the use of Dash Cams
Where both video and/or audio of individuals in a vehicle (typically a taxi or bus) is recorded, or where video of a road user captured by an outward-facing Dash Cam is recorded, data protection implications may arise and it is important that drivers who install Dash Cams understand their obligations under data protection legislation.
Ireland  DPC  dashcams  dataprotection  transport  video  GDPR  guidance 
5 weeks ago
ICO crack down on Met Police Gangs Matrix
The ICO found that the data sharing was occurring informally between the MPS and the third parties. The data was often saved locally by individuals within the MPS and also by the third parties who received the personal data. This made it more difficult for the organisations to maintain control over who was accessing the data. Further, the MPS had failed to secure information sharing agreements with the third parties, which the ICO said was a basic necessity when sharing personal data between organisations.

The ICO was concerned about the large amounts of personal data being shared and the accuracy of that data. Crucially, the MPS had failed to carry out either a data protection or privacy impact assessment in relation to the Gangs Matrix. Although such impact assessments were not mandated under DPA98 (which they are now under the GDPR), they have for some time been recommended by the ICO as best practice for identifying and minimising the privacy risks of projects or policies. The ICO was particularly concerned that victims of gang-related violence were included in the Gangs Matrix without a distinction being made between them and the perpetrators of crime. The majority (64%) of the individuals in the Gangs Matrix were rated as green (low risk). In light of this, the ICO considered that the data processing by the MPS was excessive and lacking in differentiation.
datasharing  ICO  example  police  dataprotection  DPIA  enforcementnotice  regulation 
6 weeks ago
Exclusive: Emails of top NRCC officials stolen in major 2018 hack - POLITICO
"Email accounts were surveilled for months..." "Republican leaders were not informed until [this week]"
politics  security  hacking  breach  US  email 
6 weeks ago
Should we create a certification for AI #ethics? by @superglaze
What does it mean to certify artificial intelligence ethics? Should one certify AI ethics? These are the key questions in a debate around projects, taking place under the auspices of the IEEE Standards Association, that aim to address ethical issues relating to the creation of autonomous and intelligent systems.
dataethics  regulation  AI  technology 
6 weeks ago
German Regulator Fines Firm for GDPR Failings - Infosecurity Magazine
A German privacy regulator has issued its first GDPR fine after a hacker stole unencrypted data on hundreds of thousands of customers of a local chat app.

The Baden-Württemberg Data Protection Authority (LfDI) fined Knuddels just €20,000 ($22,700) despite the firm having stored user passwords and emails in plain text.

As a result, hackers were able to make off with 330,000 legitimate credentials, publishing them in September 2018 on Pastebin and Mega.

The breach itself is thought to have been much bigger, with over 800,000 email addresses and over 1.8 million passwords stolen, although only 330,000 have been confirmed.
germany  fine  GDPR  security  encryption  enforcement  databreach  example 
6 weeks ago
simulacrum.healthdatainsight.org.uk | Simulacrum
Synthetic cancer patient data to help researchers plan and refine their hypotheses before they need access to real patient data
privacy  personaldata  health  research 
7 weeks ago
ICO fines Uber £385,000 over data protection failings | ICO
A series of avoidable data security flaws allowed the personal details of around 2.7million UK customers to be accessed and downloaded by attackers from a cloud-based storage system operated by Uber’s US parent company. This included full names, email addresses and phone numbers.

The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were also taken during the incident in October and November 2016.
fine  Uber  example  ICO  security  legalaction 
7 weeks ago
Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions | HL Chronicle of Data Protection
Assuming that the withdrawal agreement is passed (which is a big assumption – see conclusion eight below), then the transition period is initially expected to run from 29 March 2019 until 31 December 2020. During this time the GDPR, along with all other EU data protection laws, will continue in effect within the UK. This means a ratified withdrawal agreement should guarantee that the status quo is maintained for at least the next two years.
law  brexit  GDPR  dataprotection  EU  government 
8 weeks ago
How a small French privacy ruling could remake adtech for good | TechCrunch via @connectedrights
CNIL’s decision suggests that bundling #consent to partner processing in a contract is not, in and of itself, valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.
GDPR  legislation  advertising  marketing  CNIL  legalaction  consent 
8 weeks ago
Exploring good common principles for a digital identity system – By @odihq
As we become ever more reliant on online services, questions around our digital identities become more pertinent – here we explore what identity means in a digital age, and how we could develop an ethical and accessible framework for a digital identity system
identity  dataprotection  privacy  research 
8 weeks ago
Facebook investors call on Mark Zuckerberg to resign as chairman following damaging report 
Facebook investors have called on the company’s chief executive Mark Zuckerberg to step down as chairman, following reports that the company hired a public relations firm to smear its critics by drawing links to George Soros.
facebook  business  dataprotection  privacy  governance 
9 weeks ago
Kids’ apps are filled with manipulative ads, according to a new study - Vox
22 US consumer and public health advocacy groups have asked the Federal Trade Commission to investigate children's apps that "routinely lure young children to make purchases and watch ads".
privacy  regulation  advertising  marketing  children  US  FTC 
10 weeks ago
Senator's data privacy law draft could put CEOs in jail for lying - CNET
The bill would apply to companies that bring in  more than $50 million in revenue and have personal information on more than 1 million people.

The bill would also require companies to submit an annual data protection report, similar to how companies like Google and Apple voluntarily release transparency reports on government demands. The report would need to be signed by CEOs, who could face up to 20 years in prison if they lie to the FTC.
US  dataprotection  legislation  business  privacy 
10 weeks ago
Russia: Now everyone who uses a messaging app must be identifiable | ZDNet
New decree means messaging services will have to check users' registration data with their mobile operator.
encryption  Russia  privacy  freedomofspeech  surveillance  messaging  government  legislation  identity 
10 weeks ago
High Court: data protection law and the right to know why a bank account was frozen and then closed
When the Customer sent a letter before claim to the Bank it included a DSAR. He subsequently issued a claim against the Bank which included a claim for breach of the DPA for failure to respond adequately to the DSAR. The Bank then made an application to have the DPA claim struck out or summarily dismissed. 
example  GDPR  DPA2018  legalcase  subjectaccessrequests  banking 
10 weeks ago
GDPR, Data Portability and Data About Multiple People - report - @projectsbyif
Data portability represents an opportunity for new products and services, but also raises some difficult questions – questions we don’t think companies or governments are thinking about deeply enough yet. This offers an opportunity for those who do to develop a competitive advantage.
report  dataportability  regulation  design  dataprotection  technology  products  GDPR 
10 weeks ago
U.S. Privacy Bill
Intel's AI and Privacy Policy Team has felt inspired to draft a bill for privacy regulation, and is inviting comment as an experiment in participatory democracy
US  privacy  regulation  Intel  proposal  dataprotection  personaldata 
10 weeks ago
The French #DPA @CNIL list of personal data processing activities that always require a #DPIA via @finck_m
Délibération n° 2018-327 du 11 octobre 2018 portant adoption de la liste des types d'opérations de traitement pour lesquelles une analyse d'impact relative à la protection des données est requise | Legifrance
DPIA  CNIL  dataprotection  GDPR  guidance 
10 weeks ago
AI lie detector tests to get trial run at EU airports | CNN Travel
The technology has been tested in its current form on only 32 people, and scientists behind the project are hoping to achieve an 85% success rate
security  EU  facialrecognition  AI 
11 weeks ago
Exame Informática | CNPD: Hospital do Barreiro multado em 400 mil euros por permitir acessos indevidos a processos clínicos
CNPD: Hospital do Barreiro fined €400,000 for allowing improper access to clinical processes via @superglaze
GDPR  fine  example  Portugal  healthcare  security  CNPD 
12 weeks ago
Apple CEO Tim Cook Slams Tech's Data Industrial Complex. He's Right To | Fortune
Not for the first time, the Apple CEO took aim at his Silicon Valley peers and what he calls the “data-industrial complex.” According to Cook, people’s personal data is being “weaponized” with “military efficiency,” and technology is being used to deepen divisions and “undermine our sense of what is true and what is false.”
Apple  TimCook  dataprotection  surveillance  siliconvalley  privacy 
12 weeks ago
Irish Twitter Probe Seen as Test Case for EU Privacy Rules | Bloomberg Law
An Irish probe into Twitter Inc.'s data disclosure practices may set the bar for what type of personal data U.S. companies must turn over to consumers under the EU’s privacy regime.
twitter  GDPR  privacy  dataprotection  IDPC  Ireland  legalcase 
october 2018
The urgent case for a new ePrivacy law | European Data Protection Supervisor
The Commission decided to propose reforms in two steps, first GDPR, and then ePrivacy (see Recital 173 of the GDPR). Without the ePrivacy rules applying to all providers of electronic communications, these service providers may argue that there is no need to ask permission  - consent - from individuals to use their most private information.  This is precisely the uncertainty which must be avoided. We cannot put data controllers in a position where they are required to apply simultaneously a modernised data protection regulation alongside outdated and fragmented rules on communications data which were designed to regulate a market and communication technologies which have changed beyond recognition in the last 17 years.
law  privacy  eprivacy  GDPR  legislation  EU  dataprotection 
october 2018
How smartphone apps track users and share data
A peer-reviewed study of almost 1m Android apps has revealed how data from smartphones are harvested and shared, with nearly 90 per cent of apps set up to transfer information back to Google.
android  privacy  google  datasharing  apps  technology  research  smartphones  mobile 
october 2018
How An Amateur Rap Crew Stole Surveillance Tech That Tracks Almost Every American
Cops alleged Da Boss and his co-conspirators had access to the Holy Grail for any Internet-age scam artist: a surveillance technology that police and debt collectors use to track most of the United States’ 325 million inhabitants via their Social Security numbers, license plates, address histories, names and dates of birth… It’s [also used by] private companies carrying out background checks. Private investigators use it to track cheating spouses. But in the wrong hands it can be used to steal the identity of almost anyone in America. And Da Boss and his crew got access to it.
technology  fraud  surveillance  crime  US  example 
october 2018
Facebook hack affected 3 million in Europe, first big test for GDPR
Approximately 3 million Europeans were affected by a September Facebook security breach in which users' personal information was stolen, the Irish Data Protection Commission told CNBC on Tuesday.
facebook  databreach  GDPR  Ireland  IDPC  security 
october 2018
First GDPR fine issued by Austrian data protection regulator, Gernot Fritz via @connectedrights
The entrepreneur had installed a CCTV camera in front of his establishment that also recorded a large part of the sidewalk. The DSB found this act to be in violation of the GDPR, as large-scale monitoring of public spaces is not permitted under the GDPR. Apparently the camera was also not sufficiently marked as conducting video surveillance, meaning that the applicable transparency obligations had not been fulfilled.
GDPR  fine  Austria  DSB  CCTV  surveillance 
october 2018
This new book looks good - Strategic Privacy by Design by R. Jason Cronk
A new handy guide to implementing privacy by design, written from a practitioner's perspective.
book  privacy  privacybydesign  design  strategy  guide  dataprotection  security  methodology 
october 2018
Google's email-scanning move could impact app developers, startups
The tech company may be providing bolstered data security to its users with its choice; however, policy professionals believe the data restrictions will harm innovation and give Google and other large tech companies more power over smaller entities.
gmail  apps  technology  google  innovation  startups 
october 2018
Privacy International | Data Protection Guide
The Keys to Data Protection: A guide for policy engagement on data protection
guide  dataprotection  privacy  international 
october 2018
Heathrow Airport Limited fined £120,000 for serious failings in its data protection practices | ICO
On 16 October 2017 a member of the public found a USB memory stick, which had been lost by a HAL employee. The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected.

Although the amount of personal and sensitive personal data held on the stick comprised a small amount of the total files, of particular concern was a training video which exposed ten individuals’ details including names, dates of birth, passport numbers, and the details of up to 50 HAL aviation security personnel.

The stick was passed to a national newspaper which took copies of the data before giving the stick back to HAL.
example  fine  BA  ICO  databreach  security  personaldata 
october 2018
Now for Rent: Email Addresses and Phone Numbers for Millions of Trump Supporters - The New York Times
Federal election law allows campaigns and political action committees to sell or rent their lists, provided that the payments received are fair market value.
privacy  trump  dataprotection  marketing  US  politics 
october 2018
Privacy Register: an intentionally simple privacy management system
Privacy Register is a simple privacy management system built on the idea that GDPR privacy registers should be standardised and open.
privacy  GDPR  dataprotection  software  technology  innovation  tools 
october 2018
Twitter Is Being Formally Investigated Following a GDPR Complaint | Fortune by @superglaze
Twitter is being investigated by Irish privacy authorities over its refusal to give a user information about how it tracks him when he clicks on links in tweets.
twitter  GDPR  lawenforcement  privacy  tracking 
october 2018
Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+
At the beginning of this year, we started an effort called Project Strobe—a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access. This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.  

We’re announcing the first four findings and actions from this review today.
google  security  privacy  auditing  dataprotection  APIs 
october 2018
California Governor Approves Bills Tightening Security, Privacy of IoT Devices
Both require manufacturers of connected devices to equip them with a “reasonable security feature or features” that are appropriate to their nature and function, and the information they may collect, contain or transmit — and are designed to protect the device and its information from “unauthorized access, destruction, use, modification or disclosure.”
IoT  California  law  security  legislation  privacy 
october 2018
South African phones targeted by notorious ‘governments only’ spyware | News | National | M&G
Electronic devices infected with Pegasus, a notorious spyware program sold only to governments, have been discovered in South Africa. The spyware, developed by Israeli cyber warfare firm NSO Group, has been used to target journalists and human rights activists across the world.
spyware  security  government  surveillance  southafrica 
october 2018
« earlier      
#gdpr accountability advertising advice ai alexa amazon analysis analytics android anonymity aol apis apple apps archives article29 auditing austria awareness aws axelspringer b2b ba banking belgium berlin biometrics blockchain book breach brexit browsers bt business businessmodels california cambridgeanalytica cambridgeuniversity capitalism captcha cars cctv charitie charities children china christmas chrome cnil cnpd communications complaints compliance conference confidentiality consent consultation consumerprotection content cookies coppa copyright corporateresponsibility crime culture cybersecurity dashcams data databreach databroker dataethics dataminimisation datamining dataportability dataprotection datascience datasharing datatransfer dcms decentralisation deepmind demo democracy design digitalrights dixons dma document documentation dpa2018 dpc dpia dsb duckduckgo education eea eff email encryption enforcement enforcementnotice eprivacy equifax eu event example experian experiment facebook facerecognition facialrecognition fax fcc fedex feedback fine frameworks france fraud freedomofspeech from ftc fundraising games gdpr germany gm gmail google governance government guidance guide hacking health healthcare hmrc hotel humanrights iab ibm icann icloud ico identity idpc image_recognition india infographic initiative innovation intel international internet investigation iot iphone ireland iso italian italy japan journalism judgement jurisdiction labourparty law lawenforcement legalaction legalcase legislation linkedin locationdata machinelearning machinereadable mailchimp management marketing mastercard maxschrems medicine messaging metadata methodology microsoft mobile mps my mythbusting ncsc netherlands ngo nhs nonprofit nsa nspcc ofcom omgdpr openconsent openrights opensource org p3p palantir parliament patientdata paypal pecr personaldata photography poland police policies policing policy politics portugal posters privacy privacybydesign privacyinternational privacyshield processing products project proposal prosecution prototypes publishing radio records reddit reference refugees regulation report research resources responsibledisclosure rights rigthtobeforgotten russia safety sales search security sent services siliconvalley skype smallbusiness smart smartphones smartwatches software southafrica spain spam specialcategory speech spyware staffdata standards startups strategy strava subjectaccessrequests surveillance survey technology telegram thirdparties timcook tool tools toys tracking training transparency transport trump trust tvs twitter typeform uber uk us userexperience ux vermont video voice vulnerability w3c webinar whatsapp whistleblowing whois windows10 wordpress yahoo youtube

Copy this bookmark: