The official guidance on data protection if there’s no #Brexit deal - GOV.UK
How the collection and use of personal data would change if the UK leaves the EU in March 2019 with no deal.
brexit  dataprotection  government  datatransfer  UK  EU  guidance 
4 days ago
Mozilla co-founder's Brave files adtech complaint against Google | Reuters #GDPR
“A copy of the complaint seen by Reuters argues that Google and the adtech industry commit “wide-scale and systematic breaches of the data protection regime” through the way they place personalized online ads.”
legalaction  GDPR  google  advertising  dataprotection  cookies 
4 days ago
Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales - Bloomberg
For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.

But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement.
google  mastercard  advertising  privacy  dataprotection  security  example 
13 days ago
Sued for Misjudging the Impact of GDPR and Other Changes to the Consumer Data Privacy Landscape – Yes that Just Happened | Dorsey & Whitney LLP - JDSupra
Nielsen Holdings was named in a putative class action Complaint on August 22, 2018, for allegedly misrepresenting the anticipated effects of GDPR on Nielsen’s business model.  Importantly, the class action takes aim not at Nielsen’s ability to comply with GDPR, but rather the effects of GDPR on the big data platforms used by Nielsen.
GDPR  legalaction  business  example 
13 days ago
Processing biometric data? Be careful, under the GDPR
As the GDPR considers biometric data to be a special category of sensitive personal data, processing and protecting it must proceed under the framework reserved for sensitive personal data generally. While the GDPR broadly prohibits the processing of sensitive personal data, it recognizes certain bases to justify its processing, chiefly, the explicit consent of the data subject, the performance of specific contracts or processing for certain specific purposes.
specialcategory  biometrics  GDPR 
14 days ago
Yahoo, Bucking Industry, Scans Emails for Data to Sell Advertisers - WSJ
Web giant analyzes more than 200 million inboxes for clues about what products people might buy—a practice much of Silicon Valley has declared off-limits
advertising  privacy  email  Yahoo  AOL  dataprotection 
20 days ago
Here’s why the first #GDPR fines could still be months away by @superglaze
Summary: it's too soon.
"We are dealing with the first GDPR cases but it’s too early to speculate about fines or processing bans at this stage," said a spokesperson for the U.K.'s Information Commissioner's Office. And here's France's CNIL: "The complaints brought before the CNIL in relation to the GDPR are currently in a trial phase and we do not know yet when the CNIL will deliver its decisions.""
GDPR  fine  legalaction  ICO 
20 days ago
Google Faces Location Sharing Class Action Lawsuit
A class action privacy lawsuit against Google was filed in federal court in San Francisco Friday, claiming that the technology giant continued to track the location of cell phone users after they turned off tracking.
locationdata  google  legalaction  dataprotection  privacy 
27 days ago
Emma’s Diary fined £140,000 for selling personal information for political campaigning | ICO
The data broking company, which provides advice on pregnancy and childcare, sold the information to Experian Marketing Services, a branch of the credit reference agency, specifically for use by the Labour Party. Experian then created a database which the party used to profile the new mums in the run up to the 2017 General Election.

The Labour Party was then able to send targeted direct mail to mums living in areas with marginal seats about its intention to protect Sure Start Children’s centres.
ICO  fine  dataprotection  example  politics  databroker  experian  labourparty  marketing 
4 weeks ago
Google records your location even when you tell it not to | Technology | The Guardian
To stop Google from saving these location markers, the company says, users can turn off another setting, one that does not specifically reference location information. Called “web and app activity” and enabled by default, that setting stores a variety of information from Google apps and websites to your Google account.

When paused, it will prevent activity on any device from being saved to your account. But leaving “web and app activity” on and turning “location history” off only prevents Google from adding your movements to the “timeline”, its visualization of your daily travels. It does not stop Google's collection of other location markers.
locationdata  google  privacy  dataprotection 
5 weeks ago
Google, Facebook, Microsoft, and Twitter partner for ambitious new data project - The Verge
In a blog post, Google described the project as letting users “transfer data directly from one service to another, without needing to download and re-upload it.”
facebook  google  data  datatransfer  GDPR 
6 weeks ago
Dixons Carphone says data breach affected 10 million - BBC News
Dixons Carphone has said a huge data breach that took place last year involved 10 million customers, up from its original estimate of 1.2 million.
databreach  dataprotection  dixons  example  GDPR 
6 weeks ago
Facebook's Stock Market Pain Is Necessary—And Will Continue
The expectation that Facebook was just going to shrug off Europe’s hard-hitting new General Data Protection Regulation (#GDPR), as well as the privacy scandals that have plagued it through much of the year so far, was way off the mark.
facebook  GDPR  cambridgeanalytica  dataprotection 
6 weeks ago
How to detect bank fraud with maths - YouTube
Background on how Monzo spotted the TicketMaster data breach
databreach  dataprotection  fraud  personaldata  security  banking 
7 weeks ago
Microsoft calls for facial recognition technology rules given 'potential for abuse' | Technology | The Guardian
In a blog post on the company’s website on Friday, Microsoft president Brad Smith called for a congressional bipartisan “expert commission” to look into regulating the technology in the US.
facerecognition  facialrecognition  technology  regulation  privacy  Microsoft 
7 weeks ago
Data Breach reporting webinar
The ICO posts a recording of their data breach reporting webinar on their YouTube channel
ico  databreach  breach  webinar  GDPR  UK 
8 weeks ago
This fitness app lets anyone find names and addresses for thousands of soldiers and secret agents
Polar’s widely used fitness app endangers military personnel, intelligence operatives, and people who work at sites where nuclear weapons are stored.
locationdata  dataprotection  databreach  privacy 
9 weeks ago
CLAUDETTE - Machine Learning Powered Analysis of Consumer Contracts and Privacy Policies
CLAUDETTE, a research project aiming at automation of personal data and consumer law enforcement using machine learning!
AI  innovation  privacy  dataprotection  policies  law  machinelearning  GDPR  research 
9 weeks ago
EU parliament calls for #PrivacyShield to be pulled until US complies | TechCrunch
The parliamentarians’ view is that the data transfer mechanism does not provide the necessary ‘essentially equivalent’ data protection for EU citizens — and should therefore be suspended until US authorities come into compliance.
dataprotection  privacyshield  EU  datatransfer 
9 weeks ago
ICO report: Democracy disrupted? Personal information and political influence (PDF)
This report intends to ‘draw back the curtain’ on how personal information
is used in modern political campaigns.
politics  ICO  research  democracy  dataprotection  cambridgeanalytica  facebook  advertising 
9 weeks ago
Data Breach Reporting webinar | ICO | 12pm 19 July
On Thursday 19 July, we will be hosting a webinar on Data Breach Reporting. It’s aimed at Data Controllers and will give advice and guidance on how and when to report security breaches to the ICO

We will also share our experience of the first few weeks of breach reporting under the GDPR, and respond to some frequently asked questions.
databreach  GDPR  ICO  guidance 
10 weeks ago
Data Democracy workshop | Meetup
You will be given instructions on how to request your data from organisations that include the Home Office, the NHS and Facebook, hopefully highlighting how much of your data is available to you, and prompting you to ask the question ‘what do I do with all this?’
event  government  data  subjectaccessrequests 
10 weeks ago
HMRC takes 5 million taxpayers’ Voice IDs without consent – Big Brother Watch
Millions of callers to HMRC have been required to repeat the phrase, “My voice is my password” on an automated line before being able to access services. Big Brother Watch said taxpayers are being “railroaded into a mass ID scheme” as they are not given the choice to opt in or out, in a scheme that experts say breaches UK data protection laws.
surveillance  GDPR  privacy  voice  security  HMRC  example  UK  biometrics 
11 weeks ago
Data Rights Finder
Data Rights Finder helps you understand how organisations use data. It guides you through making requests to change how data about you is used.

We have information for the main banks, insurance providers, comparison websites, and financial services organisations.
GDPR  privacy  policies  banking  rights  tool  technology 
11 weeks ago
Amazon made a special version of Alexa for hotels with Echo speakers in their rooms - The Verge
Amazon says that “soon,” users will be able to temporarily link their own Amazon account with Echos that are running Alexa for Hospitality. That way you’ll have access to your music subscription from Amazon Music or Spotify or your audiobooks from Audible. “When a guest checks out, Alexa for Hospitality automatically disconnects their Amazon account from the in-room device.”
amazon  voice  technology  dataprotection  privacy  hotel  alexa 
june 2018
US mobile carriers cut off flow of location data to brokers | AP News | #privacy
Verizon, AT&T, Sprint and T-Mobile have pledged to stop providing information on U.S. phone owners’ locations to data brokers, stepping back from a business practice that has drawn criticism for endangering privacy.

None of the carriers said they are getting out of the business of selling location data. The carriers together have more than 300 million U.S. subscribers.
surveillance  dataprotection  US  mobile  marketing  advertising  locationdata  privacy 
june 2018
BT fined £77,000 by the ICO for five million spam emails | ICO
The investigation found that the company did not have customers’ consent to send direct marketing emails. This is against the law.
The 4.9 million emails were sent between December 2015 and November 2016 promoting three charity initiatives: the BT ‘My Donate’ platform, Giving Tuesday and Stand up to Cancer.
spam  fine  example  email  PECR  BT  marketing  charities  fundraising  ICO 
june 2018
ICO statement in response to Dixons Carphone breach announcement | ICO
ICO deciding whether to treat the Dixons breach under the 1998 or 2018 Data Protection Act
dataprotection  databreach  ICO  security  regulation  GDPR 
june 2018
ICO Consultation: Children and the GDPR guidance
Children need particular protection when you are collecting and processing their personal data because they may be less aware of the risks involved.
children  guidance  ICO  GDPR 
june 2018
Privacy notice | ICO
This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.

This notice is layered. So, if you wish, you can easily select the reason we process your personal information and see what we do with it.
privacy  ICO  example  policy 
june 2018
Vermont Passes First-of-Its-Kind Law to Regulate Data Brokers
Earlier this week, Vermont became the first state in the nation to enact a law that will regulate data brokers that buy and sell personal information in an attempt to add a new layer of accountability to the massive, data-trading companies that often operate without much oversight.
marketing  advertising  US  Vermont  law  legislation  regulation 
june 2018
IAB Europe plans independent board to govern GDPR framework - Digiday
The Interactive Advertising Bureau Europe plans to establish an independent, nonprofit board of cross-industry stakeholders to govern the industry standard it devised for compliance with the General Data Protection Regulation.

The plan is to give publishers, agencies, ad tech vendors and advertisers equal representation in voting on issues that arise as businesses start to comply with the IAB Europe and IAB Tech Lab’s Transparency & Consent Framework.
advertising  marketing  IAB  GDPR  privacy  dataprotection  business 
june 2018
Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage — Krebs on Security
MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users.
databreach  example 
june 2018
ICANN's Pre-emptive Attack On The GDPR Thrown Out By Court In Germany | Techdirt
EPAG therefore built a new domain registration system with "consent management processes", and a data flow "aligned with the GDPR's principles". ICANN was not happy with this minimalist approach, and sought an injunction in Germany in order to "preserve Whois data" -- that is, to force EPAG to collect those administrative and technical contacts.
ICANN  GDPR  legalcase  germany  example 
june 2018
Sorry – but yet another #GDPR messag by @CeriStanaway
From dire warnings about missing out on awesome deals, to desperate and repeated pleas to not to leave, I reckon many companies have misjudged their GDPR messages.
GDPR  consent  email  marketing 
june 2018
ICO resources: Communicating the importance of information security to staff [PDF]
The ICO has created a suite of posters to help your staff take extra care when sharing work information. The posters cover some of the most common mistakes we see, including sending information to the wrong recipient, leaving work documents in public view or not appropriately disposing of information.

The posters are available to use within your organisation, and can be printed at A4 or A3 sizes.

Further Reading
resources  training  posters  ICO  education 
june 2018
Facebook Gave Device Makers Deep Access to Data on Users and Friends - The New York Times
Data-sharing agreements allow manufacturers access to religion, political leaning, upcoming events and even information on friends that have specifically refused data sharing with third-parties, according to the Times
privacy  consent  datatransfer  facebook  personaldata 
june 2018
TSB letter error 'may have broken law' - BBC News
TSB has been including other people's details in letters sent to customers about its recent IT problems
databreach  personaldata  banking 
june 2018
AI Has a Big Privacy Problem And Europe's GDPR Is About to Expose It | Fortune
“Big data challenges purpose limitation, data minimization and data retention–most people never get rid of it with big data,” said Edwards. “It challenges transparency and the notion of consent, since you can’t consent lawfully without knowing to what purposes you’re consenting… Algorithmic transparency means you can see how the decision is reached, but you can’t with [machine-learning] systems because it’s not rule-based software.”
data  privacy  AI  GDPR  machinelearning  technology  innovation  dataprotection 
may 2018
Axel Springer counters Google with its own consent management tool - Digiday
The German digital media group, which owns Business Insider, Bild and Welt, has spent the last 18 months developing a GDPR consent management tool, which can also be adapted to address cookie-consent requirements under the pending ePrivacy Regulation once it is finalized, according to the publisher.
cookies  GDPR  publishing  privacy  axelspringer  google  consent  innovation  technology 
may 2018
« earlier      
#gdpr a able accident. advertising advice ai alexa amazon an analytics and android aol apple apps archives article29 awareness aws axelspringer b2b banking be belgium berlin biometrics blockchain book breach brexit browsers bt business cambridgeanalytica cambridgeuniversity captcha cctv charities children china chrome communications complaints compliance conference confidentiality consent consultation consumerprotection cookies coppa corporateresponsibility culture cybersecurity data databreach databroker dataminimisation datamining dataprotection datascience datasharing datatransfer dcms decentralisation demo democracy digital digitalrights dixons dma document documentation driver duckduckgo education eff email emergency encryption enforcement eprivacy equifax eu event example experian experiment facebook facerecognition facialrecognition fax fcc fedex feedback fine fitted frameworks france fraud from ftc fundraising games gdpr germany gmail google government gps guidance guide hacking has health hmrc hotel humanrights iab ibm icann icloud ico identity if image_recognition in india infographic inform innovation internet investigation iot iphone iso italian italy journalism judgement jurisdiction labourparty law lawenforcement legalaction legalcase legislation linkedin locationdata machinelearning machinereadable mailchimp management marketing mastercard maxschrems microsoft mobile month_ mps my ncsc new next ngo nhs nonprofit nsa nspcc omgdpr openconsent openrights opensource org p3p palantir parliament paypal pecr personaldata photography plates poland policies policing policy politics posters privacy privacyshield processing project prosecution prototypes publishing records reddit reference regulation research resources responsibledisclosure rights russia safety sales screens_ search security sent services skype smallbusiness smart smartwatches software spam specialcategory speech spyware staffdata standards starting strategy strava subjectaccessrequests surveillance technology the thirdparties to tool tools toys tracking training transmitters. transparency trial trust typeform uber uk us userexperience ux vehicles vermont voice vulnerability w3c webinar whatsapp whistleblowing whois will windows10 with wordpress yahoo

Copy this bookmark: