Year: 2018

I took a beautiful long lunch with a client today, DPO lady in insurance sector, on an island outside of Stockholm. It was really a cool conversation when we discussed the latest. It seems that the Swedish SA (Datainspektion) graced with a new set of teeth is set on using them!

“Datainspektionen startar nu sin första granskning enligt den nya dataskyddslagen GDPR. 80 myndigheter, företag och organisationer måste visa att man utsett de dataskyddsombud som lagen kräver.”

https://www.svt.se/nyheter/inrikes/vardforetag-fackforbund-och-teleoperatorer-synas-i-forsta-gdpr-granskningen

After a long and frustrating journey for the Datainspektion under the old DPA, it was very cool to see that they are GDPR energised into serious action 🙂

 

I received this tip from one of our clients last week. It is a GDPR sleep aid in the App Calm, for those of you that use it. I use it normally for Mindfulness.

Now, last night I tested it, and it works! They have a great commentator which reads out the GDPR text, well not all, but I was asleep before he had finished 😴 which was quite awesome.

More on the initiative can be found here 🙂

https://blog.calm.com/relax/once-upon-a-gdpr

Copied from dataskydd.net.

Flera stora myndigheter har personuppgiftsförsäljning som affärsmodell. Det gör att finansieringen av myndigheternas verksamhet och personalbehov knutits till förmågan att sälja inflytande över individers liv och identiteter till utomstående. Skatteverkets SPAR-register ger svenska privatpersoner sämre kontroll över vem som påverkar dem än vad Google, en av världens främsta datainsamlare, gör.

Sedan slutet av 1980-talet har svenska lagstiftare skapat ett mångfaldigt och spretigt skydd för individers rättigheter som särreglerar varje myndigheter. Dessa lagar kallas “registerförfattningarna” och det tog regeringen hela fyra år, mellan 2011 och 2015, att göra en någorlunda fullständig översikt.1 Regeringens arbete är fortfarande inte slut,2 och det pågående arbetet verkar riktat mot att bevara spretigheten .3

EU:s dataskyddspaket är en kulturkrock för det svenska myndighetsväsendet. Dataskyddspaketet sätter individens egen förmåga att utöva sina rättigheter i centrum, medan svenska registerförfattningar utgår från att lagstiftare och myndigheter ska utöva rättigheterna åt individen. Dataskyddspaketet utgår från att kunskap om en individ är makt över en individ, och att makten ska utgå från individens eget samtycke. Datahanteringen på svenska myndigheter utgår från att kunskap om individen främst är ett verktyg för myndigheten att bedriva sin verksamhet.

I love the GDPR. Whether correct or not, missing the ‘soft opt-in’, I love my new mailbox after the 25th. By default I did not opt-in, all that shit has disappeared, and today I received an email ‘did we accidentally uninscribe you’. Just to be sure that I really didn’t want to opt-in. Okay I would prefer not to receive anything, but I guess, hope this is the last I hear from them, and from them all 🙂

Life after 25th May feels like harmony! Privacy by Design in practice, i.e. the user shouldn’t need to do anything to protect their privacy, privacy by default! And these principles have been around since the 1990s!

I’ve been getting quite a few requests from individuals having problems buying the GDPR book that I published together with Filip Johnssén through the IAPP in March.

Well I have been talking to them, and they know that it is not really easy to find the book on their website if you are not a member. If you are, you have got used to it!

I have provided links to the hardcopy and digital copy here.  In addition here is a link to a Sample copy of the book, it gives you access to the whole Module 1 of the book. There are 5.

If you want to buy one or more copies, you can reply to this thread in WordPress, or wherever this post will end up in LinkedIn, Facebook and Twitter. I’m less responsive on Twitter than Linked & FB. Or you can contact me via Direct message or personally, I will be buying in bulk for Privasee business, and I don’t mind upping this order if you prefer it is shipped from Sweden rather than the US.

 

I feel as though I’m in the middle of a ping-ball machine with all legal parties -on behalf of their clients/controllers mainly- are busy sending DPAs to all the processors. And many of the processors who are also controllers are scratching their heads, wondering what to do with these agreements. Wondering what they are? Controller or processor? This is all very confusing for those who haven’t yet started, or have only just started this year!

Should I be disappointed that Facebook still hasn’t understood the ‘Privacy by Default’ principal in Privacy by Design? The user shouldn’t need to do anything to protect their privacy!

No, of course they don’t, why waste my energy ranting on this!? Just now when accepting the new privacy policy, it enabled as the default ‘facial recognition’ when I was going through this on my mobile device. Maybe I was clumsy in clicking Accept, but it was easier to click this button rather than the No choice. I then needed to find the setting and switch off. It wasn’t difficult, just annoying.

Privacy icons are going to be all the rage with GDPR efforts to bring privacy communications into a format for those of us, who don’t eat ‘legal speak’ for breakfast. Apple say that this symbol will pop-up when a function is going to use your personal data. And I really love the icon!

I’ve also received some communications from others who liked what they saw, and in Swedish. Well done Apple!

I have never been so overwhelmed in my whole life. The GDPR gold rush is here.

I wish I could be excited by the fact, after all I have been predicting this since 2015 even? However, I am terrified by significant shortage of expertise on the market, those who really know what it is all about, versus the false gods. So much false news, and so much GDPR theatre, I just want this to stop, step back and, just stop panicking.

In Privasee, we are struggling to meet the demand, the panic. Our approach is to empower our partners with expert knowledge so they can do what is right for their clients. We are lucky to have Nebu as our Swedish consulting partner, learning partner is Cornerstone, we have other partners also in both Portugal and Malta! We want to make GDPR knowledge accessible to all! We call our consulting partners OWLs, because they have reached a level of expertise (we should know as we’ve trained them) to be able to run this race without Privasee, except for our methods (which are rapidly becoming privacy industry best practices).

My dream is to empower our customers with knowledge, so they are NOT dependant upon us.

My dream is to  demystify this GDPR monster, so that it becomes something we know.

And IMHO dreams are still possible 🙂

Facebook (FB, -2.34%) collects data on people’s ideologies and religious beliefs, sex and personal tastes—from its own services and those of third parties—without clearly telling its users what it will do with this information. Read more here.

“In a statement, Facebook claimed the Spanish data protection authority (DPA) was wrong to say it showed people advertising based on sensitive personal data. It said ad-targeting was instead based on the interest people express by “liking” certain content on the social network.”

Of course this is rubbish what FB claim. When I was researching my first book I did some extensive clicking to see what would happen. Hence, if adverts pop-up on my profile proposing that I maybe interested in buying ‘incontinence pads’ as not sensitive personal data, what is?