Another day, another data protection issue

We’re generating data all the time, without realising, and without really knowing where it all goes.

Users told to ditch OneDrive and Office 365 to avoid ‘covert’ data harvesting
Microsoft Office and Windows 10 Enterprise uses a telemetry data collection mechanism that breaches the EU’s General Data Protection Regulation (GDPR), according to a 91-page report commissioned by the Dutch government, and conducted by firm Privacy Company.

It’s not just Microsoft in the firing line, of course.

With GDPR now several months into play, data watchdogs across Europe are beginning to take their first steps in the new regulatory landscape. Microsoft is the latest in a line of major companies accused of breaching GDPR, with Oracle and Equifax among seven firms reported for violations by a data rights group last week.

And that story about Google’s AI company having access to NHS data is still rumbling on.

Google: Our DeepMind health slurp is completely kosher
DeepMind told The Reg: “It is false to say that Google is “absorbing” data. This data is not DeepMind’s or Google’s – it belongs to our partners, whether the NHS or internationally. We process it according to their instructions.”

That claim, echoed by DeepMind Health chief Dominic King, brought a swift correction from legal experts. “It doesn’t belong to DeepMind’s partners, it belongs to the individuals,” Serena Tierney partner at lawyers VWV. “Those ‘partners’ may have limited rights, but it doesn’t belong to them.”

I wonder if we’ll be seeing more of these issues, what with one thing and another.

What the potentially useless draft Brexit agreement means for tech
One of the big questions for Brexit is data protection, and the agreement seeks to hold onto the status quo. Scroll through to Article 71 for the text, which says that EU data protection law will continue to cover the UK before and after the transition period, which runs until the end of 2020. That means personal data can continue to flow between the UK and the EU.

“This issue is critical to the tech sector and to every other industry in a modern digitising economy,” says Tech UK CEO Julian David in a blog post. Data’s the oil that greases tech, and all that.

That doesn’t mean that GDPR will continue to apply in the UK post Brexit. Christopher Knight, privacy lawyer at 11KBW, notes that the UK will become a “third state”. That means the UK won’t be required to apply GPDR and other data laws to “wholly internal situations of processing”.

Update: Well, here’s a thing. I’m still getting used to this new Android phone, with its Google news feed thing, and some time after first drafting this post I was browsing through it and came across the article below. How did it know to surface stories about DeepMind? I’m sure I hadn’t searched for it, but came across it in a newsletter. Is Google reading what I type into WordPress?

Inside DeepMind as the lines with Google blur
Last week, the line between the companies blurred significantly when DeepMind announced that it would transfer control of its health unit to a new Google Health division in California. […]

In March 2017, DeepMind also announced it would build a “data audit” system, as part of its public commitment to transparency. The technology would allow NHS partners to track its use of patient data in real time, with no possibility of falsification, DeepMind said. Google did not comment on whether it will finish the project.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s