When it comes down to deciding whether to process personal data under consent or legitimate interests – try thinking to yourself if you were the data subject (customer, client, supporter or employee) would you find it creepy or cool? If it’s creepy – it’s not the right thing to do. And you don’t need a lawyer to tell you that. I delivered this presentation at the recent IAPP Data Protection Intensive 2018 in London.
Read MoreCategory Henley Business School
Facebook and Cambridge Analytica now face a series of class actions for ‘surveillance capitalism’ in the US – will this open the floodgates for similar legal actions across the world?
Class Action Complaint Case No. 18-cv-02276 has been brought by Patricia King (Plaintiff) in the US District Court for the Northern District of California and has asked for trial by jury.
The class action reads as follows:
1. Facebook is a social networking platform that engages in surveillance capitalism: It monetizes personal and behavioral data which it acquires through real-time surveillance of Facebook users...
Unfortunately, the article in the current edition of my favourite business newspaper The Economist in explaining the GDPR was riddled with errors. Tut tut!
Here’s an example: “Data Subjects can demand a copy of the data held on them (data portability) …” which as we all know is a subject access request (SAR) and isn’t an absolute right under the GDPR.
Another error in the article on GDPR is the bold assertion: “The GDPR is prescriptive about what organisations have to do to comply.”
Er, no it isn’t. Few bits go into detail, like the requirements for a data protection impact assessment (Art.35, GDPR) or a subject access request (Art. 15, GDPR).
The GDPR is a deliberate mo...
The Economist reports today (7 April 2018) that there’s been a bit of wake up call for Facebook and all other social media giants as a result of the furore over the mis-use of personal data. Mark Zuckerberg is openly admitting that Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica.
As a result of a data breach on a scale not seen since Yahoo!, Americans are looking enviously at Europe where data protection, privacy and security laws protecting the individual are now the global ‘gold standard’ as a result of the GDPR that’s fully enforceable from 25 May – just 34 working days fr...
Read MoreApple has just issued a second customer warning for owners of its iPhones, iPads and MAC products that they are affected by a processor flaw that could leave them vulnerable to hackers.
The US tech giant urged its millions of customers to only download software from trusted sources after the security vulnerabilities, known as Meltdown and Spectre, were revealed on Wednesday.
According to the Press Association (PA News), there’s no evidence that the security flaws that affect computer processors built by Intel and ARM – have so far been exploited by hackers, although companies including Microsoft have been working to provide urgent fixes.
Apple says it had released software ...
Read MoreMajor personal data breaches are happening at a rate of one a day – Equifax, BUPA, Deloitte, NHS, Nottingham County Council, Islington Council, HCA Healthcare and many, many more. Wanna Cry? (I bet you do).
Do you live in fear of whether you’re next? It doesn’t have to be this way. We are transitioning to an era in which individuals have both the skills and the opportunities to choose how they manage and share their personal data to achieve a range of beneficial outcomes.
Digital evangelists like Stephen Deadman, Global Deputy Chief Privacy Officer at Facebook remains optimistic about the future, rather than terrified by it...
Read MoreIn its latest Opinion, adopted on the 8 June and published on 29 June 2017, the Art.29 Data Protection Working Party (WP29) makes a fresh assessment of the balance between legitimate interests of the employer and the reasonable privacy expectations of employees working within the European Union.
The concept of ‘employee’ is widened and includes those with a contract of service as well as contractors working under a contract for services. The Opinion is intended to cover all situations where there’s an employment relationship, irrespective of whether this relationship is based on an employment contract.
WP29 also highlighted the risks posed by new technologies deployed i...
Read MoreRegardless of the size of the organisation, Data Controllers are entering arrangements with Cloud Service Providers in the hope of improving customer service levels coupled with reductions in processing costs and enhanced personal data security.
It’s important for a Data Controller to understand the different Cloud Service models to select the one that’s best aligned with its risk appetite and business requirements.
Many are often apprehensive about cloud security, however cloud storage with a reputable provider will likely be more secure than on-premises storage because protecting data is the core function of the business.
Unlike a Data Controller that has the entire org...
Read More
Recent Comments