Data On Duty®’s Post

[#GDPR & #international #data transfers] The CNIL, the French data protection authority, authorises the hosting of a health data platform by Microsoft for three years as there is no non-EU/EEA provider offering the required technical and functional requirements in this case. But throughout the decision the CNIL shows that it was not so willing to do so and that it still hopes for emergence of a solution that fully protects against the extra territorial application of 3rd country laws. On the last point the position of the CNIL is quite hypocritical as the health data concerned are pseudonymised and otherwise highly protected. On the other hand, the CNIL has no problem that clear data of thousands of French citizens who are accidentally born in the US, have accidentally the US nationality and in most cases will never have to pay any taxes in the US, are sent to the US tax authorities in automated bulk transfers. Questions ? Contact our NautaDutilh #Benelux #data & #privacy team. Joris Willems | Vincent Wellens | Sarah Zadeh | Sigrid Heirbrant | Yoann E. A. Le Bihan | Danique Knibbeler | Ottavio Covolo | Matthieu PIERRE | Jill Van Overbeke | Garance Diacono | Aline Bleicher | Martin Plak https://lnkd.in/eYMyCdJn #privacy #cloud #publicsector

Is your data strategy #Law25 compliant? 🤔 This new legislation aims to modernize protection of personal information, pushing organizations to also modernize their data systems. 👉 avpt.co/3SfjmTj Join #AvePoint's upcoming webinar to understand: 💡The backbone of Law 25 🤖How AI exasperates compliance challenges 🔍How #AvePoint's Policies & Insights addresses data identification/organization 📈The actions Groupe Access will take to help you become compliant Are you ready to take the next step towards modernizing your data practices? Join Miguel Caron and Alvin Kalli in this insightful session here: avpt.co/3SfjmTj

Analyzing IPDR (Internet Protocol Detail Records) Methodology:  Pre-analysis Phase: - Acquire IPDR files from ISP  - Extract IPDR files from the locations in https://lnkd.in/gMdr3eSD . - File indexing and hashing for integrity checks Analysis Phase:   - Identify key IP addresses, domains, URLs from IPDR data - Link analysis and visualization of internet connections   - Map IP addresses to locations using geo-IP databases - Filter connections by date, protocols, keywords - Check IPDR backups:   - Android: /data/data/com .android .providers . ipdr /databases/   - iOS: /var /mobile /Library /IPDR/ - Recover deleted IPDR files using forensic tools Post-analysis Phase: - Correlate IPDR evidence with device, network logs, witness statements - Identify inconsistencies, anomalies   - Compile findings into reports with network graphs, activity timelines and maps - Indicate file paths and locations IPDR data was extracted from . #soc #socanalyst #forensicscience #digitalforensic #forensics #cybersecurity #ipdr

Do you have questions about your current #datatransport solution? Then let one of our experts help you transform your capabilities and provide seamless, efficient, and secure solutions tailored to your unique needs. Why not request a review with one of our team where you can discuss all of your requirements and receive unbiased, actionable recommendations on how to streamline your workflows and make your #filetransfer system work better for you. Get in touch here to find out more: https://bit.ly/40fByOM #datamanagement #TheDataExperts

Still thinking about subsections 1 and 3 of section 8 of India’s Digital Personal Data Protection Act and how such subsection will apply in subsidiary legislation, if applicable. I agree with Douwe Korff that "the DPDP Act does not contain any express reference to [“data protection by design and default]", but again, the Central Government could presumably use its wide rule-making powers to implement, or require the adoption of, a “data protection by design and default” approach, either generally or in specific contexts or sectors.” Meanwhile, The Indian government has drawn up the draft rules under the Digital Personal Data Protection (DPDP) Act and will release them for public consultation soon, electronics and information technology minister Ashwini Vaishnaw told the media during the India Mobile Congress on Friday. "Vaishnaw clarified that steps related to the implementation of the DPDP Act must happen in sequence. First, the draft rules will be placed in the public domain for public consultation for at least 45 days. Parallelly, the digital architecture for the DPB will be developed. The notified rules will then be placed before the Parliament for approval and after that approval, the Board will be put in place. Appointment to the DPB will happen after parliamentary approval for the notified rules, he clarified. "The earliest the Rules can be tabled in the Parliament after notification is in December when the truncated winter session is expected to take place. The DPDP Act requires the notification of 25 sets of rules to enable the enactment of the Act. Vaishnaw said that all 25 sets will be released for public consultation in one go and will be notified at the same time." See https://lnkd.in/e73ebi-s.

🔍  The French data protection authority, CNIL, has recently (on January 31st) approved a new data warehouse project known as EDS EMC2, which is part of an EMA call for projects, to be hosted on Azure Servers. This approval is valid for three years, providing the Health Data Hub with time to explore alternatives to its existing partnership with Microsoft established a few years back. ❗️This decision has sparked significant discussion for several reasons: 📌Background: The Health Data Hub relies on Microsoft for hosting the health data records of millions of French patients. When this agreement was initially made, it faced criticism from various stakeholders. 📌Presently: Ongoing debates about scheme certifications have caused friction among nations, particularly between those advocating for data sovereignty (including France) and those opposing it. 📌The CNIL's recent decision highlights the complex situation facing many organizations and governments: 1️⃣ It acknowledges the reality and serious implications of the extraterritorial reach of US laws (e.g., FISA, Cloud Act), emphasizing the need to consider these as genuine threats. 2️⃣Simultaneously, it points out the current lack of European hosting providers capable of matching the technical prowess of US companies. This was evident in CNIL's latest mission to evaluate whether any European hosting services could meet the Health Data Hub's technical and functional requirements for the EMC2 project within the necessary timeframe. The conclusion was stark: no potential provider could offer hosting services that meet these criteria, demonstrating the challenging position in which many find themselves. https://lnkd.in/dgadq22J

The Bill will apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised. It will also apply to such processing outside India, if it is for offering goods or services in India. Personal data is information that relates to an identified or identifiable individual. Businesses as well as government entities process personal data for delivery of goods and services. Processing of personal data allows understanding preferences of individuals, which may be useful for customisation, targeted advertising, and developing recommendations. Processing of personal data may also aid law enforcement. Unchecked processing may have adverse implications for the privacy of individuals, which has been recognised as a fundamental right.[1] It may subject individuals to harm such as financial loss, loss of reputation, and profiling

Digital Public Infrastructures are one of the key topics of the Brazilian Presidency of the G20 for its digital agenda, following the work started previously by the Indian Presidency. In this piece, written by Ava Mumtaz Haidar, Louise Karczeski and myself, we explore the financial/payment digital public infrastructure, focusing on the cases of Pix (Brazil) and UPI (India). This paper is the second in a series of three articles that seeks to explore the potentialities and challenges of the digital agenda under the Brazilian Presidency of the G20. You can find it here: https://lnkd.in/d-8NQzy7 Such topics will be discussed in depth at the Data Privacy Global Conference, that will happen between November 27th and 28th! Here you can also find the first article of this series, written by Jaqueline Trevisan Pigatto and Vinay Narayan: https://lnkd.in/dwkCXuhN

When the DPDP bill was passed in Aug'23, the hopes were high that unfair use of consumers' data and data monetisation would be curbed to some extent. But we still don't have a tentative timeline, as to by when will the DPDP bill be enforced by the Indian government. So, in the meanwhile can we take any steps on our end to curb our data usage and data monetisation? Read my new blog to find out how some of the largest players in the market monetises our data, and how we can easily decrease the same to some extent ... #DPDPBill #DataPrivacy #DataSecurity #DataProtection #DataMonetization

𝗨𝗽𝗱𝗮𝘁𝗲 𝗼𝗻 𝘂𝘀𝗲𝗿-𝗽𝗿𝗼𝘃𝗶𝗱𝗲𝗱 𝗱𝗮𝘁𝗮 𝗶𝗻 𝗚𝗔𝟰 #GoogleAnalytics is tapping into first-party data. As Josh Silverbauer posted, Google has announced in the latest update its intention to utilize user-provided data for user identification in #GA4, even without the transmission of a user_id. In other words, inputting the same email in forms across different devices will link these users together, despite having different client_ids. The intent is clear – amid the tightening regulations on third-party cookies, vendors are seeking more avenues for legitimate user identification. However, the implementation, as usual, is lacking. I've previously mentioned how enabling the user-provided data collection option can adversely affect the transmission of user_id to your #BigQuery export. Furthermore, this mechanism operates on a sort of parameter hierarchy – email, followed by phone, then name, and finally address. Overall, there are more questions than answers, as always. At least for now. Have you had any experience with this update? Share in the comments.