GDPR: A simple explainer

deBoetie · May 12, 2018

@mood - I suspect the wheeze to block EU users by IP address will not succeed in court - so this is at best a CYA exercise which might result in lower fines.

Minimalist · May 12, 2018

deBoetie said: ↑

@mood - I suspect the wheeze to block EU users by IP address will not succeed in court - so this is at best a CYA exercise which might result in lower fines.
Click to expand...

I expect to see some kind of notifications where users will have to confirm that they are not from EU to be able to proceed to webpage. Something like cookie notification on steroids. That would probably be better solution for those that don't want to implement GDPR.

guest · May 12, 2018

GDPR compliance deadline is approaching: 10 things to do right away
The GDPR will be enforceable on May 25, 2018, yet many businesses are not ready. Here are 10 things your business should do now to get GDPR compliant.
May 11, 2018
https://www.techrepublic.com/articl...ne-is-approaching-10-things-to-do-right-away/

The European Union General Data Protection Regulation (GDPR) becomes fully enforceable on May 25, 2018. According to recent surveys, 60% of companies polled are going to miss the deadline; it's a sobering number considering how severe the fines and penalties could be for companies found to be noncompliant in the aftermath of a security breach. The reality is many businesses still do not understand what compliance with the GDPR really means.

To that end, it is vital that all enterprises take measured and documented steps to close security vulnerabilities, prevent security breaches, and mitigate the risks when prevention fails. The mere fact that an enterprise made a substantial and documented effort in this regard could be enough to establish GDPR compliance and avoid substantial fines and penalties after a security breach.

Here are 10 specific things your enterprise can and should do in preparation by the GDPR compliance deadline of May 25, 2018. (Note: The items on the list are not presented in any specific order—all of them are important and progress for each should be well-documented.)
[...]
Click to expand...

Minimalist · May 14, 2018

GDPR Phishing Scam Targets Apple Accounts, Financial Data

A phishing campaign targeting Apple users is attempting to trick victims into updating their profiles under the guise it’s a part of proactive security hardening prepping for the introduction of General Data Protection Regulation (GDPR) policies set to go into effect on May 25. The phishing campaign’s objective is to con victims into disclosing Apple account credentials in order to scoop up personal details – including credit card and Apple account information.

This scam is one of many taking advantage of the impending introduction of EU GDPR policies.
Click to expand...

https://threatpost.com/gdpr-phishing-scam-targets-apple-accounts-financial-data

guest · May 15, 2018

Android devs prepare to hit pause on ads amid Google GDPR chaos
Hey Google. How will we eat?
May 15, 2018
https://www.theregister.co.uk/2018/05/15/android_ad_pause_gdpr_chaos/

Android developers are reluctantly considering putting Google ads on ice because of uncertainty over whether they'll be GDPR-compliant, cutting off what in many cases is their sole revenue source.

As we reported mid-last week, Google plunged developers who rely on its Admob system for revenue into uncertainty close to a fortnight before the EU's new privacy laws go into place.

Developers assumed that if they implemented the SDK, they'd meet regulations. Maybe not, however. Adding further confusion, a Google rep said in the Mobile Ads forum that the company couldn't guarantee that apps using the Consent SDK would actually be compliant.

One developer mused: "So if you don't have a solution in place before next Friday you will have to turn off your Admob account. Do we know how much money that will likely cost Google?"
Click to expand...

Minimalist · May 15, 2018

GDPR causes a flood of new policies

The European Union claims that the General Data Protection Regulation (GDPR), which comes to term on May 25, is the most important change in data privacy regulation in 20 years. Many companies have spent months preparing for the changes, working on policy and compliance, and introducing changes to their products in order to meet new standards.

We have received quite a few alerts and emails about those policy changes from a wide variety of companies. Combing through the alerts allowed us to see some interesting methods to solve—or evade—the problems that come with making businesses compliant. Let’s take a look at how different companies are coping with GDPR changes, and what you’ll need to pay attention to in those emails.
Click to expand...

https://blog.malwarebytes.com/secur.../2018/05/gdpr-causes-a-flood-of-new-policies/

guest · May 16, 2018

Whois privacy shambles becomes last-minute mad data scramble
Internet address industry given one week to introduce unfinished GDPR policy
May 16, 2018
https://www.theregister.co.uk/2018/05/16/whois_privacy_shambles/

That is the end result of an extraordinary failure by the organization that oversees the internet's domain name system to address a change in European law: a change finalized two years ago.

The companies that sell internet address and run fundamental pieces of the internet's infrastructure, such as the .com registry, have been told by DNS overseer ICANN that its board expects to approve a new temporary policy covering the storing and publication of domain name registration data – called Whois - this week.

A draft of that new Whois policy [PDF] was only published five days ago but ICANN has told the companies - that are under contract to it - that they need to implement its contents before May 25 in order to bring themselves in line with the GDPR privacy legislation.
If they are found not to be in compliance with the law, those companies face multi-million-dollar fines from European regulators, and ICANN also warned that it would carry out compliance audits to its still-unfinished rules to make sure they are being followed.

Even if that process runs smoothly, however, the internet infrastructure industry is now going to have to deal with 12 months of uncertainty with the prospect of huge fines if they get it wrong.
Click to expand...

guest · May 16, 2018

Companies ditch data as GDPR deadline approaches
May 16, 2018
https://www.helpnetsecurity.com/2018/05/16/gdpr-companies-ditch-data/

A new study from IBM reveals that nearly 60 percent of organizations surveyed are embracing the GDPR as an opportunity to improve privacy, security, data management or as catalyst for new business models, rather than simply a compliance issue or impediment.
Cutbacks: GDPR leading to reduction of data collection and storage
Another key finding of the study is that organizations are using GDPR as an opportunity to streamline their approach to data and reduce the overall amount of data they are managing. For many organizations, this means vastly cutting down on the amount of data they collect, store and share.
GDPR challenges, blind spots, and transformational business opportunities
The study found that the top challenges organizations are currently facing when it comes to GDPR compliance are finding personal data within their organizations (data discovery), ensuring the accuracy of the data they collect and store, as well as complying with rules for how data is analyzed and shared (data processing principals).
Click to expand...

guest · May 17, 2018

US companies may need to provide GDPR rights to all, not just EU citizens
May 16, 2018
https://betanews.com/2018/05/16/gdpr-rights-for-all/

Based on the answers 129 law professors gave to questions on the GDPR, it points out that GDPR doesn't just apply to citizens of an EU country. It applies to anyone who at any time set foot in an EU country and transmitted their data to a covered internet company.

So, for example, a US tourist who visits Germany for one day and returns to the US has rights under the law if that person used, say, Facebook while on the trip.

"Silicon Valley is seriously underestimating the GDPR," says Alex Stern, CEO of Attorney.io. "I've been studying it for years, starting while I was earning my Doctor of Law degree at UC Berkeley. Many wrongly assume they don't need to provide GDPR rights to most US persons."

You can find out more about the report and what companies need to consider in the light of GDPR on the Attorney.io blog.
Click to expand...

Dermot7 · May 18, 2018

Karl Bode
May 18 2018, 12:30pm

As the recent Cambridge Analytica and Facebook scandal highlighted, America is much like the wild west when it comes to protecting consumers’ private data.

Broadband providers in particular have a nasty habit of selling every shred of browsing, call, and location data not nailed down, and large ISPs and Silicon Valley giants alike have routinely made it a top priority to scuttle both state and federal attempts at meaningful rules governing that behavior.
Click to expand...

What Is GDPR and What Can America Learn From it? - Motherboard

Minimalist · May 19, 2018

Small-Business Owners Unaware of Looming GDPR

With only a week remaining before the General Data Protection Regulation (GDPR) goes into effect across the European Union, nearly a quarter of small-business owners are completely unaware and unprepared for its impact, according to data released in Shred-it's eighth annual Security Tracker report released 17 May.

The research, conducted by Ipsos, surveyed 1,000 small-business owners with fewer than 100 employees, as well as a second sample group that included more than 100 C-suite executives from businesses with over 250 employees.
Click to expand...

https://www.infosecurity-magazine.com/news/business-owners-unaware-of-looming/

guest · May 23, 2018

Microsoft: We're giving you all Euro-style GDPR rights over how we use your data
Microsoft says the privacy rules it's introduced to meet the EU's new GDPR law will apply to users globally.
May 22, 2018
https://www.zdnet.com/article/micro...-style-gdpr-rights-over-how-we-use-your-data/

Microsoft has announced it will extend the rights available to Europeans under the EU's new privacy regulation to all consumers across the world.

The General Data Protection Regulation comes into effect this Friday, introducing a range of new Data Subject Rights for EU residents, such as the right to obtain data a company has collected, and to request the deletion of data if the user no longer consents to a company holding it.

However, the company also said it would offer the same privacy controls and settings available to Europeans under GDPR to the rest of the world.
Click to expand...

guest · May 23, 2018

Instapaper is temporarily shutting off access for European users due to GDPR
The read-it-later app needs time to make changes ahead of GDPR going into effect on Friday
May 23, 2018
https://www.theverge.com/2018/5/23/17387146/instapaper-gdpr-europe-access-shut-down-privacy-changes

Popular read-it-later app Instapaper informed all European users today that its service would be temporarily unavailable starting Thursday, May 24th while it continues to make changes to ensure it’s compliant with the General Data Protection Regulation, or GDPR.

While we don’t know exactly what’s holding up Instapaper, it’s more than likely to be the GDPR’s data subject access request, which allows any EU resident to request any and all data collected and stored about them. As The Verge reported yesterday, that’s causing companies trouble because it’s not entirely clear right now what information residents will request, what format that information needs to be in, how to locate it and package it, and whether new infrastructure needs to be created to manage this request pipeline.

Needless to say, Instapaper users in the EU should be prepared to lose access to their archive starting tomorrow. It may perhaps be a good time to switch over to Pocket.
Click to expand...

Minimalist · May 24, 2018

GDPR: One rule to rule them all – legally

There is a certain similarity between J. R. R. Tolkien’s The Lord of the Rings trilogy and General Data Protection Regulation (GDPR) coming to force tomorrow, May 25 2018. As weird as it may sound, the regulation puts in place standards identical to those of the One Ring – GDPR is here to rule the world of data protection the same way the One Ring ruled the others.

In real life, this could be directly linked to unifying the different levels of the data protection legislation in each of the European Union (EU) countries. Except in this case, the One Ring is replaced by the single set of data protection rules across the EU. Thus, the regulation aims to protect any information that relates to “an identified or identifiable person” – addressing the export of personal data outside of Europe as well.
Click to expand...

https://www.welivesecurity.com/2018/05/24/gdpr-one-rule-legally

Minimalist · May 24, 2018

What Will GDPR’s Impact Be On U.S. Consumer Privacy?

Will General Data Protection Regulation rules that go in effect on Friday impact the privacy of U.S. citizens? It depends who you ask, but the odds-on-favorite answer is “not by much.”
Click to expand...

https://threatpost.com/what-will-gdprs-impact-be-on-u-s-consumer-privacy

Krusty · May 24, 2018

Europe faces off American technology companies over user data: Who will win?

Who owns the soul of the internet? For much of the world, that's a battle being fought in American boardrooms and European parliaments.

Sweeping new data protection laws take effect in the European Union today.

The General Data Protection Regulation or GDPR attempts to wrestle back control over the information of internet users from the data-sucking habits of largely Silicon Valley technology companies.

Its principles are empowering for individuals: EU citizens will have a right to be forgotten online and to correct their data, while consent to collect it at all will need to be "specific, informed and unambiguous".

The GDPR could provide a blueprint for new, less intrusive online practices, but there are also fears the internet could be further fragmented.

Far from early borderless, anarchic visions of life online, how much authority you have over your own data will be increasingly determined by where you are.

Will Europeans have more rights than Australians? Is that fair?
Click to expand...

ronjor · May 25, 2018

GDPR: US news sites blocked to EU users over data protection rules

25 May 2018
A number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect.
Click to expand...

ronjor · May 25, 2018

Activists Are Already Targeting Google and Facebook Over Europe's New Data Privacy Law That Went Live Today

By David Meyer 3:53 AM EDT
Europe’s sweeping new data privacy regime came into effect this morning, and privacy activists are not wasting time in flexing their muscles. One organization has already made official data protection complaints about Google, Facebook, WhatsApp and Instagram, while another is going after the shadowy data brokers that trade people’s information behind the scenes.
Click to expand...

stapp · May 25, 2018

Cannot read that site ron

Here's one that I can read as it's UK based and may be about the same thing?

http://www.bbc.co.uk/news/technology-44252327

stapp · May 25, 2018

OK ron using a VPN I can read it now

ronjor · May 25, 2018

Privacy International Launches GDPR Probe into Data Companies

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine 25 May 2018
Privacy International has launched a new investigation into a swathe of shadowy data companies to see if they comply with the new EU General Data Protection Regulation (GDPR), which came into force today.
Click to expand...

RockLobster · May 25, 2018

Well done the EU and well done Microsoft for implementing GDPR globally. A very smart move that puts MS in a league of their own in the US.

guest · May 25, 2018

Major US news websites are going down in Europe as GDPR goes into effect
May 25, 2018
https://www.theverge.com/2018/5/25/17393894/gdpr-news-websites-down-europe

The European Union’s new GDPR privacy rules came into effect today, but it seems that some organizations didn’t meet the deadline to comply with the changes. A handful of websites, including those of major news providers, went down in the EU, and they posted notes to readers about the new regulations.

Most notably, Tronc, the publishing company that owns the Los Angeles Times, Chicago Tribune, New York Daily News, and other newspapers, has shut down its entire roster of websites for European users. When a visitor navigates to one of those sites, they’re now met with a note explaining that “our website is currently unavailable in most European countries.”
Most other major news websites appeared unaffected by the policy change, although USA Today and NPR inserted announcements for European users. In NPR’s case, users must agree to tracking or visit a plain text version of the website.

The shutdowns are a stark demonstration of how unprepared many were for the change in privacy law. As the deadline approached, internet users’ email inboxes have been slammed with updated privacy policies, showing how wary many companies are of incurring fines. Under GDPR, regulators can fine companies up to 4 percent of their revenue.
Click to expand...

RockLobster · May 25, 2018

That's like a notice saying "we are the ones that personally ID you and track everything you read about".

reasonablePrivacy · May 25, 2018

mood said: ↑

Microsoft: We're giving you all Euro-style GDPR rights over how we use your data
Microsoft says the privacy rules it's introduced to meet the EU's new GDPR law will apply to users globally.
May 22, 2018
https://www.zdnet.com/article/micro...-style-gdpr-rights-over-how-we-use-your-data/
Click to expand...

They probably needed to do this: https://www.attorneyio.com/what-is-gdpr/

The question of who can legally exercise GDPR rights is perhaps the most interesting point of contention surrounding the GDPR. First, the GDPR does not just apply to citizens of an EU country. It applies to anyone who at any time set foot in an EU country and transmitted their data to a covered Internet company. So, a US tourist who visits Germany for one day and returns to the US has rights under the law if that person used e.g. Facebook while on the trip.

However, the biggest source of potential controversy is whether it is illegal “national origin discrimination” under US law to give GDPR rights to immigrants from the EU and not to everyone. The Civil Rights Act of 1964 outlawed discrimination on the basis of race, color, religion, sex, or national origin. It applies in several contexts such as employment and in “any place of public accommodation.” Few if any Internet companies have triggered lawsuits under this public accommodation prong. It has, to date, been exceedingly rare for such organizations to discriminate on such bases.
Click to expand...

Log in or Sign up

GDPR: A simple explainer

deBoetie Registered Member

Minimalist Registered Member

guest Guest

Minimalist Registered Member

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

guest Guest

Dermot7 Registered Member

Minimalist Registered Member

guest Guest

guest Guest

Minimalist Registered Member

Minimalist Registered Member

Krusty Registered Member

ronjor Global Moderator

ronjor Global Moderator

stapp Global Moderator

stapp Global Moderator

ronjor Global Moderator

RockLobster Registered Member

guest Guest

RockLobster Registered Member

reasonablePrivacy Registered Member

Log in or Sign up

GDPR: A simple explainer

deBoetie Registered Member

Minimalist Registered Member

guest Guest

Minimalist Registered Member

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

guest Guest

Dermot7 Registered Member

Minimalist Registered Member

guest Guest

guest Guest

Minimalist Registered Member

Minimalist Registered Member

Krusty Registered Member

ronjor Global Moderator

ronjor Global Moderator

stapp Global Moderator

stapp Global Moderator

ronjor Global Moderator

RockLobster Registered Member

guest Guest

RockLobster Registered Member

reasonablePrivacy Registered Member

Useful Searches