dcsimg

Charities and the advertising industry: data ecosystems and privacy risks

Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime soon. A detailed analysis of ad tracking mechanisms on popular charity websites has been released by … [Read more...]

Data Accountability and Transparency Act of 2020 looks beyond consent

In the United States, data privacy is hard work—particularly for the American people. But one US Senator believes it shouldn’t have to be. In June, Democratic Senator Sherrod Brown of Ohio released a discussion draft of a new data privacy bill to improve Americans’ data privacy rights and their relationship with the countless companies that collect, store, and share their personal data. While … [Read more...]

How the GDPR affects cookie policies

Cookies are mentioned only once in the GDPR (General Data Protection Regulation), but the repercussions are significant for any organisation that uses them to track users’ browsing activity. Recital 30 of the GDPR states: Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in … [Read more...]

GDPR: When do you need to seek consent?

Under the GDPR (General Data Protection Regulation), knowing how and when you need to seek consent can be tricky. Many people mistakenly think that organisations must get consent to process personal data, but consent is one of six lawful grounds for processing data, and you’d be advised to seek it only if none of the other grounds apply. The other lawful grounds are: A contract with the … [Read more...]

How to write GDPR-compliant consent forms

The new consent requirements introduced in the GDPR (General Data Protection Regulation) mean you need to be extra vigilant when it comes to requesting information. The rules for lawful consent are much tougher than in the past, and savvy data subjects will be bound to query anything that seems suspicious.  You can be sure your data processing activities meet the GDPR’s consent … [Read more...]

Are your employees aware of their PCI DSS obligations?

If your organisation collects cardholder data, you need to comply with the Payment Card Industry Data Security Standard (PCI DSS). The Standard was designed to help organisations manage card payments securely, and is regulated by major card brands (Visa, Mastercard, American Express, JCB and Discover). Failure to comply with the PCI DSS will lead to disciplinary action and reputational damage, but … [Read more...]

The GDPR: What is sensitive personal data?

We recently discussed what is considered personal data under the GDPR (General Data Protection Regulation). However, we didn’t cover sensitive personal data.  Before we get into what that entails, let’s recap the GDPR’s definition of personal data:  ‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’).  In other words, any information … [Read more...]

Navigating GDPR consent for minors

The EU General Data Protection Regulation (GDPR) strengthens and expands data subjects’ rights, and brings significant changes to both consent requirements and the rights of children. Consent must be given with a “clear affirmative action”, which nullifies opt-out options such as pre-ticked boxes. Consent requests also need to cover the specific processing details, the type of information … [Read more...]