Connect with us

Data

GDPR Adequacy Decision of UK Aims to Focus on Innovation over Privacy

Published

on

UK GDPR Adequacy Decision

Former chief New Zealand privacy regulator and Facebook critic, John Edwards has been named to replace Elizabeth Denham as chief of the UK’s data protection watchdog, the ICO, as the government promises a post-Brexit “shake up” of data rules and a possible watering down of GDPR.

While GDPR is seen as the gold standard for data privacy and is being copied not only by other countries, but also by individual states in the US, there has been no progress at all to create an equivalent federal privacy law in the US Congress. 

Furthermore, the EU’s focus on privacy as a human right and the US prioritization of mass surveillance for national security are fundamentally at odds. Two transatlantic data sharing treaties have been struck down, Safe Harbor and Privacy Shield. And we now face a mismatch between legal reality in which organisations are not allowed to use cloud or data services from US tech firms as none comply with GDPR, and a political reality in which everyone is turning a blind eye as there is currently no realistic alternative.

Furthermore, there is unlikely to be any breakthrough as long as there is partisan gridlock in Congress and no real will in the US to uphold the privacy of its allies by protecting them from its own surveillance regime.

The UK, as ever, occupies a mid-Atlantic position: as a member of the Five Eyes Consortium it is complicit in the US mass surveillance, but as a necessity for its post-Brexit trading arrangements it has been granted a GDPR ‘adequacy’ decision by the EU allowing data to continue flowing freely between the EU and the UK.

Enter John Edwards, a notable Facebook critic who has headed up the Office of the Privacy Commissioner In New Zealand for the last seven years and who is now going to replace Elizabeth Denham as head of the UK’s ICO. 

In the wake of the 2018 Cambridge Analytica data misuse scandal Edwards publicly announced that he was deleting his account with the social media company — accusing Facebook of not complying with the country’s privacy laws.

His appointment aligns with the UK government’s agenda to tame the tech giants as it works to bring in safety-focused legislation for digital platforms and reforms of competition rules that take account of platform power.

Boris Johnson had already commissioned a special task force to investigate how the UK could reshape its data policies outside the EU, also issued a report this summer — in which it recommended scrapping some elements of the UK’s GDPR altogether — branding the regime “prescriptive and inflexible”; and advocating for changes to “free up data for innovation and in the public interest,” as it put it, including pushing for revisions related to AI and “growth sectors.”

At a time when the Irish, which are largely viewed positively by their EU colleagues, are being rebuked for failing to uphold and enforce GDPR, any move by the UK, which is not viewed at all well by them on most fronts, to diverge from its data-sharing commitments and dilute its own version of GDPR, is likely to cause alarm. 

UK GDPR Adequacy Decision

Despite the fact that its GDPR ‘adequacy’ decision is time-limited to four years, the UK government is risking any chance of this being renewed by preparing to reveal how it intends to “reform” (aka: reduce) domestic privacy standards.

Those in favour of reform, point to the cost of compliance, the chance to do away with frustrations such as cookie pop-ups, and the need to resolve the problem with the legal use of US cloud services – rather than ignoring the problem. They also question the point of a more rigorous regime, if, as in Ireland, it is not being enforced.

Those against reform, argue that if a UK firm trades with Europe or even processes or stores the personal data of a single EU citizen then it needs to comply with EU GDPR anyway. Most organisations will therefore need to conform to the higher standards set by the EU and will want to avoid having to run two separate systems in parallel. They will therefore experience no benefit from any dilution of UK GDPR. Furthermore, the UK risks failing to have its GDPR ‘adequacy’ decision renewed in a few years time. 

The potential costs of complying with two different systems or of facing regulation or litigation from either the EU or UK make this an issue that all senior executives need to be aware of.

Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015. At a growth rate of 15 percent year over year — Cybersecurity Ventures also reports that cybercrime represents the greatest transfer of economic wealth in history.

Whatever your situation, you need to expect the cost of your cybersecurity to increase over this period and your data privacy compliance costs are also likely to increase – more so if you end up complying with both the UK and EU versions of GDPR.

Data

Aerospike Appoints Martin James to Lead EMEA

Published

on

Martin James has been named vice president of Europe, the Middle East and Africa (EMEA) by Aerospike Inc., the pioneer in real-time data platforms. Martin joins Aerospike with 25 years of experience in the database industry.

Martin came from Percona, where he tripled the company’s revenue across EMEA and APAC. Prior to joining Percona, he managed enterprise sales at DataStax as regional vice president for northern Europe, achieving double-digit growth.

In today’s Right-Now Economy, Martin is in charge of promoting regional growth and satisfying client demand for Aerospike, and will create regional sales teams for Aerospike to meet the strict SLAs set by today’s data-driven businesses.

“Martin brings decades of experience to the Aerospike team. His broad experience in the UK/EMEA region and proven leadership ability will allow him to evangelise our Real-time Data Platform to businesses looking to modernise their data architectures. Now is an exciting time to lead the EMEA region as we extend our footprint across the UK and Europe.” said Jim Lodestro, CRO at Aerospike

Enterprises today depend on mission-critical real-time apps to accomplish business goals. James will promote the Aerospike Real-time Data Platform to companies looking to develop massive real-time applications with guaranteed sub-millisecond performance at gigabyte to petabyte scale.

Following the announcement of record sales of its Aerospike Real-time Data Platform in 2021, Aerospike recently also reported a record first half of 2022. The business tripled sales outside of North America, doubled anticipated 2020 growth, and quadrupled Aerospike Cloud Managed Service growth.

Aerospike have debuted two powerful products in the second quarter:

  • Aerospike Database 6, which natively supports JSON and JSONPath queries to help developers build large-scale document-based applications.
  • Aerospike SQL Powered by Starburst, which delivers massively parallel, complex SQL queries on petabyte-scale data stored in Aerospike.

Developers can now also test-drive Aerospike 6 with no setup required, in an improved Aerospike Developer Hub’s Code Sandbox, which also offers simple access to interactive tutorials, sample code snippets, and training.

Continue Reading

Data

The battle for your privacy – is it already lost?

Published

on

Spoiler: yes, it is – though there are things you can do which I’ll look at in a future blog. Your online activity is tracked in more ways than you know – and not just with cookies on web pages. Your telco service providers track you. Apps on your phone and tablet track you. Search engines, social media, smart speakers, your TV, and credit agencies all track you. That font on the web page? Tracking you. That Facebook logo you used to share a link or news article? It tracked you. So does WhatsApp1. You don’t use Facebook or Google? They’re still tracking you. Did you get an iPhone because Tim Cook says it’s private? There’s good news – leave it in the box turned off, and it is.

The stark fact is that in the digital world, you are nothing but a product to be sold, quite literally, to the highest bidder2.

The physical world isn’t much better

Out there in real life, things are better, right? Wrong. We mostly all carry our phones with us, and it becomes a personal town crier about our behaviour. Stores have what’s known as ‘beacons’ that connect to your phone via apps like Facebook. Ever visited a department store concession and then got loads of ads right after? What a coincidence! Nope, they knew you were there, and they think you’re a hot prospect, even if you looked and hated everything. The tracking continues with ‘free’ in-store WIFI.

But of course, you turned off WIFI, Bluetooth and location services before left your home, right? No, you didn’t? It’s not a surprise because you’ve been groomed not to. 

In addition, facial recognition and gait analysis AI are increasingly used, which are clearly more invasive than security cameras. Once the preserve of national security services, this tech is now well embedded in commercial organisations. In the case of Amazon’s checkout-free stores, they actually watch everything you put in your basket, so you can just walk out and be billed. Convenient, but how is that data used? I’m sure everyone who uses those stores has read the privacy policy and know already. No need to worry then…

Does it really matter?

I’m pretty sure that if someone physically followed you everywhere you went and watched what you did, taking detailed notes, you’d get pretty hacked-off with it. As it’s all digital and mostly hidden, we put up with it.

I can see the argument that ‘It’s just a computer running algorithms to serve me ads, so what’s there to worry about?’ It’s true, but there are also nefarious aspects to it. You need to consider the points below, in addition to that embarrassing ad served to your nan when she borrowed your tablet:

  • You could end up paying more for goods or services because of your profile. It’s not legal everywhere, and even where it is illegal it’s very difficult to police 
  • If the company holding data about you is hacked, it could be used for criminal purposes such as the theft of your identity, theft of your property or assets, or even to extort you
  • Compulsive spending, gambling addictions and other mental health issues could be fed by ads and content that follow you around the internet
  • Government and security agencies can access commercial data, which could lead to more invasive surveillance if your metadata reveals connections to people or groups deemed of interest, even if your own connection to them is innocent or accidental
  • Do you tend to get searched every time at the airport? It could be ‘pre-crime’ AI picking you out due to the digital trails leave3

It’s worth noting that these points don’t offer a complete picture, they’re just the tip of the iceberg.

OK, so what about privacy laws and regulations?

You’re probably thinking about the EU’s General Data Protection Regulation (GDPR), the California Consumer Protection Act (CCPA) and other similar laws that have spread around the world in recent years.

The truth is that the laws are there, but privacy violations aren’t policed at all in most cases – it’s up to us to tell regulators (or lawyers) after we’ve approached the offending organisation. Data breaches and well-researched cases brought by experts will get looked at of course4, but it depends where in the world you are.

Is it time to give in?

Keep fighting is my view, there is momentum out there. Privacy awareness is increasing, and even Google is changing – they will end tracking cookies in a few years. Don’t get too excited though, there’s lots of other tracking tech out there, which will only increase. Google are merely shifting position5, not stopping what they do. Cloud providers and thousands of SaaS companies already offer more tracking tech and personal data analytics services than you can imagine. And that’s before we get to data brokers who make data about you, their business.

Want to understand more? Check out the links below, and watch out for my next blog, where we’ll look at how you and your data are sold, and dive deeper into our world of creeping surveillance. 


Sources:

1: WhatsApp insist they don’t read your messages, but metadata about your contacts and usage is shared with other Meta companies, Facebook’s parent. Learn about metadata here:
https://www.youtube.com/watch?v=xP_e56DsymA

2: UK regulator says real-time bidding violates GDPR, Martech, June 2019
https://privacyinternational.org/examples-abuse/1981/pre-crime-software-border-guards

3: Pre-crime Software for Border Guards, Privacy International
https://privacyinternational.org/examples-abuse/1981/pre-crime-software-border-guards  

4: NOYB (None of Your Business) is a good example of legal expertise used to bring privacy cases with regulators:
https://noyb.eu/en 

5: Google’s cookie ban and FLoC, explained, Wired, May 2021: https://www.wired.co.uk/article/google-cookies-floc  

Continue Reading

Data

Sustainability: using Data, AI and IoT for good

Published

on

Data growth is always bad news, isn’t it?

You’d probably think all data growth is evil after my last two blogs1. I laid out how uncontrolled data growth was bad for your carbon footprint, bad for your risk exposure and bad for your budget. Unrestrained collection of personal data means it’s also bad for your privacy, too.

There’s an old saying ‘You can’t see the wood because of the trees’2, and this is all too often the case when it comes to data. We have so much of it, we can’t see or find the data that matters. Which, ironically, is a problem we won’t have for much longer with actual forests, given the way we’re working at deforestation.

Controlled and smart data growth can, however, be good for our planet. It already has been – we’d have wrecked the ozone layer without the satellite data collected decades ago that led to an unusually successful global effort. In the future our ability to collect and process even more data will be transformational, and we’ll absolutely need it to help us meet climate goals if we’re to sort this mess out.

The main reason we know where the climate emergency will take us is down to the digital modelling3 of our world. Due to our ability to collect ever more granular data, these models have got better over time. It’s allowed us to shift from a debateable ‘we think’ to a level of certainty that we can now say ‘there’s no doubt’. And digital models are driving change everywhere, in lots of positive ways.

Twins – but not the Schwarzenegger and DeVito kind

If you’ve ever seen the film Twins, where the two actors above played genetically engineered twins, you might think that ‘digital twins’ bear as much resemblance. You’d be wrong.

Machine learning and AI’s ability to process data has progressed so much in a relatively short time. We can use it to drive engineering efficiencies that improve reliability and extend the working life of all kinds of components. Aircraft engines once had 8-10 sensors, now they have many thousands, and data collected from them leads to all sorts of improvements. In a similar fashion, trains can create multiple terabytes of data in a relatively short space of time. Sensor tech has changed too – it’s not just about temperature, pressure, motion, or speed anymore, it’s now also about what machines can ‘see’, too.

This allows us to design better stadiums, model more efficient cities and transport systems, and make them smarter. Combining all these sensors with reliable networks means we can understand how events or extremes applied in the digital world, to a twin, will play out in the physical world. And what’s even more exciting is the capacity to use AI to do this in real-time, allowing us to react and avoid dangerous or wasteful situations arising in the first place.

It’s not all about avoiding a disaster or an extreme situation in a big, smart city though. AI running all the time in the background will have an increasing direct benefit on sustainability, pretty much everywhere. Things such as energy efficiency, optimised use of resources and limiting waste production can work in buildings, manufacturing plants, hospitals, Universities, or pretty much anywhere. Google famously pointed its own AI tech at datacentre cooling4 and saved 40% on its cooling bills, which produced a corresponding reduction in CO2.

IoT and 5G – they’re not just hype

While my angle in this blog centres on data, data relies on many components before it can be collected and used, and the two biggest deals here are the Internet of Things (IoT) and 5G. I can almost hear many of you thinking ‘5G? How many folks really have access to that???’

Right now, the real deal about 5G for many of us is the infrastructure changes to support it – the cables and switches that get the data to and from the 5G masts. It’s not just had an incremental upgrade; it’s all getting a mammoth one. This extra capacity is what’s allowing AI and sensor data to help us radically change things, and it’s happening even if you can’t get (or don’t use) a 5G signal yourself just yet. Many cities are already smarter than you think and 5G will allow them to get smarter. Really smart.

Sustainability doesn’t have to be a cost centre

There’s a lot of negative talk about how much it costs to be sustainable. It will vary by what business you’re in of course – there will be losers. That said, I’m a great believer that every organisation has a chance to change and for many, sustainability will have a cash benefit, not a cost. So, sticking to my data theme, what can you do?

  • Think about reducing/expiring unnecessary data – it all has an impact and a potentially much bigger cost/risk profile (see here)
  • Some (whom I disagree with) say that data is ‘the new oil’. Sadly, if you don’t think about where you store it, it could be powered by the old black stuff (or another fossil fuel)
  • Think about shifting it to the cloud. The big cloud providers are mostly powered by renewables, and reach a level of efficiency that most orgs can’t get close to themselves
  • In closing I’ll say that we’re heading for exciting changes in this area, and while AI, IoT and 5G get all the hype, our old friend data is what’s making it all happen. And the best part? For those of you so inclined, you can play a part too. If you want to experiment with actual data as a Citizen Data Scientist, there are many open-source libraries you can access – often published by higher education establishments or local governments (even smart city data) and by commercial organisations. As a commercial entity, you could even tap into this community yourself5.

    For those less analytically inclined, there is an ever-growing number of ways to participate in Citizen Science6 and play your part as a (really) smart sensor – something your kids can enjoy too. Data isn’t always good or useful, but the good stuff has the possibility to be priceless to us all.

    Sources:

    1: 1st blog: https://elnion.com/data-sustainability-and-fixing-the-pain-you-didnt-know-you-had/ , 2nd blog https://elnion.com/when-ransomware-is-also-leakware-what-can-you-do/

    2: Changed slightly for ease of understanding, the actual saying is ‘You can’t see the wood for the trees’ https://www.collinsdictionary.com/dictionary/english/cant-see-the-wood-for-the-trees (link also explains the US variation)

    3: Diagnosing Earth: the science behind the IPCC’s upcoming climate report, Aug 2021 https://www.nature.com/articles/d41586-021-02150-0

    4: AI for data center cooling: More than a pipe dream, Datacenter Dynamics, April 2021

    https://www.datacenterdynamics.com/en/analysis/ai-for-data-center-cooling-more-than-a-pipe-dream/

    5: How to Use Citizen Data Scientists to Maximize Your D&A Strategy, Gartner, June 2021

    https://www.gartner.com/smarterwithgartner/how-to-use-citizen-data-scientists-to-maximize-your-da-strategy

    6: Citizen Science Provides Useful Data For Sustainable Development Goals, International Study Shows, Forbes, July 2020, https://www.forbes.com/sites/jeffkart/2020/07/15/citizen-science-provides-useful-data-for-sustainable-development-goals-international-study-shows/

    Continue Reading

    Trending On Elnion

    Copyright © 2021 ELNION ONLINE - All rights reserved.