Content deleted Content added
removed redlink, can't 'see also' something that doesn't exist |
GreenC bot (talk | contribs) Move 1 url. Wayback Medic 2.5 per WP:URLREQ#motherboard.vice.com |
||
Line 273:
Despite having had at least two years to prepare and do so, many companies and websites changed their privacy policies and features worldwide directly prior to GDPR's implementation, and customarily provided email and other notifications discussing these changes. This was criticised for resulting in a fatiguing number of communications, while experts noted that some reminder emails incorrectly asserted that new consent for data processing had to be obtained for when the GDPR took effect (any previously obtained consent to processing is valid as long as it met the regulation's requirements). [[Phishing]] scams also emerged using falsified versions of GDPR-related emails, and it was also argued that some GDPR notice emails may have actually been sent in violation of anti-spam laws.<ref>{{Cite news|url=http://www.itpro.co.uk/general-data-protection-regulation-gdpr/31058/scammers-are-using-gdpr-email-alerts-to-conduct|title=Scammers are using GDPR email alerts to conduct phishing attacks|last=Afifi-Sabet|first=Keumars|date=3 May 2018|work=IT PRO|access-date=25 May 2018|archive-url=https://web.archive.org/web/20180526041641/http://www.itpro.co.uk/general-data-protection-regulation-gdpr/31058/scammers-are-using-gdpr-email-alerts-to-conduct|archive-date=26 May 2018|url-status=live}}</ref><ref name="guardian-unneeded">{{Cite web|url=https://www.theguardian.com/technology/2018/may/21/gdpr-emails-mostly-unnecessary-and-in-some-cases-illegal-say-experts|title=Most GDPR emails unnecessary and some illegal, say experts|last=Hern|first=Alex|date=21 May 2018|website=The Guardian|access-date=28 May 2018|archive-url=https://web.archive.org/web/20180528054755/https://www.theguardian.com/technology/2018/may/21/gdpr-emails-mostly-unnecessary-and-in-some-cases-illegal-say-experts|archive-date=28 May 2018|url-status=live}}</ref> In March 2019, a provider of compliance software found that many websites operated by EU member state governments contained embedded tracking from ad technology providers.<ref>{{Cite web |date=18 March 2019 |title=EU gov't and public health sites are lousy with adtech, study finds |url=https://techcrunch.com/2019/03/18/eu-govt-and-public-health-sites-lousy-with-adtech-study-finds/ |archive-url=https://web.archive.org/web/20210410233414/https://techcrunch.com/2019/03/18/eu-govt-and-public-health-sites-lousy-with-adtech-study-finds/ |archive-date=2021-04-10 |access-date=18 March 2019 |url-status=live |website=TechCrunch}}</ref><ref>{{Cite news|url=https://www.ft.com/content/6dbacf74-471b-11e9-b168-96a37d002cd3|title=EU citizens being tracked on sensitive government websites|website=Financial Times|date=18 March 2019|access-date=18 March 2019|archive-date=19 March 2019|archive-url=https://web.archive.org/web/20190319130253/https://www.ft.com/content/6dbacf74-471b-11e9-b168-96a37d002cd3|url-status=live}}</ref>
The deluge of GDPR-related notices also inspired [[internet meme|memes]], including those surrounding privacy policy notices being delivered by atypical means (such as a [[Ouija]] board or [[Star Wars opening crawl|''Star Wars'' opening crawl]]), suggesting that [[Santa Claus]]'s "naughty or nice" list was a violation, and a recording of excerpts from the regulation by a former [[BBC Radio 4]] [[Shipping Forecast]] announcer. A blog, ''GDPR Hall of Shame'', was also created to showcase unusual delivery of GDPR notices, and attempts at compliance that contained egregious violations of the regulation's requirements. Its author remarked that the regulation "has a lot of nitty gritty, in-the-weeds details, but not a lot of information about how to comply", but also acknowledged that businesses had two years to comply, making some of its responses unjustified.<ref>{{Cite news|url=https://www.theverge.com/2018/6/3/17413390/gdpr-legislation-asleep-in-seconds-listening-meditation-app-peter-jefferson|title=Fall asleep in seconds by listening to a soothing voice read the EU's new GDPR legislation|work=The Verge|access-date=16 June 2018|archive-url=https://web.archive.org/web/20180617015346/https://www.theverge.com/2018/6/3/17413390/gdpr-legislation-asleep-in-seconds-listening-meditation-app-peter-jefferson|archive-date=17 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.wired.com/story/gdpr-memes/|title=How Europe's GDPR Regulations Became a Meme|magazine=Wired|access-date=17 June 2018|archive-url=https://web.archive.org/web/20180618002541/https://www.wired.com/story/gdpr-memes/|archive-date=18 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.adweek.com/digital/the-internet-created-a-gdpr-inspired-meme-using-privacy-policies/|title=The Internet Created a GDPR-Inspired Meme Using Privacy Policies|work=Adweek|access-date=17 June 2018|archive-url=https://web.archive.org/web/20180617221720/https://www.adweek.com/digital/the-internet-created-a-gdpr-inspired-meme-using-privacy-policies/|archive-date=17 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.wired.co.uk/article/happy-gdpr-day-gdpr-hall-of-shame|title=Help, my lightbulbs are dead! How GDPR became bigger than Beyonce|work=Wired.co.uk|last=Burgess|first=Matt|access-date=17 June 2018|archive-url=https://web.archive.org/web/20180619193137/https://www.wired.co.uk/article/happy-gdpr-day-gdpr-hall-of-shame|archive-date=19 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://
Research indicates that approximately 25% of software vulnerabilities have GDPR implications.<ref>{{cite web|url=https://www.hackerone.com/sites/default/files/2018-01/GDPR%20Implications-ebook.pdf|title=What Percentage of Your Software Vulnerabilities Have GDPR Implications?|date=16 January 2018|publisher=HackerOne|access-date=6 July 2018|archive-url=https://web.archive.org/web/20180706162027/https://www.hackerone.com/sites/default/files/2018-01/GDPR%20Implications-ebook.pdf|archive-date=6 July 2018|url-status=live}}</ref> Since Article 33 emphasizes breaches, not bugs, security experts advise companies to invest in processes and capabilities to identify vulnerabilities before they can be exploited, including [[Application security#Coordinated vulnerability disclosure|coordinated vulnerability disclosure processes]].<ref>{{cite web|url=https://www.slideshare.net/hacker0x01/everything-you-need-to-know-about-the-data-protection-officer-role|title=The Data Protection Officer (DPO): Everything You Need to Know|date=20 March 2018|publisher=Cranium and HackerOne|access-date=6 July 2018|archive-url=https://web.archive.org/web/20180831165003/https://www.slideshare.net/hacker0x01/everything-you-need-to-know-about-the-data-protection-officer-role|archive-date=31 August 2018|url-status=live}}</ref><ref>{{cite web|url=https://iapp.org/news/a/what-might-bug-bounty-programs-look-like-under-the-gdpr/|title=What might bug bounty programs look like under the GDPR?|date=27 March 2018|publisher=The International Association of Privacy Professionals (IAPP)|access-date=6 July 2018|archive-url=https://web.archive.org/web/20180706165037/https://iapp.org/news/a/what-might-bug-bounty-programs-look-like-under-the-gdpr/|archive-date=6 July 2018|url-status=live}}</ref> An investigation of Android apps' privacy policies, data access capabilities, and data access behaviour has shown that numerous apps display a somewhat privacy-friendlier behaviour since the GDPR was implemented, although they still retain most of their data access privileges in their code.<ref>{{Cite journal|last1=Momen|first1=N.|last2=Hatamian|first2=M.|last3=Fritsch|first3=L.|date=November 2019|title=Did App Privacy Improve After the GDPR?|journal=IEEE Security Privacy|volume=17|issue=6|pages=10–20|doi=10.1109/MSEC.2019.2938445|s2cid=203699369|issn=1558-4046|url=http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-75508}}</ref><ref>{{Citation|last1=Hatamian|first1=Majid|title=A Multilateral Privacy Impact Analysis Method for Android Apps|date=2019|work=Privacy Technologies and Policy|volume=11498|pages=87–106|editor-last=Naldi|editor-first=Maurizio|publisher=Springer International Publishing|doi=10.1007/978-3-030-21752-5_7|isbn=978-3-030-21751-8|last2=Momen|first2=Nurul|last3=Fritsch|first3=Lothar|last4=Rannenberg|first4=Kai|series=Lecture Notes in Computer Science |s2cid=184483219|url=https://zenodo.org/record/3248889|editor2-last=Italiano|editor2-first=Giuseppe F.|editor3-last=Rannenberg|editor3-first=Kai|editor4-last=Medina|editor4-first=Manel|access-date=3 June 2020|archive-date=12 July 2020|archive-url=https://web.archive.org/web/20200712060716/https://zenodo.org/record/3248889|url-status=live}}</ref> An investigation of the [[Norwegian Consumer Council]] into the post-GDPR data subject dashboards on social media platforms (such as [[Google Dashboard|Google dashboard]]) has concluded that large social media firms deploy deceptive tactics in order to discourage their customers from sharpening their privacy settings.<ref>Moen, Gro Mette, Ailo Krogh Ravna, and Finn Myrstad. [https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf "Deceived by design - How tech companies use dark patterns to discourage us from exercising our rights to privacy"] {{Webarchive|url=https://web.archive.org/web/20191220000426/https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf |date=20 December 2019 }}. 2018. Report by the Norwegian Consumer Council.</ref>
Line 314:
Switzerland will also adopt a new data protection law that largely follows EU's GDPR.<ref>{{Cite web |last=Portal |first=S. M. E. |title=New Federal Act on Data Protection (nFADP) |url=https://www.kmu.admin.ch/kmu/en/home/fakten-und-trends/digitalisierung/datenschutz/neues-datenschutzgesetz-revdsg.html |access-date=2023-03-25 |website=www.kmu.admin.ch |language=en |archive-date=25 March 2023 |archive-url=https://web.archive.org/web/20230325204902/https://www.kmu.admin.ch/kmu/en/home/fakten-und-trends/digitalisierung/datenschutz/neues-datenschutzgesetz-revdsg.html |url-status=live }}</ref>
With the addition of overseas regions of the European Union joining non-governmental organsational (NGO) bodies in the Caribbean region such as the [[Organisation of Eastern Caribbean States]], the GDPR rules have become necessary to consider in the lack of any current legislation found in the region concerning privacy rights and maintaining compliance of the laws of those outer regions.<ref>{{cite web |author=Staff writer |author-link1= |date=23 January 2020 |___location= |title=The European Union (EU) General Data Protection Regulation (GDPR) in the Caribbean Context |script-title= |title-link= |url=https://www.carib-export.com/news/the-european-union-eu-general-data-protection-regulation-gdpr-in-the-caribbean-context/ |url-access= |trans-title= |format= |department= |website=www.carib-export.com |script-website= |trans-website= |type=Press Release |language= |edition= |agency=Carib-Export |arxiv= |asin= |asin-tld= |bibcode= |bibcode-access= |biorxiv= |citeseerx= |doi= |doi-access= |doi-broken-date= |eissn= |hdl= |hdl-access= |isbn= |ismn= |issn= |jfm= |jstor= |jstor-access= |lccn= |medrxiv= |mr= |oclc= |ol= |ol-access= |osti= |osti-access= |pmc= |pmc-embargo-date= |pmid= |rfc= |sbn= |ssrn= |s2cid= |s2cid-access= |zbl= |id
=== Website views and revenue ===
| |||