Tag Archives: personal data privacy

UK’s data protection body issues GDPR guidance on consent

The Information Commissioner in the UK has drafted guidelines for what businesses and organisations handling personal data will need to do to comply with the new GDPR out for consultation.

In the draft guidance, the ICO notes that: “The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how you use their data.

“When consent is used properly, it helps you build trust and enhance your reputation.”

The draft guidance’s key points include:

• Doing consent well should put individuals in control, build customer trust and engagement, and enhance your reputation.

• Consent means offering individuals genuine choice and control.

• Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.

• Explicit consent requires a very clear and specific statement of consent.

• Keep your consent requests separate from other terms and conditions.

• Be specific and granular. Vague or blanket consent is not enough.

• Be clear and concise.

• Name any third parties who will rely on the consent.

• Make it easy for people to withdraw consent and tell them how.

• Keep evidence of consent – who, when, how, and what you told people.

• Keep consent under review, and refresh it if anything changes.

• Avoid making consent a precondition of a service.

Overall, the draft guidance sets out how the ICO interprets the GDPR, key changes from existing data protection regulation, and its general recommended approach to compliance and good practice.

But it is also clear that the guidance will need to evolve both to take account of future guidelines issued by relevant European authorities, and according to experience once the law is in place from May of next year.

Major new privacy research shows worry for safety of personal data

New digital privacy research from the Pew Center in the US has found that nearly two thirds of Americans have personally experienced a data breach, and that a sizeable share of the public believes that their personal data has become less secure in the past five years.

The research, part of an ongoing series that has previously found that many  participants felt they had lost control of their personal data, was carried out midway through 2016, a year particularly notable for its cyber breaches.

It found that overall 64 per cent of adults who took part had experienced some kind of data breach. These included 41 per cent who had issues with fraudulent use of credit cards, 35 per cent receiving notices that some kind of sensitive information such as an account number had been compromised and 16  per cent having someone take over their email accounts.

Over and above this, 49 per cent feel that their personal data is less secure than it was five years ago – and the two entities they trust least to keep their data safe are the federal government and social media platforms. Interesting, 64 per cent also have at least one online account containing sensitive data such as health or financials.

So what can we learn from this? That the threat of having data or accounts hacked is alive and well, because current collection methods collate data from all users together, creating a massive honeypot for would-be hackers.

We can also conclude that people feel forced to entrust their data to businesses and services that they are not convinced will take care of it, because they have no other option if they want to access them.

Overall, this is a picture of an industry ripe for change and disruption – a new way of storing data that puts individuals back in control of what they create, able to hold it in a secure place of their choosing, and then do with it what they choose, on their terms.

This is a picture of an industry – and a society – very much in need of the Internet of Me – and we’re working every day to make that a reality as quickly as possible.