#materials #privacy #gdpr #children
Ирландский ркн опубликовал для публичных обсуждений Fundamentals for a child-oriented approach to data processing, здесь
Источник: Алексей Мунтян
Ирландский ркн опубликовал для публичных обсуждений Fundamentals for a child-oriented approach to data processing, здесь
Источник: Алексей Мунтян
#news #privacy #gdpr
Более 16 000 субъектов присоединились к групповому иску против British Airways, все из-за той самой утечки. Подробности
Более 16 000 субъектов присоединились к групповому иску против British Airways, все из-за той самой утечки. Подробности
The Irish Times
British Airways faces large class-action lawsuit over customer data breach
More than 16,000 people have now joined a case seeking compensation from the IAG-owned airline
#materials #privacy #cybersecurity #cloud
CITC опубликовал исследование On legislative & regulatory status of cloud computing worldwide⬇️⬇️⬇️
Приватность в нем во главе угла
CITC опубликовал исследование On legislative & regulatory status of cloud computing worldwide⬇️⬇️⬇️
Приватность в нем во главе угла
#news #privacy #transfers #edpb #edps
EDPB совместно с EDPS подготовили мнение в отношении правок к SCC, подробности
Источник: Алексей Соколов
EDPB совместно с EDPS подготовили мнение в отношении правок к SCC, подробности
Источник: Алексей Соколов
#events #privacy
Когда: 27 января в 10:00 (мск)
Где: в онлайн пространстве
Тема: Автоматизация функции обработки и защиты персональных данных
Организатор: КПМГ
Язык: русский
Стоимость: бесплатно, только для инхауз, модерация
Регистрация: здесь
Когда: 27 января в 10:00 (мск)
Где: в онлайн пространстве
Тема: Автоматизация функции обработки и защиты персональных данных
Организатор: КПМГ
Язык: русский
Стоимость: бесплатно, только для инхауз, модерация
Регистрация: здесь
#materials #gdpr #privacy #edpb #databreach
Проект Руководства от EDPB on Examples regarding Data Breach Notification
Проект Руководства от EDPB on Examples regarding Data Breach Notification
#tools #privacy
Бесплатный генератор Политик приватности от cookieYes
P.S. Качество и надежность не проверяла
Бесплатный генератор Политик приватности от cookieYes
P.S. Качество и надежность не проверяла
CookieYes
Free Privacy Policy Generator - No sign up required
Create a GDPR & CCPA-compliant privacy policy in less than 2 minutes with our free privacy policy generator. No email/signup is required.
#materials #GDPR #caselaw
Решение верховного суда UK в части территориальной применимости гдпр, здесь
💡Про ст. 3(1):
“the absence of a branch or subsidiary in the UK is by no means determinative .... it is relevant that the First Defendant has no employees or representatives in this country. The fact that Forensic News has a readership in the UK which is not minimal is of no more than marginal relevance: by itself, it could not begin to satisfy article 3.1.
It is clear that the First Defendant's journalistic endeavour is not oriented towards the UK in any relevant respect. That the content of the First Defendant's website may be of interest to some readers here is not germane to the issue under consideration, nor is the fact that the Claimant holds joint British nationality.
The real question is whether, taking the Claimant's case at its reasonable pinnacle, he has persuaded me that he has the sufficient makings of an argument on "stable arrangements" to enable him to pass through the merits portal.
I cannot accept the proposition that less than a handful of UK subnoscriptions to a platform which solicits payment for services on an entirely generic basis, and which in any event can be cancelled at any time, amounts to arrangements which are sufficient in nature, number and type to fulfil the language and spirit of article 3.1 and amount to being "stable".
💡💡Про разъяснения EDPB:
“These Guidelines are persuasive, not binding, and in the context of "establishment" add little to the jurisprudence of Google Spain, Weltimmo, and Amazon”
💡💡💡Про ст. 3(2):
«there is nothing to suggest that the First Defendant is targeting the United Kingdom as regards the goods and services it offers. That this country is a potential shipping destination for merchandise which in the event does not appear to have been purchased by anyone here (save possibly for one baseball cap) does not in my opinion fulfil sub-para (a) as explained in the EDPB Guidelines. No more than a cursory examination of their listed indicia serves to demonstrate how far short the Claimant comes in meeting this sub-para».
💡💡💡💡Про мониторинг поведения:
«I can accept that the Claimant has an arguable case that the First Defendant's use of cookies etc. is for the purpose of behavioural profiling or monitoring, but that is purely in the context of directing advertisement content. There is no evidence that the use of cookies has anything to do with the "monitoring" which forms the basis of the Claimant's real complaint: the Defendant's journalistic activities have been advanced not through any deployment of these cookies but by using the internet as an investigative tool. In my judgment, that is not the sort of "monitoring" that article 3.2(b) has in mind; or, put another way, the monitoring that does properly fall within this provision – the behavioural profiling that informs advertising choices – is not related to the processing that the Claimant complains about (assuming that carrying out research online about the Claimant amounts to monitoring at all)».
Решение верховного суда UK в части территориальной применимости гдпр, здесь
💡Про ст. 3(1):
“the absence of a branch or subsidiary in the UK is by no means determinative .... it is relevant that the First Defendant has no employees or representatives in this country. The fact that Forensic News has a readership in the UK which is not minimal is of no more than marginal relevance: by itself, it could not begin to satisfy article 3.1.
It is clear that the First Defendant's journalistic endeavour is not oriented towards the UK in any relevant respect. That the content of the First Defendant's website may be of interest to some readers here is not germane to the issue under consideration, nor is the fact that the Claimant holds joint British nationality.
The real question is whether, taking the Claimant's case at its reasonable pinnacle, he has persuaded me that he has the sufficient makings of an argument on "stable arrangements" to enable him to pass through the merits portal.
I cannot accept the proposition that less than a handful of UK subnoscriptions to a platform which solicits payment for services on an entirely generic basis, and which in any event can be cancelled at any time, amounts to arrangements which are sufficient in nature, number and type to fulfil the language and spirit of article 3.1 and amount to being "stable".
💡💡Про разъяснения EDPB:
“These Guidelines are persuasive, not binding, and in the context of "establishment" add little to the jurisprudence of Google Spain, Weltimmo, and Amazon”
💡💡💡Про ст. 3(2):
«there is nothing to suggest that the First Defendant is targeting the United Kingdom as regards the goods and services it offers. That this country is a potential shipping destination for merchandise which in the event does not appear to have been purchased by anyone here (save possibly for one baseball cap) does not in my opinion fulfil sub-para (a) as explained in the EDPB Guidelines. No more than a cursory examination of their listed indicia serves to demonstrate how far short the Claimant comes in meeting this sub-para».
💡💡💡💡Про мониторинг поведения:
«I can accept that the Claimant has an arguable case that the First Defendant's use of cookies etc. is for the purpose of behavioural profiling or monitoring, but that is purely in the context of directing advertisement content. There is no evidence that the use of cookies has anything to do with the "monitoring" which forms the basis of the Claimant's real complaint: the Defendant's journalistic activities have been advanced not through any deployment of these cookies but by using the internet as an investigative tool. In my judgment, that is not the sort of "monitoring" that article 3.2(b) has in mind; or, put another way, the monitoring that does properly fall within this provision – the behavioural profiling that informs advertising choices – is not related to the processing that the Claimant complains about (assuming that carrying out research online about the Claimant amounts to monitoring at all)».
#materials #privacy #GDPR #usa
Из письма Трампа спикеру Палаты Представителей и Представителю Сената
Pursuant to ... I hereby report that I have issued an Executive Order declaring additional steps to be taken concerning the national emergency with respect to significant malicious cyber enabled activities ... to address the use of United States Infrastructure as a Service (IaaS) products by foreign malicious cyber actors.
To address these threats, to deter foreign malicious cyber actors’ use of United States IaaS products, and to assist in the investigation of transactions involving foreign malicious cyber actors, the United States must ensure that providers offering United States IaaS products verify the identity of persons obtaining an IaaS account (“Account”) for the provision of these products and maintain records of those transactions. In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors’ access to United States IaaS products. Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors.
Источник: Дмитрий Павельев
Из письма Трампа спикеру Палаты Представителей и Представителю Сената
Pursuant to ... I hereby report that I have issued an Executive Order declaring additional steps to be taken concerning the national emergency with respect to significant malicious cyber enabled activities ... to address the use of United States Infrastructure as a Service (IaaS) products by foreign malicious cyber actors.
To address these threats, to deter foreign malicious cyber actors’ use of United States IaaS products, and to assist in the investigation of transactions involving foreign malicious cyber actors, the United States must ensure that providers offering United States IaaS products verify the identity of persons obtaining an IaaS account (“Account”) for the provision of these products and maintain records of those transactions. In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors’ access to United States IaaS products. Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors.
Источник: Дмитрий Павельев
RPPA PRO: Privacy • AI • Cybersecurity • IP
#materials #privacy #GDPR #usa Из письма Трампа спикеру Палаты Представителей и Представителю Сената Pursuant to ... I hereby report that I have issued an Executive Order declaring additional steps to be taken concerning the national emergency with respect…
#materials #privacy #usa
Сам Executive Order: https://www.whitehouse.gov/presidential-actions/executive-order-taking-additional-steps-address-national-emergency-respect-significant-malicious-cyber-enabled-activities/
Section 1. Verification of Identity.
(a) set forth the minimum standards that United States IaaS providers must adopt to verify the identity of a foreign person in connection with the opening of an Account or the maintenance of an existing Account, including:
(i) the types of documentation and procedures required to verify the identity of any foreign person acting as a lessee or sub-lessee of these products or services;
(ii) records that United States IaaS providers must securely maintain regarding a foreign person that obtains an Account, including information establishing:
(A) the identity of such foreign person and the person’s information, including name, national identification number, and address;
(B) means and source of payment (including any associated financial institution and other identifiers such as credit card number, account number, customer identifier, transaction identifiers, or virtual currency wallet or wallet address identifier);
(C) electronic mail address and telephonic contact information, used to verify a foreign person’s identity; and
(D) Internet Protocol addresses used for access or administration and the date and time of each such access or administrative action, related to ongoing verification of such foreign person’s ownership of such an Account; and
(iii) methods for limiting all third-party access to the information described in this subsection, except insofar as such access is otherwise consistent with this order and allowed under applicable law
Сам Executive Order: https://www.whitehouse.gov/presidential-actions/executive-order-taking-additional-steps-address-national-emergency-respect-significant-malicious-cyber-enabled-activities/
Section 1. Verification of Identity.
(a) set forth the minimum standards that United States IaaS providers must adopt to verify the identity of a foreign person in connection with the opening of an Account or the maintenance of an existing Account, including:
(i) the types of documentation and procedures required to verify the identity of any foreign person acting as a lessee or sub-lessee of these products or services;
(ii) records that United States IaaS providers must securely maintain regarding a foreign person that obtains an Account, including information establishing:
(A) the identity of such foreign person and the person’s information, including name, national identification number, and address;
(B) means and source of payment (including any associated financial institution and other identifiers such as credit card number, account number, customer identifier, transaction identifiers, or virtual currency wallet or wallet address identifier);
(C) electronic mail address and telephonic contact information, used to verify a foreign person’s identity; and
(D) Internet Protocol addresses used for access or administration and the date and time of each such access or administrative action, related to ongoing verification of such foreign person’s ownership of such an Account; and
(iii) methods for limiting all third-party access to the information described in this subsection, except insofar as such access is otherwise consistent with this order and allowed under applicable law
#events #privacy
Когда: 28 января в 11:00 (мск)
Где: в онлайн пространстве
Организатор: @roskomsvoboda, @DigitalRightsCenter
Тема: Privacy Day 2021: как государства и корпорации используют ваши данные
Язык: русский
Стоимость: бесплатно
Трансляция: здесь
Когда: 28 января в 11:00 (мск)
Где: в онлайн пространстве
Организатор: @roskomsvoboda, @DigitalRightsCenter
Тема: Privacy Day 2021: как государства и корпорации используют ваши данные
Язык: русский
Стоимость: бесплатно
Трансляция: здесь