Star Citizen Studio Hid a Data Breach for Six Weeks — and Its Excuses Have Backfired

#DataBreach #StarCitizen #Cybersecurity #UKGDPR #Gaming #AusNews

https://thedailyperspective.org/article/2026-03-03-star-citizen-studio-hid-a-data-breach-for-six-weeks-and-its-excuses-have-backfir-174ef59f

I missed a chunk of the #ICO #DPPC yesterday due to dental surgery, will be catching up on the videos today. A colleague who attended learned a lot!
https://ico.org.uk/about-the-ico/data-protection-practitioners-conference/

#DataProtection #InformationSecurity #InfoSec #GDPR #UKGDPR

The #cat has a microchip registered with #Identibase. After moving home I tried to update my address on Identibase, but they said that I needed to pay an annual subscription fee to do so...

My address is my personal data, and therefore comes under the #UKGDPR, so I submitted a Article 16 "right to rectification" request asking them to update the out of date personal data. Per Article 12(5) they have to do this for free.

And it worked! Identibase have updated my address for free.

#GDPR

New blogpost: A first look at the ICO's new (beta) tool for creating UK GDPR privacy notices

tl;dr: I like it. Sure, it doesn't do away with the need to know what personal data you process and why (the most time-consuming element of the process) but it does make creating a privacy notice pretty straightforward. The output notice is clear enough, free from legal jargon and - best of all? - it's free.

https://decoded.legal/blog/2024/08/a-first-look-at-the-icos-new-beta-tool-for-creating-uk-gdpr-privacy-notices/

#DataProtection #Privacy #GDPR #UKGDPR

@tdp_org Why are third-party analytics cookies considered "strictly necessary" on the BBC website?

https://www.bbc.com/usingthebbc/cookies/strictly-necessary-cookies/

Strict necessity is defined as those required for the site's basic functionality to work, such as remembering which shopping cart is yours, or saving your cookie preferences so you are not asked on every page (which could be seen as coercing the user to accept more cookies).

@noybeu, what do you think?

#gdpr #gdprcompliance #UKGDPR #cookies

ICO guidance on workplace monitoring

The UK's Information Commissioner's Office has issued new guidance on workplace surveillance and monitoring, so here's a short blogpost breaking it down.

If you're in the UK and you are monitoring employees - or you are an employee being monitored - this is worth a quick look.

#DataProtection #UKGDPR #surveillance

ICO fines TikTok £12.7m. Looks like the contraventions were around allowing access to under 13s and failing to provide adequate transparency information

#UKGDPR #dataprotection

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/04/ico-fines-tiktok-127-million-for-misusing-children-s-data/

December has flown by with lots of fun festive extra activities on the mind, presents to buy and events to go to. 🎄
 
This means it's been easy to lose track of important developments in data protection - an area of law which continues to be busy all year round! 🧐
 
So whilst lots of us are winding down for a nice long holiday weekend, here are five significant events in December from a GDPR and UK GDPR perspective in case you missed them:
 
1️⃣ The EU Commission has proposed a draft EU - US Data Privacy Framework (the new 'privacy shield' ). However, whilst the draft is significant, the decision has not been finalized. The process which expected to take another 6 months.

2️⃣ The UK Information Commissioner published various important pieces including its Direct Marketing Guidance which has long been anticipated by the industry. The ICO also released a forward thinking piece called 'Tech Horizons' which examines the implications of some of the most significant technological developments for privacy in the next two to five years.

3️⃣ The EU has signed a declaration on EU digital rights and principles that highlights "the EU's commitment to a secure, safe and sustainable digital transformation." The declaration is wider than just protecting personal data including #ESG themes around sustainability and digital inclusion.

4️⃣ Microsoft plans to roll out a 'data boundary' for its EU customers from 1 January to help their customers comply with their commitments under the GDPR.

5️⃣ New draft texts has been released for significant EU legislation in the data space, including the upcoming #AI Act, and the EU Data Act.
 
And of course, there were many more developments. Would anything else make your top 5?

#dataprotectionlaw #dataprivacylaw #dataprotection #GDPR #UKGDPR #data #Privacyshield #internationalbusiness

As a data protection lawyer, I often seen companies push data retention or data deletion policies to the bottom of the list.

It's sometimes seen as less important, because customers don't typically see this.

However, a recent fine by the CNIL shows there are real risks in delaying and never quite getting round to it. 😬

In this instance, Discord (a popular chat platform for gamers 🎮) received a fine over 800,000 euros for:

❌ Not having a written data retention policy
❌ Not having specific retention periods or criteria for determining retention periods
❌ Failing to ensure data protection by default in the way the application sat in the background on Windows platforms
❌ Failure to ensure security by not setting strong enough password criteria
❌ Failure to carry out data protection impact assessments.

If you are a company dealing with customers in the EU or UK, there is no better time than now to be elevating data retention/deletion on your 'to do' list. ✔️

#dataprotection #dataprivacy #dataretention #datadeletion #dataprocessing #gaming #gamingnews #GDPR #UKGDPR

https://www.cnil.fr/en/discord-inc-fined-800-000-euros