Game of Phones – How Apple might kneecap their rivals using device user personal data
For the last few years, Apple has positioned itself as a pro-privacy force in a landscape of 'shoddy' data privacy competitors. However their recent activities surrounding user data and advertising may point to a less than altruistic motive.
Read article
What is a Record of Processing Activities (ROPA)?
If you’ve been involved with (or even responsible for) your businesses GDPR management, it is likely that you have come across the acronym ROPA (or ROP) before. But what exactly is a ROPA and what does your business need to do with regards to it?
Read article
Servers overseas – What to know about International Data Transfers and Cloud computing providers
Nowadays, most businesses use some form of third-party cloud computing provider to store or process personal data. What they may not realise however is that the location of these third parties' servers matter and extra considerations must be taken when you are uploading personal data onto these platforms
Read article
Safeguarding gone wrong? Project Alpha and the accidental weaponisation of personal data
The recently released data protection impact assessment for a Met Police scheme has caused concertation amongst privacy groups and human rights activists as potential large scale profiling of children's data has been further compounded by allegations of racial bias. Entitled 'Project Alpha', this scheme has proven a useful example of how personal data collected for safeguarding can be accidentally or deliberately weaponised.
Read article
Director’s Statement – Vendor Risk Management service
A statement on our new Vendor Risk Management service from Tacita's director of sales.
Read article
Introducing: Tacita’s new Vendor Risk Management Service
Tacita are proud to announce the launch of our latest product – our Vendor Risk Management (VRM) Assessment.
Read article
Risky Business: Why your third parties may be a major gdpr risk
Did you know that your Third Parties often pose a major GDPR risk to your business? Here's why...
Read article
Third Time’s the Charm? Why Privacy Professionals are sceptical of ‘Privacy Shield 2.0’
On March 25th 2022, amidst wider discussions on US-EU cooperation, EU Commission President Ursula von der Leyen and US President Joe Biden announced an ‘agreement in principle’ on a new EU-US data sharing system termed the Trans-Atlantic Data Privacy Framework. Yet rather than relief, the announcement has been met with pronounced scepticism by privacy professionals in Europe. The emerging discourse is a product of a difficult relationship between its political ideals and practical realities.
Read article
Tacita Tips: Tired of spam emails? Use this ‘plus addressing’ trick to find their source
In this edition of Tacita tips we will be looking at dynamic instant aliases, or 'plus addressing'. This simple tip can help you better manage spam emails and identify where they have originated from.
Read article
Everything you need to know about: GDPR and Children’s data
In this edition of ‘Everything you need to know about’ we will be looking at Children's Data: What it is? How is it separate from standard personal data?, and How can you manage it in a secure and legal manner?
Read article
Virtual Insanity? The Metaverse, Personal Data, and Problematic Progress
In October 2021, amid much fanfare Facebook (now Meta) hailed their ‘Metaverse’ as the future of social and working interactions. 4 months on from its announcement, Zuckerberg and Meta are finding that the future may be more resistant to their shaping than they imagined.
Read article
Coming soon: New UK SCC’s presented to Parliament
This month (February 2022) the Department for Culture, Media and Sport (DCMS) laid before Parliament the new International Data Transfer Agreement (IDTA). This document, as well as its associated transfer addendum and a further document setting out transitional provisions follows a consultation undertaken by the Information commissioner’s office (ICO) in 2021.
Read article Everything you need to know about: Special Category data
In this edition of ‘Everything you need to know about’ we will be looking at Special Category Data: What it is? How is it separate from standard personal data?, and How can you manage it in a secure and legal manner?
Read article
Schrems II in action: the DSB issues its first ruling
The Austrian Data Protection Authority (DSB) has issued its first ruling on a Schrems II model case. In it, the DSB ruled that the Standard Contractual Clauses (SCCs) and Technical Organizational Measures (TOMs) implemented as part of the Google Analytics are not sufficient to protect its EU-US data transfers.
Read article
Now Streaming: Twitch’s Data
Last month, Amazon’s Twitch streaming service confirmed that it had been the victim of a significant data breach. Around 125GB of data (including the source code for the mobile, desktop, and video game console versions, as well as the earnings of Twitch’s content creators) has been released by the hackers to the anonymous messaging-board website 4Chan.
Read article
A Bite to match its Bark? – What Amazon’s fine means for its Data Subjects
In a landmark case, Amazon has been fined $886m by Luxembourg’s National Commission for Data Protection (CNPD) for serious breaches of the General Data Protection Regulation (GDPR). Whilst the scale of the fine suggest that the GDPR is finally matching the promises of its inception, the circumstance of its reporting still leaves the consumer facing an uphill battle to hold illegal privacy practices to account.
Read article
‘Own it all’ – Antitrust, Big Tech, and the battle for ‘Consumer Welfare’
Regulatory watchdogs, the Federal Trade Commission (FTC), and various antitrust lawsuits are beginning to find that Silicon Valley won't give up its monopolies easily. At the heart of this stands the very consumers both parties claim to protect.
Read article
‘From the lab to the Market’ – Will the EU’s proposed AI regulation set a new ‘global standard’?
The EU Commission has recently announced a new regulation which aims to govern the development and use of artificial intelligence (AI). The regulation shares many similarities with the general data protection regulation (GDPR). Will this new AI regulation become the global standard, much like the GDPR is the global standard for data privacy?
Read article
Rage against the Machine – How Apple’s iOS14.5 might redefine the Data Privacy landscape
Apple is preparing to finally launch its radical iOS 14.5 update. Despite Facebook’s aggressive advertising campaign against it, the update will fundamentally change the way in which Apple customers interact with their personal data, providing the user with granular control over any applications use of their IDFA (Identifier for Advertisers).
Read article Draft UK Adequacy Decision Published
The EU has recently published a draft UK adequacy decision. This is the first step in the UK achieving adequacy status in the eyes of the EU-GDPR. This is positive news for UK and EU businesses, but the decision must still be approved by the European Data Protection Board.
Read article
What Happens to the GDPR Post-Brexit?
As of January 2021, the Brexit transition period has ended. As an EU law, many companies may be wondering if the GDPR is still applicable in the UK. This article explores what is happening with UK data privacy laws post-Brexit.
Read article
Marriott Hotel: Data Breach
Marriot International has been fined a total of £18.4 million (a reduction from the original £99 million) for its negligence in safeguarding customer personal data that it is responsible for. This breach is interesting, as the breach initially occurred in 2014 (before the GDPR came into effect) and the breach occurred under a different business group 'Starwood Hotels Group' which was acquired by Marriott after the breach occurred.
Read article
Now Departing: £20m from British Airways
British Airways airline company has been fined the “biggest to date” sum of £20 Million, by the Information Commissioner’s Office (ICO) for failing to protect the personal data of data subjects which resulted in a security breach.
Read article Court Decision on European Mass Surveillance and the Consequences for Brexit
As a member of the European Union, member states are obliged to abide by some of the strictest privacy laws in the world. Today, UK, French and Belgian national governments all use some form of mass surveillance. In recent years, privacy groups have taken claims to EU courts arguing that this surveillance is illegal. The national governments disagree. The CJEU refuted the claims that mass surveillance is outside their jurisdiction and issued a ruling on the 6th October 2020.
Read article
Data Protection Guidance for Test and Trace Schemes
Since the easing of lockdown, during the summer of 2020, many organisations have implemented new measures so that they can re-open safely to the public. For most businesses, this included collecting customers’ and visitors’ personal information to support the UK Government’s approved contact tracing scheme.
Read article