The BBC report that the Irish Council for Civil Liberties issuing a branch of the Interactive Advertising Bureau (IAB) and others over what it describes as “the world’s largest data breach“.
<p>It should come as no surprise to many that personal data is collected and shared to facilitate targeted advertising. However, it\’s the way through which most of this data is collected and used that requires transparency so that people can make informed decisions on what data they give up and how it is used.</p> <p> </p> <p>It\’s true that many internet services are free due to advertising, and while people typically consent to adverts being displayed, they aren\’t necessarily agreeing to it at the expense of their personal information being mined.</p> <p> </p> <p>While there are some legitimate and useful uses for understanding customer behaviour to make better suggestions, e.g. Netflix recommendations. There is a line that is often crossed.</p> <p> </p> <p>In his keynote entitled, \"Data is the New Oil: How will MoviePass Monetize It?\" at the entertainment finance forum, CEO of the now defunct MoviePass, Mitch Lowe stated, \"We get an enormous amount of information… We watch how you drive from home to the movies. We watch where you go afterwards.</p> <p><br /><br />The company maintains the information is collected for future services and to bring greater convenience to its customers. And while that may be the case, transparency is important – it’s one of the underlying principles of GDPR, whereby data collected should only be used for the purposes it was intended for.</p>
<p>This is a really interesting case for all businesses to pay attention to as it highlights the risks and financial impact for businesses that do not invest in a robust privacy program. The business impact is the financial cost associated with legal fees, potential privacy regulatory fines as a result of not adhering to GDPR compliance requirements, and employee compensation if found that the privacy of their data was not adhered to both from a business collection purpose and/or if adequate protection controls where not in place that lead to the result of their data being breached. </p> <p> </p> <p>Again, executive management need to understand that Trust and Security is a business differentiator. Not having an adequate privacy program with dedicated privacy operations will slow businesses down in fulfilling data discovery requirements for privacy such as the subject access requests and general eDiscovery that protects organizations in legal cases like this. We are likely to see more of these cases arise in the future.</p>
<p>The amount of data advertisers have on us might shock most people but we can still still limit the amount we share and try and control further information being used. Our data is continually analysed and profited from by many technology firms but it is possible to reduce this by learning specific settings within the accounts and not sharing sensitive information that isn’t crucially required for the application to function. </p> <p> </p> <p>Before we part with our personal information, our data is our responsibility but unfortunately many companies still do not fully understand how to protect our personal data online or worse still, they share such data with third parties without our direct knowledge. We must start restricting the amount of data we share with companies now to help reduce problems in the future where any company, government or third party could potentially learn every single private detail about us.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics