We need to fix GDPR’s biggest failure: broken cookie notices


The user experience of browsing the web is worse than ever. Even if you only spend a tiny amount of time online, it’s impossible to escape cookie consent notices. They’re the intrusive banners and blocks that appear each time you visit a new website that collects data about you through cookies. Each is asking the same question: will you allow this website to collect your information?

Are IP addresses ‘personal information’ under CCPA?


As companies grapple with complying with the California Consumer Privacy Act, they will need to decide whether the internet protocol addresses they collect from consumers are considered “personal information” and thus within the scope of this new law. It will not be easy.

Encryption’s impact on potential liability under CCPA


In the last decade, California has suffered twice as many data breaches as any other state, with roughly 1,493 breaches affecting nearly 5.6 billion records. For an organisation that handles the data of California consumers, adopting a robust security system is prudent.

A quick comparative survey of Quebec’s proposed privacy legislation


On June 12, 2020, Quebec tabled its proposed update to its public and private sector privacy laws, and it lives up to the promise of the “GDPR-style legislation” first announced this spring. There are a number of elements that echo other federal and provincial privacy laws in Canada, but there is a very strong European flavour.

Defensive or offensive, every strategy must start with trust


As digital transformation becomes mainstream, digitization is no longer a differentiating advantage. Enterprises must answer to a new set of expectations from customers, employees and business partners, and all while prioritizing compliance with tightening data regulations. To ensure they aren’t hindered by bad data – or the inability to leverage good data – companies must balance both offensive and defensive strategies.

Why all personal data matters when a data breach occurs


Syrenis Founder and Product Architect, Nicky Watson, answers the question as to why it should matter to individuals when their data (and it’s generally their email) is leaked in data breaches, such as in the recent Estée Lauder breach. Well, they didn’t expose any passwords, or financial details, or anything sensitive so why would it? …

First multi-million GDPR fine in Germany


€14.5 million for not having a proper data retention schedule in place. On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE (Deutsche Wohnen), the highest German GDPR fine to date. The infraction related to the over retention of personal data. For the first time, the Berlin DPA applied the new calculation method for GDPR fines issued by the German Datenschutzkonferenz recently.

The CCPA ripple effect in the enterprise: How to prepare


Data privacy is top of mind this year for many businesses. This year, security breaches have already increased by 33% and the amount of exposed records have more than doubled. Meanwhile, government-backed privacy and security regulations are requiring more transparency and enforcing higher levels of culpability from all organizations that handle data. Although the California Consumer Privacy Act (CCPA) is intended for California consumers, enterprises across the U.S. are adjusting their cybersecurity procedures and policies in anticipation of further regulations – and to avoid critical costs.

Apple updates Safari’s Intelligent Tracking Prevention to block all Third-Party Cookies


Apple has released a major update for its Safari’s Intelligent Tracking Prevention (ITP). The update allows Safari browsers to block all third-party cookies that advertisers use to track users across various sites. The feature is turned on by default for all Safari users.

Grace Period for Cookies Compliance


On 6 April 2020, the Data Protection Commission (DPC) published a report and separate guidance on Cookies and Other Tracking Technologies (Guidance), a key area of enforcement for the DPC. The DPC’s report, which found that the majority of websites were not compliant, was based on random sweeps of websites by the DPC in a broad range of sectors including media & publishing, insurance, sport & leisure, retail, hospitality and the government sector.