Download free GDPR compliance checklist!

Tag Archives for " tech "

Can Data Protection be Guaranteed with the use of Facial Recognition Technology?

Facial recognition technology has undoubtedly brought convenience to our daily life. However, facial recognition protests have also been ignited. The clamors were for the right to remain anonymous in crowds and the freedom to protest without individuals being flagged or tracked down. For the government, it was a matter of surveillance for state security.

Use Cases of Facial Recognition

It is very apparent that the biometric application used to identify or verify an individual’s identity using their face has become rather commonplace in our daily activities. On social media, this technology is used for tagging people in photos and in mobile devices, a form of security. In countries like China and USA, some airports use this technology to check people in and to monitor the attentiveness of pupils in classes.

Bypassing Privacy Regulations

Due to the significant absence of stringent regulations so far, private and public parastatals in both authoritarian and democratic states have been using and abusing this technology in several use cases. There is yet to be a standard agreed upon in many societies as to the ethics pertaining to the use of facial recognition, thereby breeding doubts regarding compliance with the established laws and more so, the probability of whether or not the technology will survive the critics on its ethical use.

At first glance, the intended use of the recognition technology seems harmless – to verify identities against a presented face at national borders for identification and security. However, to identify a person by comparing their facial image against a pool of several other known individuals speaks to another level of intrusion.

Drivers of Facial Recognition Trend

There are two major drivers behind this technological trend.

The first driver is security. Countries are poised to aggressively protect their borders mostly from foreigners who might pose threats of crime and terrorism to them. Facial recognition helps provide such amount of security – scrutinizing each face and comparing it to a database of wanted individuals.

The second driver is convenience. In this regard, physical and mental efforts required to perform some tasks become automated. With facial recognition, people can easily gain access to anywhere or anything by a simple facial scan – no need to provide any form of ID or document. In mobile devices especially, users no longer have to remember their passwords. A quick glance at their camera would unlock their device and of course, this can only be done by the device owner.

Jumping the Hoops of Privacy Laws

The issues with this technology are almost in violation of the EU data protection rights or better still, are the exploitation of grey areas.

The first is the fact that according to the GDPR Art. 2(14), the data protection rule allows the use of biometric data for the confirmation of identity with that of the natural person. It however forbids the use of this data for unique identification purposes except under special conditions in Art. 9(2).

Secondly, the use of this technology which might tend to interference with human rights must be deemed necessary and this really begs the question, is there no better technology that can be used to achieve just what facial recognition technology does without breaking fundamental human rights?

Third, the methods by which data is being collected and used is tainted with obscurity. No one knows for sure who collects this data, how long they are kept, how to trace the origin, and many more. The use of this technology does not do well with accountability and transparency.

Living with Privacy Infringement

Given the aforementioned, the onus lies on all and sundry to clamor for clear and concise laws regarding the acquisition, use, and storage of data. It is pertinent that these laws touch every corner and leave no grey area that can be exploited by these private and public institutions. Asides this, it is essential that Internet users read privacy policies and understand the agreement before deciding to share their personal data with them. This would go a long way in reducing personal data exploitation.

Latest bits on privacy and cybersecurity #3

This weeks collection of latest privacy, data protection and cyber-security news and interesting articles. Enjoy the reading!

Six month prison sentence to employee for data misuse

A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner?s Office (ICO) under legislation which carries a potential prison sentence.

Continue reading »

Best picks on privacy

Collection of latest and most interesting news pieces, articles and publications from around?the internet. You may also want to check all latest privacy and data protection news.

Facebook fined ?500,000 for data breaches in Cambridge Analytica scandal

United Kingdom?s data protection authority ICO fined Facebook with maximum penalty of ?500,000 for lack of transparency and failing to protect users? information.

Continue reading »

Privacy at the Margins

The International Journal of Communication has published new Special Section on ?Privacy at the Margins? with 10 articles from international scholars. Those articles look at a range of privacy experiences around the world.

Continue reading »

Latest papers on privacy and data protection – May

Kaleidoscope on the Internet of Toys

Report by the Joint Research Centre (JRC) on?safety, security, privacy and societal questions emerging?from the rise of the Internet of Toys?- “Internet Connected Toys that constitute,?along with the wave of other domestic connected objects, the Internet of Things”.

Read report

Who Watches the Watchers?

Report from Citi GPS: Global Perspectives & Solutions on how?consumers are tracked, and how the data that is collected and analyzed, and how consumers feel about that.

Read report

Practical Guide to Efficient Security Response

Whitepaper on data breaches with?proposals how to decrease response time. It?includes seven security operations capabilities you need, a handy checklist to evaluate your security operations capabilities, and best practices for efficient security response.


Assessing Mobile App Data Privacy Risk

paper on mobile-risk scoring and how to do that in practice. It was?carried out by?IAPP and Kryptowire and is based on input of?400 privacy professionals.

Read summary of paper

UN Report on Governmental Surveillance

UN Special Rapporteur on the Right to Privacy, Joseph Cannataci, presented his report on governmental surveillance and access to personal data from a national and international perspective.

Read report

How??to Talk About the Right to Privacy at the UN

A brief guide on United Nations stand on privacy. Guide is prepared by Privacy International.

Read guide

Be Compromise Ready:?Go Back to the Basics.?2017 Data Security
Incident Response Report

Survey on data security and incident response trends, and how to minimise data breach risks.

Read survey

Annual Report of the?Data Protection Commissioner of Ireland

Annual report of?the Data Protection Commissioner of Ireland for yer 2016.

Read report

Certifications, Seals and Marks under the GDPR and Their
Roles as Accountability Tools and Cross-Border Data Transfer

Discussion paper on Certifications, seals and marks under the GDPR prepared?by?Centre for Information Policy Leadership. It looks at regulation provided in GDPR and benefits of such mechanisms.

Read paper

CISPE publishes Code of Conduct for Cloud Infrastructures Services

Cloud Infrastructure Services Providers in Europe (?CISPE?) – a relatively new coalition of more than 20 cloud infrastructure providers operating in Europe – has recently published its first Code of Conduct for Cloud Infrastructures Services.

The CISPE Code of Conduct:

  • Gives a framework to comply with the General Data Protection Regulation
  • Excludes the reuse of our customers? data
  • Allows you to process and store your data exclusively in the EU
  • Idenfies which Cloud Infrastructure Services are suitable for the data processing that you wish to perform
  • Helps citizens regain control over their data

Service providers may demonstrate their compliance with the Code of Conduct with Trust Mark that can be verified on CISPE website.

Download Code of Conduct

Dutch police seize VPN provider’s servers without any explanation

Dutch police have seized two servers belonging to?Switzerland-based VPN provider?Perfect Privacy.?The VPN provider claims that Dutch police haven’t?informed or?contacted them about the reason servers were seized and about seizure they were informed by their hosting provider.?Despite the seizure of servers,?Perfect Privacy promises that no?user data was compromised.

Full story