Gdpr & Privacy

How much is privacy worth? Is it right paying for privacy? Following last Meta’s initiative to introduce paid privacy protection to deny advertising on its social media platforms, the digital profiling field deals with the need to comply with current privacy legal frameworks, like EU GDPR, to provide services under legit and clear users consent. Discover what’s new with the use of Meta’s Facebook and Instagram, the difference between free and paid accounts and how this decision impacts from a legal point of view.

Organizations collect information from consumers every day, much of which falls into the category of sensitive data that must be protected.

GDPR’s Art. 39 designates the Data Protection Officer as the person in charge to manage, process and safeguard third parties’ private data, in compliance with data protection laws. Organisations dealing with large scale personal data processing must hire a Data Protection Officer considering the skills required to best fulfill the main responsibilities of this professional. Some example of large scale data processing concern hospitals patients data or banks customer data. The main Data Protection Officer’s tasks are the training of the personnel on data processing, the conduction of compliance audits and the interaction with data subjects and GDPR supervisory authorities for informational and organisational reasons.

The Trans-Atlantic Data Privacy Framework is the result of more than a year of negotiations between the European Union and the United States and intends to provide a solid and lasting way for transatlantic data transfer

European Data Protection Board (EDPB), the independent body responsible for the consistent application of GDPR and the cooperation between EU data protection authorities, regulated in detail management and notification of personal data breaches via Guidelines 9/2022 Version 2.0. The data controller must act on any initial report to establish whether a personal data breach has actually occurred or not, assess the risk level, take all necessary measures to tackle the attack and notify the event to the supervisory authority. If a controller doesn’t act or notify the breach timely, there could be severe consequences according to GDPR’s Article 33.

The GDPR is a reference when dealing with data breach, that is a violation that leads to the destruction, loss, modification, unauthorized disclosure or unauthorized access of personal data

Data portability is the ability to move data from one platform to another. This concept has been around for a while, but under the GDPR it is now an explicit right for consumers.

What are the biggest challenges that Big Tech companies face in managing privacy while doing business in the EU? How can they overcome them?

The GDPR requires companies and professionals to comply with various obligations regarding the personal data processing.

A data breach occurs when a company is responsible for people’s personal data and suffers a security problem resulting in a violation in terms of confidentiality, availability or integrity.