GDPR READY WEEKLY NEWS – No 3, January 2019

News, articles, legislation and analysis, all about data protection and cybersecurity technologies

Celebration: Happy Data Protection Day! – Today 28 January 2019 we are celebrating in all EU countries the Data Protection Day. Outside Europe, it is also a global celebration called the “Privacy Day”.

GDPR FINES: Google will appeal the €50M – The search giant claimed it had “worked hard” to create a transparent and straightforward GDPR consent process for its ads personalisation settings, and was “concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond”.

BREXIT: How will personal data continue to flow after Brexit? – Elizabeth Denham’s latest blog busts the myths for UK small and medium-sized businesses transferring personal data to and from the EEA

DATA BREACH: 70,000 “special customers” affected by a retailer vulnerability – Here is a special data breach described on IT Governance’s site. Practically thousands of data about a Home improvement retailer has suffered a data breach affecting 70,000 of its… well, not customers, exactly.

RESEARCH: Data and Analytics Trends in 2019 – Business 2 Community recently published an analysis article watching the main trends in Data and Analytics for this year.

DPIA: A PIA TOOL 2.0 released by CNIL – A year after its first release, the PIA tool upgrades in the 2.0 version featuring PIA templates. Alongside this new version, a wiki has been published taking its content from the PIA-3 guide.

CELEBRATION

Data Protection Day!

Today 28 January 2019 we are celebrating in all EU countries the Data Protection Day. Outside Europe, it is also a global celebration called the “Privacy Day”.

On 26 April 2006, the Committee of Ministers of the Council of Europe decided to launch a Data Protection Day, to be celebrated each year on 28 January. This date corresponds to the anniversary of the opening for signature of the Council of Europe’s Convention 108 for the Protection of individuals with regard to automatic processing of personal data which has been for over 30 years a cornerstone of data protection, in Europe and beyond.

On the Data Protection Day, hundreds of events will be organised all over Europe to raise awareness on data protection and inform citizens of their rights and of good practices, thereby enabling them to exercise these rights more effectively.

The Data Protection Day should be a special occasion, a time set aside by each and every one of us to familiarise ourselves with a largely unknown, yet major, a facet of our everyday lives. The aim of the Data Protection Day is to give European citizens the chance to understand what personal data is collected and processed about them and why, and what their rights are with respect to this processing. They should also be made aware of the risks inherent and associated with the illegal mishandling and unfair processing of their personal data.

The objective of the Data Protection Day is, therefore, to inform and educate the public at large as to their day-to-day rights, but it may also provide data protection professionals with the opportunity of meeting data subjects.

SOURCE

GDPR FINES

Google will appeal the €50m data protection fine

The search giant claimed it had “worked hard” to create a transparent and straightforward GDPR consent process for its ads personalisation settings, and was “concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond”.

The fine, issued by France’s CNIL last Monday, is considered the first major financial penalty on a large technology company since the EU’s General Data Protection Regulation entered into force last May.

The French data protection watchdog said Google had violated EU privacy rules because it did not properly ask its users for consent on how to use their personal data. Google’s challenge before the Council of State — France’s top administrative court — would further define how the tech sector interprets requirements on consent under the GDPR.

The French data protection agency, CNIL, said that Google had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation. It said that consent cannot be valid because it isn’t unambiguous or specific – the choice for personalisation is a pre-ticked box, and users must give full agreement to the Terms of Service and data processing in the Privacy Policy, rather than to unbundled purposes.

This is not dissimilar to a number of other organisations’ consents, and since the ruling there have been widespread questions over the impact it will have on other industries, such as publishers.

READ ORIGINAL CNIL’s ANNOUNCEMENT

BREXIT

How will personal data continue to flow after Brexit?

Elizabeth Denham’s latest blog busts the myths for UK small and medium-sized businesses transferring personal data to and from the EEA The sharing of customers’, citizens’ and employees’ personal data between EU member states and the UK is vital for business supply chains to function and public authorities to deliver effective public services.

At the moment personal data flow is unrestricted because the UK is an EU member state. If the proposed EU withdrawal agreement is approved, businesses can be assured that personal data will continue to flow until 2020 while a longer-term solution can be put in place. However, in the event of ‘no deal’, EU law will require additional measures to be put in place by UK companies when personal data is transferred from the European Economic Area (EEA) to the UK, in order to make them lawful.

Looking to one of most discussed issue related to the possibility Brexit will stop the transferring of personal information from the UK to the EU, the official Fact answer is: “In a ‘no deal’ situation the UK Government has already made clear its intention to enable data to flow from the UK to EEA countries without any additional measures. But transfers of personal data from the EEA to the UK will be affected.”

READ FULL ARTICLE ON MRS DENHAM’s BLOG

DATA BREACH

70,000 “special customers” affected by a retailer vulnerability

Here is a special data breach described on IT Governance’s site. Practically thousands of data about a Home improvement retailer has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from the UK retailer stores.

The document included the names of the offenders, the items they had stolen, the value of the goods and the stores they were taken from. The database should have only been accessible to certain employees, but security specialists at CtrlBox found the database an ElasticSearch server, left publicly available and without password protection.

As the data contains alleged criminal records, it could be considered sensitive information under the GDPR. According to IT Governance Founder and Executive Chairman Alan Calder, the incident is “a classic illustration of the reality that the majority of security breaches go undiscovered for substantial time periods and are then often discovered by third parties.”

READ THE ORIGINAL ARTICLE ON IT GOVERNANCE BLOG

RESEARCH

Data and Analytics Trends in 2019

Business 2 Community recently published an analysis article watching the main trends in Data and Analytics for this year. In the new digital era organizations are realizing that simply being “data-driven” won’t guarantee future success.

According to this article, Forrester notes that it’s not “data-driven,” but rather “insights-driven,” businesses that are growing at an average of more than 30% each year, and by 2021 are predicted to take $1.8 trillion annually from their less-informed peers. Organizations that are intent on lasting into the next decade and beyond must stop doing analytics for analytics’ sake, notes Forrester and other top thought leaders who have shared these 10 Enterprise Analytics Trends to Watch in 2019:

The Data Mindset Moves from Visualization to Outcomes – Forrester Analytics show that most organizations have a way to go, however, in reaching this level. Their research reveals that more than half (57%) of global data and analytics decision makers are still in the early stages of their insights-driven business transformation and fall into Forrester’s beginner maturity segment. Only 8% demonstrate advanced insights-driven competencies, according to their findings.

Explainable AI Requires Investment – enterprise organizations should look to invest in explainable AI in 2019, with very important reason: to manage regulations, ethical use of data, transparency, compliance requirements, and risk. As artificial intelligence becomes more sophisticated

Consumer-grade, Zero-click Intelligence Arrives – the arrival of user experiences like those consumers enjoy – but for enterprise analytics. Whether by voice assistant, hovering over a hyperlink, or stepping up to a screen in an office, real-time intelligence will be delivered to all employees in a way that’s easily consumed by every individual, finally breaking down the barrier to organization-wide analytics adoption.

READ MORE TRENDS IN FULL ARTICLE

DPIA

A PIA TOOL 2.0 RELEASED BY CNIL

A year after its first release, the PIA tool upgrades in the 2.0 version featuring PIA templates. Alongside this new version, a wiki has been published taking its content from the PIA-3 guide.

To celebrate its first anniversary and 130 000 downloads, the PIA tool includes a new feature for creating PIA templates. This feature has been imagined to facilitate the PIA management by allowing to customise the PIA in regard to one’s industry and to apply one template across few types of analysis.

A template based on the PIA framework applied to IoT devices is already available in the tool. In addition, several minor improvements and fixes have been added such as:

  • blocking the tool from being instantiated several times;
  • harmonization of graphic elements across the interface;
  • improvement of the PIA report display interface;
  • overall optimisation of the tool (stability, execution, better management of some behaviours, code refactoring, etc.).

This new version is also an opportunity to implement a new governance model for the Github repositories of the tool in order to ease the integration of the community contribution and to highlight the commitment of the contributors. For more information, we invite you to read the governance description, the contribution guide, the code of conduct and the roadmap for future developments of the tool.

READ MORE

Advertisements

One Reply to “GDPR READY WEEKLY NEWS – No 3, January 2019”

Comments are closed.