Privacy Implications of Displaying Patients' Personal Data in Medical Waiting Areas

Privacy Implications of Displaying Patients' Personal Data in Medical Waiting Areas

We have been asked recently by a concerned patient about their personal data displayed in a medical waiting room. Itseems to be common practice to display patients’ first name and surname on waiting areas’ screens all over the UK. This post delves into the privacy implications of such practices, analyzing the potential risks, relevant legal frameworks, ethical considerations, and best practices…

Microsoft’s lead EU data watchdog is looking into fresh Windows 10 privacy concerns

The Dutch data protection agency has asked Microsoft’s lead privacy regulator in Europe to investigate ongoing concerns it has attached to how Windows 10 gathers user data.

Back in 2017 the privacy watchdog found Microsoft’s platform to be in breach of local privacy laws on account of how it collects telemetry metadata.

After some back and forth with the regulator, Microsoft made changes to how the software operates in April last year — and it was in the course of testing those changes that the Dutch agency found fresh reasons for concern, discovering what it calls in a press release “new, potentially unlawful, instances of personal data processing”. 

Since the agency’s investigation of Windows 10 started a new privacy framework is being enforced in Europe — the General Data Protection Regulation (GDPR) — which means Microsoft’s lead EU privacy regulator is the Irish Data Protection Commission (DPC), where its regional HQ is based. This is why the Dutch agency has referred its latest concerns to Ireland.

It will now be up to the Irish DPC to investigate Windows 10, adding to its already hefty stack of open files on multiple tech giants’ cross-border data processing activities since the GDPR came into force last May.

The regulation steps up the penalties that can be imposed for violations (to up to 4% of a company’s annual global turnover).

A spokeswoman for the Irish DPC confirmed to TechCrunch that it received the Dutch agency’s concerns last month. “Since then the DPC has been liaising with the Dutch DPA to further this matter,” she added. “The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.”

A Microsoft spokesperson also told us:

The Dutch data protection authority has in the past brought data protection concerns to our attention, which related to the consumer versions of Windows 10, Windows 10 Home and Pro. We will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have, and to address any further questions and concerns as quickly as possible.

Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10. We welcome the opportunity to improve even more the tools and choices we offer to these end users.

The Dutch DPA advises users of Windows 10 to pay close attention to privacy settings when installing and using the software.

“Microsoft is permitted to process personal data if consent has been given in the correct way,” it writes. “We’ve found that Microsoft collect diagnostic and non-diagnostic data. We’d like to know if it is necessary to collect the non-diagnostic data and if users are well informed about this.

“Does Microsoft collect more data than they need to (think about dataminimalization as a base principle of the GDPR). Those questions can only be answered after further examination.”

During the onboarding process for Windows 10, Microsoft makes multiple requests to process user data for various reasons, including ad purposes.

It also deploys the female voice of Cortana, its digital assistant technology, to provide a running commentary on settings screens — which can include some suggestive prompts to agree to its T&Cs. “If you don’t agree, y’know, no Windows!” the human-sounding robot says at one point. It’s not clear whether the Dutch agency’s concerns extend to Microsoft’s use of Cortana to nudge users during the Windows 10 consent flow.

I tillegg til å loggføre hvilke andre enheter med appen som en mobiltelefon har vært i nærheten av, samler også Smittestopp informasjon om hvor brukerne befinner seg. Apper som vil benytte Apple og Googles løsning kan ikke gjøre begge disse tingene. Apper som vil gjøre både kontaktsporing og innsamling av stedsdata må derfor ta batteri- og ressurskrevende omveier for å få systemet til å fungere. .... Sjefsprogrammerer i Sopra Steria, Johannes Brodwall, har lenge vært kritisk til Smittestopp og mener FHI må ta konsekvensene av nattens offentliggjøring. Sjefsprogrammereren mener Apple og Googles løsning må inkluderes i Smittestopp-appen. Brodwall kaller Smittestopp en personvern-versting i Europa, fordi den bryter med EUs personvernråds anbefaling om dataminimering, EU-parlamentets resolusjon fra 17 april og nå også Apple og Googles løsning. – FHI har naturligvis muligheten til å fortsette sin egen vei, men en app som henter inn GPS-data er teknisk forhindret fra å også hente inn data fra Apple og Googles nye løsning. Appen vil dermed være mye dårligere enn det andre land vil tilby sine borgere og fortsette å konsumere mye batteri eller avsluttes i bakgrunnen for mange brukere, sier Brodwall til NRKbeta. .... – Å skille de to formålene smittesporing og forskning har vært en av de viktigste anbefalingene fra sikkerhet- og personverneksperter som har kommentert Smittestopp helt fra dag én, sier Brodwall. (Teknologi-gigantene vil nekte smitteapper å spore hvor brukerne befinner seg)

https://nrkbeta.no/2020/05/05/teknologi-gigantene-vil-nekte-smitteapper-a-spore-hvor-brukerne-befinner-seg/

Microsoft’s lead EU data watchdog is looking into fresh Windows 10 privacy concerns

The Dutch data protection agency has asked Microsoft’s lead privacy regulator in Europe to investigate ongoing concerns it has attached to how Windows 10 gathers user data.

Back in 2017 the privacy watchdog found Microsoft’s platform to be in breach of local privacy laws on account of how it collects telemetry metadata.

After some back and forth with the regulator, Microsoft made changes to how the software operates in April last year — and it was in the course of testing those changes that the Dutch agency found fresh reasons for concern, discovering what it calls in a press release “new, potentially unlawful, instances of personal data processing”. 

Since the agency’s investigation of Windows 10 started a new privacy framework is being enforced in Europe — the General Data Protection Regulation (GDPR) — which means Microsoft’s lead EU privacy regulator is the Irish Data Protection Commission (DPC), where its regional HQ is based. This is why the Dutch agency has referred its latest concerns to Ireland.

It will now be up to the Irish DPC to investigate Windows 10, adding to its already hefty stack of open files on multiple tech giants’ cross-border data processing activities since the GDPR came into force last May.

The regulation steps up the penalties that can be imposed for violations (to up to 4% of a company’s annual global turnover).

A spokeswoman for the Irish DPC confirmed to TechCrunch that it received the Dutch agency’s concerns last month. “Since then the DPC has been liaising with the Dutch DPA to further this matter,” she added. “The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.”

A Microsoft spokesperson also told us:

The Dutch data protection authority has in the past brought data protection concerns to our attention, which related to the consumer versions of Windows 10, Windows 10 Home and Pro. We will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have, and to address any further questions and concerns as quickly as possible.

Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10. We welcome the opportunity to improve even more the tools and choices we offer to these end users.

The Dutch DPA advises users of Windows 10 to pay close attention to privacy settings when installing and using the software.

“Microsoft is permitted to process personal data if consent has been given in the correct way,” it writes. “We’ve found that Microsoft collect diagnostic and non-diagnostic data. We’d like to know if it is necessary to collect the non-diagnostic data and if users are well informed about this.

“Does Microsoft collect more data than they need to (think about dataminimalization as a base principle of the GDPR). Those questions can only be answered after further examination.”

During the onboarding process for Windows 10, Microsoft makes multiple requests to process user data for various reasons, including ad purposes.

It also deploys the female voice of Cortana, its digital assistant technology, to provide a running commentary on settings screens — which can include some suggestive prompts to agree to its T&Cs. “If you don’t agree, y’know, no Windows!” the human-sounding robot says at one point. It’s not clear whether the Dutch agency’s concerns extend to Microsoft’s use of Cortana to nudge users during the Windows 10 consent flow.

from RSSMix.com Mix ID 8204425 https://ift.tt/2Zh4dqy via IFTTT

Privacy-Respecting Data Analytics

When data is hailed as the new oil, businesses are increasingly recognizing the critical importance of not just harnessing data but doing so responsibly. In the United Kingdom, privacy regulations such as the GDPR (General Data Protection Regulation) and the Data Protection Act set strict guidelines for the collection, storage, and processing of personal data. Adhering to these regulations isn’t…

View On WordPress

Safeguarding Data: Implementing Data Minimization Techniques for UK Businesses

Data has become the lifeblood of businesses, providing insights, driving decisions, and fueling growth. However, with the increasing prevalence of data breaches and privacy concerns, UK businesses must prioritize the protection of sensitive information. One effective strategy in this regard is data minimization – the practice of limiting the collection, storage, and usage of personal data to only…

View On WordPress

Privacy by Design: Building Compliance into Your Business Processes

In an era where data breaches make daily headlines and privacy concerns loom large, businesses must prioritize the protection of personal information. For enterprises operating in the UK, stringent privacy regulations such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 necessitate a proactive approach to privacy management. Enter Privacy by Design – a framework…

View On WordPress

Europakommisjonen har skrevet en veiledning om personopplysningsvern i forbindelse med utviklingen av nye apper som brukes i bekjempelsen av koronaviruset. .... Det er viktig å sikre at EU-borgere fullt ut kan stole på slike innovative digitale løsninger, og at de kan bruke dem uten frykt. Det er nødvendig med størst mulig deltakelse blant EU-borgere for å kunne utnytte det fulle potensialet av sporingsapper. EU-reglene, spesielt personvernforordningen (GDPR) og kommunikasjonsverndirektivet (ePrivacy-direktivet), gir de beste garantiene for tillit slik at disse appene skal kunne brukes bredt og nøyaktig (for eksempel frivillig bruk, dataminimering og tidsbegrensning). .... Europeernes tillitt vil være nøkkelen til suksess for bruken av sporingsapper. Overholdelse av EUs regler for personopplysningsvern vil bidra til å sikre at vårt privatliv og fundamentale rettigheter vil opprettholdes, og den europeiske tilnærmingen vil være gjennomsiktig og forholdsmessig. .... Bruken av mobilapper har potensiale til å virkelig bidra i kampen mot koronaviruset, for eksempel ved å hjelpe brukere til å diagnostisere seg selv, ved å være et trygt kommunikasjonsmiddel mellom leger og pasienter, ved å varsle brukere som står i fare for å bli smittet av viruset og for å hjelpe oss med å lette på tiltakene som begrenser bevegelsesfriheten. Samtidig er det snakk om å samle inn svært sensitive data om innbyggernes helse, og vi er pliktige til å beskytte disse. Vår veiledning skal bidra til en sikker utvikling av apper og skal beskytte våre innbyggeres personopplysninger i samsvar med EUs strenge regler for personopplysningsvern. Vi vil komme ut av helsekrisen med våre grunnleggende rettigheter i behold. .... Datasikkerhet: Data bør lagres på brukerens enhet og være kryptert. .... Ulike appfunksjoner (f.eks. informasjons-, symptomsjekker-, kontaktsporings- og varslingsfunksjoner) bør ikke samles under ett – det bør være mulig for brukeren å gi separate samtykker til hver enkelt funksjon. .... Hvis det brukes nærhetsdata (data generert ved utveksling av Bluetooth Low Energy-signaler (BLE) mellom enheter innenfor en epidemiologisk relevant avstand og i en epidemiologisk relevant periode), bør disse lagres lokalt på brukerens enhet. Hvis disse dataene skal deles med helsemyndigheter, bør de kun deles etter at det er bekreftet at personen er smittet med COVID-19, og under forutsetning av at han/hun velger å dele dem. .... Den enkelte bruker skal kunne ivareta sine rettigheter etter personvernregelverket (spesielt innsyn, retting og sletting). .... Lokasjonsdata er ikke nødvendig for kontaktsporingsfunksjoner, fordi deres formål ikke er å følge enkeltindividers bevegelser eller å håndheve regler. Det vil dessuten være vanskelig å legitimere behandling av lokasjonsdata i forbindelse med kontaktsporing sett i lys av dataminimeringsprinsippet, og det kan skape sikkerhets- og personversutfordringer. Av denne grunn anbefaler Kommisjonen at man ikke bruker lokasjonsdata i denne konteksten. .... Kommisjonen anbefaler at appens kildekode skal offentliggjøres og gjøres tilgjengelig for gjennomgang. (Veiledning om apper til støtte for bekjempelse av Covid-19-pandemien i forbindelse med databeskyttelse | Datatilsynet)

https://www.datatilsynet.no/personvern-pa-ulike-omrader/korona/en-eu-tilnarming-til-kontaktsporingsapper/veiledning-om-apper/