D /ONE

26/01/2023

https://iapp.org/media/pdf/resource_center/privacy_ai_governance_report_summary.pdf

31/03/2022

In today’s context where data collection and use are increasingly prevalent, businesses may find themselves at more risk of potential data breaches, and anonymising data is one sure way to reduce that risk.

To help businesses, especially those who are new to anonymisation, the PDPC has released a new Guide to Basic Anonymisation to provide more practical guidance on how to perform basic anonymisation and de-identification of various datasets through a simple 5-step anonymisation process. This includes providing clear standards for safeguards and controls where anonymised data is used, and recommendations for when using k-anonymity. Access the Guide at: www.go.gov.sg/wvimcp

The chapter on Anonymisation in our Advisory Guidelines on the PDPA for Selected Topics has also been updated to provide clarity to businesses on the requirements for anonymising data. Find out more: www.pdpc.gov.sg/ag

03/02/2022

Recent, Comisia Europeană 🇪🇺 și rețeaua autorităților naționale de protecție a consumatorilor (CPC) au transmis companiei care deține WhatsApp o scrisoare, solicitându-i:
📌 să clarifice modificările pe care le-a efectuat în 2021 privind condițiile sale de utilizare și politica sa de confidențialitate
📌 să asigure conformitatea acestora cu legislația UE în materie de protecție a consumatorilor.

Întrebările sunt menite să clarifice:
📌 dacă li se furnizează consumatorilor informații suficient de clare cu privire la consecințele deciziei lor de a accepta sau de a refuza noile condiții de utilizare a serviciilor companiei;
📌 corectitudinea notificărilor transmise de WhatsApp în cadrul aplicației, care îi determină pe consumatori să accepte noile condiții și politica de confidențialitate;
📌 dacă consumatorii au posibilitatea de a se familiariza în mod adecvat cu noile condiții înainte de a le accepta.

WhatsApp trebuie să colaboreze cu Comisia și cu autoritățile până la sfârșitul lunii februarie.

25/11/2021

“What we found during our ongoing adtech work is that companies are collecting and sharing a person’s information with hundreds, if not thousands of companies, about what that person is doing and looking at online in order to show targeted ads or content. Most of the time, individuals are not aware that this is happening or have not given their explicit consent. This must change."

NEW: We have published a new Commissioner’s Opinion that sets out the standards companies must meet when developing new advertising technologies, or adtech.

The Opinion makes it clear that companies designing new digital advertising technologies should offer people the ability to receive ads without tracking, profiling or targeting based on excessive collection of personal information. Where people choose to share their data, all companies within the adtech supply chain must ensure there is meaningful accountability, and give people control over their data and the ability to exercise their information rights.

Currently, one of the most significant proposals in the online advertising space is the Google Privacy Sandbox, which aims to replace the use of third party cookies with alternative technologies that still enable targeted digital advertising.

The ICO has been working with the Competition and Markets Authority (CMA) to review how Google’s plans will safeguard people’s personal data while, at the same time, supporting the CMA’s mission of ensuring competition in digital markets.

Read more about the Opinion: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/11/ico-calls-on-google-and-other-companies-to-eliminate-existing-privacy-risks-posed-by-adtech-industry/

17/11/2021

'In cazurile în care operațiunile de prelucrare a datelor personale sunt susceptibile să genereze un risc ridicat pentru drepturile și libertățile persoanelor fizice, operatorul ar trebui să fie responsabil de efectuarea unei evaluări a impactului asupra protecției datelor, care să estimeze, în special, originea, natura, specificitatea și gravitatea acestui risc.'
Fiindcă evaluarea impactului asupra protecției datelor va fi curând o obligație pentru unii operatori de date personale din R.M., exemplele sunt binevenite.

❓As a small organisation, do I need to do a DPIA?

👉 A DPIA (data protection impact assessment) is a process designed to help you identify and minimise the data protection risks of a project or plan. You need to do a DPIA if what you’re planning to do is likely to result in a high risk to people. For example, if you’re planning to process sensitive data such as medical data or information about children or vulnerable adults, it’s likely you’ll need to do a DPIA first.

You can choose to do a DPIA if you think it would help you decide whether the processing you’re planning is appropriate and proportionate. And it’s a good idea to do a DPIA if you’re planning a large project where lots of personal data will be processed, such as a customer survey.

17/08/2021

Food for thought

05/08/2021

Foodinho, a subsidiary of GlovoApp23, will have to amend the way it processes its riders’ data through a digital platform and verify that the algorithms used to book and assign orders for food and other products do not result into discrimination. The company was also fined EUR 2.6 million.
Its app collected disproportionate amounts of data on riders in violation of the principles of lawfulness, transparency, data minimisation and storage limitation.
Source EDPB

03/08/2021

'Luxembourg’s National Commission for Data Protection (CNPD) has hit Amazon with a record-breaking €746 million ($887 million) GDPR fine over the way it uses customer data for targeted advertising purposes.'

Luxembourg’s National Commission for Data Protection (CNPD) has hit Amazon with a record-breaking €746 million ($887 million) GDPR fine over the way it uses customer data for targeted advertising purposes. Amazon disclosed the ruling in an SEC filing on Friday in which it slammed the decision as...

29/07/2021

"The Dutch Data Protection Authority (DPA) has imposed a fine of € 750,000 on TikTok for violating the privacy of young children. The information provided by TikTok to Dutch users – many of whom are young children – when installing and using the app was in English and thus not readily understandable. By not offering their privacy statement in Dutch, TikTok failed to provide an adequate explanation of how the app collects, processes and uses personal data. This is an infringement of privacy legislation, which is based on the principle that people must always be given a clear idea of what is being done with their personal data." 'It is now up to Ireland's Data Protection Commission to finish our investigation and issue a final ruling on the other possible violations of privacy investigated by the DPA.'

21/06/2021

21/06/2021

“The impact of Schrems II cannot be underestimated: already international data flows are subject to much closer scrutiny from the supervisory authorities who are conducting investigations at their respective levels. The goal of the EDPB Recommendations is to guide exporters in lawfully transferring personal data to third countries while guaranteeing that the data transferred is afforded a level of protection essentially equivalent to that guaranteed within the European Economic Area.” https://edpb.europa.eu/our-work-tools/our-documents/recommendations/recommendations-012020-measures-supplement-transfer_en

17/06/2021

Explore our 2021 IAPP Salary Survey