Noteworthy Information
[Advanced] GDPR Data Portability: The Forgotten Right

Europe has some of the most advanced data rights in the world, and yet in practice, it is almost impossible to access and move one’s individual data in a useful way. European citizens and businesses can co-create value and strengthen local economies if they can move their data between services. This overview discusses current challenges and proposes 10 solutions to improve data portability in 2021.

[Intermediate] Irish DPC "handles" 99,93% of GDPR complaints, without decision?

The Irish DPC (Data Protection Commissioner) acknowledges in Irish Parliament hearing it "handles" GDPR complaints by not deciding about them, in violation of EU law.

The long-standing miracle of "self-resolving" GDPR complaints was then lifted by Helen Dixon: The DPC simply interprets the word "handle" to mean that the DPC can also simply dispose of complaints on the fundamental right to privacy. She openly argued “In fact, there is no obligation on the DPC under the 2018 Act to produce a decision in the case of any complaint.”

[Intermediate] EU must overhaul flagship data protection laws, says a ‘father’ of policy

Axel Voss, one of the fathers of the General Data Protection Regulation, told the Financial Times that it needs to be revised to take into account not only the widespread move to homeworking, but also the emergence of a host of new technologies.
(original article in Financial Times - paywalled)

[Advanced] Assessment of the EU Member States’ rules on health data in the light of GDPR

The long-awaited report "Assessment of the EU Member States' Rules on Health Data in the Light of GDPR" has finally been published. Based on a string of workshops and consultations in the first half of 2020, the report provides a comprehensive overview of the fragmented approach on the use and re-use of health data across Member States. (also available: Country fiches for all EU member states)

[Advanced] Data trusts in Germany and under the GDPR

In this report Anouk Ruhaak describes alternative approaches to data governance, specifically data trusts.

Anonymisation Decision-making Framework: 2nd Edition Published

UKAN publishes the Anonymisation Decision Making Framework (ADF) to address a need for a practical guide to GDPR-compliant anonymisation that gives more operational advice than other publications such as the UK Information Commissioner’s Office’s (ICO) valuable Anonymisation Code of Practice.

EU investigates Instagram over handling of children's data

Facebook could face a large fine if Instagram is found to have broken European Union privacy laws.

The European Commission's "2 years of GDPR" report

Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation.

Iconified Representations of PrivacyPolicies: A GDPR Perspective

Privacy policies inform on personal data collection and pro-cessing practices, allowing people to make informed decisions about agiven service. However, they are difficult to understand due to theirlength and use of legal terminology. To address this issue, regulatory bod-ies propose the use of graphical representations for privacy policies. Thispaper reviews the development of current graphical and iconified repre-sentations for privacy policies

Open Letter on “confidential” dealings in Facebook case

Within hours of the new GDPR being applicable on 25 May 2018, the European non-profit organisation noyb.eu filed three complaints against the Facebook Group (including WhatsApp and Instagram). Since then, the Irish Data Protection Commission (DPC) has declared the contents of the extremely slow procedure “confidential” and asked noyb.eu not to discuss them in public.

Privacy, Data, and the Consumer: What US Thinks About Sharing Data

As GDPR becomes the norm, are marketers able to walk the tight-rope of consumer data and privacy? Acxiom and DMA study consumers’ take on data sharing.

Nearly 90% of European websites do not respect privacy regulations

Only one in ten European websites respects the General Data Protection Regulation (GDPR), the European privacy law, according to a study by MIT, UCL and Aarhus Universiteit.

Greece: The new data protection law raises concerns

The much awaited new Greek data protection law has been criticised for the lack of conformity of its provisions with the EU General Data Protection Regulation (GDPR).

Open & Agile Smart Cities

You should check with the people of https://oascities.org/ and the Synchronicity project. I think they've done a lot of research and gained a lot of experience on data collection in the public domain and making sure it is inline with the European GDPR regulation on privacy.

Advertising: Real-Time Bidding vs. General Data Protection Regulation

As soon as 2020, the media industry could find itself with its main monetization channel shut down, yet few seem to be working on an alternative. The seeming inaction of most media owners, despite continuing and specific warnings from regulators, is dangerous and hard to comprehend.

European Data Protection Supervisor passed away

The EU's independent data protection authority informed: It is with the deepest regret that we announce the loss of Giovanni Buttarelli, the European Data Protection Supervisor. Giovanni passed away surrounded by his family in Italy, last night, 20 August 2019.

PwC will have to work to rebuild trust after shock GDPR fine

The corporate world has gotten a shock of its recently when the data protection enforcement body of Greece has imposed a fine under Article 83 of the GDPR amounting to 150.000 EUR on PricewaterhouseCoopers.

Building Collective Momentum to Challenge the Ad Tech Industry

This story is the first of a series on how civil society organisations and activists are using the GDPR (and similar data protection legislation) to advance rights and strengthen their work.

Tech companies organize two efforts to support personal data management

...and both are called Open GDPR. Though unrelated, the initiatives reflect some of the ways the ad and marketing industry is organizing itself around its personal data responsibilities.


Questions Asked
[Intermediate] Asking Netflix and Spotify for your data

Alex described his experience with both Netflix and Spotify to get better JSON data formats back that include both human-readable artist/track/show/film title AND the media URL - so that you can uniquely identify/play/bookmark the correct episode/track version AND understand/display what it is. Data portability rights can work, if you refuse to drop it until they give you what you are entitled to!

Call for Proposals: Comparing Effects and Responses to GDPR and CCPA

The Center for Long-Term Cybersecurity at UC Berkeley is hosting an interdisciplinary workshop on July 30, 2021 to examine and compare how firms and consumers have responded to the E.U.’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). This RFP seeks proposals to conduct scholarly inquiry into these topics to inform the workshop and, more broadly, to build the body of scientific knowledge foundational to these issues. Selected proposals will be invited to present and discuss their research-in-progress at the workshop.

Why is it so hard to get our data back?

Many companies ask you to go through a complicated process. Is there any way to set a limit on how much additional info can be required?

A research paper on How do app vendors respond to subject access requests might answer the question.

Discussing GDPR

Eike asked several inspiring questions regarding GDPR's Art. 15, 20 and 29. Anyone interested in fruitful discussion with him?

A Bank Run for Personal Data?

Next January 28th is the Data Protection Day, and with some companies in the personal data space, we want to make it a "GDPRmaggedon". The idea is to gather thousands (or more) citizens to request their personal data the same day, with advanced GDPR requests about all their portability data in machine readable format.

European Commission starts a consultation on GDPR

The Eropean Commission starts a consultation on GDPR with tight dates (1-29 April) and Iain suggested to submit an official collaborated MyData response to this. Please join collaboratively editing this MyData document.

European Data Protection Board: Request for Comments

The European Data Protection Board welcomes comments on the Guidelines 4/2019 on Article 25 Data Protection by Design and by Default.


eszköz
GDPR Request Template

A better data access request template.

OpenGDPR

A common framework enabling companies to work together to protect consumers' privacy and data rights.

Your Digital Self

Keep safe in a digital world.