Posts

Preserving User Privacy in Digital Advertising: Navigating Consent and Privacy by Design

  By Victorianne Musonza #privacy-by-design #digitaladvertising #dataprivacy #CCPA #GDPR In the ever-evolving world of digital advertising, user consent, and data privacy should be an afterthought but rather something that is built into the design. As companies strive to engage consumers effectively, it is important to address these issues and implement robust mitigation strategies, all while embracing the concept of privacy by design. User consent is a major focus for data privacy in digital advertising. Consumers must have clear, transparent information about how their data is collected, used, and shared. By obtaining explicit consent, companies can establish trust and ensure that users are aware of the purpose and extent of data processing. This consent should be easily accessible, providing users with options to manage their preferences and exercise control over their personal information. However, obtaining mere consent is not enough; organizations must prioritize data privacy mit

ICO issues additional guidance on Privacy and Electronic Communications Regulations (PECR)

By Privacy Counsel What is PECR?  In February of this year, the Information Commissioner’s Office (ICO), or UK’s Data Protection Regulator, published additional guidance on the Privacy and Electronic Communications Regulations (PECR) , initially passed in 2003, on applying PECR to the DPA. How does PECR apply? There is frequently a lot of discussion around the e-Privacy Directive ( Directive 2009/136/EC ) and very little surrounding the UK. Although the UK is no longer part of the EU, it has adopted a GDPR national privacy law, The Data Protection Act (DPA). PECR applies in the context of UK residents specifically. The e-Privacy Directive applies to GDPR and EU residents. The chart below provides the similarities and distinctions between the two.    Differences from the E-Privacy Regulation PECR E-Privacy Directive Scope PECR applies to the transmission of unsolicited electronic messages to individuals in the UK. ePD applies to the processing of personal data and security of the trans

Meta (Facebook) is facing major data transfer hurdles

  By Victorianne Musonza, Privacy Counsel Meta was recently fined 400 Million Euros by the Irish Data Protection Commission for privacy violations, mainly because they failed to adhere to GDPR processing restrictions on personal data. According to Politico , Helen Dixon of the Irish DPC also seeks to prevent Meta from using standard contractual clauses (SCC) to facilitate personal data transfers from the EU to the US. Read more about this here .

CALIFORNIA’S CONSUMER PRIVACY ACT BEING HAILED THE AMERICAN VERSION OF THE GDPR, BUT IS THAT ACCURATE?

Written by Victorianne C. Musonza, Esq, CISA, CAMS, CIPP, CIPM, FIP I.         INTRODUCTION By the close of 2018, all fifty U.S. states had data breach notification laws [1] on the books. California was the first to pass a data breach notification law in 2003; [2] New York was not that far behind passing a data breach notification law [3] that was signed into law in August 10, 2005. New York has always had a more proactive approach to privacy with several privacy statutes that include information security, [4] employee privacy, [5] wiretapping, [6] ease dropping, [7] and confidentiality related to HIV related records. [8] Additionally, last year the New York legislature passed a cyber security law that imposes additional requirements on businesses that are regulated the Department of financial services. In additional to federal statutes, New York businesses who do business in certain parts of Europe [9] or in California, provide services to residen