I feel as though I’m in the middle of a ping-ball machine with all legal parties -on behalf of their clients/controllers mainly- are busy sending DPAs to all the processors. And many of the processors who are also controllers are scratching their heads, wondering what to do with these agreements. Wondering what they are? Controller or processor? This is all very confusing for those who haven’t yet started, or have only just started this year!
Should I be disappointed that Facebook still hasn’t understood the ‘Privacy by Default’ principal in Privacy by Design? The user shouldn’t need to do anything to protect their privacy!
Privacy icons are going to be all the rage with GDPR efforts to bring privacy communications into a format for those of us, who don’t eat ‘legal speak’ for breakfast. Apple say that this symbol will pop-up when a function is going to use your personal data. And I really love the icon!
I’ve also received some communications from others who liked what they saw, and in Swedish. Well done Apple!
I have never been so overwhelmed in my whole life. The GDPR gold rush is here.
I wish I could be excited by the fact, after all I have been predicting this since 2015 even? However, I am terrified by significant shortage of expertise on the market, those who really know what it is all about, versus the false gods. So much false news, and so much GDPR theatre, I just want this to stop, step back and, just stop panicking.
In Privasee, we are struggling to meet the demand, the panic. Our approach is to empower our partners with expert knowledge so they can do what is right for their clients. We are lucky to have Nebu as our Swedish consulting partner, learning partner is Cornerstone, we have other partners also in both Portugal and Malta! We want to make GDPR knowledge accessible to all! We call our consulting partners OWLs, because they have reached a level of expertise (we should know as we’ve trained them) to be able to run this race without Privasee, except for our methods (which are rapidly becoming privacy industry best practices).
My dream is to empower our customers with knowledge, so they are NOT dependant upon us.
My dream is to demystify this GDPR monster, so that it becomes something we know.
And IMHO dreams are still possible 🙂
Facebook (FB, -2.34%) collects data on people’s ideologies and religious beliefs, sex and personal tastes—from its own services and those of third parties—without clearly telling its users what it will do with this information. Read more here.
“In a statement, Facebook claimed the Spanish data protection authority (DPA) was wrong to say it showed people advertising based on sensitive personal data. It said ad-targeting was instead based on the interest people express by “liking” certain content on the social network.”
Of course this is rubbish what FB claim. When I was researching my first book I did some extensive clicking to see what would happen. Hence, if adverts pop-up on my profile proposing that I maybe interested in buying ‘incontinence pads’ as not sensitive personal data, what is?
This is the book that Filip Johnssén and myself wrote. Book launch is tomorrow by IAPP in Washington.
By Sarah Thompson, employment lawyer, McGuireWoods.
SARs are often used by employees or former employees as a “fishing expedition” to obtain information in the context of disciplinaries, grievances and litigation, rather than for verifying/correcting their personal data. Previous court decisions have held that making an SAR in this context was an abuse of process and not the purpose of the legislation. However, recent cases and the ICO Code have clarified that an employee’s purpose for making the request is not relevant and employers need to respond regardless of whether the employee has an ulterior motive for making an SAR.
- Disproportionate effort
Employers can refuse to provide information where doing so would involve disproportionate effort. Difficulties throughout the process (from finding, analysing and providing the data) can be taken into account. However, employers must be able to show that they have taken all reasonable steps to comply with the request and, as the ICO Code notes, “should be prepared to make extensive efforts to find and retrieve the requested information.”