Struggling with GDPR, or just ignoring it?

It’s been over a year now, but are we all still feeling our way with GDPR?

PwC’s data practices rejected in GDPR rebuke
With enforcement of the EU’s General Data Protection Regulation (GDPR) still in its infancy, companies may be floating trial balloons to see which arguments resonate with authorities. PriceWaterhouseCoopers (PwC) recently tested the air currents in Greece, but was shot down by the Hellenic Data Protection Authority in a case involving the processing of employee data.

PwC will have to work to rebuild trust after shock GDPR fine
The Greek representative of PwC is the first of the “Big 4” to be fined under the GDPR. Moreover, it’s the first consultancy that has actually helped many of its clients with GDPR compliance over the last year. It seems astounding that a company of PwC’s size and reputation that’s making a lot of money on giving advice on the GDPR has been burned by the very fire they help clients to avoid on a daily basis.

Or perhaps we’re just ignoring it completely. Research just out has shown what we already know to be the case — most of those cookie notices everywhere aren’t following the EU privacy-first GDPR regulations. At all.

Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds
Their industry snapshot of cookie consent notices found that the majority are placed at the bottom of the screen (58%); not blocking the interaction with the website (93%); and offering no options other than a confirmation button that does not do anything (86%). So no choice at all then.

A majority also try to nudge users towards consenting (57%) — such as by using ‘dark pattern’ techniques like using a color to highlight the ‘agree’ button (which if clicked accepts privacy-unfriendly defaults) vs displaying a much less visible link to ‘more options’ so that pro-privacy choices are buried off screen.

And while they found that nearly all cookie notices (92%) contained a link to the site’s privacy policy, only a third (39%) mention the specific purpose of the data collection or who can access the data (21%).

[…]

This is an important finding because GDPR is unambiguous in stating that if an Internet service is relying on consent as a legal basis to process visitors’ personal data it must obtain consent before processing data (so before a tracking cookie is dropped) — and that consent must be specific, informed and freely given.

Yet, as the study confirms, it really doesn’t take much clicking around the regional Internet to find a gaslighting cookie notice that pops up with a mocking message saying by using this website you’re consenting to your data being processed how the site sees fit — with just a single ‘Ok’ button to affirm your lack of say in the matter.

In the way that those US academics highlighted the dark patterns used with shopping sites, there needs to be a way of reporting and highlighting these non-compliant cookie notices, or they’ll just get away with it.

HE audits

Leader: Red tape: A form of distrust – As audit overloads academics, it also undermines their freedoms, impedes their work and damages their public standing
A scary new word to emerge in our cover story is “hyper-bureaucracy”, which describes “an out-of-control system” that emerges in the search for optimum efficiency and takes no account of the costs in time, energy and money that are needed to achieve it. It is a bureaucratic nightmare in which there is no end to the extra information that can be acquired. The monitoring of contact hours and how academics spend their time are examples of the type of bureaucracy that “eats up people and resources”, according to Andrew Oswald, professor of economics at the University of Warwick.

Audit overload – Bureaucracy is an inescapable fact of life in today’s academy. John Morgan unravels the true extent and consequences of red tape
There are those who argue that a “hyper-bureaucracy” has taken hold, tailoring universities to the needs of the labour market, coercing academics into following the rationale of business in their research choices and destroying notions of the intrinsic value of scholarship. But do academics direct their unhappiness at those who shape policy, or at blameless administrators who happen to be closest to hand? And isn’t bureaucracy necessary to make academics accountable and to ensure that public money going into universities is spent fairly and effectively?

Missing student data

Scandal of the students who never sat exams
There was widespread belief in the sector prior to 2004 that the rule was impractical and not applicable in its literal sense to higher education institutions with modular degree schemes and, in particular, to those with a strong widening participation ethos, many of whose students progress through university at an intermittent pace.

University fraud

University accused of £36m student scam
The body which funds English universities has taken the unprecedented step of calling for the mass resignation of governors at a university accused of misusing public money. A letter seen by The Independent from the Higher Education Funding Council for England (Hefce) to the chairman of governors at London Metropolitan University calls on members of the governing body and senior staff to “consider their position”.