The European Union is laying out new standards for data giving Europeans more control over their personal information as it seeks to counter the power of U.S. and Chinese tech companies.
Executive Summary: The combination of retreating US leadership and the COVID-19 pandemic has emboldened China to expand and promote its tech-enabled authoritarianism as world’s best practice. The pandemic has provided a proof of concept, demonstrating to the CCP that its technology with ‘Chinese characteristics’ works, and that surveillance on this scale and in an emergency is feasible and effective. With the CCP’s digital authoritarianism flourishing at home, Chinese-engineered digital surveillance and tracking systems are now being exported around the globe in line with China’s Cyber Superpower Strategy.
In a world that is defined by the generation and collection of data by technology and communications companies, personal information—including where people go, with whom they associate, what they purchase, and what they read, listen to, and even eat—it is quite a simple task to create a detailed profile of an individual based solely on the data captured in his or her phone.
Facebook has warned that it may pull out of Europe if the Irish data protection commissioner enforces a ban on sharing data with the US, after a landmark ruling by the European court of justice found in July that there were insufficient safeguards against snooping by US intelligence agencies.
New Zealand’s Domain Name Commission (DNC) had their third victory in three appearances in their ongoing court battle with DomainTools, the latest being in March. DomainTools had appealed three claims, following losing their first appeal, but won only one, while the DNC won the remaining two, with consideration being given by the DNC to appeal the remaining claim. It is a battle over whether a top-level domain registry protect the privacy of their registrants. As Jordan Carter, InternetNZ’s CEO, told the Goldstein Report back in March 2019, “this test case will be significant for protecting the privacy rights of .nz registrants in the .nz domain name space and it is likely to have an impact on other ccTLDs and the wider industry.” It seems that the privacy rights of .nz registrants has been protected.Continue reading .NZ Gets Another Victory In DomainTools Battle Over registrant Privacy Rights
Organisations, on average, receive benefits 2.7 times their investment, and more than 40% are seeing benefits that are at least twice that of their privacy spend according to Ciscoâs 2020 Data Privacy Benchmark Study. Privacy has become a big issue globally in recent years, particularly following the introduction of the European Unionâs General Data Protection Regulation (GDPR) that caused domain name registrars and registries to make major changes to their practices.
The Cisco study, released in observance of International Data Privacy Day, also found that up from 40% last year, over 70% of organisations now say they receive significant business benefits from privacy efforts beyond compliance, including better agility, increased competitive advantage and improved attractiveness to investors, and greater customer trust.
Other benefits included companies with higher accountability scores (as assessed using the Centre for Information Policy Leadershipâs Accountability Wheel, a framework for managing and assessing organisational maturity) experience lower breach costs, shorter sales delays, and higher financial returns while 82% of organisations see Privacy Certifications as a Buying Factor. These included privacy certifications such as the ISO 27701,Â EU/Swiss-US Privacy Shield, and APEC Cross Border Privacy Rules system becoming an important buying factor when selecting a third-party vendor. India and Brazil topped the list with 95% of respondents agreeing external certifications are now an important factor.
In a blog post, Robert Waitman, Director, Data Privacy Security and Trust Office at Cisco said âthe results of this study highlight that privacy is good for business, beyond any compliance requirements.â Waitman writes Cisco recommends organisations:
- Invest in privacy beyond the legal minimum; most organizations are seeing very positive returns on their privacy spending.
- Work to obtain external privacy certifications; these have become an important factor in the buying process.
- Build in privacy accountability and maturity to achieve security benefits, reduced sales delays, and higher returns.
Ciscoâs 2020 Data Privacy Benchmark Study is their third annual look into corporate data privacy practices worldwide and shows growing tangible benefits for businesses that adopt strong privacy practices.
The study is based on results from a double-blind survey of over 2,800 security professionals in organisations of various sizes across 13 countries. It provides deep insight into the state of privacy a year and a half after the effective date of the European Unionâs General Data Protection Regulation (GDPR), widely considered a turning point on how organisations control and manage the use of personal data. Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorised and authorised users, and preparation for the GDPR and similar laws around the globe spurred many organisations to make considerable privacy investments â which are now delivering strong returns.
The European Unionâs General Data Protection Regulation (GDPR), introduced in May 2018 but adopted in 2016, has been a focus in the domain name world due to required changes to contact information that has been required for WHOIS and ICANNâs ham-fisted attempts to deal with the situation which led to ICANN losing multiple court actions and exemptions provided to many registrars located within the EU regarding information they were required to collect under their Registrar Accreditation Agreements. Additionally, almost all, if not all, country code top level domain (ccTLD) registries located either within the EU or who allowed EU citizens to register their domains were required to make changes as to the information they required registrars to collect upon registering a domain name.
For more information, see: