Back to main
Lukasz Olejnik
Security, Privacy & Tech Inquiries

Posts for "gdpr"

Total 24 Posts

Pseudonymisation - the critical and the most exciting thing in data protection

Pseudonymisation is a technical and organisational measure and a data protection measure under the GDPR. It is a risk-reduction measure that minimizes the likelihood and impact of data protection breaches. It allows for controlled re-identification through stored additional information (secret information). Unlike anonymisation, which irreversibly removes the ability to link Read More

Privacy, security, and exfiltration via web browser Background Sync API

The Background Sync API (alternatively, periodic) enables web apps to defer tasks until the user has a stable connection. It may be useful for apps processing data offline. It introduces curious capabilities in web platforms, so it's important to understand the security and privacy footprint. Here I explore Read More

Impact assessments, risks, and navigating GDPR compliance

Are risks related to the processing of personal data, as referenced in the GDPR, fixed and exhaustive? They are not. The regulation provides a non-exhaustive list of risks solely as a foundation for protecting fundamental rights. Administrators must assess and address additional, context-specific risks beyond those explicitly listed. This requires Read More

Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?

User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our Read More

Privacy and freedoms consideration of Covid-19 health passports or certificates

This post describes some of the technologies that are or may be used, as well as the ideas of improving the privacy stance of such a certificate/passports technology. Treat it as a standardisation and food-for-thoughts consideration, with a view towards privacy-preserving Covid19 health certificates or ‘passports’. It seems that Read More

iPhone to deploy the EU Tracking Cookie Consent Popup to the whole world?

Imagine  tens of millions of users potentially receiving a popup asking the user to grant permission to be tracked, in September 2020. The striking news emerged from this year’s Apple WWDC conference. Apple will limit the use of the IDFA “tracking identifier”. This identifier allowed advertisers to track the Read More

The case for mandatory cybersecurity and privacy certifications

Currently, it is the key question of cybersecurity and privacy strategic policy. The European Union is going through an overhaul of its privacy and cybersecurity regulatory frameworks. New regulations appear with remarkable frequency. Let’s mention merely the three: NIS Directive (“common level of network and information security“), General Data Read More

Privacy of London Tube Wifi Tracking

Users of public transportation are mainly interested in one thing: getting to the right place conveniently and fast. So do I. Public transportation systems around the world struggle with maintaining their systems as efficient as possible. Transports for London (TfL) is perhaps in the avant-garde here. They are on the Read More

Analysis of Working Party 29 DPIA Guidelines

When is Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) necessary and mandatory according to the General Data Protection Regulation (GDPR)? So far there has been a lot of ambiguity surrounding the issue. I previously wrote about the DPIA guidelines (and its challenges) suggested by the Privacy Commission Read More

GDPR Consent Requirements. First ICO Guidelines

The General Data Protection Regulation is a strong privacy and data protection framework. One of the most important and large changes are the concepts of consent. GDPR increases the bar for consent management. I would not say that GDPR puts the consent requirements “high”, but the requirements are certainly higher Read More