3,441 Matching Annotations
  1. May 2020
    1. generic-sounding term may be interpreted as something more specific than intended: I want to be able to use "data interchange" in the most general sense. But if people interpret it to mean this specific standard/protocol/whatever, I may be misunderstood.

      The definition given here

      is the concept of businesses electronically communicating information that was traditionally communicated on paper, such as purchase orders and invoices.

      limits it to things that were previously communicated on paper. But what about things for which paper was never used, like the interchange of consent and consent receipts for GDPR/privacy law compliance, etc.?

      The term should be allowed to be used just as well for newer technologies/processes that had no previous roots in paper technologies.

    1. With that guidance in mind, and from a practical standpoint, consider keeping records of the following: The name or other identifier of the data subject that consented; The dated document, a timestamp, or note of when an oral consent was made; The version of the consent request and privacy policy existing at the time of the consent; and, The document or data capture form by which the data subject submitted his or her data.
    2. Where a processing activity is necessary for the performance of a contract.

      Would a terms of service agreement be considered a contract in this case? So can you just make your terms of service basically include consent or implied consent?

    3. “Is consent really the most appropriate legal basis for this processing activity?” It should be taken into account that consent may not be the best choice in the following situations:
    1. “A processor is responsible for processing personal data on behalf of a controller.”
    2. “A controller determines the purposes and means of processing personal data.” This is you.
    1. EU law prohibits the personal data of EU citizens from being transferred outside the EU to countries which do not ensure an adequate level of protection for that data.
    2. This framework serves the purpose of protecting Europeans’ personal data after the transfer to the US and correlates with GDPR requirements for Cross Boarder Data Transfers.
    1. It’s useful to remember that under GDPR regulations consent is not the ONLY reason that an organization can process user data; it is only one of the “Lawful Bases”, therefore companies can apply other lawful (within the scope of GDPR) bases for data processing activity. However, there will always be data processing activities where consent is the only or best option.
    2. Under EU law (specifically the GDPR) you must keep and maintain “full and extensive” up-to-date records of your business processing activities, both internal and external, where the processing is carried out on personal data.
    3. However, even if your processing activities somehow fall outside of these situations, your information duties to users make it necessary for you to keep basic records relating to which data you collect, its purpose, all parties involved in its processing and the data retention period — this is mandatory for everyone.
    1. If you’re a controller based outside of the EU, you’re transferring personal data outside of the EU each time you collect data of users based within the EU. Please make sure you do so according to one of the legal bases for transfer.

      Here they equate collection of personal data with transfer of personal data. But this is not very intuitive: I usually think of collection of data and transfer of data as rather different activities. It would be if we collected the data on a server in EU and then transferred all that data (via some internal process) to a server in US.

      But I guess when you collect the data over the Internet from a user in a different country, the data is technically being transferred directly to your server in the US. But who is doing the transfer? I would argue that it is not me who is transferring it; it is the user who transmitted/sent the data to my app. I'm collecting it from them, but not transferring it. Collecting seems like more of a passive activity, while transfer seems like a more active activity (maybe not if it's all automated).

      So if these terms are equivalent, then they should replace all instances of "transfer" with "collect". That would make it much clearer and harder to mistakenly assume this doesn't apply to oneself. Or if there is a nuanced difference between the two activities, then the differences should be explained, such as examples of when collection may occur without transfer occurring.

    2. whose personal data you collect and process as “controller” (that is the word that GDPR uses for whoever determines the purposes and means of the processing of personal data).
    3. If you profile your users, you have to tell them. Therefore, you must pick the relevant clause from the privacy policy generator.
    4. If you’re selling products and keep record of users’ choices for marketing purposes, dividing them into meaningful categories, such as by age, gender, geographical origin etc., you’re profiling them.
    1. Drew, D. A., Nguyen, L. H., Steves, C. J., Menni, C., Freydin, M., Varsavsky, T., Sudre, C. H., Cardoso, M. J., Ourselin, S., Wolf, J., Spector, T. D., Chan, A. T., & Consortium§, C. (2020). Rapid implementation of mobile technology for real-time epidemiology of COVID-19. Science. https://doi.org/10.1126/science.abc0473

    1. you can think “sold” here as “shared with third parties for any profit, monetary or otherwise”
    2. The right to data portability Under certain conditions, users have the right to obtain (in a machine-readable format) and use their personal data for their own purposes.
    3. under most legislations you’re required to inform extensively about the processing activities, their purposes and the rights of users.
    4. Full and extensive records of processing are expressly required in cases where your data processing activities are not occasional, where they could result in a risk to the rights and freedoms of others, where they involve the handling of “special categories of data” or where your organization has more than 250 employees — this effectively covers almost all data controllers and processors.
    5. Meet specific requirements if transferring data outside of the EAA. The GDPR permits data transfers of EU resident data outside of the European Economic Area (EEA) only when in compliance with set conditions.
    6. Users have the right to access to their personal data and information about how their personal data is being processed.
    1. If you have fewer than 250 employees, you only need to document processing activities that: are not occasional; or
    2. Most organisations are required to maintain a record of their processing activities, covering areas such as processing purposes, data sharing and retention; we call this documentation.
    1. This right only applies to personal data and as such does not apply to genuinely anonymous data (data that can’t be linked back to the individual).
    2. The records should include: who provided the consent;when and how consent was acquired from the individual user;the consent collection form they were presented with at the time of the collection;which conditions and legal documents were applicable at the time that the consent was acquired.
    3. Non-compliant Record Keeping Compliant Record Keeping
    1. the GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way
    1. Similarly, the GDPR introduces the concept of ‘pseudonymous data’ – personal data that cannot be attributed to the data subject without some additional information.
    1. it buys, receives, sells, or shares the personal information of 50,000 or more consumers annually for the business’ commercial purposes. Since IP addresses fall under what is considered personal data — and “commercial purposes” simply means to advance commercial or economic interests — it is likely that any website with at least 50k unique visits per year from California falls within this scope.
    1. You must disclose how the add-on collects, uses, stores and shares user data in the privacy policy field on AMO. Mozilla expects that the add-on limits data collection whenever possible, in keeping with Mozilla’s Lean Data Practices and Mozilla’s Data Privacy Principles, and uses the data only for the purpose for which it was originally collected.
    1. Van den Akker, O., Weston, S. J., Campbell, L., Chopik, W. J., Damian, R. I., Davis-Kean, P., Hall, A. N., Kosie, J. E., Kruse, E. T., Olsen, J., Ritchie, S. J., Valentine, K. D., van ’t Veer, A. E., & Bakker, M. (2019). Preregistration of secondary data analysis: A template and tutorial [Preprint]. PsyArXiv. https://doi.org/10.31234/osf.io/hvfmr

  2. Apr 2020
    1. Finally, from a practical point of view, we suggest the adoption of "privacy label," food-like notices, that provide the required information in an easily understandable manner, making the privacy policies easier to read. Through standard symbols, colors and feedbacks — including yes/no statements, where applicable — critical and specific scenarios are identified. For example, whether or not the organization actually shares the information, under what specific circumstances this occurs, and whether individuals can oppose the share of their personal data. This would allow some kind of standardized information. Some of the key points could include the information collected and the purposes of its collection, such as marketing, international transfers or profiling, contact details of the data controller, and distinct differences between organizations’ privacy practices, and to identify privacy-invasive practices.
    2. If the PIA identifies risks or high risks, based on the specific context and circumstances, the organization will need to request consent.
    3. Privacy impact assessments or data protection impact assessments under the EU GDPR, before the collection of personal data, will have a key role
    4. U.K. Information Commissioner Elizabeth Denham clearly states that consent is not the "silver bullet" for GDPR compliance. In many instances, consent will not be the most appropriate ground — for example, when the processing is based on a legal obligation or when the organization has a legitimate interest in processing personal data.
    5. data processing limited to purposes deemed reasonable and appropriate such as commercial interests, individual interests or societal benefits with minimal privacy impact could be exempt from formal consent. The individual will always retain the right to object to the processing of any personal data at any time, subject to legal or contractual restrictions.
    6. organizations may require consent from individuals where the processing of personal data is likely to result in a risk or high risk to the rights and freedoms of individuals or in the case of automated individual decision-making and profiling. Formal consent could as well be justified where the processing requires sharing of personal data with third parties, international data transfers, or where the organization processes special categories of personal data or personal data from minors.
    7. First, organizations must identify the lawful basis for processing prior to the collection of personal data. Under the GDPR, consent is one basis for processing; there are other alternatives. They may be more appropriate options.
    1. RPO limits how far to roll back in time, and defines the maximum allowable amount of lost data measured in time from a failure occurrence to the last valid backup. RTO is related to downtime and represents how long it takes to restore from the incident until normal operations are available to users

      RPO RTO

    1. Before we get to passwords, surely you already have in mind that Google knows everything about you. It knows what websites you’ve visited, it knows where you’ve been in the real world thanks to Android and Google Maps, it knows who your friends are thanks to Google Photos. All of that information is readily available if you log in to your Google account. You already have good reason to treat the password for your Google account as if it’s a state secret.
    1. Alas, you'll have to manually visit each site in turn and figure out how to actually delete your account. For help, turn to JustDelete.me, which provides direct links to the cancellation pages of hundreds of services.
    1. When you visit a website, you are allowing that site to access a lot of information about your computer's configuration. Combined, this information can create a kind of fingerprint — a signature that could be used to identify you and your computer. Some companies use this technology to try to identify individual computers.
    1. Our approach strikes a balance between privacy, computation overhead, and network latency. While single-party private information retrieval (PIR) and 1-out-of-N oblivious transfer solve some of our requirements, the communication overhead involved for a database of over 4 billion records is presently intractable. Alternatively, k-party PIR and hardware enclaves present efficient alternatives, but they require user trust in schemes that are not widely deployed yet in practice. For k-party PIR, there is a risk of collusion; for enclaves, there is a risk of hardware vulnerabilities and side-channels.
    2. Privacy is at the heart of our design: Your usernames and passwords are incredibly sensitive. We designed Password Checkup with privacy-preserving technologies to never reveal this personal information to Google. We also designed Password Checkup to prevent an attacker from abusing Password Checkup to reveal unsafe usernames and passwords. Finally, all statistics reported by the extension are anonymous. These metrics include the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the web domain involved for improving site compatibility.
    1. About InfluenceMap InfluenceMap empowers investors, corporations, the media and campaigners with data-driven and clearly communicated analysis on critical issues associated with climate change and the energy transition. Our flagship platform is the world's leading analysis of how companies and trade associations impact climate-motivated policy globally.
    1. Verity, R., Okell, L. C., Dorigatti, I., Winskill, P., Whittaker, C., Imai, N., Cuomo-Dannenburg, G., Thompson, H., Walker, P. G. T., Fu, H., Dighe, A., Griffin, J. T., Baguelin, M., Bhatia, S., Boonyasiri, A., Cori, A., Cucunubá, Z., FitzJohn, R., Gaythorpe, K., … Ferguson, N. M. (2020). Estimates of the severity of coronavirus disease 2019: A model-based analysis. The Lancet Infectious Diseases, S1473309920302437. https://doi.org/10.1016/S1473-3099(20)30243-7

    1. Ferres, L., Schifanella, R., Perra, N., Vilella, S., Bravo, L., Paolotti, D., Ruffo, G., & Sacasa, M. (n.d.). Measuring Levels of Activity in a Changing City. 11.

    1. Google says this technique, called "private set intersection," means you don't get to see Google's list of bad credentials, and Google doesn't get to learn your credentials, but the two can be compared for matches.
    1. They are proof that our openness about our data formats means that you do not have to fear data lock-in.
    2. It’s this third way that we avoid lock-in that is relevant to today’s topic. Our data format design is specified well enough so that people with no connection to AgileBits can write software to be able to handle it.
    3. The second way we avoid locking you into 1Password is through the ability to export data to a more neutral format. Not all versions are yet where we want them to be with respect to export, and we’re working on that. But there is usually some path, if not always a simple click away, to export your 1Password data.
    1. Data Erasure and Storage Time The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. The data may be stored beyond that if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the controller is subject. The data will also be erased or blocked if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
    2. The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.
    3. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.
    4. In the case of storing the data in log files, this is the case after seven days at the latest. Further storage is possible; in this case, the IP addresses of the users are erased or anonymized, so that an association of the calling client is no longer possible.
    5. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
    6. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.
    1. Someone, somewhere has screwed up to the extent that data got hacked and is now in the hands of people it was never intended to be. No way, no how does this give me license to then treat that data with any less respect than if it had remained securely stored and I reject outright any assertion to the contrary. That's a fundamental value I operate under
    1. A "breach" is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software.
    1. One mistake that we made when creating the import/export experience for Blogger was relying on one HTTP transaction for an import or an export. HTTP connections become fragile when the size of the data that you're transferring becomes large. Any interruption in that connection voids the action and can lead to incomplete exports or missing data upon import. These are extremely frustrating scenarios for users and, unfortunately, much more prevalent for power users with lots of blog data.
    2. data liberation is best provided through APIs, and data portability is best provided by building code using those APIs to perform cloud-to-cloud migration
    3. The data liberation effort focuses specifically on data that could hinder users from switching to another service or competing product—that is, data that users create in or import into Google products
    4. At Google, our attitude has always been that users should be able to control the data they store in any of our products, and that means that they should be able to get their data out of any product. Period. There should be no additional monetary cost to do so, and perhaps most importantly, the amount of effort required to get the data out should be constant, regardless of the amount of data. Individually downloading a dozen photos is no big inconvenience, but what if a user had to download 5,000 photos, one at a time, to get them out of an application? That could take weeks of their time.
    5. Want to keep your users? Just make it easy for them to leave.
    6. Users are starting to realize, however, that as they store more and more of their personal data in services that are not physically accessible, they run the risk of losing vast swaths of their online legacy if they don't have a means of removing their data.
    1. In addition to strings, Redis supports lists, sets, sorted sets, hashes, bit arrays, and hyperloglogs. Applications can use these more advanced data structures to support a variety of use cases. For example, you can use Redis Sorted Sets to easily implement a game leaderboard that keeps a list of players sorted by their rank.

      redis support more data structure memcached is k-v

      memCached is not highly available, beause lack of replication support like redis

    1. “Big Data reveals insights with a particular range of data points, while Thick Data reveals the social context of and connections between data points.”21
    2. Adapting Tricia Wang’s notion of “thick data,”

      https://dscout.com/people-nerds/people-are-your-data-tricia-wang So what is thick data? It’s a term you coined, right? "Thick data is simply my re-branding of qualitative data, or design thinking, or user research, gut intuition, tribal knowledge, sensible thinking—I’ve heard it called so many things. Being open to the unknown means you will embrace data that is thick. Ostensibly it’s data that has yet to be quantified, is data that you may not even know that you need to collect and you don’t know it until you’re in the moment being open to it, and open to the invitation of the unknown in receiving that."

    3. User subjects and data objects are treated as programmable matter, which is to say extractable matter.

      yes.

    1. Covid-19 is an emergency on such a huge scale that, if anonymity is managed appropriately, internet giants and social media platforms could play a responsible part in helping to build collective crowd intelligence for social good, rather than profit
    2. Google's move to release location data highlights concerns around privacy. According to Mark Skilton, director of the Artificial Intelligence Innovation Network at Warwick Business School in the UK, Google's decision to use public data "raises a key conflict between the need for mass surveillance to effectively combat the spread of coronavirus and the issues of confidentiality, privacy, and consent concerning any data obtained."
  3. Mar 2020
    1. legitimate interest triggers when “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject
    2. of the six lawful, GDPR-compliant ways companies can get the green light to process individual personal data, consent is the “least preferable.” According to guidelines in Article 29 Working Party from the European Commission, "a controller must always take time to consider whether consent is the appropriate lawful ground for the envisaged processing or whether another ground should be chosen instead." 
    3. “But, if you’re unsure or haven’t mapped out entirely your processing activities,” he said, “it’s impossible to accurately reflect what your users or clients are consenting to when they complete a consent request.”
    4. “It is unfortunate that a lot of companies are blindly asking for consent when they don’t need it because they have either historically obtained the consent to contact a user,” said digital policy consultant Kristina Podnar. “Or better yet, the company has a lawful basis for contact. Lawful basis is always preferable to consent, so I am uncertain why companies are blindly dismissing that path in favor of consent.”