GDPR la extrem: Comisia Europeană, amendată pentru încălcarea propriilor reguli

Într-un exemplu care ilustrează rigurozitatea aplicării Regulamentului General European privind Protecția Datelor (GDPR), Curtea Europeană de Justiție a sancționat Comisia Europeană pentru nerespectarea normelor emise chiar de această instituție. Ancheta a dezvăluit că funcționarii Comisiei au transferat datele personale ale unui cetățean european în Statele Unite fără a respecta prevederile…

Streamlining Business Compliance: AIO Legal Services for AML, GDPR, and Intellectual Property Rights

  In today’s fast-paced and ever-changing business landscape, regulatory compliance has become an indispensable aspect for companies operating in the UK. Failure to adhere to Anti-Money Laundering (AML) regulations, General Data Protection Regulation (GDPR) requirements, and Intellectual Property Rights (IPR) laws can lead to severe consequences, including financial penalties, reputational…

View On WordPress

Will Blockchain save Healthcare Industry from World’s Toughest Data Privacy Law 

Digitalization has been a boon for the modern world that shrunk our personal and professional space, engaging us constantly without a second to breathe. But are we looking at the darker side? 

Digitalization in the past few years has given problems that we thought wouldn't exist with its advent. But we couldn't be more wrong. 

More businesses today have experienced data breaches exposing millions of sensitive data that could destroy the lives of our innocent customers and people in general. It isn't wrong to say that Digitalization is a double-edged sword. 

Healthcare and Privacy: Is your customer's sensitive data safe 

The healthcare industry experiences the most data breaches and cyber-attacks, exposing thousands of highly sensitive protected health information or PHI. 

Exposed personal data is used for malicious purposes such as blackmailing, extortion, and much more that cause severe health and mental distress among patients. 

Besides a security breach, manual error and insider leaks are the 2nd most significant cause of privacy compromises. And this comes with high costs that healthcare startups and SMBs can't afford. 

Cost of Privacy non-compliance under EU's GDPR.   

GDPR Compliance has fined several healthcare organizations for failing to adopt adequate privacy measures and exposing sensitive data to cyber-attacks and breaches. Here are a few examples:   

Helse Stavanger HF: In January 2019, Norway's Data Protection Authority fined Helse Stavanger HF, a healthcare organization, € 170,000 for failing to implement appropriate technical and organizational measures to protect patient data. The breach occurred when patient data was accidentally made available online for several months.   

A German Hospital: In November 2019, a German hospital was fined € 105,000 for not implementing appropriate technical and organizational measures to protect patient data. The breach occurred when hospital staff used the same password for several user accounts, which allowed unauthorized access to patient data.   

British Airways: Although not a healthcare organization, British Airways was fined € 22 million in October 2020 for a data breach that exposed the personal data of more than 400,000 customers (about half the population of Delaware). This breach included sensitive personal data such as names, addresses, and credit card details.   

These three examples emphasize the underlying utility of data privacy.   

“Data privacy compliance not only controls costs. It builds long-term consumer loyalty with a trusted brand.”   

Indeed, Healthcare must prioritize data privacy with technologies that ensure long-standing technical superiority in privacy and security. 

Will Blockchain solve Healthcare's data privacy nightmare? 

Blockchain technology has the potential to revolutionize the healthcare industry by providing a secure and decentralized platform for storing and sharing sensitive patient data. 

However, as with any technology dealing with personal data, it must comply with the General Data Protection Regulation (GDPR Compliance) to protect patient privacy. 

One of the most crucial aspects of blockchain technology in healthcare is that it can give patients more control over their data, giving them immense benefits. 

With Blockchain, patients can give explicit consent for sharing their data and track who has accessed their data. This offers patients greater transparency and control over their personal information, a fundamental principle of GDPR Compliance. 

In addition, blockchain technology can also enhance data security by providing a tamper-proof ledger that can help prevent unauthorized access to patient data. 

Using encryption and decentralization, Blockchain can ensure that only authorized parties have access to patient data and that any changes made to the data are fully transparent and traceable. 

However, to ensure GDPR compliance, healthcare organizations must take several steps.  

These include: 

Implementing a privacy impact assessment: This involves assessing the impact of blockchain technology on patient privacy and ensuring that all necessary safeguards are in place to protect personal data. 

Implementing appropriate technical and organizational measures: This includes implementing encryption, access controls, and other security measures to protect patient data. 

Ensuring transparency: Patients must be informed about how their data will be used and who can access it. Healthcare organizations must also ensure that patients can access their data and exercise their rights under GDPR, such as the right to be forgotten. 

Appointing a data protection officer: This person will ensure that the organization complies with GDPR and that patient data is protected. 

Overall, blockchain technology can provide significant benefits to the healthcare industry. Still, it must be implemented in a way that fully complies with GDPR and ensures patient privacy is always protected. 

Conclusion: With its immutable ledger and decentralized architecture, Blockchain can ensure the security and integrity of sensitive patient information without compromising data sharing among authorized parties. 

This technology can also streamline healthcare data management, reducing costs and improving overall efficiency.  

However, implementing Blockchain in Healthcare will require careful consideration of various factors, including regulatory compliance like GDPR Compliance, interoperability, and privacy concerns. 

Visit Adzapier to learn more about Data, Privacy, and Compliance. 

Go back to the top of this article and reread that transcript of Rep. Buddy Carter grilling TikTok CEO Shou Zi Chew. Now, Carter is a dunderhead, but he’s dunderheaded in a way that illuminates just how bad COPPA enforcement is, and has been, for 25 long years.

Carter thinks that TikTok is using biometric features to enforce COPPA. He imagines that TikTok is doing some kind of high-tech phrenology to make sure that every user is over 13 (“I find that [you aren’t capturing facial images] hard to believe. It is our understanding that they’re looking at the eyes. How do you determine what age they are then?”).

Chew corrects the Congressdunderhead from Georgia, explaining that TikTok uses “age-gating”: “when you ask the user what age they are.”

That is the industry-wide practice for enforcing COPPA: every user is presented with a tick-box that says “I am over 13.” If they tick that box, the company claims it has satisfied the requirement not to spy on kids.

But if COPPA were meaningfully enforced, companies would simply have to stop spying on everyone, because there are no efficient ways to verify the age of users at the scale needed for general operation of a website.

-How To Make a Child-Safe TikTok: Have you tried not spying on kids?

are all those "google enrolled everyone in their AI torment nexus" posts just a non-GDPR thing?

What Are ‘Neural Data’? Our Thoughts Can Be Recorded—Here’s What You Need to Know

Have you ever wondered if your thoughts could be tracked, recorded, or even sold? Sounds like science fiction, right? Well, it’s actually happening, and the rise of neurotechnology means that our brains are becoming a data goldmine. Some experts urge stronger protection. They refer to this as “neural data”—information collected from our brains through tech devices. So, What Exactly Are Neural…

I've seen a number of people worried and concerned about this language on Ao3s current "agree to these terms of service" page. The short version is:

Don't worry. This isn't anything bad. Checking that box just means you forgive them for being US American.

Long version: This text makes perfect sense if you're familiar with the issues around GDPR and in particular the uncertainty about Privacy Shield and SCCs after Schrems II. But I suspect most people aren't, so let's get into it, with the caveat that this is a Eurocentric (and in particular EU centric) view of this.

The basic outline is that Europeans in the EU have a right to privacy under the EU's General Data Protection Regulation (GDPR), an EU directive (let's simplify things and call it an EU law) that regulates how various entities, including companies and the government, may acquire, store and process data about you.

The list of what counts as data about you is enormous. It includes things like your name and birthday, but also your email address, your computers IP address, user names, whatever. If an advertiser could want it, it's on the list.

The general rule is that they can't, unless you give explicit permission, or it's for one of a number of enumerated reasons (not all of which are as clear as would be desirable, but that's another topic). You have a right to request a copy of the data, you have a right to force them to delete their data and so on. It's not quite on the level of constitutional rights, but it is a pretty big deal.

In contrast, the US, home of most of the world's internet companies, has no such right at a federal level. If someone has your data, it is fundamentally theirs. American police, FBI, CIA and so on also have far more rights to request your data than the ones in Europe.

So how can an American website provide services to persons in the EU? Well… Honestly, there's an argument to be made that they can't.

US websites can promise in their terms and conditions that they will keep your data as safe as a European site would. In fact, they have to, unless they start specifically excluding Europeans. The EU even provides Standard Contract Clauses (SCCs) that they can use for this.

However, e.g. Facebook's T&Cs can't bind the US government. Facebook can't promise that it'll keep your data as secure as it is in the EU even if they wanted to (which they absolutely don't), because the US government can get to it easily, and EU citizens can't even sue the US government over it.

Despite the importance that US companies have in Europe, this is not a theoretical concern at all. There have been two successive international agreements between the US and the EU about this, and both were struck down by the EU court as being in violation of EU law, in the Schrems I and Schrems II decisions (named after Max Schrems, an Austrian privacy activist who sued in both cases).

A third international agreement is currently being prepared, and in the meantime the previous agreement (known as "Privacy Shield") remains tentatively in place. The problem is that the US government does not want to offer EU citizens equivalent protection as they have under EU law; they don't even want to offer US citizens these protections. They just love spying on foreigners too much. The previous agreements tried to hide that under flowery language, but couldn't actually solve it. It's unclear and in my opinion unlikely that they'll manage to get a version that survives judicial review this time. Max Schrems is waiting.

So what is a site like Ao3 to do? They're arguably not part of the problem, Max Schrems keeps suing Meta, not the OTW, but they are subject to the rules because they process stuff like your email address.

Their solution is this checkbox. You agree that they can process your data even though they're in the US, and they can't guarantee you that the US government won't spy on you in ways that would be illegal for the government of e.g. Belgium. Is that legal under EU law? …probably as legal as fan fiction in general, I suppose, which is to say let's hope nobody sues to try and find out.

But what's important is that nothing changed, just the language. Ao3 has always stored your user name and email address on servers in the US, subject to whatever the FBI, CIA, NSA and FRA may want to do it. They're just making it more clear now.

"Clearview AI faces its biggest fine yet—a whopping $33.7 million from the Dutch regulator! 🌍⚖️ As privacy concerns grow worldwide, are companies doing enough to protect your data? Swipe to learn more

Regulamentul general privind protecția datelor GDPR

GDPR – General Data Protection Regulation / Regulamentul general privind protecția datelor protejează persoanele fizice atunci când datele lor sunt prelucrate de sectorul privat și de cea mai mare parte a sectorului public. Impulsul pentru confidențialitatea datelor a explodat în ultimii ani, cu reglementări precum Regulamentul general privind protecția datelor (GDPR) al UE și Legea privind…

State of Cookies. JavaScript for tracking/analytics.

This is one of the most elaborate management I’ve seen 😮 (via The Economist)

Achieving NIST and DORA Compliance: How We Can Help Companies Build Cybersecurity and Operational Resilience

In today’s fast-paced digital environment, cybersecurity and operational resilience are at the forefront of corporate priorities. With the increasing frequency of cyberattacks and strict regulatory requirements, companies must adapt and align with internationally recognised frameworks and regulations such as the National Institute of Standards and Technology (NIST) and the Digital Operational…

Data Protection: Legal Safeguards for Your Business

In today’s digital age, data is the lifeblood of most businesses. Customer information, financial records, and intellectual property – all this valuable data resides within your systems. However, with this digital wealth comes a significant responsibility: protecting it from unauthorized access, misuse, or loss. Data breaches can have devastating consequences, damaging your reputation, incurring…

View On WordPress

In 1998, Congress passed the Children’s Online Privacy Protection Act (COPPA), which prohibits online service providers from collecting the data of children under the age of 13 without parental consent.

COPPA is remarkable, first because it is one of the very, very few federal privacy guarantees enacted by Congress, an exclusive club whose founding member is the Video Privacy Protection Act of 1988, passed by Members of Congress panicked at the thought of video-store clerks leaking their porn rental histories.

But the other remarkable thing about COPPA is how poorly it is enforced.

In this regard, COPPA is very similar to the General Data Protection Regulation (GDPR), the EU’s 2016 landmark privacy law. The GDPR has many more moving parts than COPPA, as befits a general data-protection regulation, but at core, the GDPR seeks to incinerate the absurd fiction at the root of commercial surveillance: namely, that we “consent” to commercial surveillance by clicking “I agree” on long, unreadable terms of service.

Under the GDPR, companies that want to collect, sell or process your data need to explain themselves, clearly: they have to tell you what they’re collecting and how they plan on using it.

-How To Make a Child-Safe TikTok: Have you tried not spying on kids?

Can Africa Lead the Way? Decoding Bias and Building a Fairer AI Ecosystem

Mitigating bias in AI development, particularly through focusing on representative #African #data collection and fostering collaboration between African and Western #developers, will lead to a more equitable and inclusive future for #AI in Africa.

The rise of Artificial Intelligence (AI) has ignited a revolution across industries, from healthcare diagnostics to creative content generation. However, amidst the excitement lurks a shadow: bias. This insidious force can infiltrate AI systems, leading to discriminatory outcomes and perpetuating societal inequalities. As AI continues to integrate into the African landscape, the question of…

View On WordPress

Data transfers based on the old EU SCC’s must be replaced before 21 March 2024

In February 2022, the UK introduced the International Data Transfer Agreement (IDTA) and the UK Addendum to the European Commission’s new standard contractual clauses (new EU SCCs). These documents, essential for data protection in the post-Brexit era, are designed to ensure that personal data transfers from the UK to countries not covered by the UK’s adequacy regulations comply with the UK…

View On WordPress

In this article, we’ll explore what GDPR is, why it’s essential for businesses to comply, and how AI can help with data privacy protection and GDPR compliance. Learn More...