Author: Rob Burdett

Cambridge Analytica Ordered To Turn Over All Data On US Professor

Posted on by Rob Burdett

The UK data watchdog, the Information Commissioner’s Office (ICO), has ordered the consulting firm Cambridge Analytica to hand over all the personal information it has on US citizen Professor David Carroll, or face prosecution.

Demand Made in May 2017

The consulting firm, which is reported to have ceased operations and filed for bankruptcy in the wake of the recent scandal involving its access to and use of Facebook users’ details is facing the Enforcement Notice and possible legal action (if it doesn’t comply) because it has not fully met a demand made by Professor Carroll early last year.

Who Is Professor David Carroll?

David Carroll is a professor at the New School’s Parsons School of Design. Although Professor Carroll is based in New York and is not a UK citizen, he used a subject access request (part of British data protection law) to ask Cambridge Analytica’s branch in the UK to provide all the data it had gathered on him. With this type of request, organisations need to respond within 40 days with a copy of the data, the source of the data, and if the organisation will be giving the data to others.

It has been reported that Professor Carroll, a Democrat, was interested from an academic perspective, in the practice of political ad targeting in elections. Professor Carroll alleges that he was also concerned that he may have been targeted with messages that criticised Secretary Hillary Clinton with falsified or exaggerated information that may have negatively affected his sentiment about her candidacy.

Sent A Spreadsheet

Some weeks after Professor Carroll filed the subject access request in early 2017, Cambridge Analytica sent him a spreadsheet of information it had about him.

It has been reported that Cambridge Analytica had accurately predicted his views on some issues, and had scored Carroll a nine 9 of 10 on what it called a “traditional social and moral values importance rank.”

What’s The Problem?

Even though Carroll was given a spreadsheet with some information, he wanted to know what that ranking meant and what it was based on, and where the data about him came from. Cambridge Analytica CEO Alexander Nix told a UK parliamentary committee that his company would not provide American citizens, like David Carroll, all the data it holds on them, or tell them where the data came from, and Nix said that there was no legislation in the US that allowed individuals to make such a request.

The UK’s Information Commissioner, Elizabeth Denham, sent a letter to Cambridge Analytica asking where the data on Professor Carroll came from, and what had been done with it. Elizabeth Denham is also reported to have said that, whether or not the people behind Cambridge Analytica decide to fold their operation, a continued refusal to engage with the ICO will still potentially breach an Enforcement Notice, and it will then become a criminal matter.

What Does This Mean For Your Business?

Many people have been shocked and angered by the recent scandal involving Facebook and its sharing of Facebook user data with Cambridge Analytica. The action by Professor Carroll could not only shed light on how millions of American voters were targeted online in the run-up to the 2016 election, but it could also lead to a wider understanding of what data is stored about us and how it is used by companies and organisations.

The right to request personal data that an organisation holds about us is a cornerstone right in data protection law, and this right will be brought into even sharper focus by the introduction of GDPR this month. GDPR will also give EU citizens the ‘right to be forgotten’, and has already put pressure on UK companies to put their data house in order, and prepare to comply or face stiff penalties.

This story also shows that American citizens can request information from companies that process their data in the UK.

Google Driverless Car Involved In Smash

Posted on by Rob Burdett

A self-driving vehicle owned by Google’s Waymo has been involved in a smash in Arizona when it was hit by a car that swerved across multiple lanes.

Driverless Mode – But With Person On Board

The Google car was in autonomous / driverless mode at the time of the crash, but had a test driver in the driver’s seat. The lady occupant is reported to be recovering from the incident.

A discussion is now underway as to whether the driverless car system or the test driver on board could have done anything more to avoid being hit by the other vehicle.

Waymo and Jaguar

Waymo is the self-driving car company that is owned by Google’s parent company Alphabet, and has been testing driverless vehicles since 2009. It has been reported that Waymo wants to purchase 20,000 Jaguar electric vehicles as part of its plans to launch a robotic ride-hailing service in the US.

It is understood that Waymo’s link-up with Jaguar will mean that from 2020 to 2022, UK-based (owned by India’s Tata Motors ) Jaguar Land Rover (JLR) I-PACE electric cars will be providing up to one million rides per day in the service. It is thought that Jaguar cars will appeal to more upmarket customers, thereby already showing the possibilities for segmentation in driverless ride-hailing services.

The ride-hailing service will be launched on a small scale in Phoenix, Arizona, first in the coming months.

Not The First Autonomous Vehicle Accident

Although the Google car did not cause the crash, this is not the first time an autonomous vehicle has been involved in a serious incident. Back in March, Uber suspended all self-driving car tests in all North American cities after a fatal accident a 49-year-old woman was hit and killed by one of its autonomous vehicles as she crossed the street in Tempe, Arizona.

This was the second time that Uber has pulled its self-driving cars from the roads after an accident. A year earlier, also on Arizona, an Uber Volvo SUV in self-driving mode ended up on its side after another vehicle “failed to yield” to the Uber car at a left turn.

Autonomous Lorry Convoys on UK Roads This Year

Last year, the UK government announced that ‘platoons’ (mini-convoys) of self-driving, partially autonomous lorries are to be tested on British roads before the end of 2018. The so-called ‘platoons’ will take the form of several lorries driving closely together in a line in the inside lane, with the lead lorry wirelessly controlling the acceleration and braking for all the lorries, and with the following lorries responding to the changes in speed.

It is understood that for the tests which have been promised since 2014 and will be carried out by the Transport Research Laboratory (TRL), a human driver will be in the cab of the lead lorry, and will be able to take control if things don’t go entirely to plan.

What Does This Mean For Your Business?

Autonomous vehicles and vehicles with autonomous elements are already being tested and used in commercial environments and as part of the transport system in the US and the UK. The combination of driverless vehicles powered by electricity and using AI technology could provide a more environmentally-friendly solution to a variety of different transportation and delivery challenges, and to hopefully reduce traffic accidents.

The accidents involving driverless vehicles to date have, however, prompted some commentators to warn that the technology is being deployed before it is ready. Clearly, it is still early days for autonomous vehicles which means that there are still many untapped opportunities to use autonomous vehicles commercially, and there are of course many challenges and issues to consider around safety, insurance, regulations and reliability.

Autonomous vehicles are likely to be adopted more quickly on closed sites first, but operators who decide to adapt such sites to work for autonomy could expect significant improvements in productivity and safety.

Despite any bad press from the unfortunate crashes involving test autonomous cars in the US, having an emerging industry such as autonomous vehicles, with all its talent, technology and development centres here in the UK represents a huge opportunity for UK businesses as potential suppliers, beneficiaries of the technologies and products, and spin-off market opportunities. It also represents an opportunity for UK insurers.

Whereas the UK has a skills gap in many areas of the technology market, with the right amount of support and backing from the government and other investors, the testing, developing, and production of autonomous vehicles and the necessary technologies could be one area where home-grown talent is tempted to stay in what could become a world-centre of excellence for autonomous vehicle / AI technology.

Tech Tip – Get More Value From Your Gmail Account

Posted on by Rob Burdett

If, like many people, you have a Gmail account that you regularly use and you want to improve the value you get from your Gmail setup, try features such as ‘Canned Responses’ and ‘Gmail Offline’ (ahead of Google’s planned updates).

If you frequently have to send out the same email message each time to multiple persons, your ‘Canned Responses’ feature lets you prepare a stock message that you can send out when you need it, thereby saving time. To operate ‘Canned Responses’ in your Gmail account:

– When logged in, go to ‘Settings’.

– Select ‘Labs’.

– Look for ‘Canned Responses’ and click on ‘Enable’.

– Type out your stock message and send it when required.

The Gmail Offline feature allows you to read, write and send messages when you’re out of touch, and when you log back in, all your activity will is pushed through Google’s system. Here’s how to set it up:

– When logged in, go to ‘Settings’.

– Select ‘Offline’.

– Click on ‘Install Gmail Offline’.

Amazon Challenges Google and Facebook For Ads Dominance

Posted on by Rob Burdett

Reports that Amazon.com Inc has doubled its ad profits, is growing its ad business fast, and may be outselling ads on Twitter Inc and Snapchat, may soon see it in serious contention for ad dominance with its bigger rivals : Google and Facebook.

Multi-Billion Dollar Program

Reports that Amazon has achieved around $2 billion advertising revenue and with predictions by eMarketer last October that Amazon would hit $3.19 billion in net U.S. digital ad revenues by 2019 (which is 3.0 percent of digital ad spending), show that Amazon clearly has a multi-billion dollar program underway that is growing fast.

How?

Some commentators put the rapid and impressive rise in ad revenues down to the fact that Amazon has two non-retail businesses that are experiencing fast growth, and are profitable.

Firstly, Amazon’s fastest-growing business segment, which hit $2.0 billion in the first quarter, and showed a 72 % increase from a year earlier, and 100% growth in the last quarter is its “other” section. This segment is mainly Amazon’s growing advertising business which is experiencing strong demand from advertisers that spend money to highlight their products over competitors’ in Amazon’s catalogue. The ad business now generates multiple billions in revenue. For example, the world’s largest advertising company, WPP, directed $200 million of its clients’ ad budgets to Amazon in 2017, and has also predicted that this number could rise to $300 million this year.

Secondly, Amazon’s other key profit driving non-retail business is Amazon Web Services (AWS). This leases computing power and data storage to companies large and small, and has just experienced a 40% growth. The fact that AWS has earned $17.5 billion in 2017 compared to its $9.2 CapEx spending means that it is even making a profit from a business that typically requires a huge amount of investment. For example, Amazon Web Services (AWS), Microsoft, and Google collectively spent $35 billion on data centres to power their cloud businesses in 2017.

One key thing that both of these important business segments have in common is that they deliver big profit margins. For example, AWS’s operating profit margin is consistently over 20% and Amazon’s ad business also contributes big profits to the company’s main bottom line.

Some commentators have said that Amazon’s strong position in the Cloud market, search and advertising, and the voice assistant market with Alexa are boosting the competitive position of the company as well as its profits.

In Competition With Google and Facebook?

This huge surge in advertising profits is still not quite in the same ballpark as Google and Facebook’s Internet duopoly, with Google and Facebook accounting for more than 60% of global online ad revenues, although Amazon is now on the right trajectory to start taking more of their business.

What Does This Mean For Your Business?

Amazon has expanded and diversified in recent years and the big advantages of its advertising that are attracting more business customers are its reach, the fact that Amazon has users’ purchase data and knows what shoppers need, and the fact that advertising on Amazon is delivering results for customers in terms of driving brand awareness, discovery or/and purchases.

These recent ad revenue figures show that although Amazon isn’t seriously challenging Facebook and Google just yet, it is generating significant profits from non-retail parts of its business, and is certainly going in the right direction to challenge the current duopoly. For businesses, this gives them more choice, and another potentially effective advertising platform that could drive more potential buyers their way.

Fake Online Reviews Investigation

Posted on by Rob Burdett

A recent investigation as part of a BBC 5 Live programme has led to the underground trade in fake online reviews coming under the spotlight.

What Reviews and Why Does It Matter?

The kinds of reviews of products and services that can allegedly be purchased and displayed online in order to influence purchasing decisions are reported to be those on sites such as Trustpilot and Amazon.

Three quarters of UK adults use online review websites, and the government’s Competition and Markets Authority estimates that such reviews potentially influence £23 billion of UK customer spending every year.

Younger consumers are thought to be particularly influenced by the reviews of others / their peers when it comes to purchasing decisions.

The key motivator for businesses buying fake reviews is, orf course, to rank top for your product because this can lead to a lot of extra sales.

How Bad Is The Problem?

A Chartered Institute of Marketing (CIM) Study shows that almost half of UK adults believe they have seen fake reviews, and according to US analysts, as many as half of the reviews for some products posted on international websites like Amazon may be potentially unreliable

What’s Been Happening?

According to the recent BBC investigation of the problem, buyers are offered full refunds on products bought on Amazon in exchange for positive reviews. This practice is believed to be something that was driven underground back in 2016 after Amazon introduced measures designed to prohibit ‘incentivised reviews’ i.e. businesses offering customers free goods in exchange for positive reviews.

The BBC 5 Live team investigators have reported that they were offered deals for Amazon reviews, and were able to use eBay to purchase a false 5-star review on Trustpilot.
Denied

In response to the findings of the BBC investigation, Amazon has stated that it does not permit reviews in exchange for compensation of any kind and that customers and Marketplace sellers who don’t follow review guidelines are subject to action including potential termination of their account.

Trustpilot has said that it uses specialist software to screens reviews against 100’s of data points around the clock in order to automatically identify and remove fakes, and that it has a zero-tolerance policy towards any misuse.

E-bay has also stated that the sale of fake reviews is banned from its platform, and that any listings will be removed.

What Does This Mean For Your Business?

The potential rewards of more sales an profits, getting a competitive edge, and boosting brand awareness are powerful motivators for some businesses who may feel that when weighed up against the lack of any serious penalties, buying fake reviews may appear to be worth the risk. For the vast majority of review-reading customers, however, this is a deceptive practice that may cause them to purchase products that do not meet their needs or expectations.

The proliferation of fake reviews also undermines public trust in reviews, and this can be particularly unfair for those companies who have worked hard to get genuine positive reviews through simply providing superior products and service levels.

There is an argument that more preventative action needs to be taken by these platforms to stop fake reviews being published in the first place, and that stronger penalties are needed for those caught selling fake reviews.

Sadly, many commentators believe that we are currently in a ‘post-truth era’ where many people get their news from social media and where we are becoming conditioned to put less emphasis on the need for objective facts. It is with this backdrop that the trade in fake reviews has been allowed to grow.

There is still a strong argument, however, that there is no substitute for striving to provide quality products and great customer service as these strengthen a business anyway, ensure that reviews are positive, and should ultimately win over short-term deceptive practices.

Online Dating Via Facebook

Posted on by Rob Burdett

Facebook CEO, Mark Zuckerberg, has announced that Facebook, the world’s largest online social network, will soon be providing an online dating service, thereby putting it in competition with the likes of Match Group Inc.

On The Cards

Bearing in mind Facebook’s origin as a college dating website and Mark Zuckerberg’s early ‘Facemash’ program, and the fact that Facebook is known to have been wanting to move into online dating for at least 10 years, this move has been on the cards.

Why Now?

There are several key reasons why Facebook has chosen to actually make the move into the online dating world. These include:

  • The need to make people spend longer on the Facebook platform (and not on other platforms). For example, time spent by Facebook users on the platform fell by 50 million hours a day in 2017.
  • The need to attract more young people to the platform.
  • The commercial attractiveness of the booming and growing dating market.
  • The fact that there are 200 million people on Facebook that list themselves as single.
  • The fact that Facebook already holds many facets of information about users that could be used for matching and dating purposes e.g. interests, local events they could attend.

How Will It Work?

The proposed platform is an optional feature that users will be able to use by clicking on a heart shape at the top-right corner of the Facebook app, and setting up a dating profile. The profile will be based on a first name, won’t be visible to friends and users who aren’t on the dating feature, and won’t show up in the News Feed.

Once set up, users can browse events in their local and groups that match their interests, select ‘unlock’ for dating, and then be able to see the profiles of other potential dates who have unlocked that surface. These profiles will show a few photos plus some basic information about potential dates.

The system will not work using the “swipe” left or right on potential matches like Tinder, but there will be two buttons for “pass” and “interested.”

Users will be able to start a conversation with a potential match by commenting on one of their photos, but the conversations will be text-only, thereby eliminating the risk of unsolicited nude photos being sent. Conversations will take place in a special inbox that’s separate from Messenger and WhatsApp.

Security

In the wake of the Facebook and Cambridge Analytica scandal, Facebook has been quick to stress that the service has been built and will operate with an emphasis on privacy.

Not Just Hook-Ups

Facebook has also said that the new dating service is intended to be a standalone feature that will focus on legitimate long-term relationships, rather than just hook-ups. There are already many stories of couples who have met via the normal Facebook platform.

Dating Service Competitors – Stock Value Falls

Shortly after Mark Zuckerberg announced the move into the dating arena, and even though Match Group CEO Mandy Ginsberg said that she was flattered by Facebook’s entrance into its space, Match’s stock traded down about 22%. Match is the owner of mobile dating apps Tinder and OkCupid and describes itself (on its website) as the “global leader” in online dating.

What Does This Mean For Your Business?

If it wasn’t for the recent scandal about data sharing with Cambridge Analytica and the lack of trust that it has created, Facebook would be almost perfectly position to seriously and quickly take on the current online dating giants such as Match. It remains to be seen, therefore, how quickly Facebook users forget or are willing to throw caution to the wind with the promise of powerful motivators and positive reinforcement in the form of dates and possibly, a love match.

Some competitors, such as Bumble, have seen Facebook’s move as an opportunity rather than just a threat, and Bumble has reportedly reached out to Facebook to explore ways to collaborate.

Google Chrome Leads Digital Certificate Clean Up

Posted on by Rob Burdett

The Google Chrome Browser is being equipped with transparency logs that are designed to prevent potentially costly digital certificate errors by Certificate Authorities (CAs) and to guard against cyber-criminals issuing their own certificates.

Stopping Misuse

The move has been designed to improve all-round transparency, and to better protect both users and companies from becoming victims of certificate misuse.

Triggers A Warning Message If Not Logged

The change means that all CAs must now log every digital certificate they issue in certificate transparency logs so that any website with a secure socket layer (SSL) or transport layer security (TLS) certificate that isn’t logged will trigger a browser warning. The warning will tell users the website’s certificate doesn’t comply with Google Chrome’s transparency policy, and therefore, may not be safe.

In fact, any part of a website that’s served over an https connection that doesn’t comply with Google’s policy will not load and will display an error in Chrome DevTools.

The change applies to all TLS server certificates issued after 30 April, 2018.

Driving Positive Change

With Google Chrome reportedly being used by 60% of web users, this move is being seen by some as Google using its market dominance to drive better practices. It is expected, therefore, that most other major browsers will follow Google’s example.

What Does This Mean For Your Business?

This is really just an industry change that primarily affects parties issuing the certificates e.g. a Certificate Authority. The change isn’t retroactive and so isn’t going to affect SSL certificates that were issued but not logged before April 30, 2018. This change will not (immediately) directly affect end users, although the clean-up effect that it may have on the whole business around certificates, and in thwarting some of the activities of cyber criminals could contribute towards a more secure internet generally. For example, cyber-criminals have been able to target internet users by finding ways to issue their own certificates.

The change should also give businesses a way to take action to protect themselves and their customers against any potential damage done to their business by mis-issuance of certificates.

This story should also be a reminder that from June, if your website doesn’t have a secure certificate i.e. if it doesn’t have https in the URL, Chrome will post a security warning to visitors which could mean that you lose enquiries and sales. Not having a secure certificate could also potentially mean that your website could suffer in the search engine rankings.

TSB Computer Meltdown – Problems Nearly 2 Weeks On

Posted on by Rob Burdett

Customers of TSB are reportedly still experiencing difficulties with internet and mobile banking services nearly 2 weeks after problems first began.

What Happened?

TSB, which was acquired by Spanish bank Sabadell in 2015, tried to fully migrate its computer systems from its old Lloyds Bank systems to its new core banking system, known as Proteo4UK. Proteo4UK is basically a version of Sabadell’s in-house core banking platform Proteo which has been designed for TSB.

The system had already been rolled out to staff in November 2017, and the full rollout to customers was also supposed to have happened in November but was put back until April to avoid potential confusion of the expected interest rate rise.

Why Migrate?

The expected benefits behind TSB’s decision to migrate were cost savings through not having to pay £160 million per year to Lloyds Bank for hosting, and the opportunity to be able to implement its own customer-facing systems offering digital banking services.

TSB had already launched a mobile app for Android and iOS devices to enable customers to use banking services via the new system in a convenient way, and was in the process of offering iPhone X users the opportunity to use their faces as identification.

Meltdown

Unfortunately for 1.9 million TSB customers, the bank staff, and TSB’s reputation, the migration did not go to plan and resulted in what some commentators have described as a ‘meltdown’ of its banking systems.

Some of the problems experienced by customers have included not being able to access their own money, no access to any mobile and online services, problems with direct debits, and amounts of money appearing and disappearing. It was even reported that one customer was mistakenly credited with £13,000. TSB has also been deluged, understandably, with complaints, with TSB staff facing hostility, and the reputation of the bank taking a battering in the media.

Response

Several apologies later, and even though TSB’s CEO Paul Pester announced in BBC Radio 4 interview that he would take direct control from the banks’ platform, and that he’d drafted in a team of global experts from IBM, and although the mobile app is now reportedly fixed, some customers are still reported to be experiencing problems. Some have appeared in tv news reports telling of their experiences and of their fears that important bills may not have been paid as a result of the system’s problems.

Treasury Committee Wants Answers

Executives from TSB and parent company Sabadell have been asked to appear before MPs to respond to questions and give evidence to the Treasury Select Committee on Wednesday 2nd May over the ongoing IT system outage.

What Does This Mean For Your Business?

It is well known that many banks run on old systems which have led to glitches in the past i.e. customers not being able to access their money, and have been the cause of worries about security. The case of TSB illustrates how the company had good commercial intentions as a challenger bank in migrating its systems to reduce costs and meet the modern customer’s digital expectations, but ended up creating a PR disaster for itself. It is thought that the problems could cost the bank millions in lost customers, compensation, and damage to the brand.

Some commentators have criticised the bank for mismanaging the migration and for focusing too much on creating fancy apps rather than focusing on just getting the migration to happen as smoothly as possible.

It has also been suggested that, if joining or switching to a new bank, customers could do worse than to ask their proposed new bank what their plans are in terms of core banking platforms, whether they have any major IT projects planned, and how up to date is the core banking system is.

The problems with TSB’s banking systems will undoubtedly have impacted many businesses as customers were unable to access funds or to spend as they normally would, or to pay existing agreements, and this all adds up to extra costs, reduced profits, and stress for business owners.

This story is also a reminder to businesses that unforeseen and potentially costly IT problems can happen, particularly with cyber-crime activity, and that having a good Business Continuity Plan and Disaster Recovery Plan is important.

Tech Tip – Checking Your Facebook Connected Apps

Posted on by Rob Burdett

In the light of the Facebook and Cambridge Analytica scandal where a quiz app was used to share personal details without the consent of users, you can take action boost your own security by checking what connected Facebook Apps you have. Here’s how:

– Log into Facebook.
– Pull down the toggle/arrow at the right top of the Facebook screen to reach the account details.
– Choose ‘Settings’ from the list.
– On the General Account Settings page, scroll down and select ‘Apps and Websites’ in the left-hand menu.
– The next page shows the Facebook applications that have been given account access, e.g. fun apps, and productivity apps (e.g. Hootsuite)
– If you’re not happy about a particular connected app having access, you can remove the app entirely by checking the box to the right and selecting ‘Remove’.
– If you select one or more apps and click remove, another dialog box will be shown with an additional checkbox option referring to previous activity e.g. prior posts made using the app.
– Once removed, an app or website will no longer have access to your information, yet they may still retain previously shared information.

GDPR: Don’t Get Caught Out By Your Logfiles

Posted on by Rob Burdett

With all the focus on the more visible elements of GDPR compliance ahead of the Regulation’s introduction of May 25th, one EU Working group is warning businesses not to forget what’s stored in the logfiles of their Internet-facing servers.

What Are Logfiles and Why Should We Care?

Logfiles record either events that occur in an operating system or other software, or messages between different users of communication software.

As well as being useful to an organisation e.g. for providing clues about hostile activity affecting the network from within and without, and providing information for identifying and troubleshooting equipment problems, logfiles on Internet-facing computers can also potentially provide information to hackers and cyber-criminals that could compromise your system and data security.

Report Suggestions

A draft report by the Internet Engineering Task Force’s Internet Area Working Group (IETF’s INTAREA) says that changing data regulations have meant that what were established best practices have now become poor practices. The draft, therefore, offers a checklist as a set of updates to RFC6302 designed to help plug this potential GDPR compliance black spot. The “Recommendations for Internet-Facing Servers” draft suggests that sysadmins adopt a data minimisation approach to configuring their server logs, and suggestions include:

  • Full IP addresses should only be stored for as long as they are needed to provide a service;
  • Logs should only include the first two octets of IPv4 addresses, or first three octets of IPv6 addresses.
  • Inbound IP address logs shouldn’t last longer than three days, because that lets logging cover a weekend before it’s flushed.
  • Unnecessary identifiers should not be logged e.g. source port number, timestamps, transport protocol numbers, and destination port numbers,
  • The logs should be protected against unauthorised access.

It should be said that any legally-mandated logging e.g. to comply with local telecommunications data retention laws, isn’t covered by the draft.

Cookie Consent Pop-Ups

We are all used to seeing cookie consent pop-ups when we arrive at websites, but the “implied consent” website owners have assumed existed once people clicked “I Agree” to cookies may no longer apply under GDPR. This is because GDPR is consent specific, and there is no way “implied consent” can get you water-tight compliance. What this means is that cookie consent pop-ups may soon be on legally shaky ground when it comes to GDPR compliance.

What makes this issue more complicated is the fact that the EU had intended to publish an updated ePrivacy Regulation, with the commencement of GDPR, to relax the cookie popup requirements, but didn’t do so. This means that data privacy rules on this matter will be governed by the old ePrivacy Directive and GDPR at the same time, with GDPR having the precedence.

What Does This Mean For Your Business?

This story shows that with GDPR just around the corner, some of the finer areas of compliance are starting to come under the spotlight. Yes, data protection, data security and privacy are the responsibility of all of us, not just the ‘technical people’, but when it comes to having to deal with server-logs, there clearly is a need for a technical focus to ensure all-round general compliance. Hackers, by nature, are generally technically proficient, and can employ multi-level and sophisticated attack techniques. It makes sense, therefore, that companies make attempts to plug known technical weak-spots such as those highlighted in this draft.

The cookie consent pop-up issue highlights the complicated area of consent that many companies have anticipated with the introduction of GDPR. The important point to remember is that GDPR is consent specific. Consent can’t simply be implied, and consent must also be unambiguous, informed, a statement or clear affirmative action, and freely given. Also, under GDPR, a data subject has the right to withdraw their consent at any time.