Security Boulevard has a great piece unpacking the terminology behind privacy. Including- what is meant by data privacy as opposed to data protection? What is the significance of this?
The terminology used around privacy has been changing as fast as the privacy landscape has. In this context it is important to keep ahead of the language used to formulate and express privacy ideas. Security Boulevard does just that in its recent post.
It’s definition typically focuses on the zonal nature of privacy. Thus the fact that it can be lost, breached or reformulated.
As of 26 November 2019 TPP’s Founder Suneet Sharma has launched the Law and Games Blog. This blog is focused on content creators and their legal rights.
The move comes following Suneet taking up the position of Legal Executice at game developer and publisher Sega. We hope you will find it informative.
Suneet will continue to run TPP and post weekly privacy oriented content.
Wired has published an insightful article on virtual currencies.
The article considers the privacy implications of crypto-currency transactions. It highlights the issues surrounding logging each transaction in a publically available manner and concerns around behavioural modelling.
The article considers the providers Monero and Zcash in particular.
Google Cloud has been providing Ascension, the second biggest healthcare provider in the US, with cloud infrastructure services since July 2019. Providing software services to healthcare providers to facilitate the secure management of patient data is not uncommon for Google. The services Ascension are taking are similarly commonplace- the migration of data to Google Cloud, utilizing suite productivity tools and providing technological tools to Ascension’s doctors for use. What perhaps is the defining factor is the scale, with this being the largest project of its kind to date – managing data of over 50 million Americans. This was dubbed “Project Nightingale”.
The Guardian has an excellent piece on recent moves by Facebook and Google in seeking to ban micro-targeting political ads.
The practice, which underpins the Cambridge Analytica scandal, is being reviewed by the news providers. The harvesting of political oriented data is common and is usually undertaken as part of an effort to profile users.
Facebook has been known to group users for the purposes of ads-targeting, some of which considers political interests. This allows for nuanced and in many cases, an alarming degree of differentiation and influence of users. The US legislatures have taken issue with this approach in the past.
The ICO has recently reached an agreement with Facebook over the fines put in place over the Cambridge Analytica scandal. The regulator continues work into data misuse in political advertising, to which the issue of micro-targeting of political ads is central.
Following its data breach in November 2013 the Morrisons data breach case is now before the UK Supreme Court. The breach involved the personal data of 5,500 employees.
An employee, Mr Skelton, took a memory stick containing the records of employees home. In January 2014 he uploaded the contents onto a data sharing website, later sending it to newspapers. Continue reading
The Guardian has released an excellent piece from Edward Snowden on the importance of encryption.
The piece considers the importance of encryption as a standard and by design as a mechanism to protect from surveillance. The article itself considers the benefits of end-to-end encryption- where data is encrypted at source and encrypted throughout processing. In these cases third party interference typically attempts to interfere with the intial processing of data prior to encryption, embedding itself throughout the process thereafter.
Messaging services such as Facebook and WhatsApp operate via end to end encryption to protect messages by design. However, much is left to be done to ensure data ecosystems have sufficient protection- third party vendors and intermediaries must ensure the same high level of data protection to ensure holistic data protection.
For the purposes of data protection legislation encryption is considered an act which processes data in and of itself. This means the act of encryption will usually bring the processing party into the remit of data protection legislation.
In September 2017 Equifax suffered a data breach exposing the personal data of over 147 million people. Hackers utilised a website application vulnerability to access the personal data of customers. Continue reading
Personal data, such as your name, likeness, birthday or any other information which can be used to identify you is highly sensitive.
Protecting and bringing actions on the basis of your personal data being harvested, used or misused is a key foundational right to privacy. Continue reading