Posts

Facebook labelled ‘digital gangsters’ – Sky News Interview

Parliamentary report reveals fake news and disinformation was used by Facebook to manipulate elections

A new parliamentary report reveals that Facebook broke privacy and competition law and warned that the organisation should be regulated urgently. The final report of the Digital, Culture, Media and Sport select committee’s 18-month investigation into disinformation and fake news accused Facebook of purposefully obstructing its inquiry and failing to tackle attempts by Russia to manipulate elections.

Following the announcement of this report, our Data and Privacy Director, John Tsopanis was invited to discuss the findings live on the Sky News, Sunrise programme on Monday, 18th February. Watch the full interview here:

Missed Our IAPP Webinar? Watch ‘Thriving in Generation Privacy’

Exonar Webinar hosted by the IAPP: ‘Thriving in Generation Privacy: Capitalising on DSAR Data from the Field’. Your chance to view the recorded webinar.

With the introduction of the EU GDPR, the CCPA and other global privacy laws, people have increased expectations of how their personal data will be handled and protected. This is driving up the number of inquiries for data subject access requests and requests to exercise the right to be forgotten. We commissioned our own research into how businesses are coping with the increased demand; the findings of which were remarkable.

First broadcast on the IAPP website on February 7th 2019, watch this recorded webinar to hear from the field about these survey results and more, including:

  • The cost of handling data subject access requests. (UK public sector organisations example).
  • The results of a subject access request to a UK based high street bank
  • How the world’s leading tech companies dealt with recent requests for personal data
  • How organisations are profiting from their privacy programs
  • The toxic data you’re storing and what to do about it
  • How companies have prepared for Generation Privacy and what you can do now.

Host:
Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP

Panelists:
Adrian Barrett, CEO, Exonar
Phil Lee, CIPP/E, CIPM, Partner, Privacy, Security and Data Protection Practice, FieldFisher, London, U.K.
Steve Wright, GDPR Advisor at Bank of England, CEO, Data Privacy Architect, Privacy Culture, London, U.K.

Run time – 60 minutes.



ePrivacy a 2019 Priority – Online tracking regulations to tighten

Sweeping GDPR Fines from German Regulator Send Clear Message; ‘ePrivacy is a 2019 Priority.

 

A new ePrivacy Regulation that tightens rules for online ‘tracking tools’ such as cookies is expected to replace the ePrivacy Directive in late 2019.

Its importance was emphasised last week when the German DPA (Data Protection Authority) announced that they intend to fine forty organisations for using ‘tracking tools’ on their websites, violating the GDPR.

With ePrivacy Regulation set to tighten GDPR rules on ‘tracking tools’, the announcement of sweeping fines for non-compliant cookie practices under GDPR sends a clear message to organisations in 2019: ‘ePrivacy is a priority’.

How will ePrivacy Regulation seek to protect personal privacy?

The ePrivacy Regulation will outline how organisations must uphold Article 7 of the Charter of Fundamental Rights of the EU which guarantees individuals the right to a private life and private communications.

Where the GDPR has a focus on protecting personal data, ePrivacy Regulation will have a specific focus on protecting personal privacy, seeking to empower individuals to opt-out of unwanted data tracking, processing and digital communications.

The ePrivacy Regulation will be ‘lex specialis’ to the GDPR, detailing specific applications of the rules within the scope of the GDPR. The ePrivacy Regulation will specify rules for the use of:

  • Online tracking technologies
  • Citizen profiling and behavioural advertising
  • Metadata processing and brokerage, i.e. geolocation, IP address and device number
  • IoT – Smart Device communications
  • Spam marketing

Why is protecting personal privacy and the integrity of digital communication important?

The profiling and microtargeting of 87 million UK and US citizens by SCL/AIQ/Cambridge Analytica with disinformation from 2016 onwards has been cited in Parliamentary Enquiries across the world as direct evidence for the need for ePrivacy Regulation.

A vast unregulated network of data tracking technologies, profiling softwares and microtargeting practices has left citizens vulnerable to unsolicited digital influence. These practices leave citizens with little control over who is collecting, analysing and leveraging their personal information for commercial and political gain as they browse the internet.

ePrivacy Regulation will allow for GDPR size fines against firms who perform data tracking without consent which will lead to a collapse in data tracking practices. This will help re-establish establish boundaries between citizens and the private and political actors who wish to influence them. It will also allow citizens to better distinguish between legitimate and illegitimate actors in the online space, and provide a fundamental safeguard to ensure that Article 7 of the Charter of Fundamental Rights of the EU is upheld.

How are regulators signalling that ePrivacy is a priority?

The German DPA has taken a major step towards enforcement on ePrivacy by announcing fines for forty large organisations who were found to be tracking visitors on their websites without appropriate consent. The German DPA audited forty “large websites” from the following industries:

(a) Online retail;
(b) Sports;
(c) Banking & insurance;
(d) Media;
(e) Automotive & electronics;
(f) Home and residential; and
(g) Other.

The investigation showed that all forty websites had non-compliant cookie practices with “tracking tools” inappropriately integrated into their sites.

The three major violations found were:

1. No Active Cookie Consent – Cookies and tracking technologies were gathering data on users before obtaining consent. The German DPA said that most of the forty websites used cookie banners to inform users about cookie usage but none of these banners resulted in active consent being obtained from the user before the cookies gathered user data.

2. No Informed Cookie Consent. Thirty of the forty cookie policies were ‘insufficiently transparent’. The German DPA defines ‘sufficiently transparent’ as: a) individually identifying all cookies/trackers (and presumably the companies behind them); and (b) letting users know the specific purposes for which data collected by the identified cookies will be used.

3. Third Party Processing Without Consent. Most of the 40 websites automatically sent data to third-party cookie providers as soon as a user visited the website.

How will the ePrivacy Regulation affect your organisation?

Organisations will have to adapt their cookie practices to adhere to the new regulation, most likely moving to an explicit and informed opt-in consent mode for advertising cookies. There will also be specific requirements in assessing the legitimacy of third party data processing and brokerage of metadata. Organisations will be required to demonstrate a higher level of due diligence/data auditing for third party data processors and have accurate records of data processing in preparation for heightened scrutiny from regulators.

Free IAPP Web Conference – Registration Now Open

Thriving in Generation Privacy: Capitalising on DSAR Data from the Field

Free IAPP Web Conference – Brought to you by Exonar

Broadcast date: Thursday, February 7, 2019
Time: 8:00–9:00 a.m. PT, 11:00 a.m.–noon ET, 4:00 – 5:00 p.m. GMT

With the introduction of the EU General Data Protection Regulation, the California Consumer Privacy Act and other global privacy laws, people have increased expectations of how their personal data will be handled and protected. This is driving up the number of inquiries for data subject access requests and requests to exercise the right to be forgotten. Exonar recently surveyed a number of organizations to understand how they have been coping with these new and increased privacy control operations, and the results were remarkable.

Join us for this upcoming web conference to hear from the field about these survey results and more, including:

  • The cost of handling data subject access requests. (U.K. public sector organizations example).
  • What the results of a SAR request to a U.K.-based, High Street Bank resulted in.
  • How the world’s leading tech companies dealt with recent requests for personal data.
  • How organizations are profiting from their privacy programs.
  • The toxic data you’re storing and what to do about it.
  • How companies have prepared for Generation Privacy and what you can do now.

Host:
Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP

Panelists:
Adrian Barrett, CEO, Exonar
Phil Lee, CIPP/E, CIPM, Partner, Privacy, Security and Data Protection Practice, FieldFisher, London, U.K.
Steve Wright, GDPR Advisor at Bank of England, CEO, Data Privacy Architect, Privacy Culture, London, U.K.

Book your place now: exo.nr/IAPP-webinar