GDPR Now!

This episode is part of our series of updated podcasts addressing security & privacy concerns resulting from the coronavirus pandemic and the shift in working practises for millions of businesses across the UK and the world.

In this episode, we are going discuss personal data in detail and explore the question of: whose data is it anyway? And what are we prepared to tolerate regarding track and trace programmes as governments around the world implement track and track apps. To discuss this we are delighted to have Phil Brown, The Norfolk Data Protection Mardler, who advices clients in Norfolk on data protection.

_Please note: Phil makes reference to the need for self reporting but would like to clarify that in the NHS Test and Trace scheme, an NHS Tracker will only contact individuals who have tested positive for Covid19. Whether someone should be tested at all is heavily dependent on self reporting. Furthermore, responses to a possible request to us to identify those with whom we may have had recent close contact is based on our ‘civic duty’ rather than a legal requirement - so it’s very much down to our willingness or judgment to do so.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest/s
Phil Brown
Data Protection Consultant
[email protected]

Phil is an independent data protection consultant based in North Norfolk and has provided data protection advice and support to a wide variety of industries across Norfolk and beyond, mostly to small businesses. Prior to that, Phil had a 20 year career as a military communications officer which was then followed by 12 years in the world of mobile phone standardisation, mostly consulting for a Japanese mobile phone operator.

During the latter phase, he chaired an international working group that developed mobile phone conformance tests and also chaired the Global Certification Forum when is became a legal entity in 2008. Such work has seen him travel widely and has, at various times, studied French, German, Japanese and Mandarin Chinese none of which prepared him for life in Norfolk when he moved there in 2016!

He has a Masters degree in Design of Information Systems and his currently trading as Norfolk’s Data Protection Mardler.

Special Guest: Phil Brown.

In this episode we are delighted to have Andrew Alston, founding director at Breach Aware and Business Intelligence Theoroms.

Andrew brings us up to date on the current cyber security issues affecting businesses and offers a range of easy to action steps businesses can take to protect their systems and data. He reminds us that the basic security steps, done well, can go a long way to preventing security issues.

As always, we present affordable solutions that can be used for SME's and individuals as well as large organisations.

GDPR Now! Is brought to you by Data Protection 4 Business
**www.dpo4business.co.uk**

**Guest**
Andrew Alston
Founding Director
Breach Aware
[email protected]

In this episode, we talk about the future of credential management – Self Sovereign Identity (SSI) also known as decentralised identity. SSI is an efficient, secure and privacy enhancing solution for identity verification. It puts individuals at the centre of the verification process and is the future of identity management.

Our special guest, James Monaghan, talks about how Evernym provides solutions in the area of SSI for businesses today. We talk about what SSI means, how it works, the benefits for individuals and businesses and importantly, examples of how it is being used to great effect today.

For any businesses interested in learning more about how they could benefit from building an SSI or decentralised identity solution, please contact James directly.

As we enter what is arguably, the start of our journey into a new era of digital innovation with huge benefits to individuals and businesses, we are excited to follow developments around the growth of Self Soverign Identity.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk

Guest
James Monaghan
Vice President of Product Management at Evernym.

Contact James on:
Email: [email protected]
Twitter: @james_monaghan
https://www.linkedin.com/in/jamesmonaghan/

World Web Consortium (W3C) specifications for existing SSI solutions:

• Decentralised Identifiers https://www.w3.org/TR/did-core/
• Verifiable Credentials https://www.w3.org/TR/vc-data-model/
• Simple explainer about how this all works https://www.evernym.com/blog/gentle-introduction-verifiable-credentials/

Relevant industry bodies include:

• The Decentralised Identity Foundation https://identity.foundation/
• Trust over IP Foundation https://trustoverip.org/
• Good Health Pass Collaborative https://www.goodhealthpass.org/

Special Guest: James Monaghan.

In today’s episode, we are delving into the issues we discussed in our previous episode #24 on the NHS Track and Trace app and considering in more detail the legal, privacy and practicality barriers to many track and trace apps in Europe.

We discuss the take up of Track and Trace apps in the EU and find it is mostly 30% of the population and lower. Data privacy when using apps has been protected due to EU GDPR, however, other basic freedoms have been taken from us and our way of life severely impacted over the course of 2020. Track and trace apps have not had the hoped-for beneficial impact in the EU. Had we taken a different approach to using more data and made the apps mandatory, could the outcomes have been different?

What does this mean in practise for track and trace apps as future solutions to help governments manage pandemics? Compare and contrast to other Asian countries.

If 70 - 80% app usage is realistically needed to be effective, then why did we not make track and trace apps mandatory? What are we to learn from countries in Asia?

How do we find a rapid and effective way to discuss and agree the extended use of our data to improve outcomes, rapidly, either during pandemics or outside of them? As Privacy, Legal and Tech professionals we must continue this conversation and find a framework for agreeing the greater use of data in a mandatory way to support better pandemic and health outcomes.

The economic costs of lockdowns are extremely high and have a direct effect on a nation's ability to provide future healthcare. Our short term fix to today's problem could cause many more problems for the future.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guests
Roger Marlow
Roger has worked in software for over 30 years with experience in building software for the finance, retail, automative and government sectors. He has been involved in the creation of several companies including a healthcare technology company that works for the NHS.

Guests
Mark Sherwood-Edwards
Mark helps CEOs negotiate smarter, more profitable, contracts. During his time spent working in law firms and also as in-house counsel he specialised in contracts as well as sales-contracting transformation, in organisations across the fintech, adtech, tech and outsourcing sectors.

Founder
Clearview Legal
https://clearviewlegal.co.uk/

Special Guests: Mark Sherwood-Edwards and Roger Marlow.

On the day after Data Protection Day (or Privacy Day, depending on whether you are tomato or tomato) we take a look at privacy enhancing technologies - how to control, restrict and eliminate your personal data footprint (if that’s what you want to do). This podcast will be invaluable for privacy professionals that want to know what PETs are available and for consumers that would like to have greater control of their digital profiles.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest/s
Abigail Dubiniecki
Data Protection Specialist
My Inhouse Lawyer
https://www.linkedin.com/in/abigaild/

Host
Mark Sherwood-Edwards
[email protected]

Materials
Competition and Markets Authority (UK competition regulator) report on digital advertising
https://www.gov.uk/government/news/cma-lifts-the-lid-on-digital-giants

Links to PETs
(Privacy Enhancing Tech) and resources mentioned in the podcast (and more!)
Disclaimer – not endorsing any PET in particular, just sharing info.

Want a pretty version or more explanation? Check out my LinkedIn profile for a Slideshare of a presentation and handy Infographic – available next week. Let’s help build this list.

Which PETs are you using or curious to try? If they’re not here, let Abigail know via contact details in the show notes so I can update my list.

Inform yourself, update software, adjust privacy settings, use 2FA!

Privacy Analyzer
(https://privacy.net/analyzer): Analyses your browser to reveal what can be learned about you and recommend actions you can take

DuckDuckGo Device Privacy Tips
https://spreadprivacy.com/tag/device-privacy-tips/
‘Learn’ tab in the DisconnectMe Privacy Pro VPN (iOS only) – ‘learn’ materials available without paying. Just download the app and click!: https://apps.apple.com/us/app/disconnect-privacy-pro-entire/id1057771839?ls=1

Consumer Reports articles & videos with quick-fixes in bite-sized pieces: https://www.consumerreports.org/privacy/linkedin-privacy-settings/
www.consumerreports.org/video/view/electronics/news/6050416388001/protecting-your-online-privacy/

Terms of Service, Didn’t Read (TOSDR https://tosdr.org/): one-stop shop for digested Ts & Cs of most popular online providers, including score cards. Brilliant browser add-on offers automatic assessment of pages you access. Addresses privacy notices & terms e.g. cancellation, etc.

Ghostery
(www.ghostery.com) lets you block ads and trackers, watch the watchers, and speed up your browser with a suite of products, some of which are free, others reasonably privacy. A new product – Ghostery Midnight (www.ghostery.com/midnight) – claims to protect your entire device while giving granular preference management at the app-by app level. Sounds like having your own personal privacy watchdog on your device. Extension is free!! But some of the other products are paid.

Baycloud (https://baycloud.com) was one of the early champions of privtech, starting in the DNT space. They offer B2C and B2B resources. Baycloud Bouncer let reveals who’s tracking you and gives you a handy dashboard to adjust your preferences (https://baycloud.com/bouncer). You can also pre-scan websites you’d like to visit from the comfort of Baycloud’s site. Try before you buy (so to speak, with your data I mean). Free!!

Have I been pwned?(https://haveibeenpwned.com) will help you check whether your account or credentials has been compromised based on research into the (sigh) multitudinous data breaches. Free!!

DuckDuckGo privacy report card for webs...