You want my data? Sure, can I have a receipt for that?

The UK Information Commissioner recently released a guidance note on ‘Consent under GDPR’. It makes for very interesting reading, possibly quite painful reading in firms that rely heavily on digital marketing, CRM and e-commerce tools. The bar around consent management is being raised considerably. Our take on some of the specifics is set out below:…

Read More

Something other than consent

Consent is the preferred basis for the collection of personal data, but the bar for meaningful consent is high. But there are other legitimate authorities for processing personal information throughout its life-cycle. And there are new technologies to meet user expectations of privacy.

Read More

Consent is NOT a silver bullet

Notices ask for open-ended consent and freedom from notification of changes or updates in privacy policies. Is this “meaningful” consent? Most privacy laws and frameworks hold that notices not viewed means consent is not informed and therefore not valid. Legitimate basis for collecting personal data exist, and if users are alerted, can meet privacy expectations and with user choice.

Read More

What’s not working with “Notice and Consent”

Notices, what are they good for? Terms of Service and Privacy Policies are never (or rarely ever) actually read by end users. Consumers lack the tools needed to exercise their choices over their personal data. 600 ad block software installation is a strong condemnation of the current model.

Read More

Privacy and consent

Privacy is not about consent, the delegation of autonomy. Privacy is about control. Control over personal data is at the intersection of civil and commercial rights over that data. “Perfect Privacy” is probably impossible. Decision-making power and choices don’t rest entirely with those receiving notice nor with those providing consent. But it is clear that the ‘notice and consent’ regime is not working as intended.

Read More

Positive Developments in the GDPR Space

The last month has seen two positive developments in the GDPR space; both help move the GDPR discussion to the next level of detail – necessarily so given that the clock is ticking inexorably towards 25th May 2018. Just before the X’mas period the Article 29 Data Protection Working Party release Guidance on Data Portability…

Read More

Alice and Bob’s Relationship is Broken

Alice and Bob are the primary characters in a cast of characters first used in cryptographic circles as placeholder names to represent different parties in a transaction (see the Wikipedia article). The story goes like this. Alice wants to send a message to Bob, but she doesn’t want anyone but Bob to be able to…

Read More

JLINC Proof of Concept and GDPR Sandbox Propositions

In order to help organisations engage with the JLINC protocol, we have built two entry level propositions. The first, the GDPR Sandbox, enables organisations to engage over a ten week period with a dedicated technical environment in which the main technical aspects of GDPR can be explored from individual, organisation and intermediary perspectives. GDPR Scenarios…

Read More

This site uses google analytics more

The cookie settings on this website are set to "allow cookies". If you continue to use this website without changing your cookie settings then you are consenting to this. You are welcome to run an ad blocker without affecting site performance.