OwnYourData Logo
 
Welcome to the OurData Weekly Digest, a news site dedicated to producing the best coverage from within the human-centred approach to personal data management.
 
Find the full legal text of the General Data Protection Regulation (EU Regulation 2016/679) here:
https://eur-lex.europa.eu/eli/reg/2016/679/oj

 

 

Business & Government Intermediate read

France's Privacy Watchdog Latest To Find Google Analytics Breaches GDPR

Use of Google Analytics has now been found to breach European Union privacy laws in France -- after a similar decision was reached in Austria last month. The French data protection watchdog, the CNIL, said today that an unnamed local website's use of Google Analytics is non-compliant with the bloc's General Data Protection Regulation (GDPR) -- breaching Article 44 which covers personal data transfers outside the bloc to so-called third countries which are not considered to have essentially equivalent privacy protections. The U.S. fails this critical equivalence test on account of having sweeping surveillance laws which do not provide non-U.S. citizens with any way to know whether their data is being acquired, how it's being used or to seek redress for any misuse.

Business & Government Intermediate read

The Future of International Data Transfers (paper, 25p)

The General Data Protection Regulation (GDPR) contains a blanket prohibition on the transfer of personal data outside of the European Economic Area (EEA) unless strict requirements are met. The rationale for this provision is to protect personal data and data subject rights by restricting data transfers to countries that may not have the same level of protection as the EEA. However, the ubiquitous and permeable character of new technologies such as cloud computing, and the increased inter-connectivity between societies, has made international data transfers the norm and not the exception. The Schrems II case and subsequent regulatory developments have further raised the bar for companies to comply with complex and, often, opaque rules.

Individuals Simple read

UK's ICO Calls For Browser-Level Controls To Fix 'Cookie Fatigue'

Last month, UK digital minister Oliver Dowden took aim at what he dubbed an "endless" parade of cookie pop-ups -- suggesting the government is eyeing watering down consent requirements around web tracking as ministers consider how to diverge from European Union data protection standards, post-Brexit. Today the UK's outgoing information commissioner, Elizabeth Denham, stepped into the fray to urge her counterparts in G7 countries to knock heads together and coalesce around the idea of letting web users express generic privacy preferences at the browser/app/device level, rather than having to do it through pop-ups every time they visit a website.

Interesting Articles?

Read more news in the current Weekly Digest issue!

Check it out

Business & Government Simple read

WhatsApp fined €225m by Ireland over Privacy

Facebook's WhatsApp was fined a record 225 million euro by the Irish data protection regulator on Thursday after the EU privacy watchdog pressured Ireland to raise the penalty for the company's privacy breaches.

Partly at issue is how WhatsApp share information with parent company Facebook, according to the commission. The decision brings an end to a GDPR inquiry the privacy regulator started in December 2018. WhatsApp said it disagrees with the decision and plans to appeal. "We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so," a WhatsApp spokesperson said via email.

Individuals Simple read

UK To Overhaul Privacy Rules in Post-Brexit Departure From GDPR

Britain will attempt to move away from European data protection regulations as it overhauls its privacy rules after Brexit, the government has announced.

Amazon é multada em 746 milhões de euros por violações à GDPR relativas à privacidade

A Amazon anunciou que recebeu uma multa no valor de 746 milhões de euros por violar o Regulamento Geral de Proteção de Dados (GDPR) da União Europeia no que diz respeito ao processamento de dados pessoais. O anúncio, escondido no último registro enviado pela Amazon à Comissão de Valores Mobiliários dos EUA , afirmava que a decisão havia sido tomada pela Comissão Nacional para Proteção de Dados no dia 16 de julho. Juntamente com a multa, a Amazon afirmou que a decisão também impõe "revisões de práticas correspondentes".

Want to Trace Data?

Learn more about how to track your datasets!

Check it out

Business & Government Simple read

Amazon fined €746 million for GDPR privacy violations

Amazon announced that it has been fined 746 million euros for violating the EU's General Data Protection Regulation (GDPR) rules on how to process personal data. The notice, buried within the latest SEC filing from Amazon, said the decision was made by the Luxembourg National Commission (CNPD) for Data Protection on July 16. Alongside the fine, Amazon said the decision also imposes "corresponding practice revisions."

Juiz afirma: a lei de Privacidade também se aplica aos resultados da busca do Google

No Canadá, um juíz federal afirmou que os resultados da busca do Google também estão sob o alcance da lei que regula como empresas lidam com informações pessoais, uma vitória para as pessoas que buscam o "direito a ser esquecido" digitalmente.

Business & Government Simple read

Judge says: Privacy law applies to Google results

A federal judge says the results of Google searches are covered by the law governing how companies handle personal information, a victory for people seeking a digital "right to be forgotten."

Looking for Regular Updates?

Subscribe to the Weekly Digest newsletter via email:

Business & Government Advanced read

GDPR Data Portability: The Forgotten Right

Europe has some of the most advanced data rights in the world, and yet in practice, it is almost impossible to access and move one’s individual data in a useful way. European citizens and businesses can co-create value and strengthen local economies if they can move their data between services. This overview discusses current challenges and proposes 10 solutions to improve data portability in 2021.

Portabilidade de Dados na GDPR: o direito esquecido

A Europa possui alguns dos direitos sobre dados mais avançados no mundo. No entanto, na prática, é quase impossível que um indivíduo acesse e mova seus dados de maneira útil. Cidadãos e empresas europeias podem criar valor em conjunto e fortalecer economias locais caso possam mover seus dados entre serviços. Esse documento oferece um panorama para se discutir desafios atuais e propõe 10 soluções para se melhorar a portabilidade de dados em 2021.

A CPD irlandesa "lida" com 99,93% das queixas sobre a GDPR - sem tomar decisões?

A CPD (Comissária de Proteção de Dados) irlandesa, Helen Dixon, admite em audiência no Parlamento Irlandês que "lida" com as queixas sobre a GDPR não tomando decisões sobre elas, violando, portanto, a lei da União Europeia. O milagre de longa data das queixas "auto-resolvidas" sobre a GDPR foi revelado por Dixon: a CPD simplesmente interpreta a palavra "lidar" de forma a significar que a autoridade pode simplesmente descartar as queixas sobre o direito fundamental à privacidade. Ela argumentou abertamente "De fato, não existe nenhuma obrigação na Lei de 2018 para que a CPD produza decisões no caso de qualquer queixa".

Interesting Articles?

Read more news in the current Weekly Digest issue!

Check it out

Business & Government Intermediate read

Irish DPC "handles" 99,93% of GDPR complaints, without decision?

The Irish DPC (Data Protection Commissioner) acknowledges in Irish Parliament hearing it "handles" GDPR complaints by not deciding about them, in violation of EU law.

The long-standing miracle of "self-resolving" GDPR complaints was then lifted by Helen Dixon: The DPC simply interprets the word "handle" to mean that the DPC can also simply dispose of complaints on the fundamental right to privacy. She openly argued “In fact, there is no obligation on the DPC under the 2018 Act to produce a decision in the case of any complaint.”

Individuals Intermediate read

Asking Netflix and Spotify for your data

Alex described his experience with both Netflix and Spotify to get better JSON data formats back that include both human-readable artist/track/show/film title AND the media URL - so that you can uniquely identify/play/bookmark the correct episode/track version AND understand/display what it is. Data portability rights can work, if you refuse to drop it until they give you what you are entitled to!

Individuals Intermediate read

EU must overhaul flagship data protection laws, says a ‘father’ of policy

Axel Voss, one of the fathers of the General Data Protection Regulation, told the Financial Times that it needs to be revised to take into account not only the widespread move to homeworking, but also the emergence of a host of new technologies.
(original article in Financial Times - paywalled)

Want to Trace Data?

Learn more about how to track your datasets!

Check it out

[Advanced] Assessment of the EU Member States’ rules on health data in the light of GDPR

The long-awaited report "Assessment of the EU Member States' Rules on Health Data in the Light of GDPR" has finally been published. Based on a string of workshops and consultations in the first half of 2020, the report provides a comprehensive overview of the fragmented approach on the use and re-use of health data across Member States. (also available: Country fiches for all EU member states)

Business & Government Advanced read

Assessment of the EU Member States’ rules on health data in the light of GDPR

The long-awaited report "Assessment of the EU Member States' Rules on Health Data in the Light of GDPR" has finally been published. Based on a string of workshops and consultations in the first half of 2020, the report provides a comprehensive overview of the fragmented approach on the use and re-use of health data across Member States. (also available: Country fiches for all EU member states)

[Advanced] Assessment of the EU Member States’ rules on health data in the light of GDPR

The long-awaited report "Assessment of the EU Member States' Rules on Health Data in the Light of GDPR" has finally been published. Based on a string of workshops and consultations in the first half of 2020, the report provides a comprehensive overview of the fragmented approach on the use and re-use of health data across Member States. (also available: Country fiches for all EU member states)

Looking for Regular Updates?

Subscribe to the Weekly Digest newsletter via email:

Individuals Advanced read

Data trusts in Germany and under the GDPR

In this report Anouk Ruhaak describes alternative approaches to data governance, specifically data trusts.

Individuals Simple read

Your Digital Self

Keep safe in a digital world.

Business & Government Advanced read

Anonymisation Decision-making Framework: 2nd Edition Published

UKAN publishes the Anonymisation Decision Making Framework (ADF) to address a need for a practical guide to GDPR-compliant anonymisation that gives more operational advice than other publications such as the UK Information Commissioner’s Office’s (ICO) valuable Anonymisation Code of Practice.

Interesting Articles?

Read more news in the current Weekly Digest issue!

Check it out

Business & Government Advanced read

Call for Proposals: Comparing Effects and Responses to GDPR and CCPA

The Center for Long-Term Cybersecurity at UC Berkeley is hosting an interdisciplinary workshop on July 30, 2021 to examine and compare how firms and consumers have responded to the E.U.’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). This RFP seeks proposals to conduct scholarly inquiry into these topics to inform the workshop and, more broadly, to build the body of scientific knowledge foundational to these issues. Selected proposals will be invited to present and discuss their research-in-progress at the workshop.

Estrutura de tomada de decisão de anonimização de dados: 2ª edição publicada

O UKAN publica o Anonymisation Decision Making Framework (ADF) para abordar a necessidade de um guia prático para anonimato em conformidade com o GDPR que forneça mais conselhos operacionais do que outras publicações, como o valioso Código de Prática de Anonimato do Escritório do Comissário de Informação do Reino Unido (ICO)

Chamada de propostas: comparando efeitos e respostas ao GDPR e CCPA editar adicionar tradução

O Center for Long-Term Cybersecurity da UC Berkeley está hospedando um workshop interdisciplinar em 30 de julho de 2021 para examinar e comparar como empresas e consumidores responderam ao Regulamento Geral de Proteção de Dados da UE (GDPR) e ao Ato de Proteção ao Consumidor da Califórnia (CCPA ) Esta RFP busca propostas para conduzir pesquisas acadêmicas sobre esses tópicos para informar o workshop e, mais amplamente, para construir o corpo de conhecimento científico fundamental para essas questões. As propostas selecionadas serão convidadas a apresentar e discutir suas pesquisas em andamento no workshop.

Want to Trace Data?

Learn more about how to track your datasets!

Check it out

Business & Government Simple read

EU investigates Instagram over handling of children's data

Facebook could face a large fine if Instagram is found to have broken European Union privacy laws.

UE investiga Instagram acerca manipulação de dados de crianças

O Facebook pode ter que pagar uma grande multa se o Instagram tiver violado as leis de privacidade da União Europeia.

Por que é tão difícil recuperar nossos dados?

Muitas empresas exigem que você passe por um processo complicado. Existe alguma maneira de definir um limite de quantas informações adicionais podem ser necessárias?

Um artigo de pesquisa sobre como os fornecedores de aplicativos respondem às solicitações de acesso por assunto pode responder à pergunta.

A research paper on How do app vendors respond to subject access requests might answer the question.

Looking for Regular Updates?

Subscribe to the Weekly Digest newsletter via email:

Individuals Intermediate read

Why is it so hard to get our data back?

Many companies ask you to go through a complicated process. Is there any way to set a limit on how much additional info can be required?

A research paper on How do app vendors respond to subject access requests might answer the question.

Individuals Intermediate read

The European Commission's "2 years of GDPR" report

Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation.

O relatório da Comissão Europeia: "2 anos de GDPR"

A proteção de dados como um pilar da capacitação dos cidadãos e a abordagem da UE para a transição digital foi inovadora - dois anos de aplicação do Regulamento Geral de Proteção de Dados.

Interesting Articles?

Read more news in the current Weekly Digest issue!

Check it out

Individuals Simple read

Discussing GDPR

Eike asked several inspiring questions regarding GDPR's Art. 15, 20 and 29. Anyone interested in fruitful discussion with him?

Discutindo a GDPR

Eike fez várias perguntas inspiradoras sobre os Artigos 15, 20 e 29 da GDPR. Alguém está interessado em uma discussão frutífera com ele?

Uma corrida ao banco por dados pessoais?

O próximo dia 28 de janeiro é o Dia da Proteção de Dados, e com algumas empresas no espaço de dados pessoais, queremos torná-lo um "GDPRmaggedon". A ideia é reunir milhares (ou mais) de cidadãos para solicitar seus dados pessoais no mesmo dia, com solicitações avançadas de GDPR sobre todos os seus dados de portabilidade em formato legível por máquina.

Want to Trace Data?

Learn more about how to track your datasets!

Check it out

Individuals Intermediate read

A Bank Run for Personal Data?

Next January 28th is the Data Protection Day, and with some companies in the personal data space, we want to make it a "GDPRmaggedon". The idea is to gather thousands (or more) citizens to request their personal data the same day, with advanced GDPR requests about all their portability data in machine readable format.

Representações Iconificadas de Políticas de Privacida: Uma Perspectiva do RGPD

As políticas de privacidade informam sobre a coleta de dados pessoais e as práticas de processamento, permitindo que as pessoas tomem decisões informadas sobre serviços prestados. No entanto, elas são difíceis de entender devido ao sua extensão e uso da terminologia legal. Para resolver esse problema, os órgãos reguladores propõem o uso de representações gráficas para políticas de privacidade. Este artigo analisa o desenvolvimento de representações gráficas e iconificadas atuais para políticas de privacidade.

Business & Government Intermediate read

Iconified Representations of PrivacyPolicies: A GDPR Perspective

Privacy policies inform on personal data collection and processing practices, allowing people to make informed decisions about agiven service. However, they are difficult to understand due to theirlength and use of legal terminology. To address this issue, regulatory bod-ies propose the use of graphical representations for privacy policies. Thispaper reviews the development of current graphical and iconified repre-sentations for privacy policies

Looking for Regular Updates?

Subscribe to the Weekly Digest newsletter via email:

Individuals Simple read

Open Letter on “confidential” dealings in Facebook case

Within hours of the new GDPR being applicable on 25 May 2018, the European non-profit organisation noyb.eu filed three complaints against the Facebook Group (including WhatsApp and Instagram). Since then, the Irish Data Protection Commission (DPC) has declared the contents of the extremely slow procedure “confidential” and asked noyb.eu not to discuss them in public.

Caso Facebook: carta aberta sobre transações "confidenciais"

Poucas horas após o novo GDPR ser aplicável em 25 de maio de 2018, a organização europeia sem fins lucrativos noyb.eu apresentou três queixas contra o Grupo Facebook (incluindo WhatsApp e Instagram). Desde então, a Comissão Irlandesa de Proteção de Dados classificou o conteúdo do procedimento extremamente lento como "confidencial" e pediu ao noyb.eu para não discuti-los em público.

Business & Government Intermediate read

European Commission starts a consultation on GDPR

The Eropean Commission starts a consultation on GDPR with tight dates (1-29 April) and Iain suggested to submit an official collaborated MyData response to this. Please join collaboratively editing this MyData document.

Interesting Articles?

Read more news in the current Weekly Digest issue!

Check it out

Individuals Simple read

Privacy, Data, and the Consumer: What US Thinks About Sharing Data

As GDPR becomes the norm, are marketers able to walk the tight-rope of consumer data and privacy? Acxiom and DMA study consumers’ take on data sharing.

Individuals Simple read

Nearly 90% of European websites do not respect privacy regulations

Only one in ten European websites respects the General Data Protection Regulation (GDPR), the European privacy law, according to a study by MIT, UCL and Aarhus Universiteit.

Business & Government Intermediate read

European Data Protection Board: Request for Comments

The European Data Protection Board welcomes comments on the Guidelines 4/2019 on Article 25 Data Protection by Design and by Default.

Want to Trace Data?

Learn more about how to track your datasets!

Check it out

Business & Government Simple read

Greece: The new data protection law raises concerns

The much awaited new Greek data protection law has been criticised for the lack of conformity of its provisions with the EU General Data Protection Regulation (GDPR).

Business & Government Simple read

Open & Agile Smart Cities

You should check with the people of https://oascities.org/ and the Synchronicity project. I think they've done a lot of research and gained a lot of experience on data collection in the public domain and making sure it is inline with the European GDPR regulation on privacy.

Business & Government Advanced read

Advertising: Real-Time Bidding vs. General Data Protection Regulation

As soon as 2020, the media industry could find itself with its main monetization channel shut down, yet few seem to be working on an alternative. The seeming inaction of most media owners, despite continuing and specific warnings from regulators, is dangerous and hard to comprehend.

Looking for Regular Updates?

Subscribe to the Weekly Digest newsletter via email:

Individuals Simple read

European Data Protection Supervisor passed away

The EU's independent data protection authority informed: It is with the deepest regret that we announce the loss of Giovanni Buttarelli, the European Data Protection Supervisor. Giovanni passed away surrounded by his family in Italy, last night, 20 August 2019.

Individuals Simple read

PwC will have to work to rebuild trust after shock GDPR fine

The corporate world has gotten a shock of its recently when the data protection enforcement body of Greece has imposed a fine under Article 83 of the GDPR amounting to 150.000 EUR on PricewaterhouseCoopers.

Individuals Simple read

GDPR Request Template

A better data access request template.

Interesting Articles?

Read more news in the current Weekly Digest issue!

Check it out

Individuals Intermediate read

Building Collective Momentum to Challenge the Ad Tech Industry

This story is the first of a series on how civil society organisations and activists are using the GDPR (and similar data protection legislation) to advance rights and strengthen their work.

Business & Government Intermediate read

OpenGDPR

A common framework enabling companies to work together to protect consumers' privacy and data rights.

Business & Government Intermediate read

Tech companies organize two efforts to support personal data management

...and both are called Open GDPR. Though unrelated, the initiatives reflect some of the ways the ad and marketing industry is organizing itself around its personal data responsibilities.

Want to Trace Data?

Learn more about how to track your datasets!

Check it out