The Privacy Post #11

Georgia Wright Privacy, Privacy roundup

Every week we’ll be rounding up the latest news in privacy and other interesting articles.
Why one Republican voted to kill privacy rules: “Nobody has to use the Internet”

One Wisconsin congressman’s response to a civilian has sparked outcry on social media. The townhall meeting attendee asked Rep. Jim Sensenbrenner (R-Wis.), who voted to remove Obama’s privacy rules, about his decision to allow internet service providers (ISPs) access to data. He cited the lack of consumer choice in ISPs as his concern.

E-privacy: MEPs look at new rules to safeguard your personal details online

During a hearing on 11 April 2017, the European Parliament’s civil liberties committee discussed proposed changes to privacy rules. The proposed changes are meant to tackle the challenge of technological developments. This means that EU privacy rules should also apply to “new providers of communication services” i.e. WhatsApp, Facebook Messenger and Gmail instead of solely traditional telecoms companies. This would mean that users would gain better control of their privacy settings, for example cookies.

Uber adds cross street pickups and drop-offs for more user privacy

Controversy arising from Uber’s tracking of users has driven a new feature in the app. Users in America will now be able to specify an intersection as an origin or destination. Uber can suggest intersections based on road addresses and users will not have to enter a specific address. The cross section identification will make protecting riders’ personal data hassle-free.

Uber ‘tracked iPhones to stop fraud’

According to the New York Times, Apple nearly banned the Uber app from its app store in 2015, citing breach of privacy rules. The practice of identifying devices attached to accounts, “fingerprinting”, is banned by Apple. Uber claimed this code was to stop digital fraud and deter criminals from using stolen credit cards. However, it also came to light that Uber had “geofenced” Apple’s headquarters in California so they wouldn’t be tracked – allowing Uber to escape Apple’s notice for a short time. Travis Kalanick, Uber’s CEO, was warned in person by Tim Cook, CEO of Apple.

Bloomberg Law Identifies The 10 Countries With The Highest Data Breach Notification Compliance Risk

Bloomberg Law’s Compliance Risk Benchmarks data has revealed that South Korea has the highest risk for data breach notification compliance. It takes the lead over 50 countries. This is due to the combination of a strict regulations, rigorous enforcement and potential for civil, criminal and financial risks. Also in the top five are Colombia, Mexico, France and Japan. The report includes analysis on higher risk countries as well as an in depth look at the top 5. The report can be found here.

Like this post? Subscribe to our weekly newsletter here to be updated with all news privacy, Cognitiv+ and more.

Cognitiv+ exhibits at ‘Unlocking the Power of Data: the Future of Smarter Payments’

Georgia Wright Events

On Wednesday 22 March 2017 Payments UK and techUK hosted an inaugural member-only event looking at the opportunities and risks of harnessing the potential of data within the payments industry.

Cognitv+ were delighted to exhibit at the event, showcasing its contract analytics tools.

“We really enjoyed hearing the opportunities on open banking initiative and how open data could change the relationship between consumers and banks.”

– Vasilis Tsolis, CEO Cognitiv+

The brief of the event set out to discuss several key issues:

  • The way in which data should be understood and defined, and how its full potential within the payments ecosystem could be ‘unlocked’.
  • The role of technology in using data to make informed decisions to deliver competitive opportunities, increase efficiencies and drive innovation.
  • The importance of bringing customers on the data journey, data privacy and security concerns, and how best to communicate the user benefits.
  • The potential collaborative space to assist in meeting regulatory and legislative requirements.

Learn more about the event here.

No mercy: ICO confirms that there will be no grace period for GDPR

Georgia Wright Articles

Steve Wood, Head of International Strategy & Intelligence for the Information Commissioner’s Officer (ICO) confirmed that there will be no grace period for the enforcement of the General Data Protection Regulation (GDPR). His keynote for the International Association of Privacy Professionals’ (IAPP) Data Protection Intensive on 15 March 2017 summarised the ICO’s approach to enforcing the new regulation, due to come into force in May 2018.

“Will there be a grace period? No. You will not hear talk of grace periods from people at the ICO. That’s not part of our regulatory strategy….What you will see is a common-sense, pragmatic approach to regulatory principals.”

– Steve Wood, ICO

The ICO’s stated approach will be to tackle risk, accountability and transparency. In moving forward with this idea, the ICO held a public consultation on consent guidance during March. Obtaining consent from data subject is an important change brought by the GDPR, and transparency around consent will become a key focus for the ICO. Methods in collecting the consent will need to be put in place by organisations ahead of May 2018.

Wood clarified that when the ICO is pushed to investigate firms further, he expects to find a comprehensive accountability program in place in order to demonstrate the steps taken to address compliance issues. Guidance published on the ICO’s website is an important resource for understanding standard practice.

“The key thing to do is invest now, convince people in your organisation why data protection is important for trust.”


The Privacy Post #10

Georgia Wright Uncategorised

Every week we’ll be rounding up the latest news in privacy and other interesting articles.
Data Privacy Shield: MEPs alarmed at undermining of privacy safeguards in the US

A resolution has passed in European court for a review of the EU-US data transfer agreement, Privacy Shield. The MEPs are concerned about recent privacy developments in the US which do not reflect the EU’s attitudes towards data protection. They have cited in particular news of surveillance activities by US electronic communications service providers and new rules which allow the US National Security Agency to share data with other US agencies without permission from courts.

Rise in hospital cyber attack reports

NHS hospital trusts reported 55 cyber attacks last year, compared to 15 in 2015. NHS Digital claimed that the increase reflected a “rise in reporting, not necessarily a rise in cyber attacks”. Ransomware attacks, which lock a computer system then demands a ransom, are apparently on the rise.

China’s new draft cyber law proposes ban on export of all data deemed as posing security threat

On 11th April, China released a drafted cybersecurity law which will require businesses transferring data affecting over 500,000 subjects or over 1,000 GB to submit to an annual assessment. The law, said to come into effect this June, will also allow China to ban any export of data if it is deemed a threat to national security. For more advice, see here.

UK charities fined for data law breaches

11 UK charities, including Oxfam, Cancer Research UK and Battersea Dogs’ and Cats’ have been fined by the Information Commissioner’s Office (ICO) for misusing personal data. The ICO limited fines to a maximum of £18,000 due to their charitable status but warned it was investigating further action. So-called “wealth screening” processes designed to analyse the wealth of donors and sharing data between charities came under fire.

Daily Mail, Mirror and Times publishers fail in European law bid to avoid millions in libel and privacy costs

The UK Supreme Court has released its judgement after hearing publishers pleas to reform costly no win, no fee rules. The Conditional Fee Arrangements used for defamation and privacy cases can hugely inflate the cost of cases for the newspaper groups, sometimes by millions. Read the full judgement here.

Yahoo’s EU Watchdog Set to Show Teeth as Privacy Probe Wraps Up

Ireland’s Data Protection Commissioner, Helen Dixon, has hinted that her office has found fault with Yahoo’s European counterpart in one of the biggest data breaches in history. She has stated that she intends to impose remedial action. The investigation of Facebook’s plans to use data from WhatsApp is set to conclude in the summer.

10 States Take Internet Privacy Matters Into Their Own Hands

10 American states are pushing forward with legislation to protect the data of their citizens. Connecticut, Illinois, Kansas, Maryland, Massachusetts, Minnesota, Montana, New York, Washington and Wisconsin all have plans in spite of the President’s plans for deregulation of privacy rules.

Like this post? Subscribe to our weekly newsletter here to be updated with all news privacy, Cognitiv+ and more.

The Privacy Post #9

Georgia Wright Privacy, Privacy roundup

Every week we’ll be rounding up the latest news in privacy and other interesting articles.
President Trump delivers final blow to Web browsing privacy rules

Proposed Federal Communications Commission (FCC) rules have been overturned by President Trump in a Congressional resolution. Despite Democratic concern, the privacy rules will not come in to effect at the end of the year. They allowed Internet Service Providers (ISPs) to use their customers’ data only once the subject had opted in. This move marks the slow progress of the President’s plans for heavy deregulation.

“President Trump has signed away the only rules that guarantee Americans a choice in whether or not their sensitive Internet information is sold or given away,”

– Chris Lewis, VP of consumer advocacy group Public Knowledge.

EU commissioner announces September review for EU-US Privacy Shield

The Privacy Shield, an EU-US data protection agreement will be up for annual review in September, the European Commissioner for Justice, Consumers and Gender Equality announced. The agreement has been criticised by two separate legal challenges and privacy advocates, particularly concerning judicial remedies for misuse of data in America. This will be of high interest to those critical of the deal, as well as to the 2000 companies who have already signed up.

“In a world where cross-border data flows have become a central feature of global trade, strong data protection rules would be meaningless if the data can travel abroad without protections.”

– Věra Jourová, Commissioner for Justice, Consumers and Gender Equality

US privacy vote is foretaste of net neutrality battle

The President’s order to repeal FCC privacy rules is considered to symbolise the beginning of the net neutrality debate. Although only ISPs have been affected, the rules could have been extended to other companies in the industry – so companies involved in internet advertising also stand to benefit. This includes Google and Facebook, whose privacy positions are hoping to be strengthen by Trump’s efforts to put businesses first by deregulating.

Brexit and the future of data transfers to the UK

The President of the European Privacy Association, Paolo Balboni, has distilled the UK’s options for data transfers amidst Brexit to three scenarios. UK data protection could be recognised as adequate by the EU Commission, a data sharing agreement like the EU-US Privacy Shield could be constructed or the derogations of the General Data Protection Regulation could apply.

Garages, new homes and old offices: the records management mistakes that put health records at risk

The Information Commissioner’s Office (ICO) has released guidance on a more basic data protection measures, namely the transfer of physical data. This is especially relevant to the healthcare sector, as the ICO has seen recurring cases involving mismanaged data in garages, new home and old offices. Leanne Doherty, Group Manager for the health sector within the ICO, recommends strong record management to prevent incidents.

Like this post? Subscribe to our weekly newsletter here to be updated with all news privacy, Cognitiv+ and more.

We’re incubating with Winton Labs this winter!

Georgia Wright Events

We’re delighted to announce that we’ll be incubating with Winton Labs for three months from November to February. Winton Labs aims to be Europe’s premier startup accelerator for data science companies. The programme will culminate in a demo day on 10th February 2017. Read about Winton Labs in their own words:

What is Winton Labs?

W. L. is an accelerator for early-stage startups involved in the creation of data, or the application of data science. TheData Science Startups new programme will be run as a collaboration between investment management and data technology firm Winton, and VC firm Winton Ventures. Whilst the programme will leverage this expertise, it is not set to resemble a classic corporate accelerator, with much of the mentorship coming from an external network of startup experts, technologists and academics.

Who is behind Winton Labs?

Winton has a long history of successfully applying data science to disrupt the world of Investing, and wants to support companies that have the same data centric view of the world.

What are the details of the programme?

The 3 month programme will take place in the ‘The Lab’ co-working space at Winton’s London HQ. There will be three streams of mentors:

  • Business Unit: these are business leaders from within Winton, as well as large corporates and SMEs.
  • Data Science & Technology: these are drawn from Winton’s extensive pool of researchers and data experts, our deep network of academic partners, and leading data scientists from the startup ecosystem.
  • Entrepreneurship: these mentors are experienced founders, investors and advisors.

The Privacy Post #8

Georgia Wright Privacy

Every week we’ll be rounding up the latest news in privacy and other interesting articles.
European Parliament Approves EU-U.S. Umbrella Agreement

On December 2nd, the EU-US data protection “Umbrella Agreement” was approved, putting into place a “comprehensive high-level data protection framework for EU-US law enforcement cooperation”. Stipulating data processing requirements for EU citizens’ data handled by US authorities, it is set to outline equal rights for EU claims that their data was misused. Previously, EU citizens were not allowed to seek judicial redress before US courts. The agreement ends negotiations beginning in March 2009. For more information, see the EU’s press release.

Uber’s move to track riders after trip is completed sparks privacy concerns

Taxi app Uber is now tracking riders along with its drivers. The latest update gives user’s the option to opt in to being followed for up to five minutes after the ride is completed. This is claimed to be in order to improve their service, but privacy advocates have already criticised the change.

Google Settles Non-User E-Mail Scanning Class Suit

Google’s parent company Alphabet Inc. has settled consumer class claims alleging that people’s privacy was violated when their Gmail messages were scanned for ad-targeting purposes. California’s Invasion of Privacy Act and Electronic Communications Privacy Act was claimed to have been violated.

ICO cracks down on use of personal data in online gambling sector

Over 400 companies have been targeted by the Information Commissioner’s Office (ICO). They are being asked to explain exactly how they use people’s personal details and use marketing texts. Large amounts of spam texts promoting gambling websites have been reported as a result of affiliate marketing, which allows the involved parties to shrug the responsibilities of their data processing.

Data centres are on the move – where will they end up?

Intralinks, a technology provider has announced a new data centre in Frankfurt, Germany. This move is predicted to become a trend as technology companies seek to comply with the Genderal Data Protection Regulation (GDPR) and avoid the Investigatory Powers Bill. Brexit has caused some uncertainty and it isn’t clear exactly what the UK’s cybersecurity polices will look like.

“As the GDPR deadline approaches, customers need to plan their compliance strategy to know where their data is at all times, otherwise the fines are unthinkable.”

– Richard Antsey CTO, Intralinks

Court Rules IRS Can Seek Information on Bitcoin Customers

It has been ruled that the IRS will be allowed to serve a “John Doe summons” upon digital currency services company Coinbase. The IRS is seeking detailed customer transaction logs between 2013 and 2015. It believes that bitcoin was used to evade federal tax laws, although it has no evidence and the assumption is purely speculative.

Study examines effect of privacy controls on Facebook behaviour

Information Systems Research, the INFORMS journal, has released a report studying the effect of Facebook’s privacy controls on users. Granular privacy controls increased user’s use of wall posts as opposed to private messages after they customised their audience. However, users who were more public in their sharing decreased their wall post activity after the privacy controls were introduced.

The Privacy Post #7

Georgia Wright Privacy

Every week we’ll be rounding up the latest news in privacy and other interesting articles.
How ‘right to be forgotten’ puts privacy and free speech on a collision course

Professor George Brock, of City, University of London’s department of Journalism, has published a report examining how privacy and free speech are destined to clash in the world of digital publishing. He examines how the ‘right to be forgotten’ is poorly written, citing the difficulties encountered in Google Spain v AEPD and Mario Costeja González. Reckoning that the case has set a poor precedent, he calls for greater clarity from judges and ultimately a law which balances the competing rights.

Fears raised over Google’s DeepMind deal to use NHS medical data

The Google owned British artificial intelligence company, DeepMind, has signed a five year contract with the NHS. The controversial deal allows it to access patient data to develop Streams, a healthcare app. The Information Commissioner’s Office (ICO) is currently investigating the sharing of patient information between the organisations. The Streams app aims to bring information to healthcare professionals and to replace writing physical notes and paging.

Thailand seeks to tighten cyber security, raising questions about privacy protection

Thailand’s 2007 Computer Crime Act is expected to be amended by the military government next month. Rights group have spoken out against the changes, which could include more government surveillance privileges.

“These laws are aimed at controlling online media, accessing personal data, and when the Cyber Security bill is passed, mass surveillance is a real threat,”

– Kanathip Thongraweewong, data privacy expert at Saint John’s University in Bangkok.

Advisory Group Releases Report on Internet of Things

The Broadband Internet Technical Advisory Group has released a report on the ‘Internet of Things (IoT) Security and Privacy Recommendations’. It details recommendations from academics, advocacy organisations and members of the telecommunications and consumer technology industries, with the aim of improving security and privacy of IoT devices.

“Would you like us to email you a receipt?”

The Information Commissioner’s Office has written a blog containing guidance on e-receipts. The ICO reminds retailers to inform consumers of how they are using and collecting this data, especially if they will use email addresses to send marketing. According to the Privacy and Electronic Communications Regulations, in most instances explicit consent to marketing must be obtained.

Europe’s new privacy rules are about shake adland to its core

Dr Johnny Ryan of Pagefair, has analysed the effect of the incoming General Data Protection Regulation (GDPR) on the advertising industry. As well as the rise of lawsuits, Dr Ryan predicts the change of user behaviour as data subjects become more aware. The advertising industry relies heavily on third-party tracking, however the GDPR has established a chain of responsibility for this data processing. He believes that in a quest for consent, mergers and acquisitions could be stimulated in the media and adtech space.

Like this post? Subscribe to our weekly newsletter here to be updated with all news privacy, Cognitiv+ and more.

Cognitiv+ shortlisted for the Aurexia Fintech Awards!

Georgia Wright Events

On November 2nd we attended the Aurexia Fintech Awards!

Over 100 companies were consulted and Cognitiv+ made it to the final 15.

Cogntiv+ entered for the KYC category:

What is it?
KYC process places the customer at the heart of the organisation ensuring they understand them better and an in turn can service them more effectively.

What are the current challenges?

  • Very long process resulting in human errors due to requirement of multiple manual entries
  • Negative impact on the transactions slowing down transactions
  • Client satisfaction worsening

What are the solutions proposed by Fintechs? 
In terms of solutions, the market is quite mature on the KYC process. Regarding the development of Fintechs in this sector, we can identify 3 technology solution area:

  • Big Data
  • Blockchain
  • SaaS

Like this post? Subscribe to our weekly newsletter here to be updated with all news privacy, Cognitiv+ and more.

The Privacy Post #6

Georgia Wright Privacy

Every week we’ll be rounding up the latest news in privacy and other interesting articles.
Facebook’s WhatsApp adds secure video calling amid privacy concerns

WhatsApp is releasing a new feature this week for its billion users worldwide. The video calling addition will be fully secure using end-to-end encryption, technically blocking the company and governments from surveilling users’ activity. WhatsApp co-founder Jan Koum has recognised that customers’ primary concern is privacy, despite releasing a new privacy policy which allows WhatsApp to share data with its parent company Facebook.

Privacy issues abound as UK passes controversial ‘snoopers’ charter’

The Investigatory Powers Bill was passed by both parliamentary houses last week. Communications providers will be required to store customer usage data for one year for the benefit of police investigations. It also gives the government the power to remove “electronic protection applied by or on behalf of that operator to any communications or data”.  The privacy implications have been raised repeatedly by tech companies, privacy advocates and Nick Clegg whilst in power.

GDPR ‘To Require’ 75,000 Data Protection Officers Worldwide

The General Data Protection Regulation (GDPR) has been predicted to spark a drive for hiring data protection officers globally. The EU’s GDPR will come into force in May 2018 and applies to any organisation handling EU citizens’ data. Large scale companies and public authorities will be required to have “independent” officers to ensure compliance in data processing.

Firefox Focus iPhone Browser Is Build for Privacy

Mozilla Corp. is releasing a new version of its mobile browser, Firefox, with added privacy features. The browser, Firefox Focus, will access of the webs but block all cookies, ad trackers, analytics trackers and social trackers. It also won’t allow the storing of passwords, logins or browser history. The separate app will allow users to consciously decide when to use a anti-tracking browser. This means they can use a separate browser for instances when they might need their passwords saved.

 New data privacy law can enhance patient safety, data privacy and boost digital health in Qatar, says experts

The Personal Data Privacy Protection Law is due to take effect in around six months time, and is expected to provide comprehensive safeguards for patients. Organisations will be required to obtain a permit from the state in order to process health data. Fines for breaching the obligations, which include keeping data secure and being transparent about data usage, will be of a maximum $1.37 million.

Like this post? Subscribe to our weekly newsletter here to be updated with all news privacy, Cognitiv+ and more.