Schrems II Shakes Up Data Privacy: A Landmark Legal Battle for the Digital Age
Tacita has undertaken a large number of assessments and we are still finding that many companies have no knowledge of the Schrems 2 ruling that means that Privacy Shield cannot be relied on for transfers of personal data to the US. Thus we believe it is timely to refresh reader’s minds of what Schrems 2 is and what is required to be considered by companies that have not acted since the Schrems 2 ruling was made.
Read article
The Importance of Assessing Organizations’ GDPR Compliance
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that went into effect in the European Union (EU) in May 2018. As organizations across the EU and beyond collect and process large amounts of personal data, it is essential to ensure that they are compliant with GDPR regulations. This is where assessments of organizations' GDPR compliance come into play.
Read article Privacy Shield 2.0 – An exercise in lessons NOT learned?
On October 7th 2022, President Biden signed an executive order to implement the European Union-US Data Privacy Framework. Upon further inspection however, the executive order appears to be replicating the failings of its predecessor. Is the Privacy Shield 2.0 destined to share the fate of its predecessor?
Read article
A lack of Truss – Why the Government’s plans to replace the UK GDPR are a threat to businesses and data subjects
At the Tory Party conference last week, the UK digital secretary Michelle Donelan announced that the Government planned to replace the UK GDPR with a new data protection legislation. Cutting through the buzz-words and political ‘phrase of the day’, the Government’s plans represent a potentially major change for UK businesses. This change may not be a positive one.
Read article
Tacita Tips: What are the principles of the GDPR?
At the heart of the GDPR legislation lies the 7 fundamental principles. These guiding tenets underpin all aspects of the GDPR. But what are they and how do they affect your business’ GDPR compliance status? In this blog we’re going to look at each of the 7 principles in turn and provide practical examples of how they are applied in a day-to-day setting.
Read article
Tacita Tips: Audit your website cookies
Incorrect management of website cookies is one of the most common areas of GDPR non-compliance. Businesses of all sizes and sectors are required to abide by the GDPR’s rules on the application of non-essential cookies and management of consent. But what does this mean for your website and your cookies? In this Tacita Tips we’ll be looking at some common questions that can help you to audit your website cookies.
Read article
‘No More excuses’ – Sephora receives first fine of California Consumer Privacy Act
In September 2022, the first fine of the Californian Consumer Privacy Act (CCPA) was issued. Sephora, the cosmetics giant, were fined $1.2 million for three violations of the CCPA. This fine followed an official warning from the Californian Attorney General after Sephora were investigated as part of a spot-check by Californian data privacy authorities
Read article
Deterrent rather than punishment: What does Instagram’s $403m fine mean for children’s data privacy
On 2nd September, Instagram and its parent company Meta were fined $403m for inadequate handling of children’s data under the EU GDPR. The fine was the culmination of a long running investigation by the Irish Data Protection Commission (DPC) into the social media company and is the largest fine that Meta has been issued to date. This fine is the second largest ever issued by a European data protection authority, following the €746m fine issued by the Luxembourg data authority against Amazon last year.
Read article
Roe v Wade and The Erosion of Women’s data privacy
The overturning of Roe v Wade by the U.S. Supreme Court on the 24th June this year (2022) has upended women’s reproductive rights in the USA. It is unlikely to end there. As the ripple effects continue to be felt across the States and beyond, serious questions regarding erosion of women’s privacy are being raised. The answers to these privacy questions posit a deeply unsettling future for women in America and the use of their personal data.
Read article
Southern Co-Op face complaints over use of Biometric scanners
This month Big Brother Watch and the data rights firm AWO filed a complaint to the Information Commissioners Office (ICO) regarding Southern Co-Op’s use of biometric scanning in several of their stores. This system has been implemented in 35 of Southern Co-Op’s 200+ stores, and is used (according to the Co-Op) to protect customers and colleagues in stores where there has been regular crime. Both Big Brother Watch and AWO have raised significant concerns regarding the application of the system, which is sold by the firm Facewatch.
Read article
Game of Phones – How Apple might kneecap their rivals using device user personal data
For the last few years, Apple has positioned itself as a pro-privacy force in a landscape of 'shoddy' data privacy competitors. However their recent activities surrounding user data and advertising may point to a less than altruistic motive.
Read article
What is a Record of Processing Activities (ROPA)?
If you’ve been involved with (or even responsible for) your businesses GDPR management, it is likely that you have come across the acronym ROPA (or ROP) before. But what exactly is a ROPA and what does your business need to do with regards to it?
Read article
Servers overseas – What to know about International Data Transfers and Cloud computing providers
Nowadays, most businesses use some form of third-party cloud computing provider to store or process personal data. What they may not realise however is that the location of these third parties' servers matter and extra considerations must be taken when you are uploading personal data onto these platforms
Read article
Safeguarding gone wrong? Project Alpha and the accidental weaponisation of personal data
The recently released data protection impact assessment for a Met Police scheme has caused concertation amongst privacy groups and human rights activists as potential large scale profiling of children's data has been further compounded by allegations of racial bias. Entitled 'Project Alpha', this scheme has proven a useful example of how personal data collected for safeguarding can be accidentally or deliberately weaponised.
Read article
Director’s Statement – Vendor Risk Management service
A statement on our new Vendor Risk Management service from Tacita's director of sales.
Read article
Introducing: Tacita’s new Vendor Risk Management Service
Tacita are proud to announce the launch of our latest product – our Vendor Risk Management (VRM) Assessment.
Read article
Risky Business: Why your third parties may be a major gdpr risk
Did you know that your Third Parties often pose a major GDPR risk to your business? Here's why...
Read article
Third Time’s the Charm? Why Privacy Professionals are sceptical of ‘Privacy Shield 2.0’
On March 25th 2022, amidst wider discussions on US-EU cooperation, EU Commission President Ursula von der Leyen and US President Joe Biden announced an ‘agreement in principle’ on a new EU-US data sharing system termed the Trans-Atlantic Data Privacy Framework. Yet rather than relief, the announcement has been met with pronounced scepticism by privacy professionals in Europe. The emerging discourse is a product of a difficult relationship between its political ideals and practical realities.
Read article
Tacita Tips: Tired of spam emails? Use this ‘plus addressing’ trick to find their source
In this edition of Tacita tips we will be looking at dynamic instant aliases, or 'plus addressing'. This simple tip can help you better manage spam emails and identify where they have originated from.
Read article
Everything you need to know about: GDPR and Children’s data
In this edition of ‘Everything you need to know about’ we will be looking at Children's Data: What it is? How is it separate from standard personal data?, and How can you manage it in a secure and legal manner?
Read article
Virtual Insanity? The Metaverse, Personal Data, and Problematic Progress
In October 2021, amid much fanfare Facebook (now Meta) hailed their ‘Metaverse’ as the future of social and working interactions. 4 months on from its announcement, Zuckerberg and Meta are finding that the future may be more resistant to their shaping than they imagined.
Read article
Coming soon: New UK SCC’s presented to Parliament
This month (February 2022) the Department for Culture, Media and Sport (DCMS) laid before Parliament the new International Data Transfer Agreement (IDTA). This document, as well as its associated transfer addendum and a further document setting out transitional provisions follows a consultation undertaken by the Information commissioner’s office (ICO) in 2021.
Read article Everything you need to know about: Special Category data
In this edition of ‘Everything you need to know about’ we will be looking at Special Category Data: What it is? How is it separate from standard personal data?, and How can you manage it in a secure and legal manner?
Read article
Schrems II in action: the DSB issues its first ruling
The Austrian Data Protection Authority (DSB) has issued its first ruling on a Schrems II model case. In it, the DSB ruled that the Standard Contractual Clauses (SCCs) and Technical Organizational Measures (TOMs) implemented as part of the Google Analytics are not sufficient to protect its EU-US data transfers.
Read article
Now Streaming: Twitch’s Data
Last month, Amazon’s Twitch streaming service confirmed that it had been the victim of a significant data breach. Around 125GB of data (including the source code for the mobile, desktop, and video game console versions, as well as the earnings of Twitch’s content creators) has been released by the hackers to the anonymous messaging-board website 4Chan.
Read article