A quick n' dirty breakdown of GDPR and why it is important
Hello Reader!
In this installment of Security 4 NoObs we will be discussing GDPR - the General Data Protection Regulation
Anytime you visit a website, be it in the United States, or Europe, you are prompted with a banner to accept/decline cookies. It's a little checkbox (boolean) that carries a lot of value. On the surface, you tick off a box (or not) and the banner goes away. Behind the scenes a vast system of logic rules kicks into gear, the purpose of which is to collect and store "cookie" data as it relates to you when browsing that site.
A cookie can look something like this:
- To learn how cookies are made, visit: Make-a-Tracking-Cookie
- For a quick read on how cookies work, visit: what-are-tracking-cookies
Why this matters
How data is collected is actually a big deal. Users have agency over how their data is to be handled and disseminated. The option to accept/decline tracking cookies gives the user the power to give consent to their data. Below are some quick notes on the specific details of how it works. Some glossary terms to note:
- Member State: any acting government / governing body complying with GDPR
- Controller: the product or service collecting the data
- Collected for an explicit purpose at the consent of the consumer (data subject) visiting said site; not retained longer than necessary
- Minors (~16yrs) require the consent of a parent (adult)
How it works
For a comprehensive reading of GDPR, written in a lot of legal-ese, please visit: gdpr-info.eu. Below are some key take-aways:
- Users have the right to be forgotten, as requested
- Users have the right to be informed when their data is being handled/transferred
- Users have the right to have their information wiped upon request
- Users have the right to object if their feel their PII is mishandled
- Processing ensures C.I.A of data
- If a breach occurs, notice to all impacted users must happen within 72hrs
- An official is to be appointed:
- The Official will be solely responsible for all particulars of data
- It is expected that this official will cooperate with any other authority figure as the need warrants
- Any necessary investigation will be conducted jointly
- Reports will be drawn yearly to show the state of application of guidelines
- A board / committee will be created for the overall governance of said guidelines:
- Any ratifications require 2/3rds vote
- A chairperson will be appointed
- The board will have a proper e-board, incl. A Secretary
- The board handles any complaints filed against mishandling of info.
- Users have the right to sue if their data gets mishandled:
- Controller and/or Processor may be held liable, as the evidence warrants
- The fine cannot be crazy excessive, max = $20M
- Every 4 years starting 5/25/2020, the Commission is expected to send a report on the evaluation and review of the regulation to European Parliament & The Council; available to the public
When it goes wrong
It is important to mention that European regulations for data management are somewhat different than those in the United States. A violation of the GDPR can have major consequences, as in the following issue with TikTok: tiktok-fined-54-million-by-french
Conclusion:
Consumers (visitors to a website) have the right to understand how their information is being used by Companies and how to ensure their privacy is not being violated. Next time you visit a website and get a prompt to accept/decline cookies, you'll know the true power you have over your information and how it should be used.
No comments:
Post a Comment