Have we got news for you! Exonar Latest News

Have we got news for you!

What We’ve Been Reading And Writing This Month   

‘Thriving in Generation Privacy’ – Webinar hosted by IAPP
Plus – Exonar ON the news and IN the news!


UK to raise the bar on Cyber Security – Sky News Live Interview



Our CEO, Adrian Barrett spoke live on Sky News following the Government’s announcement of £70m investment into UK cybersecurity.


Get our free GDPR report
Missed our IAPP webinar? Watch ‘Thriving in Generation Privacy’



‘Thriving in Generation Privacy: Capitalising on DSAR Data from the Field’ – If you missed our free webinar, you can now watch it here.


Trump, Brexit, Cambridge Analytica – Global Data Privacy Regulations



John Tsopanis, Exonar’s Data & Privacy Director looks back at the last 12 months and considers what we should expect in 2019.


Plantatreeforprivacy: the impact of GDPR when privacy regulations change
Beringea Leads £6.5m Investment in Exonar Alongside Downing Ventures



Transatlantic venture capital investor, Beringea, has announced that it has led a £6.5m investment in Exonar alongside Downing Ventures.


Get our free GDPR report
CCPA: California’s Answer to GDPR Set to Raise the Bar in US Privacy



Just like buses, two data provacy regulations arrive at the same time. How will CCPA impact trade with America?


The Gift of Charity – Reducing Data Labour Post-GDPR



What can the charity sector learn from industry on closing the compliance gap, whilst also not draining resources needed to provide essential services?


How the GDPR will disrupt Google and Facebook
The 6 Essentials of the DPO’s Toolkit for 2019



With enforcement set to take centre stage in 2019, what essentials do data leaders need to keep themselves out of the crossfires of regulators?


Amazon, Apple, Netflix, Spotify and YouTube under scrutiny over SARs



Strategic complaints filed against tech giants over failures in how the services respond to data access requests.


Google hit with €50m GDPR Fine for Transparent Data Consent Policies



GDPR fine for Google by the CNIL for a breach of the EU’s data protection rules.


Get our free GDPR report
Exonar is Hiring!



Exonar has several current vacancies across various departments. Take a look and see whether your next career move could be with us.


The Utterly Unrelated Section



Our CEO had a very successful interview on Sky News earlier this week. It was far too polished to ever make it into this montage of the top 10 worst ever UK news fails!



We are committed to respecting your privacy and protecting your personal information. We try hard to make our communications with you interesting and relevant and always with a view to providing insight into our industry challenges and their solutions. If this Newsletter is not relevant you can unsubscribe using the link below. We promise not to spam you.


Missed Our IAPP Webinar? Watch ‘Thriving in Generation Privacy’

Exonar Webinar hosted by the IAPP: ‘Thriving in Generation Privacy: Capitalising on DSAR Data from the Field’. Your chance to view the recorded webinar.

With the introduction of the EU GDPR, the CCPA and other global privacy laws, people have increased expectations of how their personal data will be handled and protected. This is driving up the number of inquiries for data subject access requests and requests to exercise the right to be forgotten. We commissioned our own research into how businesses are coping with the increased demand; the findings of which were remarkable.

First broadcast on the IAPP website on February 7th 2019, watch this recorded webinar to hear from the field about these survey results and more, including:

  • The cost of handling data subject access requests. (UK public sector organisations example).
  • The results of a subject access request to a UK based high street bank
  • How the world’s leading tech companies dealt with recent requests for personal data
  • How organisations are profiting from their privacy programs
  • The toxic data you’re storing and what to do about it
  • How companies have prepared for Generation Privacy and what you can do now.

Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP

Adrian Barrett, CEO, Exonar
Phil Lee, CIPP/E, CIPM, Partner, Privacy, Security and Data Protection Practice, FieldFisher, London, U.K.
Steve Wright, GDPR Advisor at Bank of England, CEO, Data Privacy Architect, Privacy Culture, London, U.K.

Run time – 60 minutes.

ePrivacy a 2019 Priority – Online tracking regulations to tighten

Sweeping GDPR Fines from German Regulator Send Clear Message; ‘ePrivacy is a 2019 Priority.


A new ePrivacy Regulation that tightens rules for online ‘tracking tools’ such as cookies is expected to replace the ePrivacy Directive in late 2019.

Its importance was emphasised last week when the German DPA (Data Protection Authority) announced that they intend to fine forty organisations for using ‘tracking tools’ on their websites, violating the GDPR.

With ePrivacy Regulation set to tighten GDPR rules on ‘tracking tools’, the announcement of sweeping fines for non-compliant cookie practices under GDPR sends a clear message to organisations in 2019: ‘ePrivacy is a priority’.

How will ePrivacy Regulation seek to protect personal privacy?

The ePrivacy Regulation will outline how organisations must uphold Article 7 of the Charter of Fundamental Rights of the EU which guarantees individuals the right to a private life and private communications.

Where the GDPR has a focus on protecting personal data, ePrivacy Regulation will have a specific focus on protecting personal privacy, seeking to empower individuals to opt-out of unwanted data tracking, processing and digital communications.

The ePrivacy Regulation will be ‘lex specialis’ to the GDPR, detailing specific applications of the rules within the scope of the GDPR. The ePrivacy Regulation will specify rules for the use of:

  • Online tracking technologies
  • Citizen profiling and behavioural advertising
  • Metadata processing and brokerage, i.e. geolocation, IP address and device number
  • IoT – Smart Device communications
  • Spam marketing

Why is protecting personal privacy and the integrity of digital communication important?

The profiling and microtargeting of 87 million UK and US citizens by SCL/AIQ/Cambridge Analytica with disinformation from 2016 onwards has been cited in Parliamentary Enquiries across the world as direct evidence for the need for ePrivacy Regulation.

A vast unregulated network of data tracking technologies, profiling softwares and microtargeting practices has left citizens vulnerable to unsolicited digital influence. These practices leave citizens with little control over who is collecting, analysing and leveraging their personal information for commercial and political gain as they browse the internet.

ePrivacy Regulation will allow for GDPR size fines against firms who perform data tracking without consent which will lead to a collapse in data tracking practices. This will help re-establish establish boundaries between citizens and the private and political actors who wish to influence them. It will also allow citizens to better distinguish between legitimate and illegitimate actors in the online space, and provide a fundamental safeguard to ensure that Article 7 of the Charter of Fundamental Rights of the EU is upheld.

How are regulators signalling that ePrivacy is a priority?

The German DPA has taken a major step towards enforcement on ePrivacy by announcing fines for forty large organisations who were found to be tracking visitors on their websites without appropriate consent. The German DPA audited forty “large websites” from the following industries:

(a) Online retail;
(b) Sports;
(c) Banking & insurance;
(d) Media;
(e) Automotive & electronics;
(f) Home and residential; and
(g) Other.

The investigation showed that all forty websites had non-compliant cookie practices with “tracking tools” inappropriately integrated into their sites.

The three major violations found were:

1. No Active Cookie Consent – Cookies and tracking technologies were gathering data on users before obtaining consent. The German DPA said that most of the forty websites used cookie banners to inform users about cookie usage but none of these banners resulted in active consent being obtained from the user before the cookies gathered user data.

2. No Informed Cookie Consent. Thirty of the forty cookie policies were ‘insufficiently transparent’. The German DPA defines ‘sufficiently transparent’ as: a) individually identifying all cookies/trackers (and presumably the companies behind them); and (b) letting users know the specific purposes for which data collected by the identified cookies will be used.

3. Third Party Processing Without Consent. Most of the 40 websites automatically sent data to third-party cookie providers as soon as a user visited the website.

How will the ePrivacy Regulation affect your organisation?

Organisations will have to adapt their cookie practices to adhere to the new regulation, most likely moving to an explicit and informed opt-in consent mode for advertising cookies. There will also be specific requirements in assessing the legitimacy of third party data processing and brokerage of metadata. Organisations will be required to demonstrate a higher level of due diligence/data auditing for third party data processors and have accurate records of data processing in preparation for heightened scrutiny from regulators.