Posts Tagged ‘privacy’
GA4GH GDPR brief
January 16, 2020Third party right to be forgotten
January 14, 2020QT:{{”
Does a company have to forward a right to be forgotten request to a third party with whom it has shared personal information?
….
In California the CCPA requires that (in certain situations) a business “delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records.”1 In situations in which a business has shared a consumer’s personal information with another business or a third party, the CCPA does not require business A to inform business B that a deletion request has been received. That said, an amendment to the CCPA deferred the full impact of the Act upon employee data until January 1, 2021.2
In comparison, under the European GDPR when a controller receives a right to be forgotten request, and determines that it is required to delete information about an individual, the controller must “take reasonable steps” to “inform [other] controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.”3 It is unclear based upon the text of the GDPR whether this requirement requires controller A to notify controller B that the data subject has requested controller A to erase data, or whether the requirement requires controller A to notify controller B that a data subject has requested erasure by both controller A and B.
‘}}
GDPR and open consent
December 20, 2019Big Tech’s Big Defector | The New Yorker
December 20, 2019Forget the new iPhones: Apple’s best product is now privacy
September 30, 2019QT:{{”
“In iOS 12 Apple is also introducing anti-fingerprinting technology in Safari. Fingerprinting is a tracking technology advertisers and data firms use to identify your movements online. They do this by recording characteristics about the device you are using–such as hard drive size, screen resolution, fonts, installed, and more–and then recording a log of that device’s movements. Though fingerprinting doesn’t give the firms access to your name, they know what the owner of a specific device does online and can build a profile around those actions. Well, again, until Apple shut that down with iOS 12 by stripping the unique characteristics of your device away from advertisers’ tracking software. These same benefits are also found in Apple’s latest MacOS Mojave, by the way.”
“}}
Forget the new iPhones: Apple’s best product is now privacy
https://www.fastcompany.com/90236195/forget-the-new-iphones-apples-best-product-is-now-privacy
Sent from my iPad
DNA methylation-based forensic age prediction using artificial neural networks and next generation sequencing
September 30, 2019DNA methylation-based forensic age prediction using artificial neural networks and next generation sequencing
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5392537/
You Can Soon Get Your DNA Sequenced Anonymously | WIRED
September 24, 2019https://www.wired.com/story/you-can-soon-get-your-dna-sequenced-anonymously/
also
https://nebula.org/anonymous-sequencing
Data privacy in the age of personal genomics
Dennis Grishin, Kamal Obbad & George M. Church
Nature Biotechnology (2019)
https://www.nature.com/articles/s41587-019-0271-3
nat-biotech-privacy
in labdropbox
GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps – Threat Stack
September 10, 2019SKS Keyserver Network Under Attack
July 5, 2019a good example of a hypothetical attack that now becomes real
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f QT:{{”
“The number one use of OpenPGP today is to verify downloaded packages for Linux-based operating systems, usually using a software tool called GnuPG. If someone were to poison a vendor’s public certificate and upload it to the keyserver network, the next time a system administrator refreshed their keyring from the keyserver network the vendor’s now-poisoned certificate would be downloaded. At that point upgrades become impossible because the authenticity of downloaded packages cannot be verified. Even downloading the vendor’s certificate and re-importing it would be of no use, because GnuPG would choke trying to import the new certificate. It is not hard to imagine how motivated adversaries could employ this against a Linux-based computer network.”
“}}
linkstream2 microblog 