gdpr Archives -

pradeep@brainguru.in +91 9810953232

Category: gdpr

First ever GDPR notice issue to AggregateIQ

September 20, 2018 Pradeep Agrawal 0 Comments

AggregateIQ (AIQ), a Victoria-based Canadian digital advertising, web and software firm, is the first company in Canada to receive an enforcement notice under the new European Union General Protection (GDPR) regulations. The United Kingdom Information Commissioner’s Office (the ICO) issued its first extraterritorial enforcement notice under GDPR to AIQ.
ICO slaps AggregateIQ with initial official GDPR notice.

The ICO said that although the data was gathered before 25 May, when the GDPR regulations came into effect, it was concerned about the “continued retention and processing” of data after that date. This, it said, meant GDPR applied to AIQ’s handling of that information.

Earlier this year it was linked to UK data firm Cambridge Analytica by whistleblower Chris Wylie, who alleged that Cambridge Analytica improperly acquired Facebook data belonging to 50 million people via a third party.

A Canadian analytics firm that worked for Vote Leave has received the UK’s initial formal notice beneath a key information law, the UK’s information protection watchdog has confirmed.

AggregateIQ (AIQ) was suspect of process people’s information “for functions that they might not have expected”.

The firm has appealed against the notice, that was issued by the UK’s data Commissioner’s workplace.

AIQ is a small Canadian data firm that uses data to target online ads at voters during public polls. It was paid nearly £2.7m ($3.6m) by Vote Leave to target ads at prospective voters during the Brexit referendum campaign. It was also used by pro-Brexit youth group BeLeave.

Vote Leave has been fined £61,000 and referred to the police after an Electoral Commission probe said it broke an electoral law by exceeding its spending limit by funneling money through BeLeave.

AIQ also received funding from Northern Ireland’s Democratic Unionist Party and Veterans for Britain, amounting to a total of £3.5m from all of its pro-Brexit clients.

Cambridge Analytica has been credited with helping Donald Trump win the US presidential election in 2016.
The GDPR notification was the first in the new data privacy environment where companies are legally obligated to limit the personal data they gather on people, be open about how they use that data, and allow people to demand that their information is deleted.

It was sent in July, amid the ICO’s probes into Facebook data harvesting, although the notice wasn’t posted on the ICO’s enforcement page, and in fact there is no mention of it anywhere on the ICO website. The notice itself [PDF] was hyperlinked in an annex at the end of a “investigation update” into the “use of data analytics in political campaigns.” The fact it was a GDPR notice was only just spotted last week.

#GDPRNotice #AggregateIQ #AIQ #AggregateIQcanada


Xiaomi to Migrate its Data Center in India

September 1, 2018 Pradeep Agrawal 0 Comments

Data Localisation – The Chinese smartphone maker declared on August 31 that it’d be migrating all the user data of Indian customers to cloud infrastructure primarily based within the country. Xiaomi can move all the existing user data to cloud services provided by Amazon (Amazon Web Services) and Microsoft (Azure) by the end of 2018.

Amazon Web Services and Microsoft Azure, have already got cloud infrastructure in India. Moving all user data to those services primarily based in India would improve the access speed for customers. That’s not all though, as this move also will improve the safety and privacy of all user data.

Manu Jain, managing director, Xiaomi India foresaid that at Xiaomi the data privacy and security are of utmost importance to us. Once the migration is completed, users can notice a rise in speed once accessing the Xiaomi services. We are taking an extra step towards user data security and privacy by bringing our cloud services to India for all native data wants. As Xiaomi, ranked India’s top smartphone maker by IDC, aforesaid all-new Indian user data was being kept on native servers. This can cover all Indian user information across the Xiaomi e-commerce platform, Mi Community, Mi Cloud, MIUI and Mi TV.

As Xiaomi’s move comes as India increasingly sees information localization could be a critical part of governance. The reserve bank of India (RBI) needs data associated with payment systems stored within the country. The recent report on data protection by the BN Srikrishna committee advised that information fiduciaries ought to guarantee data is reflected locally.

Xiaomi’s move reflected the importance of the Indian market, the world’s second largest after China. As data localization is turning into a vital part of governance in India. That is the reason why RBI has notified that information pertaining to payment systems should be settled within India. So, if we glance at the country of 1.3 billion individuals, and you would like to possess access to its market, it makes logical sense to store your information within India. It’ll also give an efficient remedy to individuals affected by breaches underneath Indian laws.
Therefore, All new Indian user information since 1 July is already being kept in local servers and all existing user information on mi.com/in/ are going to be totally migrated to servers in India by mid-September 2018.


New ePrivacy Regulation Will Impact Businesses Over GDPR

August 29, 2018 Pradeep Agrawal 0 Comments

Over the past months, the businesses are targeted on the overall General Data Protection Regulation (GDPR), another transformational piece of privacy legislation quietly began to create waves across Europe: the forthcoming European ePrivacy Regulation (ePR). The ePR can replace the present ePrivacy Directive, that has been in place since 2002.
The regulation in question is termed ePrivacy, and it targets, among alternative areas, the right to confidentiality and data privacy on all electronic communications. This includes emails, texts, the web, WhatsApp, Skype, online messaging, VoIP, the internet of Things (IoT), apps, online advertising networks, and telecommunications.

Sometimes referred to as the cookie law, because it is that the law that governs the use of cookies on websites, the regulation can introduce new rules for communications content and communications metadata that may mean that organizations should make sure the confidentiality of all electronic communications and forestall surveillance from third parties.
Although there’s some overlap, the key difference between ePrivacy and GDPR is that GDPR covers the handling of private information in all forms, whereas the e-Privacy regulation covers online communications additional specifically.As with GDPR, ePrivacy’s impact, and heavy fines won’t be restricted to corporations based within the EU.

With British businesses spending an average of £1.3m on GDPR compliance, the news that another new regulation can be simply round the corner might not be welcomed by some. In fact, some believe that ePrivacy might have an even bigger impact, with tech lobby teams arguing that the regulation might stifle innovation.

Implementation of the regulation might be “more turbulent” than GDPR: “The focus is slowly however certainly switch from the GDPR to the forthcoming ePrivacy Regulation that may possibly have a substantial impact on organizations’ digital promoting and advertising methods,” adds Brussels-based of counsel. observing the present proposals, the ePrivacy Regulation might be an additional turbulent journey for the promoting and advertising trade than the GDPR, and should therefore not be underestimated.”

Former Federal Trade Commission workers attorney Julie O’Neill said: “US corporations that thought they were done considering European privacy law is also sure a surprise. The forthcoming ePrivacy Regulation is probably going to affect companies’ online advertising campaigns and analytics solutions. however far the Regulation goes remains to be seen, but there’s very little doubt that several corporations can regulate their practices.”

#ePrivacy #GDPR


Less Cookies – Thanks to GDPR

August 27, 2018 Pradeep Agrawal 0 Comments

How GDPR Affects Tracking Cookie Policies

The news sites have over one Google cookie, with topmost 5 being DoubleClick by 87% of sites, Google Analytics by 86 %, Google Tag Manager by 80 %, AdSense by 72 %, and Google arthropod genus by 69 %. The report adds that design optimization cookies fell by 27 %, advertising and promoting cookies by 14 %, and social media cookies by 9 %.

European news sites have reduced the number of third-party tracking cookies by 22 % within the 3 months since the introduction of the GDPR (General Data Protection Regulation), according to a survey of 200 sites by the Reuters Institute for the Study of Journalism at the University of Oxford. Companies that run websites ought to be aware of the matter and prepared to act.

This doesn’t prove that GDPR caused the decline, however, it should have prompted websites to appear at the cookies they were using, and that they currently had to get consent. The report says: “The introduction of GDPR might have provided news organizations with an opportunity to judge the utility of varied options, and to get rid of code that is not any longer of great use or that compromises user privacy”.

There was considerable variation in the results from the seven countries surveyed:
Finland
France
Germany
Italy
Poland
Spain
UK
The number of cookies on UK sites fell by 45 %, whereas the number on German sites fell by solely 6 %. Spain, France, and Italy all saw falls of more than 30 percent. Poland saw a 20-percent increase. However, American technology firms usually evaded the cull. Most of the sites received cookies from Google (96 %), Facebook (70 %), and Amazon (57 %). Facebook cookies dropped by 5 percentage points from 75 %, however, Facebook suffered major issues far beyond the GDPR.

However, the tool cannot give answers to the most topic of interest: how many users are currently block tracking cookies? The GDPR makes it tougher to induce blanket consent to cookie use or, at least, to induce legitimate blanket consent. If large numbers of users refuse their consent, this can reduce the worth of tracking cookies. This could result in websites eliminating cookies that not deliver any worth. Whether the recent decline could be a trend or a blip remains to be seen. The next RISJ survey may show an additional decline, or a recovery if the tracking trade finds ways that to tackle the matter.

The report’s authors used webXray, an open source tool, to count cookies between April and July 2018. They acknowledge that some sites might block the tool, therefore “the true number of [third party cookies] on a given page is also higher.” Either way, each company that runs a website ought to be aware of the matter and be prepared to act.

#LessCookies #GDPR #GDPRLessCookies


GDPR – Challenge for Online Advertisement

August 25, 2018 Pradeep Agrawal 0 Comments

The General Data Protection Regulation brought in by the European Union in may is meant to protect personal data within the age of the web and needs websites to hunt consent to use personal information, among alternative measures. The capability to trace web users that attract the many firms that harvest user information from websites with or without the approval of the site owner to create profiles of an individual client.

Concerns regarding GDPR ought to, however, profit Alphabet’s Google and Facebook as their loyal customers are additional possible to provide consent to hold on using sites, permitting the U.S. giants to stay amassing and analyzing huge amounts of GDPR-compliant information that advertisers can pay to use. GDPR poses a challenge to those teams because all of them would like consent to use the information. whereas sites usually request consent on behalf of the ad tech corporations they use directly, uncertainty over whether or not each link within the supply chain is GDPR-compliant is pushing some to depart Europe altogether.

Tremendous publishers like national newspapers are thinking that they will get profit yet charging from advertisers for online slots as they’re compliant with the new EU rules. Europe’s new data privacy law has put a small army of tech corporations that track individuals online and is strengthening the hand of big firms like Google and Facebook within the $200 billion global digital advertising trade.

It’s challenging for the digital ecosystem. From a begin nearly 30 years ago, the internet has become the most important advertising medium within the world as a result of it permits corporations to focus on consumers with ads based from their browsing history or comments. That personal information will then go through a lot of ad tech corporations before an organization or advertising agency bids at an auction for space on the website and an advert is loaded. The transfer of private information that risks breaking the new EU privacy law. That doubt regarding compliance is threatening the middlemen and publishers to rethink how they share their user information.

Google is additionally requiring publishers to secure consent when using its ad products on their properties. Marketers and partners conjointly need to currently use more of Google’s own services whereas Facebook has lost one million active users of European monthly. When GDPR needs by some users to avoid targeted ads to the modest revenue hit. In return to GDPR, asked by advertisers to verify the right consent to use any information from third-party brokers.

How long the initial impact of GDPR can last, though, isn’t yet clear as several customers bored with the constant permission pop-ups are simply giving consent to access sites. Prosecutors are however to bring any cases for information breaches. But GDPR has ramped up the speed of change in what has been such a fragmented business. “This quite consolidation is natural in most maturing industries,” Enders analyst Matti Littunen aforesaid. “GDPR has simply accelerated it.”


GDPR Compliance: Big Challenge for Many Indian Firms

August 16, 2018 Pradeep Agrawal 0 Comments

Indian Business Firms are facing a big challenge to implement GDPR Compliance in their organization. According to the recent EY survey, most of the corporations in India are still struggling to comply with the EU’s GDPR. As GDPR brought in for data protection and privacy of individuals in May 2018. Over 63 % of respondent who are aware of the regulation and its necessities reported that they were non-compliant.

This embrace several large globally recognized organizations and key government entities, it said. The survey report disclosed that 76 % of organizations who take part in the survey, still comply with their own information governance policy; whereas 45% continue to struggle in their GDPR compliance journey.

IT/ITeS sector has taken a command in terms of its GDPR compliance and 31% corporations believe that they’re compliant, as they have taken a lead with 65 % property of this sector. This can be followed by automotive organizations out of that 23% think that they’re compliant with GDPR,” the survey aforesaid. Therefore, the survey also makes efforts to search out that the challenges which companies are going through in their GDPR compliance and getting satisfactory skilled resources and It is a prime roadblock in the journey GDPR compliance.

As more than 60 % of the organizations sighted these as the major challenge in performing GDPR compliance activities. The Lack of relevant tools & training and knowing of GDPR compliance and no internal support from leadership were some of the other reasons which were cited. In the fourth survey responders belonged to the firms that are offering goods and services in the EU, but still are unaware of GDPR and its impact. But, there is a good news too as 80% organizations are aware of GDPR have proactively started their compliance journey towards it.

Since, most of the firms are planning to raise their budget as they realize the requirement for privacy and surprising 70 % organizations, having more than 5,000 employees, are planning to raise their privacy budget in the coming year. Therefore, over 85% of the firms have raised their budget in last year and want to further improve it in 2018. The organizations who have covered this survey were spread across IT and ITes, healthcare, automotive, media and entertainment, banking and financial services; and the research was conducted between April-May 2018.

As Data Privacy Law is coming in our country and Draft already roll our last Month, so we need to be prepare more aggressively and pull our socks for up coming challenge.

#GDPRCompliance #GDPR


Right to be Forgotten – Data Privacy Law

August 10, 2018 Pradeep Agrawal 0 Comments

What is “Right to be Forgotten” in Indian Data Privacy Law.

The B.N. Srikrishna Committee has an important significance on obtaining the agreement of an individual to process & can use the personal information. The committee said consent must be “informed”, “specific” and “clear”, and needs to be capable of being withdrawn as easily as it was given. Thus, there is no right to erasure of data in the proposed law, and the bill will be going through a parliamentary process of word and approval before it becomes law, and might be some changes has brought in.

Therefore, the Protection Bill of Private data in 2018, embrace a segment on “right to be Forgotten” but the projected bill doesn’t give the right to erasure. The Section 27 of the bill has listed out three premises in which an individual will have the “right to restrict or prevent continuing disclosure of personal data” or the right to be forgotten. This will be relevant, if data disclosure is no longer necessary, or the consent to use data has been withdrawn or if data is being used contrary to the provisions of the law. An adjudicating officer will determine the relevancy of one of the three scenarios.
The officer can also determine that the right of the individual to limit the use of her data over-rides the right to freedom of speech or right to information of any other citizen.

Every person shall have the right to seek removal of personal data from Data Controller –
(a) where personal data is no longer necessary with regard to the purpose for which it was originally collected or processed; or
(b) where the person withdraws consent; or
(c) where personal data has been obtained unlawfully; or
(d) where personal data is required to be erased in accordance with a legal obligation pursuant to a Court order.

The European Court of Justice (ECJ) ruled in favor of Mario Costeja González In 2014, a Spanish man who was sad to look out his name on Google threw up a newspaper story from 1998. In 2009 he approached the newspaper to get that article removed as he felt it was no longer relevant. The newspaper felt it was inappropriate to erase the article, and Gonzalez then approached Google to not throw up the article when his name is searched. ECJ asked Google to remove the inadequate or not relevant data from its search results. Therefore, the ruling came to be known as the “right to be forgotten” and has been strengthened in data protection laws and regulations within the EU, as well as in the EU’s General Data Protection Regulation (GDPR).

After the article for EU GDPR outlined the situation that EU citizens will exercise their “right to be forgotten”. The News Article gives individuals the right to get personal data erased under six conditions, including withdrawal of consent to use data, or if data is no longer relevant for the purpose it was collected. However, the request may not be entertained in some situations such as if the request contradicts the right of freedom of expression, or when it goes against the public interest in the area of public health or historical research or regarding statistical purposes.

#GDPR #DataPrivacy #RigtToBeForgotten


GDPR: An Opportunity or Burden ?

June 25, 2018 Pradeep Agrawal 0 Comments

Businesses these days are speedily accumulating information that identifies people. How that information is used and managed, and therefore the degree to that it protects individual privacy, varies greatly. With the GDPR, this may change.
New GDPR rules can protect the privacy of European residents and any businesses that deal with them. The hype that enclosed the introduction of the General Data Protection Regulation (GDPR) earlier this year directed a spotlight on the thorny issue of information privacy.

This is vital as loss of personal or work-related data may be a huge problem for businesses of any size or sector almost half of UK businesses have fallen victim to cyber attacks or security breaches within the last year, costing them every thousand of pounds, according to a UK government report. In essence, the GDPR is regarding protective and enabling the information privacy rights of people, handing power back to the data’s owner, whether it consists of location data, online identifiers like usernames, IP addresses or cookies, or different records.

The arrival of GDPR suggests that greater penalties for information loss are imposed, thus it’s essential that companies are compliant. However, recent information suggests that a lot of firms are still struggling with their compliance efforts. A poll by The Governance Institute (ICSA) shows that over three-quarters (78 percent) of organizations surveyed have found becoming compliant with GDPR to be “a heavy burden” on their resources. However, GDPR affects each organization, and little and mid-sized firms will fall victim to information breaches as much as the enterprise.
Having a business continuity and disaster recovery (BCDR) policy in place ought to be essential for any organization to protect client information from accidental loss or criminal information breach. However, within the case of GDPR, it ensures the integrity of the information and may facilitate firms get over a ransomware infection.

Being GDPR compliant needs understanding the information you hold, your policies and processes for managing that information and training employees to make sure they perceive and may adjust to these rules. Mapping out however information moves through the corporate and where it’s stored whether it’s in emails, CRM systems, cloud applications or on a backup appliance may be a good starting point. Once it involves defending against cyber-attacks and information breaches, human error is commonly an issue, thus educating your employees is crucial. Technology may be used to enforce consistent security policies across the organization.

Businesses should additionally make sure the ongoing confidentiality, integrity, and availability of process systems and services, likewise as having the vital ability to access personal information in a timely manner within the event of a physical or technical incident. With additional information being processed and keep, cyber threats continued to grow and with laws like GDPR being implemented, managing information is becoming increasingly complex for small businesses.

Non-compliance with the new regulation cannot solely cause reputational harm to an organization however additionally result in substantial fines. Within the coming months, case law and experience can shine a stronger light on exactly what the regulation means in reality.