All Posts in privacy

May 25, 2018 - Comments Off on Singing the General Data Protection Regulation (GDPR) Blues

Singing the General Data Protection Regulation (GDPR) Blues

Everyone's been inundated with emails from websites you subscribe to this week. We decided to do a little research about GDPR and managed to find a few things that are worth exploring and noting when modifying your individual privacy statements.

The Mechanism suggests that you reach out to your internal legal teams to revise your Privacy Policy to address the EU’s new General Data Protection (GDPR). We’ve reviewed how some other companies have revised their Privacy Policies and have found a few notable changes that would be worth discussing with your legal team in their plan to revise your individual policies.

A reminder that The Mechanism LLC is not a legal firm or legal entity and our brief research into this subject is intended to help you begin your conversations with your internal legal representatives. Your "legal-eagles" will have significantly more useful and appropriate information as legal experts than we could ever provide. We make no legal assurances for any information supplied, as we have performed research as you or your team would online, and have attempted to supply our findings as a service to you.

Three notable alterations we’ve identified with regard to GDPR changes in some of the websites we visit (achieved through downloading and directly comparing pre-May 25th privacy policies vs. post-May 25th, 2018) are related to:

Legal basis for processing Personal Data

We found this paragraph on a website we frequent added post May 25th, 2018. Note that the change outlined below from pre-May 25th vs post-May 25th:

pre-May 25th, 2018

We use the information we collect about you to:
Establish your account and provide the Services;
Fulfill your requests and provide customized content to you;
Communicate with you through email, notices posted on the website, and other means available through the Services.
Create, tailor, deliver and study the effectiveness of advertising and promotional material both on and off of the Services, as well as for analytics (including as described in the Online Analytics, Advertising and Do-Not-Track section below);
Improve the Services and to research and develop innovative features and new services;
Provide feedback to third party businesses that are listed on the Services; and
Investigate, prevent, or take action regarding unlawful or harmful activities, including potential threats to the physical safety of a person, potential fraud, and violations of our Terms of Service.
Please note that we may anonymize and/or de-identify information collected through the Services or via other means so that the information no longer relates to you. Where we have appropriately anonymized and/or de-identified information so that it no longer identifies you personally, our use and disclosure of such information is not subject to this Privacy Policy, and may be used and disclosed to others without restriction.

Revised post-May 25th, 2018 (note new copy added in front of the content above)

What legal basis do we rely on to process your Personal data?
Consent - When you receive our promotional material, you consent that your Personal data will be processed by us and we rely on this consent. You have the right to withdraw consent at any time. We will stop to process data after consent is withdrawn, where consent is the only legal basis for processing.
When you fulfill a contract – We will process your Personal data when you take steps to enter into a contract with us such as sign up for a free trial, use or purchase our service or products and for the performance of contract that you have entered with us.
Legitimate Interest – We process your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights.
Legal obligation - We may process your Personal data to comply with our legal and regulatory obligations such as preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies. Your data may be processed in order to satisfy the applicable law or enforceable governmental request.

We use the information we collect about you to:
Establish your account and provide the Services;
Fulfill your requests and provide customized content to you;
Communicate with you through email, notices posted on the website, and other means available through the Services.
Create, tailor, deliver and study the effectiveness of advertising and promotional material both on and off of the Services, as well as for analytics (including as described in the Online Analytics, Advertising and Do-Not-Track section below);
Improve the Services and to research and develop innovative features and new services;
Provide feedback to third party businesses that are listed on the Services; and
Investigate, prevent, or take action regarding unlawful or harmful activities, including potential threats to the physical safety of a person, potential fraud, and violations of our Terms of Service.
Please note that we may anonymize and/or de-identify information collected through the Services or via other means so that the information no longer relates to you. Where we have appropriately anonymized and/or de-identified information so that it no longer identifies you personally, our use and disclosure of such information is not subject to this Privacy Policy, and may be used and disclosed to others without restriction.

Retention of Data

We found this paragraph altered (on a website we frequent) post-May 25th, 2018:

pre-May 25th, 2018

We keep your information for as long as your account is active or as needed. For example, we may keep certain information even after you close your account if it is necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud and abuse, enforce our agreements or as part of our Website data backup process. We may keep your data in a published or unpublished format on the Services or in backups of the Website.

post-May 25th, 2018

Data Retention
We retain your information as long as your account is active or as needed to provide you services or because we have an ongoing legitimate business need to do so. We also retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We store your information as long as is necessary for the purpose for which we have collected it. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if it is possible (e.g. your personal information is stored for backup archives) then will securely store your personal information and isolate if from any further processing until the deletion/erasure is possible.

Rights identified with regard to your internal Data Controllers

We found this content added (to a website we frequent) post-May 25th, 2018:

Your Rights within the EU
Whenever you use our services from within the EU the following rights apply to your user account:
The right to be informed, The right of access, The right to rectification, The right to erasure, The right to restrict processing, The right to data portability, The right to object and rights in relation to automated decision making and profiling.
If you wish to exercise any of the above rights, please contact us using the contact details set out below. For the protection of your privacy and security, our Data protection team shall take every reasonable step to ensure that your identity is verified before granting access, or rectification, or deletion.
Note the Controller of data
If you live in the EU, the Controller of your data is (your company) with its principal place of business at (address).

Also, please note the following links we found that may also be helpful:

And finally, in the spirit of all the legal-eagles* out there, here's our own for you to ponder as you complete this post:
*This information is being provided as a suggestion from The Mechanism to initiate a conversation with your internal or external legal team, and not as a prescriptive solution to modifying your individual Privacy Policies. Your use of the information contained within this document signifies your complete understanding and compliance with this statement.

Good luck with your own Privacy Statements and your research. The mighty Internet continually evovles to protect It's users, and for that we applaud It.

Published by: davefletcher in The Programming Mechanism, The Reading Mechanism
Tags: , ,

May 9, 2014 - Comments Off on The MechCast 302: Internet Privacy

The MechCast 302: Internet Privacy

002_internet_privacy_blog_img

On this episode of The MechCast, Michael (our host), Tope, Dhruv, George, Dave, & Joe discuss privacy on the internet, how safe we really are while surfing the web, and how we as individuals feel about our own digital footprint.

Related Links:

Music:

Published by: antonioortiz in The Mechcast
Tags: , , ,