"No one is harder on a talented person than the person themselves" - Linda Wilkinson ; "Trust your guts and don't follow the herd" ; "Validate direction not destination" ;

December 18, 2020

Review GDPR

Key Points

Paper - Link

Key notes

  • General Data Protection Regulation (GDPR)
  • Controller determines the purposes
  • Processor is responsible for processing personal data on behalf of a controller

Personal Data

  • Information about identified or identifiable individual
  • Name, IP address or a cookie
  • Content of the information, the purpose
  • Identification number;
  • Location data; and
  • Online identifier

Impact on Individual

  • The content of the data – is it directly about the individual or their activities?;
  • The purpose you will process the data for; and
  • Results of or effects on the individual from processing the data
  • Lawfulness, Fairness, Transparency
  • The GDPR does not dictate how long you should keep personal data. 

Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

  • Are they vulnerable?

Purpose

  • Scientific or historical research purposes; or
  • Statistical purposes

Key Points

  • Avoid making consent to processing a precondition of a service
  • Explicit consent requires a very clear and specific statement of consent
  • Are you processing children’s data?
  • Is any of the data particularly sensitive or private?
  • Sensitive Data - race;ethnic origin;politics;religion;trade union membership;genetics;biometrics (where used for ID purposes);health;sex life; or sexual orientation.

Rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

This part of the guide explains these rights. Individuals have the right to request the restriction or suppression of their personal data.

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

I am not sure how the data in FANG (Facebook, Amazon, Netflix, Google), Microsoft, Cookies, Browser info how much they are used to what extent :(

We hire people to handle laws, circumvent the clauses. There is always a catchup game being bending rules vs line of privacy. Debatable from both sides.

Do we have clarity from Reliance, Airtel, Flipkart other Indian providers for their GDPR similar data usage, retention, user consent. Time to check on this!!!

Good Read - Link2

Good Read - Ethical AI

Keep Thinking!!!

No comments: