Tag Archives: GDPR

GDPR: Search Engines and Privacy

Posted on by
Reply

Quote 1:

The European Court of Justice set out the general rule for these decisions in 2014: the search engine which lists results leading to information about a person must balance the individual’s right to privacy against Google’s (and the greater public’s) right to display / read publicly available information.

Quote 2:

The bigger issue though is the – almost deliberate – lack of clarity. Each person’s details need to be considered on their own merit, and a decision made based on this balance between the rights of the individual and the rights of the wider society, based on a subjective consideration of the original crime, the persons actions since and the benefit to society as a whole. This is further complicated by the fact that different rules will apply in different countries, even within the EU, as case law diverges. The result: Google is likely to face challenges if it takes anything other than a very obedient approach to those requests to be forgotten which it receives.

Google or Gone: UK Court Rules on ‘Right to be Forgotten,’ Data Protection Representatives (DPR), by Tim Bell, April 16, 2018

GDPR: Search Engines and The Right to Be Forgotten

Posted on by
Reply

The “right to be forgotten” rule has caused a great deal of outrage over the past four years, since the EU’s top court ruled that it applied to search engines. It states that people should be able to ask for information about them to be removed from search results, if it is “inaccurate, inadequate, irrelevant or excessive.”…The right to be forgotten, which stems from EU privacy law, is not an absolute right. It is supposed to be balanced against the public interest and other factors.

Google Occupies an Odd Role in Enforcing Privacy Laws. A Businessman’s Landmark ‘Right To Be Forgotten’ Win Just Revealed It., Fortune, by David Meyer, April 16, 2018.

Bragging Rights: GDPR Training

Posted on by
Reply

I’ve successfully completed the Understanding the GDPR MOOC offered by the University of Groningen’s Security, Technology and e-Privacy (STeP) Research Group on FutureLearn.

Observations:

  • It’s a four week course but I completed a good amount of on-the-job research prior to taking the course and, therefore, managed to complete the entire thing in about a week.
  • The topics covered are both comprehensive and realistic. It doesn’t get bogged down in the details and does an excellent job of covering the issues companies need to know in order to begin a gap analysis and ensure compliance.
  • The General Data Protection Regulation (GDPR) is still very new and many of the questions professionals, researchers, companies, corporations and governments have are not possible to answer. The reason for the lack of answers is simply this: when the issue is taken to court, the courts will hold a full investigation and trial. The results of that legal process will stand as Independence for suture decisions. There is very little in the way of legal precedence currently established, so the academic and professional focus is on the ‘spirit of the requirements’ and the ‘primary objectives behind the establishment of the law.’
  • The course has a series of quizzes that must be passed at 75% or higher (total cumulative score) in order to receive a certificate. There’s only one opportunity to take each quiz – they cannot be redone. It’s possible to open up the videos, articles and lecture notes while taking the quiz and there is no time limit – so it is (in essence) open book. It is not possible to search everything and auto-find the answers. So, be sure to do your readings, watch all the videos and pay attention to the notes provided during the practice quizes!
  • Successful completion of the full (paid) version results in a certificate that can be used for continuing education credits (this is useful if you hold a professional certification in a related area!).

The MOOC is well worth the time and effort. I highly recommend it to anyone involved in GDPR compliance or information security.

GDPR: Facebook data privacy scandal

Posted on by
Reply

Like any organization providing services to users in European Union countries, Facebook is bound by the EU General Data Protection Regulation (GDPR). Due to the scrutiny Facebook is already facing regarding the Cambridge Analytica scandal, as well as the general nature of the social media giant’s product being personal information, its strategy for GDPR compliance is similarly receiving a great deal of focus from users and other companies looking for a model of compliance…Facebook members outside the US and Canada have heretofore been governed by the company’s terms of service in Ireland. This has reportedly been changed prior to the start of GDPR enforcement, as this would seemingly make Facebook liable for damages for users internationally, due to Ireland’s status as an EU member.

Shadow profiles” are stores of information that Facebook has obtained about other people—who are not necessarily Facebook users. The existence of “shadow profiles” was discovered as a result of a bug in 2013. When a user downloaded their Facebook history, that user would obtain not just his or her address book, but also the email addresses and phone numbers of their friends that other people had stored in their address books…Because of the way that Facebook synthesizes data in order to attribute collected data to existing profiles, data of people who do not have Facebook accounts congeals into dossiers, which are popularly called a “shadow profile.” It is unclear what other sources of input are added to said “shadow profiles,” a term that Facebook does not use, according to Zuckerberg in his Senate testimony.

Facebook data privacy scandal: A cheat sheet, Tech Republic, By James Sanders and Dan Patterson, June 14, 2018