I’m tracking all the things related to ePrivacy Regulation and also take an active part in the related work for a while now. What is ePrivacy? In a nutshell, ePrivacy is a regulation aiming to further protect privacy in electronic communication. Think of it as a specialized GDPR. Indeed, Read More
Many countries currently discuss cybersecurity on multiple levels. France is not an exception. The new REVUE STRATÉGIQUE DE CYBERDÉFENSE (Strategic Review of Cyberdefence) is a complex, coherent and strategic document listing the many actions that France has already taken, as well as those ahead. I will not analyze this document Read More
Currently, it is the key question of cybersecurity and privacy strategic policy. The European Union is going through an overhaul of its privacy and cybersecurity regulatory frameworks. New regulations appear with remarkable frequency. Let’s mention merely the three: NIS Directive (“common level of network and information security“), General Data Read More
Websites, mobile apps, IoT devices, smartphones and just about any other products, systems or processes will, in a majority of cases, might soon need to redesign and re-engineer how user consent is being processed. Why? Because of the European General Data Protection Regulation. The GDPR makes consent a bit closer Read More
By now everyone should be familiar with the phenomenon of massive data breaches. It’s no longer news when you can read about private data leaks and breaches in daily press on a regular basis. It’s a trend that one must accept. It just happens. But I find it Read More
Data Protection Impact Assessment (DPIA) is a useful tool that can help organizations to understand the risks related to processed data. DPIA helps to find the right balance and proportions, identify risks, assess the necessity and proportionality and generally help with risk management. Due to the European General Data Protection Read More
Simple payment standard will be the new cool thing web browsers can do. This happens thanks to W3C Payment Request API. Early on it has been even featured in the New York Times and rightly so, as it has a big potential. Why? Introduction Chances are that the days of Read More
Users of public transportation are mainly interested in one thing: getting to the right place conveniently and fast. So do I. Public transportation systems around the world struggle with maintaining their systems as efficient as possible. Transports for London (TfL) is perhaps in the avant-garde here. They are on the Read More
Websites routinely include third-party hosted resources - images, scripts, stylesheets and so on. It's now a standard practice. One thing to keep in mind is that if your website includes a JavaScript script from another site (example.org): <script src=“https://example.org/CoolLib.js"> Read More
Recently I wrote about the new IAB (ad industry) initiative meaning to fight fraud in programmatic advertising. You can find my previous post here. As the ads.txt standard shows which Ads Exchanges are brokering ads space (somewhat related with exchange of user data), I explored the options of using Read More
When governments acknowledged that computer hacking is increasingly made by criminals, hacking techniques employed by criminals were simply banned. This has solved the problem; since then we‘re not hearing of any data theft, fraud and so on. Right. In the European Union, General Data Protection Regulation will enter into Read More
Web privacy and transparency engineering can work both for businesses and users. Sometimes technologies can effectively open the opportunities for enhancing transparency even without a clear intention of doing so. In this post, I’m analyzing the extension to OpenRTB (Real-Time Bidding specification) which is meant to decrease the rate Read More
Do you know when Apple Messages send end-to-end encrypted messages? This note might look unusual but it was sparked by continuous questions I receive about communication confidentiality. If you’re well-versed in security and privacy technology - feel free to skip, most likely you won’t find much things of Read More
The “technology” in “technology policy” should have a real meaning - there are signs it’s actually happening. With the growing involvement and engagement of people versed in technology, good concepts are reaching decision-makers. In this short note I highlight the 3 interesting items currently on plate in Europe. They Read More
NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here). As many of their documents, new guidelines will be influential for security and privacy engineering. Though they’re focused on Digital Identity, the reach will be much broader. I paid Read More
The work on ePrivacy continues and enters a hot period. I’m interested in it from the very beginning, I’m also actively involved in these works, also as a stakeholder. The draft proposal with amendments is now public. Being involved in those works, I’m impressed how good suggestions Read More
I am participating in the works on the ePrivacy Regulation. Last week I have attended ePrivacy Roundtables, organised at the European Parliament. That was an interesting opportunity to exchange opinions, present and exchange views. There were four Roundtables on the following topics: Cookies, Article 8, Consent, Privacy by Design and Read More
Data Protection Authorities of a number of European countries (notably, France, Spain, Belgium, Netherlands) has announced a formal action in the Facebook case. The announcement and summaries are available here. To tackle this particular issue DPAs formed a devoted Contact Group allowing a coordinated analysis. Pretty unprecedented move. Few years Read More
In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your browser using a surprising tool: your smartphone or laptop’s ambient light sensor. In short: 1. We provide background about the light sensor API and current discussions to expose it more broadly to websites. Read More
When is Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) necessary and mandatory according to the General Data Protection Regulation (GDPR)? So far there has been a lot of ambiguity surrounding the issue. I previously wrote about the DPIA guidelines (and its challenges) suggested by the Privacy Commission Read More
ePrivacy is one of the most crucial European privacy and data protection regulations. I already wrote about ePrivacy, analysing its leaked and the later official draft versions. The ePrivacy regulation is important because it touches a number of influential aspects such as: electronic communication, web technologies, and web browsers. To Read More
Designing standards with privacy in mind should be a standard in itself. Historically this was not always the case and the idea of designing systems with privacy is relatively new - it dates from the beginning of this decade. One of the milestones is accepting this view on the IETF Read More
The General Data Protection Regulation is a strong privacy and data protection framework. One of the most important and large changes are the concepts of consent. GDPR increases the bar for consent management. I would not say that GDPR puts the consent requirements “high”, but the requirements are certainly higher Read More
This very short note doesn’t mean to be technical. European Parliament will soon start the work on the ePrivacy regulation, one of the most important privacy and data protection regulatory frameworks in Europe. In short, ePrivacy concerns the matters of security and privacy of communication and data exchange, as Read More
One of the most important cultural change companies and organisations are beginning to face is the need of systematic inclusion of privacy and data protection in technical and organisational frameworks. A crucial aspect of these changes is the need of conducting Privacy Impact Assessments (PIA) and Data Protection Impact Assessments Read More