GDPR Archives -

pradeep@brainguru.in +91 9810953232

Less Cookies – Thanks to GDPR

0 Comments

How GDPR Affects Tracking Cookie Policies

The news sites have over one Google cookie, with topmost 5 being DoubleClick by 87% of sites, Google Analytics by 86 %, Google Tag Manager by 80 %, AdSense by 72 %, and Google arthropod genus by 69 %. The report adds that design optimization cookies fell by 27 %, advertising and promoting cookies by 14 %, and social media cookies by 9 %.

European news sites have reduced the number of third-party tracking cookies by 22 % within the 3 months since the introduction of the GDPR (General Data Protection Regulation), according to a survey of 200 sites by the Reuters Institute for the Study of Journalism at the University of Oxford. Companies that run websites ought to be aware of the matter and prepared to act.

This doesn’t prove that GDPR caused the decline, however, it should have prompted websites to appear at the cookies they were using, and that they currently had to get consent. The report says: “The introduction of GDPR might have provided news organizations with an opportunity to judge the utility of varied options, and to get rid of code that is not any longer of great use or that compromises user privacy”.

There was considerable variation in the results from the seven countries surveyed:
Finland
France
Germany
Italy
Poland
Spain
UK
The number of cookies on UK sites fell by 45 %, whereas the number on German sites fell by solely 6 %. Spain, France, and Italy all saw falls of more than 30 percent. Poland saw a 20-percent increase. However, American technology firms usually evaded the cull. Most of the sites received cookies from Google (96 %), Facebook (70 %), and Amazon (57 %). Facebook cookies dropped by 5 percentage points from 75 %, however, Facebook suffered major issues far beyond the GDPR.

However, the tool cannot give answers to the most topic of interest: how many users are currently block tracking cookies? The GDPR makes it tougher to induce blanket consent to cookie use or, at least, to induce legitimate blanket consent. If large numbers of users refuse their consent, this can reduce the worth of tracking cookies. This could result in websites eliminating cookies that not deliver any worth. Whether the recent decline could be a trend or a blip remains to be seen. The next RISJ survey may show an additional decline, or a recovery if the tracking trade finds ways that to tackle the matter.

The report’s authors used webXray, an open source tool, to count cookies between April and July 2018. They acknowledge that some sites might block the tool, therefore “the true number of [third party cookies] on a given page is also higher.” Either way, each company that runs a website ought to be aware of the matter and be prepared to act.

#LessCookies #GDPR #GDPRLessCookies



Right to be Forgotten – Data Privacy Law

0 Comments

What is “Right to be Forgotten” in Indian Data Privacy Law.

The B.N. Srikrishna Committee has an important significance on obtaining the agreement of an individual to process & can use the personal information. The committee said consent must be “informed”, “specific” and “clear”, and needs to be capable of being withdrawn as easily as it was given. Thus, there is no right to erasure of data in the proposed law, and the bill will be going through a parliamentary process of word and approval before it becomes law, and might be some changes has brought in.

Therefore, the Protection Bill of Private data in 2018, embrace a segment on “right to be Forgotten” but the projected bill doesn’t give the right to erasure. The Section 27 of the bill has listed out three premises in which an individual will have the “right to restrict or prevent continuing disclosure of personal data” or the right to be forgotten. This will be relevant, if data disclosure is no longer necessary, or the consent to use data has been withdrawn or if data is being used contrary to the provisions of the law. An adjudicating officer will determine the relevancy of one of the three scenarios.
The officer can also determine that the right of the individual to limit the use of her data over-rides the right to freedom of speech or right to information of any other citizen.

Every person shall have the right to seek removal of personal data from Data Controller –
(a) where personal data is no longer necessary with regard to the purpose for which it was originally collected or processed; or
(b) where the person withdraws consent; or
(c) where personal data has been obtained unlawfully; or
(d) where personal data is required to be erased in accordance with a legal obligation pursuant to a Court order.

The European Court of Justice (ECJ) ruled in favor of Mario Costeja González In 2014, a Spanish man who was sad to look out his name on Google threw up a newspaper story from 1998. In 2009 he approached the newspaper to get that article removed as he felt it was no longer relevant. The newspaper felt it was inappropriate to erase the article, and Gonzalez then approached Google to not throw up the article when his name is searched. ECJ asked Google to remove the inadequate or not relevant data from its search results. Therefore, the ruling came to be known as the “right to be forgotten” and has been strengthened in data protection laws and regulations within the EU, as well as in the EU’s General Data Protection Regulation (GDPR).

After the article for EU GDPR outlined the situation that EU citizens will exercise their “right to be forgotten”. The News Article gives individuals the right to get personal data erased under six conditions, including withdrawal of consent to use data, or if data is no longer relevant for the purpose it was collected. However, the request may not be entertained in some situations such as if the request contradicts the right of freedom of expression, or when it goes against the public interest in the area of public health or historical research or regarding statistical purposes.

#GDPR #DataPrivacy #RigtToBeForgotten



Data Privacy Law’s Impact on Indian Election System

0 Comments

What will be the impact of Data Privacy Law on our Existing election system?

The Draft Data Privacy Law suggested by Justice Srikrishna committee says processing sensitive personal data by the State without the consent of the individual can be done for the functioning of the Parliament or a state Legislature and for providing state benefits to individuals.

But as per my view publishing personal data online (on EC Website) without any checks throws the data sets open for third parties and could be used for harmful ends. One of the primary sources of data for political data analytics is the electoral roll that can be downloaded from the Election Commission website. e.g., the names of people in the voter list coupled with their gender, and house number could be used by the third person to find out where their target lives and possibly breach the privacy of any individual.

Protecting personal data and restoring control over its ownership and flow has also become imperative ahead of the 2019 Lok Sabha elections. Demographic data of the constituencies can be extracted from the electoral roll and used for targeted campaigns in elections via social media.

A study by the University of Oxford researchers on ‘Online Social Media Manipulation’ has found evidence of such campaigns in 48 countries, including in India. The study found that political parties and governments have spent more than half a billion dollars on the implementation of psychological operations and public opinion manipulation over social media.

Facebook, for example, has faced flak for its opaque data sharing practice, after personal data on the platform was used to obtain information on hundreds of thousands of voters globally, including 500,000 people in India.

The Srikrishna Committee’s report on data privacy and protection have not factored in the need to educate officials and create institutional capacity in complying with privacy norms.

We are also seeing the ambiguity to other public databases easily available such as the list of MGNREGA beneficiaries, land records, First Information Reports, and court records, which are currently not in conformance with the draft privacy bill.

#DataPrivacyLaw #Indianelectionsystem #election2019, #GDPR



Data Privacy Law GDPR Coming to India

5 Comments

Data Privacy Law or General Data Protection Regulations is the new Privacy Protection Regulation law which is going to be adopted soon by Organizations in India as the main purpose of the GDPR is to ensure that the privacy and personal data of every individual are steadfastly protected. It seeks to regulate the purpose for and the manner in which several entities, including governments, collect and process data about individuals using automated means data controllers.
India is behind in schedule to compared the advancements several western nations have made in privacy and data protection. This becomes a cause for concern when a regulation (such as the GDPR) sets the global standards for data protection. A situation where Indian companies are arm-twisted into accepting EU standards of data protection is undesirable but wholly possible given the flurry of activity following the GDPR. The data protection laws in India are poorly drafted and application of the same can raise serious questions taking into consideration.

India should take this chance to objectively examine how the GDPR is rolled out and the way it fares. So as to make sure that it creates a legislation that lives on, it should determine the core principles on that an information protection law are going to be found. With the divide between technology and therefore the law gaping wider with every passing day, India’s information protection law should aim to bridge any data gap between information users and data controllers. It should build in review mechanisms to make sure that controllers are command accountable, whereas at a similar time encouraging them to innovate voluntary best practices for privacy. They ought to learn from the GDPR and flesh out the rights for each individual has over her information as observed from the GDPR, India should not over-regulate, as this can be one of the surest ways that of creating a chilling effect on each technology as well as privacy.

It is vital to accept GDPR to the fullest, as GDPR lays heavy monetary penalties on non-compliant organizations. Accepting a privacy designed move can increase the organization’s awareness of privacy and information protection problems, and address vulnerabilities promptly.

Areas which require focus under the GDPR are:

1 Training and Awareness
2 Data process & Accountability
3 Notice and Consent
4 Cross-border information transfer
5 Third-party and seller management
6 Transparency of data and communication
7 Data security, storage, breach notification

Privacy and protection of an individual’s information is and will be the highest priority of the governing bodies and it’s time that we tend to devised regulative rules for an equivalent. That being aforesaid, it’s very imperative to revise the current state of information protection and privacy laws in India to safeguard personal information and data in a very rightful manner. Stronger information protection and governance laws are the necessity of the hour.

As concluded, GDPR will enhance the correct result by word and spirit, if the protection of information which measures by enterprises and empowers their customers, as well as businesses operative of different location, can also take over the GDPR standards as for data protection and privacy progressively becomes a worry.

#GDPR #DataPrivacy #GDPRIndia #BS10012 #PIMS #AAdhar #AAdharIndia #GDPRAAdhar



GDPR Impact on FB Advertisement Revenue

2 Comments

Last Night, we have seen the loss of around $119 billion in FB, as its stock price plummeted by around 19 percent, largest one-day loss in market value by any company in U.S. stock market history.

It could be due to Rollout of new European privacy law on 25th May 2018 GDPR in Europe for Personal Data Privacy, as FB is working hard on improving security controls and its Key advertising Market of EU is down due to Data privacy GDPR.

“As I’ve said on past calls, we’re investing so much insecurity that it will significantly impact our profitability,” CEO Mark Zuckerberg.

Facebook’s monthly active users were up 11 percent year-on-year, growth had fallen flat in the US and Europe, its key advertising markets. Europe’s fall was partly down to the rollout of GDPR, FB told investors.

As per my recommendation, it could be the temporary dip in the share price of Facebook, in coming days we can see the pullback in NASDAQ:FB stock and it can touch $200 mack again.

After Facebook failed to meet the revenue expectations can we see the similar trend with other like Google ? as google advertisement revenue can be impacted due to this law.

#GDPR #FaceBook #GDPR #FacebookGDPR #GoogleGDPR



GDPR: An Opportunity or Burden ?

0 Comments

Businesses these days are speedily accumulating information that identifies people. How that information is used and managed, and therefore the degree to that it protects individual privacy, varies greatly. With the GDPR, this may change.
New GDPR rules can protect the privacy of European residents and any businesses that deal with them. The hype that enclosed the introduction of the General Data Protection Regulation (GDPR) earlier this year directed a spotlight on the thorny issue of information privacy.

This is vital as loss of personal or work-related data may be a huge problem for businesses of any size or sector almost half of UK businesses have fallen victim to cyber attacks or security breaches within the last year, costing them every thousand of pounds, according to a UK government report. In essence, the GDPR is regarding protective and enabling the information privacy rights of people, handing power back to the data’s owner, whether it consists of location data, online identifiers like usernames, IP addresses or cookies, or different records.

The arrival of GDPR suggests that greater penalties for information loss are imposed, thus it’s essential that companies are compliant. However, recent information suggests that a lot of firms are still struggling with their compliance efforts. A poll by The Governance Institute (ICSA) shows that over three-quarters (78 percent) of organizations surveyed have found becoming compliant with GDPR to be “a heavy burden” on their resources. However, GDPR affects each organization, and little and mid-sized firms will fall victim to information breaches as much as the enterprise.
Having a business continuity and disaster recovery (BCDR) policy in place ought to be essential for any organization to protect client information from accidental loss or criminal information breach. However, within the case of GDPR, it ensures the integrity of the information and may facilitate firms get over a ransomware infection.

Being GDPR compliant needs understanding the information you hold, your policies and processes for managing that information and training employees to make sure they perceive and may adjust to these rules. Mapping out however information moves through the corporate and where it’s stored whether it’s in emails, CRM systems, cloud applications or on a backup appliance may be a good starting point. Once it involves defending against cyber-attacks and information breaches, human error is commonly an issue, thus educating your employees is crucial. Technology may be used to enforce consistent security policies across the organization.

Businesses should additionally make sure the ongoing confidentiality, integrity, and availability of process systems and services, likewise as having the vital ability to access personal information in a timely manner within the event of a physical or technical incident. With additional information being processed and keep, cyber threats continued to grow and with laws like GDPR being implemented, managing information is becoming increasingly complex for small businesses.

Non-compliance with the new regulation cannot solely cause reputational harm to an organization however additionally result in substantial fines. Within the coming months, case law and experience can shine a stronger light on exactly what the regulation means in reality.



GDPR Impact on Indian Market

0 Comments

General data protection regulation (GDPR) helps businesses differentiate themselves. However, the issues are growing over the way enterprises use consumer information for promoting, as current laws don’t provide any control over them. Thus, GDPR was born with a lot of demanding and prescriptive compliance challenges, backed by fines of up to 4% of a company’s annual world revenue. Alternative demanding rules include those pertaining to information breach reporting, an appointment of a compulsory information protection officer, and citizens’ right to be forgotten within the digital realm among others.

In the European Union’s (EU) GDPR envisages strict rules for handling personal information of users and specifies new protocols for handling and storing private information of users and specifies new protocols for handling and storing personal information, and sharing it with third parties. The rules also will apply to firms whose activities target data subjects within the EU. The definition of personal data currently explicitly includes location information, IP addresses, and identifiers like the genetic, economic, cultural or social identity of a natural person. People can have stronger rights over their personal information as the new rights include the correct to be forgotten, the proper to data portability, the right to object to identification. Consumer consent to process information should be freely given.

If the Indian corporations do not comply with the EU GDPR then flouting the rules will attract a finest approximate to 4-dimensional of an organization’s world annual revenue or €20 million, which is higher. Therefore, the Indian corporations ought to prepare for the EU GDPR by review their policies, procedures and existing privacy programmes; impart information privacy training to employees; and review or update contracts signed with third-party vendors, among different things. Besides, Indian corporations additionally got to evaluate how equipped they’re to deal with the audit method and use proper technology solutions to organize for a similar.

Therefore the conclusion regarding GDPR can strengthen the protection of information for enterprises and empower and for their customer. Businesses operative in different regions too can act to adopt the GDPR standards as information protection increasingly becomes a worry.