Tomorrow marks the fifth anniversary of the European Union’s General Data Protection Regulation (GDPR). The European Union adopted this legislation in 2016. It was officially enforced on 25th May 2018 to govern the utilization of data companies in European and non-European regions that gather, store, and process data of European citizens.
There are many views on how effective GDPR has been. I personally think it’s been a good thing as it holds companies accountable for how they handle data. But I got a second view on this from Ani Chaudhuri, CEO, Dasera:
There is often an overlooked aspect of GDPR – the potential exploitation of its provisions for malicious ends. When we discuss GDPR, we typically focus on the empowerment it gives individuals over their personal data, yet GDPR’s ‘Right of Access’ can indeed have negative consequences for data privacy if misused.
However, I firmly believe that GDPR continues to be of net benefit to data subjects and data protection. Despite these potential pitfalls, the importance of a legal framework that protects individuals’ data rights and fosters transparency and accountability in data processing cannot be overstated.
As for measures taken by the EU since GDPR, the EU is generally known for its proactive stance on data privacy issues, and I anticipate they would take such issues seriously, working on improvements to address these gaps.
The crux of the problem is verifying the identity of individuals making data access requests. In this regard, automated data security and governance controls can offer a strong solution. By using sophisticated verification and monitoring systems that can detect abnormal patterns or suspicious requests, we can bolster the security of data access processes.
Lastly, let’s not forget that we’re still relatively early in the implementation of comprehensive data privacy laws. The GDPR is groundbreaking legislation, but it is also an evolving one. As we learn more about its strengths and weaknesses, we must continue to refine and improve it. It is vital to shed light on vulnerabilities that need to be addressed, ensuring that the GDPR remains a robust and effective tool for protecting personal data.
Where once enterprises could buy, sell, share, and store customer data with relative freedom, for the last 5 years every organization that operates under the GDPR has been subject to scrupulous regulatory compliance requirements. And we have seen companies like Amazon, Meta and Google fined for breaches and other issues. This is a very good thing as like I said earlier, these companies are being held accountable. That forces them to change the behaviours of said companies for the better.
UPDATE: Ted Miracco, CEO, Approov Mobile Security added this comment:
“While no law is perfect, the GDPR regulation was one of the most ground-breaking, necessary, and extremely well crafted pieces of cross-border legislation in recent history. Protection of Personal Data is critical to a well-functioning and open society, and while GDPR didn’t stop the abuse of big technology companies, it made the consequences of their actions substantive and many, including Google and most recently Meta have been fined billions of dollars for their abusive handling of Personal Data. Even the definition of “Personal Data” per GDPR, was forward looking in that it cast a wide net, anticipating that tech companies would try bypass the definition to continue to harvest, export and profit by exploiting the data made available to them. The law was both clear and manageable and therefore it has become a framework for many data privacy laws around the world. If you ask if the law has been effective, I will give a resounding “yes”, and back it up by the data in a recent Cyber Threats Report1. on the security of mobile applications, where European based fintech companies outperformed their US counterparts by a significant margin.”
Footnote:
1. The Approov Mobile Threat Lab issued findings in March 2023 that analyzed the 200 most popular financial services apps in use in the USA, France, Germany and the UK. Using an automated approach, researchers were able to immediately extract and classify thousands of secrets from these apps, including API Keys for critical financial services. In addition, from these automated scans, it was possible to determine how well protected apps were against run-time threats such as
– Extraction of API Keys and other Secrets
– Man-in-the-Middle (MitM) attacks
– Device manipulation or “Man-in-the-Device” attacks
Results: 28% of US apps exposed high value secrets; 28.5% of French apps exposed high value secrets; 24.5% of U.K. apps exposed high value secrets; and 19.5% of German apps exposed high value secrets. The full report is available upon request.
Like this:
Like Loading...
Related
This entry was posted on May 24, 2023 at 12:31 pm and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
GDPR Turns Five Tomorrow
Tomorrow marks the fifth anniversary of the European Union’s General Data Protection Regulation (GDPR). The European Union adopted this legislation in 2016. It was officially enforced on 25th May 2018 to govern the utilization of data companies in European and non-European regions that gather, store, and process data of European citizens.
There are many views on how effective GDPR has been. I personally think it’s been a good thing as it holds companies accountable for how they handle data. But I got a second view on this from Ani Chaudhuri, CEO, Dasera:
There is often an overlooked aspect of GDPR – the potential exploitation of its provisions for malicious ends. When we discuss GDPR, we typically focus on the empowerment it gives individuals over their personal data, yet GDPR’s ‘Right of Access’ can indeed have negative consequences for data privacy if misused.
However, I firmly believe that GDPR continues to be of net benefit to data subjects and data protection. Despite these potential pitfalls, the importance of a legal framework that protects individuals’ data rights and fosters transparency and accountability in data processing cannot be overstated.
As for measures taken by the EU since GDPR, the EU is generally known for its proactive stance on data privacy issues, and I anticipate they would take such issues seriously, working on improvements to address these gaps.
The crux of the problem is verifying the identity of individuals making data access requests. In this regard, automated data security and governance controls can offer a strong solution. By using sophisticated verification and monitoring systems that can detect abnormal patterns or suspicious requests, we can bolster the security of data access processes.
Lastly, let’s not forget that we’re still relatively early in the implementation of comprehensive data privacy laws. The GDPR is groundbreaking legislation, but it is also an evolving one. As we learn more about its strengths and weaknesses, we must continue to refine and improve it. It is vital to shed light on vulnerabilities that need to be addressed, ensuring that the GDPR remains a robust and effective tool for protecting personal data.
Where once enterprises could buy, sell, share, and store customer data with relative freedom, for the last 5 years every organization that operates under the GDPR has been subject to scrupulous regulatory compliance requirements. And we have seen companies like Amazon, Meta and Google fined for breaches and other issues. This is a very good thing as like I said earlier, these companies are being held accountable. That forces them to change the behaviours of said companies for the better.
UPDATE: Ted Miracco, CEO, Approov Mobile Security added this comment:
“While no law is perfect, the GDPR regulation was one of the most ground-breaking, necessary, and extremely well crafted pieces of cross-border legislation in recent history. Protection of Personal Data is critical to a well-functioning and open society, and while GDPR didn’t stop the abuse of big technology companies, it made the consequences of their actions substantive and many, including Google and most recently Meta have been fined billions of dollars for their abusive handling of Personal Data. Even the definition of “Personal Data” per GDPR, was forward looking in that it cast a wide net, anticipating that tech companies would try bypass the definition to continue to harvest, export and profit by exploiting the data made available to them. The law was both clear and manageable and therefore it has become a framework for many data privacy laws around the world. If you ask if the law has been effective, I will give a resounding “yes”, and back it up by the data in a recent Cyber Threats Report1. on the security of mobile applications, where European based fintech companies outperformed their US counterparts by a significant margin.”
Footnote:
1. The Approov Mobile Threat Lab issued findings in March 2023 that analyzed the 200 most popular financial services apps in use in the USA, France, Germany and the UK. Using an automated approach, researchers were able to immediately extract and classify thousands of secrets from these apps, including API Keys for critical financial services. In addition, from these automated scans, it was possible to determine how well protected apps were against run-time threats such as
– Extraction of API Keys and other Secrets
– Man-in-the-Middle (MitM) attacks
– Device manipulation or “Man-in-the-Device” attacks
Results: 28% of US apps exposed high value secrets; 28.5% of French apps exposed high value secrets; 24.5% of U.K. apps exposed high value secrets; and 19.5% of German apps exposed high value secrets. The full report is available upon request.
Share this:
Like this:
Related
This entry was posted on May 24, 2023 at 12:31 pm and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.