Andreea Lisievici, Author at The PrivacyCraft Blog

AEPD Reports on Addictive Internet Patterns Impacting Minors

AEPD, children, Deceptive patterns | July 29, 2024

The Spanish Data Protection Agency (AEPD) has released a report on the influence of addictive internet patterns, focusing on the significant impact on minors. The report highlights how service providers often use deceptive and addictive design strategies to extend user engagement and collect more personal data. These practices particularly affect vulnerable groups like children and adolescents, influencing their preferences and development. The AEPD aims to have these patterns included in the EDPB guidelines, emphasizing the high risk to data protection rights in digital environments.

AEPD Reports on Addictive Internet Patterns Impacting Minors Read More »

Deceptive design under global spotlight – GPEN and country reports

Deceptive patterns | July 29, 2024

On 9 July 2024, the Global Privacy Enforcement Network (GPEN) published a global report spotlighting deceptive design practices influencing privacy choices. In a comprehensive sweep of 1,000 websites and apps, involving 26 international data protection authorities, the GPEN found that 89% of privacy policies were excessively complex, and 42% of sites used manipulative language. Country-specific reports from Canada, Bermuda, Hong Kong, Germany, Guernsey, and Malta reveal widespread issues and underscore the need for transparent, user-friendly privacy practices worldwide.

Deceptive design under global spotlight – GPEN and country reports Read More »

CNIL Launches Public Consultation on Workplace Diversity Measurement

CNIL, DPA guidance, EU law | July 29, 2024

On 9 July 2024, the French data protection authority (CNIL) launched a public consultation on a draft recommendation for conducting diversity measurement surveys in workplaces, open until 13 September 2024. The draft emphasizes the need for anonymity, voluntary participation, and data minimization. It recommends involving a trusted third party to manage sensitive data and ensure compliance with GDPR. The goal is to help organizations measure diversity while protecting individual privacy and ensuring adherence to legal standards, including the 2007 Constitutional Council decision prohibiting ethno-racial data collection.

CNIL Launches Public Consultation on Workplace Diversity Measurement Read More »

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation

DORA, Germany | July 29, 2024

On 8 July 2024, the German Federal Financial Supervisory Authority (BaFin) published guidelines for implementing the Digital Operational Resilience Act (DORA). These guidelines are intended to help supervised financial companies meet DORA requirements for ICT risk management and third-party ICT risk management. The guidelines cover governance, information risk management, IT operations, business continuity, project management, and operational security. They are aimed at banks and insurers under BaFin’s supervision and include minimum contract contents with ICT service providers. Effective 17 January 2025, these companies must comply with DORA’s comprehensive ICT risk management framework.

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation Read More »

India’s Supreme Court Finds That Google Pin Sharing as Bail Condition Violates Privacy

Case Law, India, Location | July 29, 2024

The Supreme Court of India ruled that any bail condition allowing police or investigative agencies to track an accused’s movements using technology violates the constitutional right to privacy. The Court also emphasized that tracking through a pin drop on Google Maps is ineffective for real-time monitoring and, therefore, redundant.

India’s Supreme Court Finds That Google Pin Sharing as Bail Condition Violates Privacy Read More »