Connect with us

Science & Technology

GDPR Clock is Ticking for the US Companies as Well: Top 7 Tips to Get Ready

Published

on

General Data Protection Regulation is about to be applicable as from 25 May 2018. Its long-arm teritorrial reach brings obligations not only to EU establishements, but to US based companies as well. Global connection through internet especially underlines the likelihood of such broad application and it will impact US businesses.One of the prerequisits for safe transfer of data between the EU and US is already accomplished by the EU-US Privacy Shield agreement. The European Commission has considered this agreement as providing adequate guarantees for transfer of data. Under Privacy Shield scheme companies may self-certify and adhere to principles stated therein. Yet, there is still less then 3000 companies in the US participating in the Privacy Shield. But GDPR safeguards have still to be followed. Below, we shall look at some of the most profound aspects of compliance with GDPR for the US (non-EU) based companies.

Data protection officer

Although it is not obligatory pursuant the GDPR, it is advisable that a company appoints a data protection officer (‘DPO’) or designate that role to a specific position in the company. DPOcan also be externally appointed. There may be a single DPO for several companies or several persons designated with DPO role in one company. The position needs not necessarily to follow such a title, but it may be a privacy officer, compliance officer, etc. Such person should possess expert knowledge about the GDPR and data privacy, and may have legal, technical or similar background. GDPR was not specific as to requirements of that person, apart from possesing expert knowledge. Role of DPO is toinform, monitor, advise, the controller, processor or employees, to cooperate with supervisory authority, provide training of staff, help in performing data protection impact assesment.

Data Protection Impact Assesment

The further step that companies affected by the GDPR including US companies should do in order to evaluate the risk of data breach is to perform a data protection impact assesment (‘DPIA’). DPIA is a thorough overview of the processes of the company, and can be done with the help of data protection officer. It may include a form or a template with a series of questions, which have to be answered for each processing activity. DPIA has to be detailed and cover all operations in the company. The function of DPIA is to predict situations in which data breaches may occur, and which include processing of private data. DPIA should contain, pursuant to Article 35 of the GDPR, a systematic description of the envisaged processing operations and the purposes of the processing, an assessment of the necessity and proportionality of the processing operations in relation to the purposes, an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph, the measures envisaged to address the risks, including safeguards and security measures. DPIA is a very useful way of showing compliance and it is also a tool that would help to company at the first place, to have an overview of processing activities and an indication of where a breach could happen.

EU representative

A US company (non-EU based company) has to appoint an EU representative if its businessrelates to offering of goods or services to natural persons in the EU, including even free goods or services, or when processing is related to monitoring of behaviour of data subjects in the EU. Behaviour may include monitoring internet activity of data subjects in order to evaluate or predict her or his personal preferences, behaviors and attitudes. EU representative is not obligatory when the processing is occasional or does not include processing on a large scale of special categories of data such as genetic data, biometric data, data concerning health, ethnic origin, political opinions, etc. and when it is unlikely to result in a risk to the rights and freedoms of natural persons. However, given that the exceptions from the duty of designation of EU representative are pretty vague, in most cases companies whose operations are not neglectable towards persons in the EU would have to appoint a reprsentative. Location of such representative would be in one of the EU Member states where the data subjects are located. Representative should perform its tasks according to the mandate received from the controller or processor, including cooperating with the competent supervisory authorities regarding any action taken to ensure compliance with this Regulation, and he/she is also liable and subject to enforcement in case of non-compliance.

Consent matters

GDPR is overwhelmed with one key word of respect the privacy:consent. If companies wish to process data of natural persons that are in the EU, they must first obtain consent to do that. Consent must be freely given, informed, specific and unambigous.

Freely givenconsent presupposes that data subject must not feel pressured, or urged to consent, or subjected to non-negotiable terms. Consent is not considered as freely given if the data subject has no genuine or free choice.Data subject must not feel reluctant to refuse consent fearing that such refusal will bring detrimental effect to him/her. If the consent is preformulated by the controller, which is usually the case, the language of the consent must be clear and plain and easily understandable for the data subject. Further, if there are several purposes for the processing of certain data, consent must be given for every purpose separately. Consent must be specific and not abstract or vague. Silence, pre-ticked boxes or inactivity is not to be considered as consent under GDPR.

Informed consent means that data subject must know what the consent is for. He/she must be informed about what the consent will bring and there must not be any unknown or undeterminedissues. It is a duty of controller to inform data subject about scope and purpose of consent, and such information must be in clear and plain language. But, one must be careful that, as today in the world of fast moving technologies we face overflow of consentsa person has to give in short period of time, there may be an occurrence of ‘click fatigue []1’, which would result in persons not reading the information about the consent and clicking routinely without any thorough thinking. So, the controllers would have to make, by their technical design, such form of a consent, that would make the person read and understand his or her consent. It could be a combination of yes and no questions, changing of place of ticking boxes, visually appealing text accompanying consent, etc.

Consent must be unambiguous, or clearly given. There must not be space for interpretation whether consent is given for certain purpose or not. As to the form of the consent, it may be by ticking a box, choosing technical settings and similar (Recital 32 GDPR).

Data subject gives his consent for the processing of his personal data. However, companies have to bear in mind that data concept in the EU is broadly understood, and that it includes all personally identifiable information (PII), ranging from obvious data such as name and postal address, to less obvious data, but still PII covered by GDPR, such as IP address [2]. On the other hand the IP address is not that clearly considered as PII in the US. In that regard, the protection in the US must be stricter, obliging US based companies to also apply broader EU standards.

Privacy by design implemented

Privacy by design is a concept which brings together the legal requirements and technical measures. It is a nice and smooth way of incorporating law into technical structure of business. Privacy by design, if applied properly at the outset, shall ensure the compliance with the GDPR requirements. It should point out to principles of data minimisation, where only data which is necesssary should be processed, storage limitation, which would provide for a periodic overview of storage and automatic erasure of data no longer necessary.

One of the ways of showing compliance through the privacy by design is ‘pseudonymisation’. Pseudonymization is, according to GDPR, referred to as the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. Such additional information must be kept separately, so that it cannot be connected to identified or identifiable natural person.Pseudonymisation is not anonymisation and should not be mixed with it. Anonymisation is a technique which results in irreversible deidentification, and since it completely disables identification it is not subject of data protection under GDPR. Pseudonymisation only reduces the likability of a dataset with the original identity of a data subject, and is accordingly a useful security measure [3].

Binding corporate rules

Binding corporate rules (‘BCR’) include set of principles, procedures andpersonal data protection policies as well as a binding clause adopted by the company and approved by competent supervisory authority. Adopting binding corporate rules is not a simple process but means being on a safe track. It is one of the safeguards envisaged by the GDPR. BCR should include according to Article 47 of the GDPR, the structure and contact details of company, categories of personal data, the type of processing and its purposes, application of general data protection principles (such as purpose limitation, data minimisation, limited storage periods, data quality, data protection by design and by default, legal basis for processing, processing of special categories of personal data, ..), rights of data subjects, the tasks of data protection officer, complaint procedures, mechanisms for reporting to the competent supervisory authority, appropriate data protection training to personnel, indication that BCR are legally binding. BCR should additionally be accompanied with privacy policies, guidelines for employees, data protection audit plan, examples of the training program, description of the internal complaint system, security policy, certification process to make sure that all new IT applications processing data are compliant with BCR, job description of data protection officers or other persons in charge of data protection in the company.

Make your compliance visible

Well, if your company has performed all of the above, it has to make it visible. Companies, that are covered with the GDPR, not only do they have to comply, they have to show that they comply. GDPR puts an obligation on controllers to demonstrate their compliance.

From the first contact with the controller, the website must give the impression of compliance. BCR, privacy policies,DPO contact details must be visible in order that data subject may address him in case of data risk or breach. EU representative’s name and contact must be put forward in order to be accessible by the supervisory authority in the EU. Contact form for data subjects with options for access, right to object, erasure, rectification, restriction, should be there.Organisational chart of the company, flow of data transfer demonstrated by data flow mapp.These are only some of the most imporant features that have to be followed.

Non-compliance is a very costly adventure. The adventure that businesses will try to avoid. With systematic planning and duly analysing the necessity of compliance with GDPR, and with clearly defined processes, US companies can put many benefits for the business and attract and encourage data subjects in the EU to freely entrust their datato them. This is a thorough process, but worth accomplishing.

[1] Article 29 Working Party Guidelines on consent,p. 17

[2] According to judgment of the Court of Justice of the EU of 19 October 2016,in case C 582/14,

[3] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques adopted on 10 April 2014 p. 3

Continue Reading
Comments

Science & Technology

Can big data help protect the planet?

Published

on

How do we get to a more sustainable and inclusive future if we don’t know where we are? This is where data comes in and, right now, we do not have the data we need. 

These were some of the questions asked at the Third Global Session of the UN Science-Policy-Business Forum held during the UN Environment Assembly. The virtual discussion delved into the role of big data and frontier tech in the transition to a sustainable future. 

Opening the session, United Nations Environment Programme (UNEP) Executive Director Inger Andersen said science needed to be digitized so it could be more democratic and accessible. She said digital transformation is central to UNEP’s new Medium-Term Strategy

“Big data and new tech can support real-time monitoring of the environment, help consumers adopt more sustainable behaviour, and create sustainable value chains,” she said. “The [UN] Secretary-General has made it very clear that digital transformation has to be part and parcel of the UN … we have oceans of data but drops of information.”

UNEP studies show that for 68 per cent of the environment-related Sustainable Development Goal indicators, there is not enough data to assess progress.

At the event, participants stressed that knowledge obtained through the latest digital technologies such as Artificial Intelligence, Machine Learning and the Internet of Things could speed up progress on environmental goals. Better data could inform interventions and investment, while boosting results and impact measurement.

Bridging the data divide

The data deficit is also hindering the world’s ability to respond to climate change.

Petteri Taalas, Secretary-General of the World Meteorological Organization, said earth observation systems and early warning services were still poor in parts of the world, with around US$ 400 million needed to improve these. 

“That is one of the ways to adapt to climate change – to invest in early warning services and observation systems. We have to monitor what is happening to the climate but this monitoring is in poor shape,” he said.  

Making the right technology available to developing countries not only presents a financing challenge, but also underlines the profound need for accessible, open-source technology.

Munir Akram, President of the UN Economic and Social Council, said bridging the digital divide is critical. He noted that connectivity was only around 17 per cent in the poorest countries compared to above 80 per cent in richer countries.

“We need to build a database for all the open source technologies that are available in the world and could be applied to build greener and more sustainable structures of production and consumption. These technologies are available but there is no composite database to access them,” he said.

UNEP’s digital transformation

UNEP’s commitment to harnessing technology for environmental action begins ‘at home.’ At the fourth session of the UN Environment Assembly in 2019, Member States called for a Big Data Strategy for UNEP by 2025.

The organisation is currently undertaking a digital transformation process, while also focusing on four key challenges:

  1. Help producers measure and disclose the environmental and climate performance of their products and supply chains;
  2. Help investors assess climate and environmental risks and align global capital flows to climate goals;
  3. Enable regulators to monitor real-time progress and risks;
  4. Integrate this data into the digital economy to shape incentives, feedback loops and behaviours.
  5. Indispensable tools
  6. Other cutting-edge digital transformation initiatives are also in progress. UNEP’s World Environment Situation Room, a platform put together by a consortium of Big Data partners in 2019, includes geo-referenced, remote-sensing and earth observation information and collates climate data in near real-time.
  7. At the event, Juliet Kabera, Director General of the Rwanda Environment Management Authority, described how her country had invested heavily in technology, including connectivity, drones and online platforms, such as the citizen e-service portal, Irembo.
  8. “There is no doubt that technology has a critical role in addressing the urgent challenges we all face today, regardless of where we are in the world,” Kabera said. “The COVID-19 pandemic once again reminded us that science and technology remain indispensable tools for humanity at large.”

UN Environment

Continue Reading

Science & Technology

Women and girls belong in science

Published

on

As part of the World Bank's Education Quality Improvement Programme, students study biology at Sofia Amma Jan Girl's School in the Kandahar province of Afghanistan. World Bank/Ishaq Anis

Closed labs and increased care responsibilities are just a two of the challenges women in scientific fields are facing during the COVID-19 pandemic, the UN chief said in his message for the International Day of Women and Girls in Science, on Thursday. 

“Advancing gender equality in science and technology is essential for building a better future”, Secretary-General António Guterres stated, “We have seen this yet again in the fight against COVID-19”. 

Women, who represent 70 per cent of all healthcare workers, have been among those most affected by the pandemic and those leading the response to it. Yet, as women bear the brunt of school closures and working from home, gender inequalities have increased dramatically over the past year.  

Woman’s place is in the lab 

Citing the UN Educational, Scientific and Cultural Organization (UNESCO) he said that women account for only one third of the world’s researchers and hold fewer senior positions than men at top universities, which has led to “a lower publication rate, less visibility, less recognition and, critically, less funding”. 

Meanwhile, artificial intelligence (AI) and machine learning replicate existing biases.  

“Women and girls belong in science”, stressed the Secretary-General. 

Yet stereotypes have steered them away from science-related fields.  

Diversity fosters innovation 

The UN chief underscored the need to recognize that “greater diversity fosters greater innovation”.  

“Without more women in STEM [science, technology, engineering and mathematics], the world will continue to be designed by and for men, and the potential of girls and women will remain untapped”, he spelled out. 

Their presence is also critical in achieving the Sustainable Development Goals (SDGs), to close gender pay gaps and boost women’s earnings by $299 billion over the next ten years, according to Mr. Guterres. 

“STEM skills are also crucial in closing the global Internet user gap”, he said, urging everyone to “end gender discrimination, and ensure that all women and girls fulfill their potential and are an integral part in building a better world for all”. 

‘A place in science’ 

Meanwhile, despite a shortage of skills in most of the technological fields driving the Fourth Industrial Revolution, women still account for only 28 per cent of engineering graduates and 40 per cent of graduates in computer science and informatics, according to UNESCO.  

It argues the need for women to be a part of the digital economy to “prevent Industry 4.0 from perpetuating traditional gender biases”.  

UNESCO chief Audrey Azoulay observed that “even today, in the 21st century, women and girls are being sidelined in science-related fields due to their gender”.  

As the impact of AI on societal priorities continues to grow, the underrepresentation of women’s contribution to research and development means that their needs and perspectives are likely to be overlooked in the design of products that impact our daily lives, such as smartphone applications.  

“Women need to know that they have a place in science, technology, engineering and mathematics, and that they have a right to share in scientific progress”, said Ms. Azoulay.

‘Pathway’ to equality

Commemorating the day at a dedicated event, General Assembly President Volkan Bozkir informed that he is working with a newly established Gender Advisory Board to mainstream gender throughout all of the UN’s work, including the field of science. 

“We cannot allow the COVID-19 pandemic to derail our plans for equality”, he said, adding that increasing access to science, technology, engineering and mathematics education, for women and girls has emerged as “a pathway to gender equality and as a key objective of the 2030 Agenda for Sustainable Development”. 

Mr. Volkan highlighted the need to accelerate efforts and invest in training for girls to “learn and excel in science”. 

“From the laboratory to the boardroom, Twitter to television, we must amplify the voices of female scientists”, he stressed. 

STEM minorities  

Meanwhile, UNESCO and the L’Oréal Foundation honoured five women researchers in the fields of astrophysics, mathematics, chemistry and informatics as part of the 23rd International Prize for Women in Science.  

In its newly published global study on gender equality in scientific research, To be smart, the digital revolution will need to be inclusive, UNESCO shows that although the number of women in scientific research has risen to one in three, they remain a minority in mathematics, computer science, engineering and artificial intelligence. 

“It is not enough to attract women to a scientific or technological discipline”, said Shamila Nair-Bedouelle, Assistant UNESCO Director-General for Natural Sciences.  

“We must also know how to retain them, ensuring that their careers are not strewn with obstacles and that their achievements are recognized and supported by the international scientific community”. 

Continue Reading

Science & Technology

Importance of information technology and digital marketing in Today’s world

Published

on

In the current times, to cope up with the demands of the changing world, we need to adopt digital and modern platforms. With the world rapidly growing towards digitalization and investing in information technology, our state is also going for unconventional means for carrying out different tasks in a more appropriate and time saving manner.

Firstly, we can take an example of online shopping. Many international and local brands have their online stores. Customers can order anything from any part of the world without traveling from one place to another. This initiative has contributed towards time saving and efficient use of technology. One can get whatever they want at their doorstep without any hustle of the traffic. This initiative has boosted the business as there are walk in customers as well as online. This initiative has also attracted a large number of audience due to ease and convenience in shopping. This phenomenon comes under the digitalization process. We should not forget the significance of internet in this regard as it was the first step towards digitalization. All the communication and digital platforms we are using are accessible to us due to internet.

Another aspect of information technology is combating the communication gap between states and its masses. Today, there are many applications like WhatsApp, Skype, Facebook, messenger etc. through which one can communicate with his/her friends, relatives without being physically present there.

We have websites of different organizations as well as educational institutions through which we can get the information of that specific organization. Like, when we are registered with an organization, all our data is stored on its official page and accessible to specific persons. Same is the case with students that their educational record is held by university and when they are registered with their institutions, they can receive any updates or any new events or job opening through emails and messages.

The Covid-19 factor cannot be ignored in this regard. Due to the rise in Corona cases, jobs have been shifted from physical to online. Work-from-home is the new normal. All this is happening due to the digitalization process. It would not be wrong to say that the progress in information technology and digital platforms has made the life easier for the people.

Another prominent component is the online banking. Through this people can easily do transactions through their phones or PC’s by logging in to their bank accounts while sitting at their home and can access it any time. Bills can be paid through it. This is definitely a sigh of relief for the people who are tired of standing in the long queue outside banks to submit their bills or complexities while going to banks and doing transactions over there. This facility has also minimized the time wasted in traffic jams and standing in queue for long hours while going to banks. This time could be used for other productive tasks.

Online registration of cars in Islamabad initiated during the COVID-19 is another wonder of digitalization process. Islamabad administration has made it easier for its people to register their cars while sitting at their homes without the fear of being infected. Food delivery systems should also be appreciated for their smart work. There are apps like food panda, cheetah etc. through which people can order their desired food through a call. Many food chains offer home deliveries that has made the lives of the people much convenient.

The much-appreciated step by the government is producing Pakistan made ventilators and stents in the view of the rapidly increasing Corona cases. This was possible due to appropriate scientific and technological knowledge. The government has also said that soon we will be seeing Pakistan made chargeable vehicles on the roads. They will prove to be economical and fuel saving; they will be easy to handle and have human friendly interface.

Developments in Nadra is another milestone as now everything is computerized, there is no paperwork required and all the records are saved in computers. Recently, our interior minister has said that Nadra will now exempt the cost of making identity cards and the card will be provided to the person after 15 days as previously it to took more time to give the card to the concerned person. Removing check posts in the capital and substituting them with other efficient measures like cameras, drones is another achievement. Another recent development in the line of digitalization that cannot be ignored is inauguration of online system by the Islamabad traffic Police through which people can get their license and other paperwork can be done through the online portal.

It can be concluded that we are gradually moving from traditional ways of working towards a digitalized era. However, there is still a room for improvement, the good thing is that people are understanding the importance of the digitalization process by gradually accepting it but further awareness through innovative campaigns does not bring any bad. An interesting take pertinent to advanced digitalization and technological growth is that it had definitely made people to completely rely on digital processes and solutions that now people have to opt for these advanced strategies in any case, whether they are comfortable with or not. Obviously, good things take time and using digital resources for fruitful purposes is not a bad idea at all; unless and until resources are not wasted.

Continue Reading

Publications

Latest

Americas2 hours ago

New US Administration Approach to Syria: How Different Could It Be?

With the new US administration in the White House, there are rather lofty expectations about a change in the American...

New Social Compact4 hours ago

Mental health alert for 332 million children linked to COVID-19 lockdown policies

The UN Children’s Fund, UNICEF, says the mental health of millions of children worldwide has been put at risk, with at least...

Africa6 hours ago

South Sudan’s transition from conflict to recovery ‘inching forward’

South Sudan’s transformation from conflict to recovery is underway, but much needs to be done before securing “a peaceful and...

Americas8 hours ago

Washington Ill-Prepared to Set Human Rights Agenda

It is evident that US Democratic President Joe Biden and his team will pay more attention to the human rights...

Green Planet10 hours ago

The global plastic problem

Global plastic pollution is becoming increasingly severe. According to a report by the German weekly magazine ‘Focus‘, plastic particles have...

Energy News12 hours ago

Innovation and market reform needed to drive Japan’s clean energy transition

Japan will need to move quickly to make headway on the steep emissions reductions that are required to achieve its...

Finance14 hours ago

Innovative finance mechanism to support Uruguay’s energy transition

A joint UN proposal in Uruguay, with the United Nations Industrial Development Organization (UNIDO) acting as lead agency, seconded by...

Trending