Tag Archives: privacy

10 key things you need to know about the EU GDPR and personal data

The General Data Protection Regulation (GDPR) becomes law across Europe in May 2018, replacing a patchwork of data protection laws across the various member states and essentially making privacy the new norm.

Wide-ranging in its scope, a key theme is returning a lot more power over personal data to individuals, who will have new and increased rights over what personal data is collected, what it can be used for and what happens when they want to remove consent.

The GDPR also includes a ‘right to be forgotten’ as well as the right to know when your personal data has been hacked and replaces rules dating back to 1995 when the internet was in its infancy.

Completely in tune with digi.me’s vision to unlock the power of personal data by returning control and ownership to those who create it in the first place, the new law will apply to all businesses not just based in the EU, but also those dealing with EU citizens.

Here’s a quick guide to the main features:

  1. Privacy by design means that when you download an app or sign up for a service, you should not be asked for data that is not directly needed or relevant for the purposes of interacting with that app or service. Services should no longer be asking for capabilities they don’t actually need, which will immediately restrict data leakage.
  2. Explicit permission means just that – when you give permission to an app or website to have or use your details in a specific way, they can’t use it for any other purpose or, crucially, sell it on to third parties.
  3. Data portability gives you the right to ask for any data that a company has about you, which should be returned in a machine-readable form so that you can reuse it, for example to give it to another service provider.
  4. Giving someone your data doesn’t mean they will always have access to it – under the GDPR you have a right to be forgotten and will be able to ask companies or platforms to delete your data if you no longer want them to have it. The two caveats to this are a) that this won’t apply to some information that there is a legal requirement to keep, for example medical records and b) that it is also a personal right to forget, distinct from the 3rd party Right to be Forgotten, where individuals can request that outdated or undesirable information about them be removed from search engines. (read more about the difference here)
  5. Clear and affirmative consent will be needed before private data is processed and this will require an “active step” such as ticking a box. The Parliament is clear that “silence, pre-ticked boxes or inactivity will thus not constitute consent. In future, it should also be as easy for a person to withdraw consent as to give it.”
  6. Right to be informed in plain and clear language – MEPs have insisted that the new rules will put an end to “small print” privacy policies and that information should be given in clear and plain language before any data is collected.
  7. Clear limits on the use of profiling – new limits where automated processing of personal data is used to “analyse or predict a person’s performance at work, economic situation, location, health, preferences, reliability or behaviour”, including creditworthiness. Under the new regulation, profiling would generally only be allowed with the consent of the person concerned, where permitted by law or when needed to pursue a contract and should comprise a human element, including an expectation of the decision to be reached. MEPs also insisted that profiling should not lead to discrimination or be based solely on sensitive data, such as ethnic origin, political opinions, religion or sexual orientation.
  8. One law for the whole continent – one of the biggest attractions is that Europe will now be covered by one law, applied in the same way everywhere, instead of a patchwork of national ones. Eliminating the need to consult local lawyers in each country a business has dealings or premises will see direct cost savings as well as legal certainty. Savings from dealing with one pan-European law rather than 28 are estimated at €2.3bn per year.
  9. Regulatory one-stop shop – businesses will only have to deal with one regulatory body rather than 28, making it simpler and cheaper for companies to do business in the EU.
  10. The new rules promote techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymisation (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorised can read it) to protect personal data.

Overall, the new data protection rules give businesses opportunities to remove the lack of trust that can affect people’s engagement through innovative uses of personal data, while giving individuals clear, effective information about what their data is being used for will help build trust in analytics and innovation for the benefit of all.

The new rules will be backed up by harsh sanctions including fines of up to 4pc of a company’s global turnover if they don’t comply.

UK’s data protection body issues GDPR guidance on consent

The Information Commissioner in the UK has drafted guidelines for what businesses and organisations handling personal data will need to do to comply with the new GDPR out for consultation.

In the draft guidance, the ICO notes that: “The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how you use their data.

“When consent is used properly, it helps you build trust and enhance your reputation.”

The draft guidance’s key points include:

• Doing consent well should put individuals in control, build customer trust and engagement, and enhance your reputation.

• Consent means offering individuals genuine choice and control.

• Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.

• Explicit consent requires a very clear and specific statement of consent.

• Keep your consent requests separate from other terms and conditions.

• Be specific and granular. Vague or blanket consent is not enough.

• Be clear and concise.

• Name any third parties who will rely on the consent.

• Make it easy for people to withdraw consent and tell them how.

• Keep evidence of consent – who, when, how, and what you told people.

• Keep consent under review, and refresh it if anything changes.

• Avoid making consent a precondition of a service.

Overall, the draft guidance sets out how the ICO interprets the GDPR, key changes from existing data protection regulation, and its general recommended approach to compliance and good practice.

But it is also clear that the guidance will need to evolve both to take account of future guidelines issued by relevant European authorities, and according to experience once the law is in place from May of next year.

Ad-blocking up 30pc in 2016 as privacy becomes a hot button topic

A new worldwide report into ad-blocking has found that 615 million devices globally are blocking ads on the web.

To put that in context, that figure represents over one in ten people online, and is also up 30 per cent in 12 months.

The state of the blocked web survey, by Adblock, presents a combined picture of desktop and mobile adblock usage for the first time, and found that ad-blocking on mobile is exploding, particularly in Asia.

Key stats to be aware of:

  • 615 million devices now use adblock
  • 11% of the global internet population is blocking ads on the web
  • Adblock usage grew 30% globally in 2016
  • Mobile adblock usage grew by 108 million to reach 380 million devices
  • Desktop adblock usage grew by 34 million to reach 236 million devices
  • 74% of American adblock users say they leave sites with adblock walls
  • Adblock usage is now mainstream across all ages

Certainly privacy is one of the key drivers fuelling this phenomenon, as people tire of intrusive ads tracking them around the web, although the ads’ impact on page loading speed as well as bloated pages eating through data allowances are also significant factors.

So what does the ad-blocking surge mean for the privacy landscape?

Well, the numbers involved are obviously significant, which means we have a rapidly-growing online population that will modify online behaviour to avoid things that worry or irritate. And they’re doing it at scale, and across all devices, with the mobile ad-blocking increase predicted to hit North America and Europe next.

Also control is key – while this is not a revolt against digital advertising per se, rather the methods it employs, the internet population is increasingly showing it won’t be forced to watch or download things it doesn’t want to, because there is now another way.

With awareness around personal data issues also growing exponentially, this is heartening news – because the old ways are being disrupted in this industry, too, and technology such as digi.me is innovating in a way which again will benefit the consumer with minimal hassle to implement.

So all hail the ad-blocking army – user control and willingness to use a tech solution that shows a better way is good news for everyone driving the Personal Data Economy forward to a person-centred Internet of Me.

How sharing more personal data can lead to greater privacy online

The very concept of online privacy is often described as a myth, and while it’s not hard to see why, it’s more wrong now than it has ever been.

Yes, our personal data is scattered about the web, traded, sold on and held in multiple places that we can neither access nor delete – but the dominance of that situation will soon be the past, with the glorious forces of the Internet of Me riding in to replace it.

The IoM will enable all of us, no matter who we are, to take back control of our data and shape what happens to it and who is allowed to see it.

We don’t benefit from our data being traded at the moment, but the Internet of Me will flip that so that we are the primary beneficiaries, sharing that data on our own terms only when we are happy with what is offered in return.

And businesses win too, finally getting access to data that is 100 per cent accurate and rich in both depth and time – just what innovation needs. And society needs innovation, especially in areas such as health where a mass of accurate data can be hard to obtain.

Of course, online privacy has always been fluid when set against the norms of the offline world.

But the last decade has also seen personal perceptions of privacy change and evolve dramatically with the explosion in online services and social networks on which many of us regularly post huge amounts of personal information.

So how does all of this combine to create a more private world? The simple answer is technology, more specifically digi.me and other application advances that mean processing can be brought to the data, instead of data always having to be handed over.

At the very heart of the digi.me vision is the abilty for each individual having their data in a 100 per cent secure and private library under their control that we, the company, can never see, touch nor hold.

But the arrival soon of our Consented Access platform means you will be able to share your data with a company without it ever leaving your handset, as they can give permission for an app to simply run an algorithm over your data, which returns only the results and means the data never leaves your device.

More sharing, AND greater privacy for your data, is a pretty spectacular combination. And in addition to being more private, this body of data you collect through digi.me- which will shortly include financials and health – creates a body of information that is immensely more powerful than the sum of the parts scattered before this aggregation.

Incoming legislation called the GDPR will also shape this brave new world, creating much more user-centric stringent regulations on the collection of use of personal data, as well as substantial fines for non-compliance.

So privacy online becomes more about choice, with us as the guardians of our own privacy, choosing who else has access and on what terms.

There is no quick overall privacy fix, but one of the aims of digi.me will always be to return ever more privacy to its users and thus be the enablers of an increasingly private world.

Digi.me featured on Entrepreneur

Personal data and the lack of consumer trust and control over what is held by others is becoming one of the defining issues of our times.

And our founder and chairman Julian Ranger is now firmly established as an expert in how this can all be handled so much better than at present.

He is quoted extensively in this new Entrepreneur.com article looking at 4 Ways the Fight Over Data is Getting Way More Personal, which covers the fact Facebook effectively has a global monopoly as well as how new European regulation will change the face of personal data.

It also looks at how both technological advancements and public opinion are both challenging the status quo, with a focus on digi.me and its vision to bring back control to the user, putting them at the centre of their connected world in the Internet of Me.

It’s well worth reading in full, and is summed up by this very apt statement: “It will be exciting to see how entrepreneurs step into this space. In the same way that the Internet connected us in a way that few people could have imagined, returning data to its owners could change the Internet into a vastly different place yet again.”

Hurrah to that!

Positives to take from WhatsApp sharing personal data with Facebook

WhatsApp’s decision to start sharing user data with Facebook has rightly made waves around the world, mostly for the wrong reasons, but there are still positives we can take from the situation.

Firstly, WhatsApp was upfront about what it was planning to do, (handing over personal information including users’ phone numbers to Facebook as part of plans to allow businesses to message users, which will also allow Facebook to better target ads). Now, they may well have thought they couldn’t hide it even if they wanted to, as it required a change to their privacy policy, but still – openness about what companies are doing with personal data is always to be commended, and will become a legal requirement for companies operating in the EU from 2018 when the GDPR comes in.

That said, of course, WhatsApp should never have forced this on their users, and opt-in would have been an immensely better decision. (If you want to opt out, see here for details regardless of whether you’ve accepted the new terms and conditions.)

Secondly, users and the media didn’t just take it lying down – there were multiple articles outlining why this was a mistake for WhatsApp and criticising both companies across not just tech outlets but respected mainstream media – so the days of people just shrugging when massive changes are made to privacy policies without consultation are over.

Thirdly – and arguably most importantly – those in charge of protecting and safeguarding our privacy are showing they have teeth (and plan to use them) with both the UK’s Information Commissioner and France’s CNIL saying they plan to look into the decision and would be following it ‘with great vigilance’. in addition to a complaint to the Federal Trades Commission from US privacy groups.

Fourth, and finally, there are (very early) signs that people aren’t as ready to be loyal to messaging platforms, even popular ones, with a wealth of online comment of WhatsApp users looking for other, more private, platforms, and mainstream articles such as this one in Mashable.

Obviously we all hope for less, rather than more, personal data sharing without our consent, and there’s rightly a lot of anger at this move. But a sea change is coming, where users will be the ones back in control of their data, sharing it on their terms, and the public visibility and understanding needed to help make that a reality is very much underway.

digi.me now available for free on iOS and Android

mobile digi.me

We are delighted to announce that a digi.me app is now available on the Apple App Store so everyone can see, search, save and share all their social media pictures and pins on the move.

digi.me has brought the best of its desktop application available on PC and Mac to mobile, so you can see all your Facebook, Instagram, Twitter, Flickr and Pinterest pictures and pins you’ve posted and liked in one place.

The digi.me app automatically shows you all your content, which you can browse through at leisure. It also features improved search as well as filtering functions so you can narrow down what you look for by keyword, platform post and type, person, time period, album, board or a combination of these.

When you have found what you are looking for or you have re-discovered a forgotten gem, one Swipe helps you save it to your device, send it in a message or email, see it in its original location, complete with likes and comments.  You can also save your favourite searches to come back to quickly and easily to the content or topics you are regularly looking for.

“The team have worked hard to make sure you get to the photo you’re looking for as quickly as you can think of it. We’ve had a lot of fun building, optimising and using the app and hope that is reflected in your day to day use”, said Pascal Wheeler, digi.me Chief Creative Officer.

“We’ve created widgets for Flashback, your posts, your likes, and photos you’re tagged in – and more are in development, so stay tuned!”

As with the digi.me desktop version, all user data remains wholly private as digi.me doesn’t see, touch or hold any of your information, which you download directly to your device or your personal cloud that only you have access to.

An Android version of the App has also been launched and can be downloaded here.

In pictures: a month in the life of digi.me

We always working hard to improve both our apps and personal data privacy in general – but we get around the world a bit as well!

julian-iceland

Our founder and chairman Julian Ranger is in demand as a privacy expert and speaker worldwide, and here he is speaking at a conference on the future of data in banking in Iceland…

Icelandic-press

…and making the Icelandic press with our defining vision of the Internet of Me, where the individual is at the centre of their connected life.

jim-julian-tongham

The digi.me team are based all over the world – but a meet-up near our Farnham HQ was a welcome chance to catch up as well as discuss strategy for the (exciting) year ahead. Our EVP North America Jim Pasquale here with Julian…

rory-jim-tongham

…and our CEO Rory Donnelly…

jim-designers-tongham

…and meeting some of our developers (and making them laugh, he’s a funny guy!)

pascal-jim-tongham(1)

There was time for a few photos (here with Chief Creative Officer Pascal Wheeler)…

julian-jim-un

…before he and Julian headed back to New York for the UN ID2020 event…

julian-jim-un-again

… a global initiative looking at how to provide legal identity and inclusion for trafficked people, refugees, children and disaster relief victims

rory-tnw-launchpad

Rory presenting digi.me at The Next Web’s Super Launchpad in Amsterdam…

rory-tnw

…before taking charge of the stand in the Microsoft booth demonstrating our app to eager attendees

You, yes YOU, should be the most important thing in the Internet of Things

The second part of the extensive interview with our founder and chairman Julian Ranger has been published, focusing on why the IoT needs an Internet of Me to make it real and fix obvious and glaring privacy and security issues.

It’s a cracking read, and covers a lot of ground including the war on privacy, why data collection needs to move from behind us to in front of us, and why the way apps and devices handle data needs to undergo a fundmental shift.

I can’t recommend it highly enough if you have any interest at all in the field of personal data privacy and the personal data economy (which we all, of course, should have) – so here are a couple of choice quotes to whet your appetite:

“The Internet of Things at the moment is being built on data that is collected behind us. It needs to move in front of us. We need a path towards that, from the dark side to the light side. The IoT can’t work behind us, which is the way it’s been built today. That’s just loading more rubbish on a rubbish framework. There needs to be a new framework.”

“A large part of the cost of IoT is that all this data is being racked up into offline storage that companies are having to do. It is uneconomic to keep supporting old stuff. But what would happen if the data came to me first — not necessarily just into digi.me but wherever I choose to keep it — and I then decided where it went? If a business no longer wants to support it I can still keep this piece of kit and it keeps talking to my system for ever if I want, but more importantly I get to control where the data goes.”

Tempted? Excellent – it’s well worth your time.

And if you missed the first interview, which took place over on the Internet of Me forum which we sponsor and support, you can find that here.

What does a Trump vs Clinton fight for the US presidency mean for privacy?

The next US president looks set to be either Donald Trump or Hillary Clinton – so what will be the implications for personal data privacy and surveillance whoever wins? Let’s have a look at their track records…

Donald Trump has strong and (from a UK viewpoint) often bizarre viewpoints on many things. There’s not much The Donald hasn’t opined on, and privacy and security are no different. And, as ever, he’s got an unusual take on things.

Back in September, for example, he said he was open to ‘closing parts of the internet down‘ to win the fight again Isis, which shows broad ambition and lateral thinking skills if not a huge amount of technical nous. The whole quote in full: “I would certainly be open to closing areas where we are at war with somebody. I sure as hell don’t want to let people that want to kill us and kill our nation use our internet.”

Following the attacks in Paris, he said that privacy rights in America were a lot stronger before: “Those privacy rights were a lot stronger three days ago than they are now,” he said. “I think a lot of people would be willing to give up some privacy in order to have more safety.”, while also alluding to his belief that surveillance had not stopped the attacks.

He also strongly criticised Apple for opposing the FBI’s ‘backdoor’ order, asking: “Who do they think they are? They have to open it up.

He added: “I agree 100 percent with the courts. In that case, we should open it up.” […] “I think security, overall, we have to open it up and we have to use our heads. We have to use common sense. Somebody the other day called me a common-sense conservative. We have to use common sense.”

He then – such a surprise! – went further, urging a boycott of Apple if they didn’t help the FBI. As Trump is apparently an iPhone user, it was unclear whether he planned to boycott himself – but thankfully (or not, depending on how you look at it), the FBI found another way in without the whole court battle/boycott having to play out.

But, we should also note at this point, he did say if elected he would close loopholes in federal law that allow student data mining.

Moving on to surveillance, Trump has declared himself “fine” with re-authorising the Patriot Act, coming out in favour of security over privacy and further admitting:”I assume when I pick up my telephone people are listening to my conversations anyway, if you want to know the truth.”

Hillary Clinton, on the other hand, is what we might term a more seasoned political operator, and for that reason her stances have been a little more, erm, cautious.

But she has strong opinions on Edward Snowden, stating during a democratic debate: “He broke the laws of the United States.

“He stole very important information that has unfortunately fallen into a lot of the wrong hands. So I don’t think he should be brought home without facing the music.”

Staying with Snowden, she has also said: “He could have been a whistleblower. He could have gotten all of the protections of being a whistleblower. He could have raised all the issues that he has raised. And I think there would have been a positive response to that.” (athough subsequent press reports suggested he may not have been eligible for whistleblower protection)

On the NSA, which is synomymous with the Snowden revelations, particularly over the mass surveillance of civilians, she has been vaguer on her pronouncements, leading to the Atlantic to call her evasive, in an article in which they quoted her as saying: “Well, I think the NSA needs to be more transparent about what it is doing, sharing with the American people, which it wasn’t. And I think a lot of the reaction about the NSA, people felt betrayed. They felt, wait, you didn’t tell us you were doing this. And all of a sudden now, we’re reading about it on the front page…”

She was clear they had to act “lawfully”, but equally a lot of wiggle room was left there for her eventual position if she becomes the first US female president.

Speaking specifically about balancing the rights of privacy in reference to powers given to government agencies post 9/11, she said: “There’s no doubt we may have gone too far in a number of areas, and those [practices] have to be rethought and rebalanced”….adding:”I think it’s fair to say the Government, the NSA, didn’t so far as we know cross legal lines, but they came right up and sat on them.

“It could perhaps mean their data was being collected in metadata configurations, and that was somehow threatening. We have to be constantly asking ourselves what legal authorities we gave to the NSA and others and make sure people know what the tradeoffs are.”

On the FBI/Apple battle, for the record, she trod a careful middle line, saying: “I see both sides, and I think most citizens see both sides…We don’t want privacy and encryption destroyed, and we want to catch and make sure there’s nobody else out there whose information is on the cell phone of that killer.”

Of course, no look at Clinton and privacy is complete without a look at the curious affair of her use of her own private email server, which was used during her time as Secretary of State, in breach of normal protocol. Both she and the State Department have now released thousands of these emails in an effort to show (ironically) no breaches of security were made. A good look at the whole affair here.

So, essentially,  the ultimate future impact on privacy and surveillance is a difficult one to call at this stage, not least because we’re a long way off from the November contest and uber serious polling has yet to commence.

But we’re certainly in for interesting times, whoever wins. God Bless America!