Roughly 57% of the global population now have access to the internet. While being connected to the largest database in the world does bring a host of advantages, it does come at a price. Recent statistics revealed that about 53% of online users are currently more concerned about their online privacy compared to a year ago.
The Court of Justice of the European Union has ruled that website users must give active consent for cookies to be stored on their equipment.
The European Union’s Ruling
The European Union Court Rules that Active Consent is Required for Storing Cookies.
Big changes with regard to privacy are coming out of the EU. A press announcement from the Court of Justice of the European Union reveals that active consent is required by internet users for strong cookies to be placed on their equipment. The court ruled that active consent is not a pre-checked box that the user must deselect in order to refuse his or her consent.
This ruling was the judgment in Case C-673/17, Bundesverband der Verbraucherzentralen und Verbraucherverbände ̶ Verbraucherzentrale Bundesverband eV v Planet49 GmbH.
Cookies, of course, are files that websites store on the site user’s computer that the website provider can access when the user visits the website again. The purpose is to facilitate transactions or navigation of the site or to access information about the user’s behavior.
Whether or not the information stored or accessed on the user’s equipment is personal data does not affect the decision.
The Court stated that consent must be specific. Therefore, a user selecting a button to participate in, say, some sort of promotion does NOT mean that the user gave his or her consent to the storage of cookies.
In addition, the Court decided that website service providers must inform users of the duration of the operation of cookies and whether or not third parties may have access to those cookies.
Want to learn more about compliance with EU regulations like GDPR? Contact RSI Security today.
It’s difficult in the current technological environment to determine what falls under private or personal information, especially considering how many social media platforms exist. People post a plethora of information about themselves causing the concept of privacy to become skewed. All of this information provides companies with a window into the consumers’ minds and consequently their wallets. But, with information collection comes the responsibility to protect personal data from malicious individuals.
Since the General Data Protection Regulation (GDPR) was enforced on May 25, 2018, many have complied with it lest they face unprecedented non-compliance fines and other consequences. GDPR, at its core, is the new set of rules designed for EU individuals to give them more control over their data. Its objective is to make the regulatory environment simple so that both businesses and their customers in the EU can ultimately benefit from the digital economy.
In this article, we’ll be tackling the top industries affected by GDPR, the challenges that they face since the regulation has come into effect over a year ago, and the benefits they receive from this data privacy law. These industries are the following: social media, online retail, digital banking, cloud computing, and healthcare.
E-Commerce websites are constantly under scrutiny for a myriad of reasons. Whether it be from consumers or regulatory committees, these websites need to play defense 24/7 to ensure their networks remain compromise-free from the threat of hackers. This is one of the main reasons why the General Data Protection Regulation (GDPR) was adopted in Europe in 2006.
Although GDPR may be somewhat of a regulatory headache for e-commerce websites, it is also important for keeping consumer data secure. With an estimated average of 4,800 e-commerce websites every month becoming compromised by hackers inserting malicious code into their website to steal payment information such as credit card numbers, names, and more – there is no denying that a strong defense is the perfect solution.
This is why having a GDPR compliance checklist for e-commerce companies is incredibly advantageous in helping overcome these malicious network intruders. Let’s walk you through our GDPR e-commerce checklist that helps online retailers understand the importance of GDPR and what rules and regulations they should familiarize themselves and their IT teams with.
A website is like the cover of a book. The first thing a customer searches for is a company homepage and, like a book, if it is eye-catching, it warrants further investigation. For this reason, many companies invest heavily in website development, seeking to make their site clean, easily navigable, and, above all, able to capture and retain the attention of potential customers.
However, in the process of developing a stellar website, security can sometimes be overlooked, particularly when it comes to complying with new privacy, consent, and transparency standards.
More organizations than ever are looking for ways to cut overhead costs. Some are giving their employees the option to work remotely. Others are allowing them to use their personal devices (i.e. laptop, cell phone, etc.) to do their work on in place of a company-owned device.
Although adopting a Bring Your Own Device (BYOD) policy might allow your company to scale and pivot as you grow, it also comes with tremendous risk from the security front. With more global organizations choose to adopt these BYOD, they invariably come in contact with General Data Protection Regulations (GDPR) that ensure the protection of user data that flows through a company’s network.
As such, it would be best to consider developing an ironclad, yet flexible BYOD strategy to ensure your organization doesn’t get hurt by potential GDPR compliance mishaps. Let’s run through the potential issues with BYOD and GDPR and point you in the right direction towards keeping your network data safe while decreasing your risk for getting hefty GDPR compliance fines.
Consumer data privacy has become a hot topic these days with various legislations enacted to promote and strengthen the privacy rights of consumers. There is a global trend of forcing companies to be more accountable and responsible when it comes to protecting consumer data.
Consider the General Data Protection Regulation (GDPR), which was designed to protect the personal data of citizens of the European Union (EU). It was passed into law in 2016 and took effect two years later.
A couple of months after the GDPR took into effect, then California Governor Jerry Brown signed into law the California Consumer Privacy Act (CCPA) which will be implemented in 2020. The CPPA is widely considered one of the toughest consumer privacy laws in the United States.
Because of the nature of these two legislations, a comparison between the GDPR and CCPA is unavoidable. This article will discuss briefly the two data privacy acts and enumerate the differences between GDPR and CCPA.
Breaches in the confidentiality of personal information gathered in the regular course of commercial or business activities have been in the news for many years with little to no compliance action until recently.
The implementation of the General Data Protection Regulation (GDPR) on May 4th, 2016 was put into motion on May 25th, 2018 and has since been an integral part in keeping personal and sensitive data safe from those who wish to use it maliciously.
GDPR has evolved through the first full year of application, making it much more difficult for many companies to stay compliant and stave off colossal fines within GDPR regulations (Google included).
Many American-based companies feel that since the original terms of GDPR were drawn up for the European data market that they do not apply to their company. Unfortunately, many organizations’ digital operations exist in a globally manufactured web of platforms that fall under the jurisdiction of this data protection regulation, GDPR.
A plethora of global companies are searching high and low for sustainable solutions, to realize that the key to data protection compliance has been baked into GDPR all along. That solution lies with a company’s Data Protection Officer (DPO). This article will serve as a high-level understanding of a DPO’s role as it pertains to a data protection officer GDPR requirements and responsibilities, how to hire a good DPO, and which organizations and legal entities are required to appoint a DPO.
Rarely do U.S.-based businesses consider the implications of the 2018 General Data Protection Regulation (GDPR) that was implemented on May 25, 2018. Executives might feel that since they only operate physically within U.S. territories that this European Union (EU) law does not extend to their neck of the woods.
Although this assumption is true in many cases for U.S.-based businesses, there are a few digital exceptions that call for these businesses to operate under the specific requirements of GDPR. In these cases, businesses will need to appoint a Data Protection Officer (DPO) to oversee their data protection strategy and implementation while keeping the organization on the path towards GDPR compliance.
If this sounds like your organization’s area of need, follow along below and we’ll get you up to speed with our high-level overview of both GDPR requirements and DPO requirements and responsibilities.