#tools #privacy
Бесплатный генератор Политик приватности от cookieYes
P.S. Качество и надежность не проверяла
Бесплатный генератор Политик приватности от cookieYes
P.S. Качество и надежность не проверяла
CookieYes
Free Privacy Policy Generator - No sign up required
Create a GDPR & CCPA-compliant privacy policy in less than 2 minutes with our free privacy policy generator. No email/signup is required.
#materials #GDPR #caselaw
Решение верховного суда UK в части территориальной применимости гдпр, здесь
💡Про ст. 3(1):
“the absence of a branch or subsidiary in the UK is by no means determinative .... it is relevant that the First Defendant has no employees or representatives in this country. The fact that Forensic News has a readership in the UK which is not minimal is of no more than marginal relevance: by itself, it could not begin to satisfy article 3.1.
It is clear that the First Defendant's journalistic endeavour is not oriented towards the UK in any relevant respect. That the content of the First Defendant's website may be of interest to some readers here is not germane to the issue under consideration, nor is the fact that the Claimant holds joint British nationality.
The real question is whether, taking the Claimant's case at its reasonable pinnacle, he has persuaded me that he has the sufficient makings of an argument on "stable arrangements" to enable him to pass through the merits portal.
I cannot accept the proposition that less than a handful of UK subnoscriptions to a platform which solicits payment for services on an entirely generic basis, and which in any event can be cancelled at any time, amounts to arrangements which are sufficient in nature, number and type to fulfil the language and spirit of article 3.1 and amount to being "stable".
💡💡Про разъяснения EDPB:
“These Guidelines are persuasive, not binding, and in the context of "establishment" add little to the jurisprudence of Google Spain, Weltimmo, and Amazon”
💡💡💡Про ст. 3(2):
«there is nothing to suggest that the First Defendant is targeting the United Kingdom as regards the goods and services it offers. That this country is a potential shipping destination for merchandise which in the event does not appear to have been purchased by anyone here (save possibly for one baseball cap) does not in my opinion fulfil sub-para (a) as explained in the EDPB Guidelines. No more than a cursory examination of their listed indicia serves to demonstrate how far short the Claimant comes in meeting this sub-para».
💡💡💡💡Про мониторинг поведения:
«I can accept that the Claimant has an arguable case that the First Defendant's use of cookies etc. is for the purpose of behavioural profiling or monitoring, but that is purely in the context of directing advertisement content. There is no evidence that the use of cookies has anything to do with the "monitoring" which forms the basis of the Claimant's real complaint: the Defendant's journalistic activities have been advanced not through any deployment of these cookies but by using the internet as an investigative tool. In my judgment, that is not the sort of "monitoring" that article 3.2(b) has in mind; or, put another way, the monitoring that does properly fall within this provision – the behavioural profiling that informs advertising choices – is not related to the processing that the Claimant complains about (assuming that carrying out research online about the Claimant amounts to monitoring at all)».
Решение верховного суда UK в части территориальной применимости гдпр, здесь
💡Про ст. 3(1):
“the absence of a branch or subsidiary in the UK is by no means determinative .... it is relevant that the First Defendant has no employees or representatives in this country. The fact that Forensic News has a readership in the UK which is not minimal is of no more than marginal relevance: by itself, it could not begin to satisfy article 3.1.
It is clear that the First Defendant's journalistic endeavour is not oriented towards the UK in any relevant respect. That the content of the First Defendant's website may be of interest to some readers here is not germane to the issue under consideration, nor is the fact that the Claimant holds joint British nationality.
The real question is whether, taking the Claimant's case at its reasonable pinnacle, he has persuaded me that he has the sufficient makings of an argument on "stable arrangements" to enable him to pass through the merits portal.
I cannot accept the proposition that less than a handful of UK subnoscriptions to a platform which solicits payment for services on an entirely generic basis, and which in any event can be cancelled at any time, amounts to arrangements which are sufficient in nature, number and type to fulfil the language and spirit of article 3.1 and amount to being "stable".
💡💡Про разъяснения EDPB:
“These Guidelines are persuasive, not binding, and in the context of "establishment" add little to the jurisprudence of Google Spain, Weltimmo, and Amazon”
💡💡💡Про ст. 3(2):
«there is nothing to suggest that the First Defendant is targeting the United Kingdom as regards the goods and services it offers. That this country is a potential shipping destination for merchandise which in the event does not appear to have been purchased by anyone here (save possibly for one baseball cap) does not in my opinion fulfil sub-para (a) as explained in the EDPB Guidelines. No more than a cursory examination of their listed indicia serves to demonstrate how far short the Claimant comes in meeting this sub-para».
💡💡💡💡Про мониторинг поведения:
«I can accept that the Claimant has an arguable case that the First Defendant's use of cookies etc. is for the purpose of behavioural profiling or monitoring, but that is purely in the context of directing advertisement content. There is no evidence that the use of cookies has anything to do with the "monitoring" which forms the basis of the Claimant's real complaint: the Defendant's journalistic activities have been advanced not through any deployment of these cookies but by using the internet as an investigative tool. In my judgment, that is not the sort of "monitoring" that article 3.2(b) has in mind; or, put another way, the monitoring that does properly fall within this provision – the behavioural profiling that informs advertising choices – is not related to the processing that the Claimant complains about (assuming that carrying out research online about the Claimant amounts to monitoring at all)».
#materials #privacy #GDPR #usa
Из письма Трампа спикеру Палаты Представителей и Представителю Сената
Pursuant to ... I hereby report that I have issued an Executive Order declaring additional steps to be taken concerning the national emergency with respect to significant malicious cyber enabled activities ... to address the use of United States Infrastructure as a Service (IaaS) products by foreign malicious cyber actors.
To address these threats, to deter foreign malicious cyber actors’ use of United States IaaS products, and to assist in the investigation of transactions involving foreign malicious cyber actors, the United States must ensure that providers offering United States IaaS products verify the identity of persons obtaining an IaaS account (“Account”) for the provision of these products and maintain records of those transactions. In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors’ access to United States IaaS products. Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors.
Источник: Дмитрий Павельев
Из письма Трампа спикеру Палаты Представителей и Представителю Сената
Pursuant to ... I hereby report that I have issued an Executive Order declaring additional steps to be taken concerning the national emergency with respect to significant malicious cyber enabled activities ... to address the use of United States Infrastructure as a Service (IaaS) products by foreign malicious cyber actors.
To address these threats, to deter foreign malicious cyber actors’ use of United States IaaS products, and to assist in the investigation of transactions involving foreign malicious cyber actors, the United States must ensure that providers offering United States IaaS products verify the identity of persons obtaining an IaaS account (“Account”) for the provision of these products and maintain records of those transactions. In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors’ access to United States IaaS products. Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors.
Источник: Дмитрий Павельев
RPPA PRO: Privacy • AI • Cybersecurity • IP
#materials #privacy #GDPR #usa Из письма Трампа спикеру Палаты Представителей и Представителю Сената Pursuant to ... I hereby report that I have issued an Executive Order declaring additional steps to be taken concerning the national emergency with respect…
#materials #privacy #usa
Сам Executive Order: https://www.whitehouse.gov/presidential-actions/executive-order-taking-additional-steps-address-national-emergency-respect-significant-malicious-cyber-enabled-activities/
Section 1. Verification of Identity.
(a) set forth the minimum standards that United States IaaS providers must adopt to verify the identity of a foreign person in connection with the opening of an Account or the maintenance of an existing Account, including:
(i) the types of documentation and procedures required to verify the identity of any foreign person acting as a lessee or sub-lessee of these products or services;
(ii) records that United States IaaS providers must securely maintain regarding a foreign person that obtains an Account, including information establishing:
(A) the identity of such foreign person and the person’s information, including name, national identification number, and address;
(B) means and source of payment (including any associated financial institution and other identifiers such as credit card number, account number, customer identifier, transaction identifiers, or virtual currency wallet or wallet address identifier);
(C) electronic mail address and telephonic contact information, used to verify a foreign person’s identity; and
(D) Internet Protocol addresses used for access or administration and the date and time of each such access or administrative action, related to ongoing verification of such foreign person’s ownership of such an Account; and
(iii) methods for limiting all third-party access to the information described in this subsection, except insofar as such access is otherwise consistent with this order and allowed under applicable law
Сам Executive Order: https://www.whitehouse.gov/presidential-actions/executive-order-taking-additional-steps-address-national-emergency-respect-significant-malicious-cyber-enabled-activities/
Section 1. Verification of Identity.
(a) set forth the minimum standards that United States IaaS providers must adopt to verify the identity of a foreign person in connection with the opening of an Account or the maintenance of an existing Account, including:
(i) the types of documentation and procedures required to verify the identity of any foreign person acting as a lessee or sub-lessee of these products or services;
(ii) records that United States IaaS providers must securely maintain regarding a foreign person that obtains an Account, including information establishing:
(A) the identity of such foreign person and the person’s information, including name, national identification number, and address;
(B) means and source of payment (including any associated financial institution and other identifiers such as credit card number, account number, customer identifier, transaction identifiers, or virtual currency wallet or wallet address identifier);
(C) electronic mail address and telephonic contact information, used to verify a foreign person’s identity; and
(D) Internet Protocol addresses used for access or administration and the date and time of each such access or administrative action, related to ongoing verification of such foreign person’s ownership of such an Account; and
(iii) methods for limiting all third-party access to the information described in this subsection, except insofar as such access is otherwise consistent with this order and allowed under applicable law
#events #privacy
Когда: 28 января в 11:00 (мск)
Где: в онлайн пространстве
Организатор: @roskomsvoboda, @DigitalRightsCenter
Тема: Privacy Day 2021: как государства и корпорации используют ваши данные
Язык: русский
Стоимость: бесплатно
Трансляция: здесь
Когда: 28 января в 11:00 (мск)
Где: в онлайн пространстве
Организатор: @roskomsvoboda, @DigitalRightsCenter
Тема: Privacy Day 2021: как государства и корпорации используют ваши данные
Язык: русский
Стоимость: бесплатно
Трансляция: здесь
RPPA PRO: Privacy • AI • Cybersecurity • IP pinned «#events #privacy #iapp #IAPPcelebratesDPD Когда: 28 января в 17:00 (мск) Где: в онлайн пространстве Тема: Защита приватности миллионов: обработка данных в Интернет-проектах Организатор: IAPP Язык: русский Стоимость: бесплатно…»
#ЯрмаркаВакансий
Новая вкусняшка на RPPA.ru - Руководитель направления процессов обработки персональных данных в российскую компанию в сфере ритейла
Новая вкусняшка на RPPA.ru - Руководитель направления процессов обработки персональных данных в российскую компанию в сфере ритейла
#fines #gdpr
Где: Норвегия
Отрасль: интернет
Кого: Grindr LLC
Штраф: 100 000 000 крон
Нарушение: Компания-владелец американского приложения для знакомств Grindr, ориентированное на ЛГБТ-сообщество, обвиняется в грубых нарушениях GDPR: с 2018 по 2020 она передавала данные пользователей крупным рекламодателям, в числе которых рекламная платформа MoPub, принадлежащая Twitter.
MoPub, в свою очередь, мог делиться этими данными ещё со 100 компаниями-партнёрами.
Одна из причин беспрецедентного штрафа — особая чувствительность данных, которые передавал Grindr.
Согласно GDPR, информация о сексуальной ориентации принадлежит к особо защищенным формам конфиденциальных данных. В сочетании с информацией о местоположении сведения об ориентации могли бы привести к преследованиям — например, в Катаре или Пакистане.
Норвежский DPA не устроила и модель монетизации Grindr. Одно из преимуществ платной версии приложения — отсутствие таргетированной рекламы, и, как следствие, передачи данных о пользователе рекламодателям. Иначе говоря, пользователь мог гарантировать себе конфиденциальность только при покупке платной версии — что автоматически означает незаконность бесплатной.
Источник: проверка регулятора
Статьи: 5, 6
Ссылки: регулятор
Из интересного:
По оценкам Fortune, €10 млн, которые может заплатить компания за нарушения, составляют треть её предполагаемой чистой прибыли за этот период.
Источник: Алексей Мунтян
Где: Норвегия
Отрасль: интернет
Кого: Grindr LLC
Штраф: 100 000 000 крон
Нарушение: Компания-владелец американского приложения для знакомств Grindr, ориентированное на ЛГБТ-сообщество, обвиняется в грубых нарушениях GDPR: с 2018 по 2020 она передавала данные пользователей крупным рекламодателям, в числе которых рекламная платформа MoPub, принадлежащая Twitter.
MoPub, в свою очередь, мог делиться этими данными ещё со 100 компаниями-партнёрами.
Одна из причин беспрецедентного штрафа — особая чувствительность данных, которые передавал Grindr.
Согласно GDPR, информация о сексуальной ориентации принадлежит к особо защищенным формам конфиденциальных данных. В сочетании с информацией о местоположении сведения об ориентации могли бы привести к преследованиям — например, в Катаре или Пакистане.
Норвежский DPA не устроила и модель монетизации Grindr. Одно из преимуществ платной версии приложения — отсутствие таргетированной рекламы, и, как следствие, передачи данных о пользователе рекламодателям. Иначе говоря, пользователь мог гарантировать себе конфиденциальность только при покупке платной версии — что автоматически означает незаконность бесплатной.
Источник: проверка регулятора
Статьи: 5, 6
Ссылки: регулятор
Из интересного:
По оценкам Fortune, €10 млн, которые может заплатить компания за нарушения, составляют треть её предполагаемой чистой прибыли за этот период.
Источник: Алексей Мунтян
#news #privacy
Регулятор итальянский потребовал, чтобы TikTok заблокировал учетки всех пользователей в Италии, чей возраст не был подтверждён (в идеале, доступ к приложению должен быть запрещён для детей, младше 13 лет, но это ограничение легко обойти).
Подробности, здесь
Регулятор итальянский потребовал, чтобы TikTok заблокировал учетки всех пользователей в Италии, чей возраст не был подтверждён (в идеале, доступ к приложению должен быть запрещён для детей, младше 13 лет, но это ограничение легко обойти).
Подробности, здесь
U.S.
Italy tells TikTok to block users after death of young girl
The Italian data privacy watchdog ordered video app TikTok on Friday to block the accounts of any users in Italy whose age it could not verify following the death of a 10-year-old girl who had been using the Chinese-owned app.
#ЯрмаркаВакансий
Новая вакансия на RPPA.ru ➡️ Ведущий специалист-методолог по персональным данным (152-ФЗ) в крупную ИТ-компанию
Новая вакансия на RPPA.ru ➡️ Ведущий специалист-методолог по персональным данным (152-ФЗ) в крупную ИТ-компанию
#ЯрмаркаВакансий
Вакансия ➡️ Специалист по обработке и защите персональных данных (152-ФЗ) в крупную ИТ-компанию.
Подробности на RPPA.ru
Вакансия ➡️ Специалист по обработке и защите персональных данных (152-ФЗ) в крупную ИТ-компанию.
Подробности на RPPA.ru